Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Assembly Script [Help Needed]

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
johnkittz
Advanced Cheater
Reputation: 0

Joined: 17 May 2016
Posts: 95
Location: orderandhacks

PostPosted: Thu Jun 23, 2016 8:19 pm    Post subject: Assembly Script [Help Needed] Reply with quote

So i figured out (through a video) how to put together a assembly script

It worked but when i restarted the game cheat engine wouldnt open it

so i went into auto assemble and copy&pasted my code when i pressed Execute An error Pops up saying "Error While Scanning For AOB's: Gold"

Code:
[ENABLE]

aobscan(Gold,DD 58 30 E8 44 98 F9 FF) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

alloc(dgold,4)

dgold:
dq (double)999999999999999999999

newmem:

code:
  fld qword ptr [dgold]
  fstp qword ptr [eax+30]
  call 06492450
  jmp return

Gold:
  jmp code
  nop
  nop
  nop
return:
registersymbol(Gold)

[DISABLE]

Gold:
  db DD 58 30 E8 44 98 F9 FF

unregistersymbol(Gold)
dealloc(newmem)


Im new to assembly and making scripts

the game is Tap Tap Infinity


Last edited by johnkittz on Thu Jun 23, 2016 8:54 pm; edited 1 time in total
Back to top
View user's profile Send private message Send e-mail Visit poster's website
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Thu Jun 23, 2016 8:41 pm    Post subject: Reply with quote

That AoB disassembles to fstp qword ptr [eax+30] / call rel32=-419772. You shouldn't include the bytes of the operand in the call since that seems dynamic and will likely change when you restart the game. Use wildcards (??) in its place and expand your AoB signature as needed.

You also don't have enough bytes for your injection point without needing to use readmem to back up the original code. You can probably use the previous instruction as a good injection point instead.

If you want more help, posting the asm around that injection point would be helpful to us (about 10 instructions before to about 5 instructions after is acceptable).

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
johnkittz
Advanced Cheater
Reputation: 0

Joined: 17 May 2016
Posts: 95
Location: orderandhacks

PostPosted: Thu Jun 23, 2016 8:54 pm    Post subject: Reply with quote

ParkourPenguin wrote:
That AoB disassembles to fstp qword ptr [eax+30] / call rel32=-419772. You shouldn't include the bytes of the operand in the call since that seems dynamic and will likely change when you restart the game. Use wildcards (??) in its place and expand your AoB signature as needed.

You also don't have enough bytes for your injection point without needing to use readmem to back up the original code. You can probably use the previous instruction as a good injection point instead.

If you want more help, posting the asm around that injection point would be helpful to us (about 10 instructions before to about 5 instructions after is acceptable).


Thanks For replying Very Happy by wildcard you mean "???" marks?

Thats 5 below and 10 up as you asked Smile

i also messed up and said this was hill climb racing but its tap tap infinity



CEPic.png
 Description:
 Filesize:  37.21 KB
 Viewed:  4816 Time(s)

CEPic.png


Back to top
View user's profile Send private message Send e-mail Visit poster's website
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Thu Jun 23, 2016 9:19 pm    Post subject: Reply with quote

Correct. Those bytes change when you restart the game, so you can't include them in the AoB signature. To check if an AoB signature is unique, set the value type to Array of byte, set writable/executable checkboxes to grey/filled (don't care if it's writable/executable or not), and scan for the AoB. If you only get one result (and that result is the address in question), then it's unique and safe to use.

It would be better to make your injection point earlier than where you currently have it. You could use 05FC8914, but you should nop the faddp as well (the template CE provides won't do that for you). Example using that:
Code:
aobscan(Gold,DD 40 30 DD 45 0C DE C1 DD 58 30) // check to make sure this is unique
...
newmem:
  fld qword ptr[dgold]
  jmp return

Gold:
  jmp newmem
  nop
  nop
  nop
return:
...
[DISABLE]
Gold:
  db DD 40 30 DD 45 0C DE C1
...

PS: a double takes up 8 bytes, so you should allocate 8 bytes for it. This problem isn't exhibited in that script for reasons I won't get into, but it's still something to take note of.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
johnkittz
Advanced Cheater
Reputation: 0

Joined: 17 May 2016
Posts: 95
Location: orderandhacks

PostPosted: Thu Jun 23, 2016 9:31 pm    Post subject: Reply with quote

ParkourPenguin wrote:
Correct. Those bytes change when you restart the game, so you can't include them in the AoB signature. To check if an AoB signature is unique, set the value type to Array of byte, set writable/executable checkboxes to grey/filled (don't care if it's writable/executable or not), and scan for the AoB. If you only get one result (and that result is the address in question), then it's unique and safe to use.

It would be better to make your injection point earlier than where you currently have it. You could use 05FC8914, but you should nop the faddp as well (the template CE provides won't do that for you). Example using that:
Code:
aobscan(Gold,DD 40 30 DD 45 0C DE C1 DD 58 30) // check to make sure this is unique
...
newmem:
  fld qword ptr[dgold]
  jmp return

Gold:
  jmp newmem
  nop
  nop
  nop
return:
...
[DISABLE]
Gold:
  db DD 40 30 DD 45 0C DE C1
...

PS: a double takes up 8 bytes, so you should allocate 8 bytes for it. This problem isn't exhibited in that script for reasons I won't get into, but it's still something to take note of.


it is unique i scanned with only one result

but when i add everything you suggested the game crashes

Code:
aobscan(Gold,DD 40 30 DD 45 0C DE C1 DD 58 30) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

alloc(dgold,8)

dgold:
dq (double)999999999999999999999

newmem:
fld qword ptr[dgold]
jmp return

code:
  fld qword ptr [dgold]
  fstp qword ptr [eax+30]
  call 06492450
  jmp return

Gold:
  jmp code
  nop
  nop
  nop
return:
registersymbol(Gold)

[DISABLE]

Gold:
  db db DD 40 30 DD 45 0C DE C1

unregistersymbol(Gold)
dealloc(newmem)
Back to top
View user's profile Send private message Send e-mail Visit poster's website
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Thu Jun 23, 2016 9:35 pm    Post subject: Reply with quote

You're jumping to the label code, which shouldn't be there (nor any of the old asm past that point). Delete the code label near the top, and replace everything from newmem: to return: with what I posted from newmem: to return:.

You have db twice in the [disable] section. Remove one of them.

I didn't see this in my last post, but you should also dealloc dgold in the [disable] section.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
johnkittz
Advanced Cheater
Reputation: 0

Joined: 17 May 2016
Posts: 95
Location: orderandhacks

PostPosted: Thu Jun 23, 2016 9:47 pm    Post subject: Reply with quote

ParkourPenguin wrote:
You're jumping to the label code, which shouldn't be there (nor any of the old asm past that point). Delete the code label near the top, and replace everything from newmem: to return: with what I posted from newmem: to return:.

You have db twice in the [disable] section. Remove one of them.

I didn't see this in my last post, but you should also dealloc dgold in the [disable] section.


im having a hard time understanding what you said about "replace everything from newmem to return with what i posted from newmem to return?"

do you mean move the code from newmem to return?
Back to top
View user's profile Send private message Send e-mail Visit poster's website
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Thu Jun 23, 2016 9:49 pm    Post subject: Reply with quote

Your code:
Code:
...
newmem:
fld qword ptr[dgold]
jmp return

code:
  fld qword ptr [dgold]
  fstp qword ptr [eax+30]
  call 06492450
  jmp return

Gold:
  jmp code
  nop
  nop
  nop
return:
...


What I wrote:
Code:
...
newmem:
  fld qword ptr[dgold]
  jmp return

Gold:
  jmp newmem
  nop
  nop
  nop
return:
...

Do you see the differences?

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
johnkittz
Advanced Cheater
Reputation: 0

Joined: 17 May 2016
Posts: 95
Location: orderandhacks

PostPosted: Thu Jun 23, 2016 9:57 pm    Post subject: Reply with quote

ParkourPenguin wrote:
Your code:
Code:
...
newmem:
fld qword ptr[dgold]
jmp return

code:
  fld qword ptr [dgold]
  fstp qword ptr [eax+30]
  call 06492450
  jmp return

Gold:
  jmp code
  nop
  nop
  nop
return:
...


What I wrote:
Code:
...
newmem:
  fld qword ptr[dgold]
  jmp return

Gold:
  jmp newmem
  nop
  nop
  nop
return:
...

Do you see the differences?

i just now seen the difference im sorry for that

so this is what i got now
Code:
aobscan(Gold,DD 40 30 DD 45 0C DE C1 DD 58 30) // should be unique
alloc(newmem,$1000)

alloc(dgold,8)

dgold:
dq (double)999999999999999999999

newmem:
fld qword ptr[dgold]
jmp return

code:
fld qword ptr [dgold]
fstp qword ptr [eax+30]
call 06492450
jmp return

Gold:
  jmp newmem
  nop
  nop
  nop
return:
fld qword ptr[dgold]
jmp return
registersymbol(Gold)

[DISABLE]

Gold:
  db DD 40 30 DD 45 0C DE C1

unregistersymbol(Gold)
dealloc(newmem)
dealloc(dgold)
Back to top
View user's profile Send private message Send e-mail Visit poster's website
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Thu Jun 23, 2016 10:06 pm    Post subject: Reply with quote

Why do you have those two instructions after the label return?

That code section is still there. Remove it.

All you need to do is copy and paste the code I posted. You don't even need to understand it. All you need to do is not add anything new that'll screw it up.

I believe that I'm just wasting my time if I try to help you learn this on your own, so I'll just give you the full script.
Code:
[ENABLE]
aobscan(Gold,DD 40 30 DD 45 0C DE C1 DD 58 30) // should be unique
alloc(newmem,$1000)
alloc(dgold,8)

registersymbol(Gold)

dgold:
  dq (double)999999999999999999999

newmem:
  fld qword ptr[dgold]
  jmp return

Gold:
  jmp newmem
  nop
  nop
  nop
return:

[DISABLE]

Gold:
  db DD 40 30 DD 45 0C DE C1

unregistersymbol(Gold)
dealloc(newmem)
dealloc(dgold)

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
johnkittz
Advanced Cheater
Reputation: 0

Joined: 17 May 2016
Posts: 95
Location: orderandhacks

PostPosted: Thu Jun 23, 2016 10:37 pm    Post subject: Reply with quote

ParkourPenguin wrote:
Why do you have those two instructions after the label return?

That code section is still there. Remove it.

All you need to do is copy and paste the code I posted. You don't even need to understand it. All you need to do is not add anything new that'll screw it up.

I believe that I'm just wasting my time if I try to help you learn this on your own, so I'll just give you the full script.
Code:
[ENABLE]
aobscan(Gold,DD 40 30 DD 45 0C DE C1 DD 58 30) // should be unique
alloc(newmem,$1000)
alloc(dgold,8)

registersymbol(Gold)

dgold:
  dq (double)999999999999999999999

newmem:
  fld qword ptr[dgold]
  jmp return

Gold:
  jmp newmem
  nop
  nop
  nop
return:

[DISABLE]

Gold:
  db DD 40 30 DD 45 0C DE C1

unregistersymbol(Gold)
dealloc(newmem)
dealloc(dgold)


im trying to learn it says "seek help in the forums" but yet when people want help people act like there stupid

im not posting here anymore ill learn on my own

sorry for seeking help and sorry i dont have a HUGE understanding of assembly

cya
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites