| View previous topic :: View next topic |
| Author |
Message |
Rydian
Grandmaster Cheater Supreme
 Reputation: 31
Joined: 17 Sep 2012
Posts: 1358
|
 Posted: Fri Jul 24, 2015 8:38 pm Post subject: Copy the value of a register without injection. |
 |
|
So normally when I want to read out a structure I can get a pointer to the base, make an AOB scan to the structure, or use injection on something and insert a mov to copy the value of the register to use as the base.
However in one specific case, none of these approaches are preferred.
1 - Huge game, eats memory, pointer scans will take hours and I don't want to do this every update.
2 - AOB works but I have to update it every so often and it gets annoying.
3 - Injection to copy the value works fine (the structures themselves are quite stable across updates)... but I want to do it without any actual modifications of the target code in this specific case.
Is there anything short and simple I can do in a script?
An example target is just something like...
mov ax,[ecx+000002EC]
Where I'm after the value held in ecx.
_________________
|
|
| Back to top |
|
 |
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Fri Jul 24, 2015 9:39 pm Post subject: |
 |
|
Well, you still need an AOB to find that specific instruction.
Could use the debugger, but that's probably more invasive than injecting code.
| Code: | debugProcess(2)
autoAssemble([[
aobscan(myaob,?? ?? ?? ?? ??)
alloc(myvar,4)
registersymbol(myaob)
registersymbol(myvar)
]])
myvar = getAddress("myvar")
function debugger_onBreakpoint()
writeInteger(myvar, ECX)
end
debug_setBreakpoint(getAddress("myaob")) |
|
|
| Back to top |
|
|
Rydian
Grandmaster Cheater Supreme
Reputation: 31
Joined: 17 Sep 2012
Posts: 1358
|
| Posted: Fri Jul 24, 2015 10:46 pm Post subject: |
|
|
Oh an AOB for code is much more stable than an AOB to data in the structure in this case. I'm not dealing with CRC or anything, I just wanna' learn ways to read out structures without editing the game code (which would invalidate other scans for it afterwards).
I'm having difficulties getting it to both resume automatically and disable cleanly, this is what I've got now...
| Code: | [ENABLE]
{$lua}
debugProcess(2)
autoAssemble([[
aobscan(myaob,66 8B 81 EC 02 00 00)
alloc(myvar,4)
registersymbol(myaob)
registersymbol(myvar)
]])
myvar = getAddress("myvar")
function debugger_onBreakpoint()
writeInteger(myvar, ECX)
debug_continueFromBreakpoint(myvar)
debug_removeBreakpoint(myvar)
end
debug_setBreakpoint(getAddress("myaob"))
{$asm}
[DISABLE]
{$lua}
function debugger_onBreakpoint()
end
{$asm}
unregistersymbol(myaob)
unregistersymbol(myvar) |
However it still leaves a breakpoint on the code after disabling. I got annoyed and peppered the [DISABLE] section with a few extra debug_removeBreakpoint(myvar) calls to see if it just needed to be in a certain order, but no dice.
_________________
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Fri Jul 24, 2015 10:55 pm Post subject: |
|
|
Sorry, forgot about that stuff. 
| Code: | [ENABLE]
{$lua}
debugProcess(2)
autoAssemble([[
aobscan(myaob,66 8B 81 EC 02 00 00)
alloc(myvar,4)
registersymbol(myaob)
registersymbol(myvar)
]])
myvar = getAddress("myvar")
function debugger_onBreakpoint()
writeInteger(myvar, ECX)
debug_continueFromBreakpoint(co_run)
return 1
end
debug_setBreakpoint(getAddress("myaob"))
{$asm}
[DISABLE]
{$lua}
debug_removeBreakpoint(getAddress("myaob"))
debugger_onBreakpoint = nil
{$asm}
unregistersymbol(myaob)
unregistersymbol(myvar) |
|
|
| Back to top |
|
|
Rydian
Grandmaster Cheater Supreme
Reputation: 31
Joined: 17 Sep 2012
Posts: 1358
|
| Posted: Sat Jul 25, 2015 2:48 am Post subject: |
|
|
Ahhh, okay I see what I was missing, thanks!
Any other suggestions on ways to grab a structure when I can find code reading/writing to it but don't want to change it, or is this the only reasonable option? For most cases I'm just going to use the standard methods, but knowing multiple approaches always helps.
_________________
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25291
Location: The netherlands
|
| Posted: Sat Jul 25, 2015 5:32 am Post subject: |
|
|
there's also the stealthedit plugin.
it changes eip to a copy of the game when a specific page is executed
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Rydian
Grandmaster Cheater Supreme
Reputation: 31
Joined: 17 Sep 2012
Posts: 1358
|
| Posted: Sat Jul 25, 2015 10:05 am Post subject: |
|
|
Oh yeah forgot about things that mirror, only ran into a game doing code checks once, and I was just changing registers and stuff instead so I never touched that.
However since I actually can edit the game code I'll probably just stick to finding separate reads/writes for each script to hook for now and just use the debugger stuff when needed, it seems less uh, cumbersome (especially for table redistribution).
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
