Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


AOB Script not stating Active or allowing to be deactivated

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
cooleko
Grandmaster Cheater
Reputation: 11

Joined: 04 May 2016
Posts: 717

PostPosted: Wed May 04, 2016 4:39 pm    Post subject: AOB Script not stating Active or allowing to be deactivated Reply with quote

I cannot figure out why my AOBScan is not activating correctly. For some reason it doesnt set the Active checkbox in Cheat Engine, and cannot be deactivated. I'm guessing that something in the initial setup of the AOB Injection template is broken, but the template is exactly as it is supposed to be! Can anyone see what I did wrong? The code works as intended, Except that I cannot dealloc my CurrentHPAddress or it breaks.

Code:

{ Game   : Crashlands.exe
  Version:
  Date   : 2016-05-04
  Author : Cooleko

}

[ENABLE]

aobscanmodule(CurrentHPDetection,Crashlands.exe,DD 45 00 5F DD 1E) // should be unique
alloc(newmem,$1000)
alloc(CurrentHPAddress,4)

label(code)
label(return)
label(CurrentHPAddress)
label(HpHack)
label(RegularHPProcessing)
label(SetHPAddress)
label(MyHP)

CurrentHPAddress:
dd 00000000

newmem:

MyHP:
dq (double)10000000

code:
  cmp ebp,[CurrentHPAddress] //I need the address of EBP, so no brackets around EBP+00
  je HpHack
  cmp [CurrentHPAddress], 00000000 //If we still havent found the actual HP address value, continue searching
  jne RegularHPProcessing
  sub ebp, 5c //to avoid performing an AOBScan, i will simply subtract the offset and search for the value
  cmp [ebp],(int)3735929054
  je SetHPAddress //we found the current HP location in memory
  add ebp, 5c //Correct the address change, move on to regular HP processing

RegularHPProcessing: //this is the unedited original code
  fld qword ptr [ebp+00]
  pop edi
  fstp qword ptr [esi]
  jmp return

SetHPAddress:
  add ebp, 5c //correct the offset calculation
  mov [CurrentHPAddress], ebp //store the address, move on to HpHack

HpHack:
  fld qword ptr [MyHP]
  pop edi
  fstp qword ptr [esi]
  jmp return

CurrentHPDetection:
  jmp code
  nop

return:
registersymbol(CurrentHPDetection)

[DISABLE]

CurrentHPDetection:
  db DD 45 00 5F DD 1E

unregistersymbol(CurrentHPDetection)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "Crashlands.exe"+109510

"Crashlands.exe"+1094E5: 8B 4D 0C              -  mov ecx,[ebp+0C]
"Crashlands.exe"+1094E8: 89 4E 0C              -  mov [esi+0C],ecx
"Crashlands.exe"+1094EB: 8B 55 08              -  mov edx,[ebp+08]
"Crashlands.exe"+1094EE: 89 56 08              -  mov [esi+08],edx
"Crashlands.exe"+1094F1: 8B 45 0C              -  mov eax,[ebp+0C]
"Crashlands.exe"+1094F4: 25 FF FF FF 00        -  and eax,00FFFFFF
"Crashlands.exe"+1094F9: 83 F8 0E              -  cmp eax,0E
"Crashlands.exe"+1094FC: 0F 87 EE 01 00 00     -  ja Crashlands.exe+1096F0
"Crashlands.exe"+109502: 0F B6 80 D0 99 50 00  -  movzx eax,byte ptr [eax+Crashlands.exe+1099D0]
"Crashlands.exe"+109509: FF 24 85 B0 99 50 00  -  jmp dword ptr [eax*4+Crashlands.exe+1099B0]
// ---------- INJECTING HERE ----------
"Crashlands.exe"+109510: DD 45 00              -  fld qword ptr [ebp+00]
"Crashlands.exe"+109513: 5F                    -  pop edi
"Crashlands.exe"+109514: DD 1E                 -  fstp qword ptr [esi]
// ---------- DONE INJECTING  ----------
"Crashlands.exe"+109516: 5E                    -  pop esi
"Crashlands.exe"+109517: 5D                    -  pop ebp
"Crashlands.exe"+109518: B0 01                 -  mov al,01
"Crashlands.exe"+10951A: 5B                    -  pop ebx
"Crashlands.exe"+10951B: 59                    -  pop ecx
"Crashlands.exe"+10951C: C3                    -  ret
"Crashlands.exe"+10951D: 8B 44 24 20           -  mov eax,[esp+20]
"Crashlands.exe"+109521: 3D 00 00 00 80        -  cmp eax,80000000
"Crashlands.exe"+109526: 0F 85 CC 01 00 00     -  jne Crashlands.exe+1096F8
"Crashlands.exe"+10952C: 8B 45 00              -  mov eax,[ebp+00]
}



***EDIT***
After trying different changes for a few hours, I found that the "alloc(CurrentHPAddress,4)" was causing the error.

Why? I dont know, but removing the alloc and placing the address into the reserved code of newmem (and of course, adding a corresponding label), solved the errors.

Does anyone know why my previous use of alloc caused the script to break?
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Wed May 04, 2016 6:11 pm    Post subject: Reply with quote

cooleko wrote:
For some reason it doesnt set the Active checkbox in Cheat Engine, and cannot be deactivated.

Well, you can't deactivate something that was never activated in the first place, but that's beside the point.

The reason why your script is crashing is because you're declaring the text "CurrentHPAddress" to be both an allocated section of memory and a label. Evidently, CE doesn't seem to like that. Just remove the line "label(CurrentHPAddress)" and it'll work.

Why even have that extra alloc? It's pointless when you could just append it to your code in newmem. Also, you don't deallocate CurrentHPAddress in the [DISABLE] section.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites