|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
LewcowVaal Advanced Cheater Reputation: 0
Joined: 30 Dec 2017 Posts: 63
|
Posted: Mon Jan 15, 2018 5:00 am Post subject: How to allocate memory correctly |
|
|
Hello,
basing on the example by Tim here (http://forum.cheatengine.org/viewtopic.php?t=606551) i made a script like this:
Code: |
[ENABLE]
aobscan(househpmov,89 4A 30 48 8B 4D 10 8B 49 3C) // should be unique
alloc(newmem,$1000,7FFC226A47E0)
label(originalcode)
label(return)
label(enemycode)
label(allycode)
newmem:
pushfq
push rsi
mov rsi,[rdx+18]
test rsi,rsi
jz originalcode
mov rsi,[rsi+148]
test rsi,rsi
jz originalcode
mov rsi,[rsi+210]
cmp rsi,2
je allycode
cmp rsi,3
je enemycode
jmp originalcode
enemycode:
pop rsi
popfq
mov [rdx+30],0
mov rcx,[rbp+10]
jmp return
allycode:
pop rsi
popfq
mov [rdx+30],#5000
mov rcx,[rbp+10]
jmp return
originalcode:
mov [rdx+30],ecx
mov rcx,[rbp+10]
jmp return
househpmov:
jmp newmem
nop
nop
return:
registersymbol(househpmov)
[DISABLE]
househpmov:
db 89 4A 30 48 8B 4D 10
unregistersymbol(househpmov)
dealloc(newmem) |
The script works, but after couple times i reload the game and Enable the script, when i try to disable it again it crashes (when the instruction is called)
It seems that the problem is related to the new allocated memory (address 7FFC226A47E0), because if i create a new script and let CE assign another free address for the script, it works flawlessly until i restart the game.
So, how can i fix this?
Is there a better way to manage the allocated memory?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25287 Location: The netherlands
|
Posted: Mon Jan 15, 2018 7:40 am Post subject: |
|
|
alloc(newmem,$1000,househpmov)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
LewcowVaal Advanced Cheater Reputation: 0
Joined: 30 Dec 2017 Posts: 63
|
Posted: Mon Jan 15, 2018 9:10 am Post subject: |
|
|
Dark Byte wrote: | alloc(newmem,$1000,househpmov) |
So, by doing this, the new memory will be allocated to the address of the AOB result, is it crash-proof?
Also, may i ask you if i can remove the 2 labels enemycode and allycode?
Whats the difference between declaring them and not doing so?
I frequently use a globalalloc to move bases for my addresses. Where is that memory allocated? Would it work if i do alloc + label?
Thank you very much @Dark Byte
|
|
Back to top |
|
|
sbryzl Master Cheater Reputation: 6
Joined: 25 Jul 2016 Posts: 252
|
Posted: Mon Jan 15, 2018 10:42 am Post subject: |
|
|
LewcowVaal wrote: | Dark Byte wrote: | alloc(newmem,$1000,househpmov) |
So, by doing this, the new memory will be allocated to the address of the AOB result, is it crash-proof?
Also, may i ask you if i can remove the 2 labels enemycode and allycode?
Whats the difference between declaring them and not doing so?
I frequently use a globalalloc to move bases for my addresses. Where is that memory allocated? Would it work if i do alloc + label?
Thank you very much @Dark Byte |
Nothing is ever crashproof but the way DarkByte showed you works best. The crash is likely due to stack handling. You need to reset the stack under original code.
originalcode:
pop rsi
popfq
mov [rdx+30],ecx
mov rcx,[rbp+10]
jmp return
It's not necessary to declare labels unless using them somewhere else in which case you need to register them also.
globalalloc works the same as alloc except for 2 things.
1 You can't dealloc a global allocation.
2 Multiple global allocations of the same name will not spawn more memory allocations. They will all use the same one.
|
|
Back to top |
|
|
LewcowVaal Advanced Cheater Reputation: 0
Joined: 30 Dec 2017 Posts: 63
|
Posted: Mon Jan 15, 2018 11:20 am Post subject: |
|
|
sbryzl wrote: | LewcowVaal wrote: | Dark Byte wrote: | alloc(newmem,$1000,househpmov) |
So, by doing this, the new memory will be allocated to the address of the AOB result, is it crash-proof?
Also, may i ask you if i can remove the 2 labels enemycode and allycode?
Whats the difference between declaring them and not doing so?
I frequently use a globalalloc to move bases for my addresses. Where is that memory allocated? Would it work if i do alloc + label?
Thank you very much @Dark Byte |
Nothing is ever crashproof but the way DarkByte showed you works best. The crash is likely due to stack handling. You need to reset the stack under original code.
originalcode:
pop rsi
popfq
mov [rdx+30],ecx
mov rcx,[rbp+10]
jmp return
It's not necessary to declare labels unless using them somewhere else in which case you need to register them also.
globalalloc works the same as alloc except for 2 things.
1 You can't dealloc a global allocation.
2 Multiple global allocations of the same name will not spawn more memory allocations. They will all use the same one. |
Oh man, i forgot to pop the stack. Thanks
But anyway i do have other scripts with no stack involved, and they crash too, i realized the problem was the allocated memory.
I'll try now allocating it like Dark Byte said.
EDIT: I tried now just popping the stack and it crashes anyway, i'll fix the allocation
|
|
Back to top |
|
|
LewcowVaal Advanced Cheater Reputation: 0
Joined: 30 Dec 2017 Posts: 63
|
Posted: Tue Jan 16, 2018 9:03 am Post subject: |
|
|
Now it is not crashing anymore, but i have one more questions:
How can i compare a register that has this value:
I did something like
Code: | cmp rsi, 02D8418A000001B0 |
But obviously not working...
Probably because i'm trying to compare a 64bit register
Last edited by LewcowVaal on Tue Jan 16, 2018 9:31 am; edited 2 times in total |
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Tue Jan 16, 2018 9:38 am Post subject: |
|
|
As far as I know CMP only works on at most 32 bits for an immutable. So you will have to break it up into 32 bit chunks, or put it in an address or registry.
Code: | CMP r/m64, imm32
CMP r64, r/m64 |
http://www.felixcloutier.com/x86/CMP.html
_________________
|
|
Back to top |
|
|
LewcowVaal Advanced Cheater Reputation: 0
Joined: 30 Dec 2017 Posts: 63
|
Posted: Tue Jan 16, 2018 9:56 am Post subject: |
|
|
TheyCallMeTim13 wrote: | As far as I know CMP only works on at most 32 bits for an immutable. So you will have to break it up into 32 bit chunks, or put it in an address or registry.
Code: | CMP r/m64, imm32
CMP r64, r/m64 |
http://www.felixcloutier.com/x86/CMP.html |
Hello Tim!
I was wondering if moving my value in another register and compare it would work, like:
Code: |
push rax
mov rax,02D8418A000001B0
cmp rax,rsi |
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Tue Jan 16, 2018 10:03 am Post subject: |
|
|
Yes, that or and address, just don't forget to balance the stack. And you may need to PUSH and POP the flags registry, I always do when setting the flags.
Code: |
pushfq // push 64 bit flags (RFLAGS I think)
push rax
mov rax,02D8418A000001B0
cmp rax,rsi
pop rax
je someLabel
...
popfq // pop 64 bit flags
jmp return
|
Code: |
pushfq
mov [someSymbolOrAddress],02D8418A000001B0
cmp rsi,[someSymbolOrAddress]
je someLabel
...
popfq
jmp return
|
Code: |
pushfq
cmp rsi,[someSymbolOrAddress]
je someLabel
...
popfq
jmp return
someSymbolOrAddress:
dq 02D8418A000001B0
|
_________________
Last edited by TheyCallMeTim13 on Tue Jan 16, 2018 10:09 am; edited 1 time in total |
|
Back to top |
|
|
LewcowVaal Advanced Cheater Reputation: 0
Joined: 30 Dec 2017 Posts: 63
|
Posted: Tue Jan 16, 2018 10:09 am Post subject: |
|
|
TheyCallMeTim13 wrote: | Yes, that or and address, just don't forget to balance the stack. And you may need to PUSH and POP the flags registry, I always do when setting the flags.
Code: |
pushfq // push 64 bit flags (RFLAGS I think)
push rax
mov rax,02D8418A000001B0
cmp rax,rsi
pop rax
je someLabel
jne someOtherLabel
...
popfq // pop 64 bit flags
jmp return
|
Code: |
pushfq
mov [someSymbolOrAddress],02D8418A000001B0
cmp rsi,[someSymbolOrAddress]
je someLabel
jne someOtherLabel
...
popfq
jmp return
|
Code: |
pushfq
cmp rsi,[someSymbolOrAddress]
je someLabel
jne someOtherLabel
...
popfq
jmp return
someSymbolOrAddress:
dq 02D8418A000001B0
|
|
Yes of course, this case was just an oversight by my side.
Didn't write the pop because i still need rax after.
Also the script is becoming pretty complex so i might do some mistakes
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Tue Jan 16, 2018 10:11 am Post subject: |
|
|
No worries, the day I'm not making mistakes, I'll assume it's because I died.
_________________
|
|
Back to top |
|
|
LewcowVaal Advanced Cheater Reputation: 0
Joined: 30 Dec 2017 Posts: 63
|
Posted: Tue Jan 16, 2018 11:47 am Post subject: |
|
|
TheyCallMeTim13 wrote: | No worries, the day I'm not making mistakes, I'll assume it's because I died. |
Ahahahahahhhahahahahahhhahahahahahahaha i guess that goes for me too lol
I take this opportunity to ask you (and all the others) a suggestion:
Code: |
globalalloc(_unlimitedunithpcontrol,4)
_unlimitedunithpcontrol:
db 00
newmem:
pushfq
push rsi
push rax
mov rsi,[rdx+18]
test rsi,rsi
jz originalcode
mov rsi,[rsi+148]
test rsi,rsi
jz originalcode
mov rsi,[rsi+228]
mov rax,1
cmp rsi,rax
je allycode
mov rax,0
cmp rsi,rax
je enemycode
mov rax,0000000000000100
cmp rsi,rax
je allystructurecode
mov rax,0000000000000101
cmp rsi,rax
je allystructurecode
mov rax,0100000000000101
cmp rsi,rax
je allystructurecode
mov rax,0000000001000101
cmp rsi,rax
je allystructurecode
mov rax,0400000000010101
cmp rsi,rax
je allystructurecode
mov rax,0300000000000101
cmp rsi,rax
je allystructurecode
jmp originalcode
...
...
allycode:
cmp [_unlimitedunithpcontrol],1
jne originalcode
pop rsi
pop rax
popfq
mov [rdx+30],#5000
mov rcx,[rbp+10]
jmp return
originalcode:
pop rsi
pop rax
popfq
mov [rdx+30],ecx
mov rcx,[rbp+10]
jmp return
|
As you can see i global allocated some memory to "control" the enabling status of my codes.
In my table i do have these kinda scripts:
It works. But, i mean, this is intricated to write (also i feel i'm using unnecessary memory)
Is there a better way to achieve something like this?
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Wed Jan 17, 2018 3:57 am Post subject: |
|
|
Not really, the only thing I can say is use byte flags. And you can just pack them in the already allocated memory, you will just need to register them.
Code: | label(_unlimitedunithpcontrol)
registerSymbol(_unlimitedunithpcontrol)
...
newmem:
pushfq
push rsi
push rax
mov rsi,[rdx+18]
test rsi,rsi
jz originalcode
mov rsi,[rsi+148]
test rsi,rsi
jz originalcode
mov rsi,[rsi+228]
mov rax,1
cmp rsi,rax
je allycode
mov rax,0
cmp rsi,rax
je enemycode
mov rax,0000000000000100
cmp rsi,rax
je allystructurecode
mov rax,0000000000000101
cmp rsi,rax
je allystructurecode
mov rax,0100000000000101
cmp rsi,rax
je allystructurecode
mov rax,0000000001000101
cmp rsi,rax
je allystructurecode
mov rax,0400000000010101
cmp rsi,rax
je allystructurecode
mov rax,0300000000000101
cmp rsi,rax
je allystructurecode
jmp originalcode
...
allycode:
cmp byte ptr [_unlimitedunithpcontrol],1 //cmp just a byte
jne originalcode
pop rsi
pop rax
popfq
mov [rdx+30],#5000
mov rcx,[rbp+10]
jmp return
originalcode:
pop rsi
pop rax
popfq
mov [rdx+30],ecx
mov rcx,[rbp+10]
jmp return
_unlimitedunithpcontrol:
db 00
...
[Disable]
...
unregisterSymbol(_unlimitedunithpcontrol) |
_________________
|
|
Back to top |
|
|
LewcowVaal Advanced Cheater Reputation: 0
Joined: 30 Dec 2017 Posts: 63
|
Posted: Wed Jan 17, 2018 10:48 am Post subject: |
|
|
TheyCallMeTim13 wrote: | Not really, the only thing I can say is use byte flags. And you can just pack them in the already allocated memory, you will just need to register them.
Code: | label(_unlimitedunithpcontrol)
registerSymbol(_unlimitedunithpcontrol)
...
newmem:
pushfq
push rsi
push rax
mov rsi,[rdx+18]
test rsi,rsi
jz originalcode
mov rsi,[rsi+148]
test rsi,rsi
jz originalcode
mov rsi,[rsi+228]
mov rax,1
cmp rsi,rax
je allycode
mov rax,0
cmp rsi,rax
je enemycode
mov rax,0000000000000100
cmp rsi,rax
je allystructurecode
mov rax,0000000000000101
cmp rsi,rax
je allystructurecode
mov rax,0100000000000101
cmp rsi,rax
je allystructurecode
mov rax,0000000001000101
cmp rsi,rax
je allystructurecode
mov rax,0400000000010101
cmp rsi,rax
je allystructurecode
mov rax,0300000000000101
cmp rsi,rax
je allystructurecode
jmp originalcode
...
allycode:
cmp byte ptr [_unlimitedunithpcontrol],1 //cmp just a byte
jne originalcode
pop rsi
pop rax
popfq
mov [rdx+30],#5000
mov rcx,[rbp+10]
jmp return
originalcode:
pop rsi
pop rax
popfq
mov [rdx+30],ecx
mov rcx,[rbp+10]
jmp return
_unlimitedunithpcontrol:
db 00
...
[Disable]
...
unregisterSymbol(_unlimitedunithpcontrol) |
|
That's good Tim, i'll give it a try, thank you
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|