View previous topic :: View next topic |
Author |
Message |
johnkittz Advanced Cheater Reputation: 0
Joined: 17 May 2016 Posts: 95 Location: orderandhacks
|
Posted: Thu Jun 23, 2016 8:19 pm Post subject: Assembly Script [Help Needed] |
|
|
So i figured out (through a video) how to put together a assembly script
It worked but when i restarted the game cheat engine wouldnt open it
so i went into auto assemble and copy&pasted my code when i pressed Execute An error Pops up saying "Error While Scanning For AOB's: Gold"
Code: | [ENABLE]
aobscan(Gold,DD 58 30 E8 44 98 F9 FF) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
alloc(dgold,4)
dgold:
dq (double)999999999999999999999
newmem:
code:
fld qword ptr [dgold]
fstp qword ptr [eax+30]
call 06492450
jmp return
Gold:
jmp code
nop
nop
nop
return:
registersymbol(Gold)
[DISABLE]
Gold:
db DD 58 30 E8 44 98 F9 FF
unregistersymbol(Gold)
dealloc(newmem) |
Im new to assembly and making scripts
the game is Tap Tap Infinity
Last edited by johnkittz on Thu Jun 23, 2016 8:54 pm; edited 1 time in total |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Thu Jun 23, 2016 8:41 pm Post subject: |
|
|
That AoB disassembles to fstp qword ptr [eax+30] / call rel32=-419772. You shouldn't include the bytes of the operand in the call since that seems dynamic and will likely change when you restart the game. Use wildcards (??) in its place and expand your AoB signature as needed.
You also don't have enough bytes for your injection point without needing to use readmem to back up the original code. You can probably use the previous instruction as a good injection point instead.
If you want more help, posting the asm around that injection point would be helpful to us (about 10 instructions before to about 5 instructions after is acceptable).
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
johnkittz Advanced Cheater Reputation: 0
Joined: 17 May 2016 Posts: 95 Location: orderandhacks
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Thu Jun 23, 2016 9:19 pm Post subject: |
|
|
Correct. Those bytes change when you restart the game, so you can't include them in the AoB signature. To check if an AoB signature is unique, set the value type to Array of byte, set writable/executable checkboxes to grey/filled (don't care if it's writable/executable or not), and scan for the AoB. If you only get one result (and that result is the address in question), then it's unique and safe to use.
It would be better to make your injection point earlier than where you currently have it. You could use 05FC8914, but you should nop the faddp as well (the template CE provides won't do that for you). Example using that:
Code: | aobscan(Gold,DD 40 30 DD 45 0C DE C1 DD 58 30) // check to make sure this is unique
...
newmem:
fld qword ptr[dgold]
jmp return
Gold:
jmp newmem
nop
nop
nop
return:
...
[DISABLE]
Gold:
db DD 40 30 DD 45 0C DE C1
... |
PS: a double takes up 8 bytes, so you should allocate 8 bytes for it. This problem isn't exhibited in that script for reasons I won't get into, but it's still something to take note of.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
johnkittz Advanced Cheater Reputation: 0
Joined: 17 May 2016 Posts: 95 Location: orderandhacks
|
Posted: Thu Jun 23, 2016 9:31 pm Post subject: |
|
|
ParkourPenguin wrote: | Correct. Those bytes change when you restart the game, so you can't include them in the AoB signature. To check if an AoB signature is unique, set the value type to Array of byte, set writable/executable checkboxes to grey/filled (don't care if it's writable/executable or not), and scan for the AoB. If you only get one result (and that result is the address in question), then it's unique and safe to use.
It would be better to make your injection point earlier than where you currently have it. You could use 05FC8914, but you should nop the faddp as well (the template CE provides won't do that for you). Example using that:
Code: | aobscan(Gold,DD 40 30 DD 45 0C DE C1 DD 58 30) // check to make sure this is unique
...
newmem:
fld qword ptr[dgold]
jmp return
Gold:
jmp newmem
nop
nop
nop
return:
...
[DISABLE]
Gold:
db DD 40 30 DD 45 0C DE C1
... |
PS: a double takes up 8 bytes, so you should allocate 8 bytes for it. This problem isn't exhibited in that script for reasons I won't get into, but it's still something to take note of. |
it is unique i scanned with only one result
but when i add everything you suggested the game crashes
Code: | aobscan(Gold,DD 40 30 DD 45 0C DE C1 DD 58 30) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
alloc(dgold,8)
dgold:
dq (double)999999999999999999999
newmem:
fld qword ptr[dgold]
jmp return
code:
fld qword ptr [dgold]
fstp qword ptr [eax+30]
call 06492450
jmp return
Gold:
jmp code
nop
nop
nop
return:
registersymbol(Gold)
[DISABLE]
Gold:
db db DD 40 30 DD 45 0C DE C1
unregistersymbol(Gold)
dealloc(newmem) |
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Thu Jun 23, 2016 9:35 pm Post subject: |
|
|
You're jumping to the label code, which shouldn't be there (nor any of the old asm past that point). Delete the code label near the top, and replace everything from newmem: to return: with what I posted from newmem: to return:.
You have db twice in the [disable] section. Remove one of them.
I didn't see this in my last post, but you should also dealloc dgold in the [disable] section.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
johnkittz Advanced Cheater Reputation: 0
Joined: 17 May 2016 Posts: 95 Location: orderandhacks
|
Posted: Thu Jun 23, 2016 9:47 pm Post subject: |
|
|
ParkourPenguin wrote: | You're jumping to the label code, which shouldn't be there (nor any of the old asm past that point). Delete the code label near the top, and replace everything from newmem: to return: with what I posted from newmem: to return:.
You have db twice in the [disable] section. Remove one of them.
I didn't see this in my last post, but you should also dealloc dgold in the [disable] section. |
im having a hard time understanding what you said about "replace everything from newmem to return with what i posted from newmem to return?"
do you mean move the code from newmem to return?
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Thu Jun 23, 2016 9:49 pm Post subject: |
|
|
Your code:
Code: | ...
newmem:
fld qword ptr[dgold]
jmp return
code:
fld qword ptr [dgold]
fstp qword ptr [eax+30]
call 06492450
jmp return
Gold:
jmp code
nop
nop
nop
return:
... |
What I wrote:
Code: | ...
newmem:
fld qword ptr[dgold]
jmp return
Gold:
jmp newmem
nop
nop
nop
return:
... |
Do you see the differences?
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
johnkittz Advanced Cheater Reputation: 0
Joined: 17 May 2016 Posts: 95 Location: orderandhacks
|
Posted: Thu Jun 23, 2016 9:57 pm Post subject: |
|
|
ParkourPenguin wrote: | Your code:
Code: | ...
newmem:
fld qword ptr[dgold]
jmp return
code:
fld qword ptr [dgold]
fstp qword ptr [eax+30]
call 06492450
jmp return
Gold:
jmp code
nop
nop
nop
return:
... |
What I wrote:
Code: | ...
newmem:
fld qword ptr[dgold]
jmp return
Gold:
jmp newmem
nop
nop
nop
return:
... |
Do you see the differences? |
i just now seen the difference im sorry for that
so this is what i got now
Code: | aobscan(Gold,DD 40 30 DD 45 0C DE C1 DD 58 30) // should be unique
alloc(newmem,$1000)
alloc(dgold,8)
dgold:
dq (double)999999999999999999999
newmem:
fld qword ptr[dgold]
jmp return
code:
fld qword ptr [dgold]
fstp qword ptr [eax+30]
call 06492450
jmp return
Gold:
jmp newmem
nop
nop
nop
return:
fld qword ptr[dgold]
jmp return
registersymbol(Gold)
[DISABLE]
Gold:
db DD 40 30 DD 45 0C DE C1
unregistersymbol(Gold)
dealloc(newmem)
dealloc(dgold) |
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Thu Jun 23, 2016 10:06 pm Post subject: |
|
|
Why do you have those two instructions after the label return?
That code section is still there. Remove it.
All you need to do is copy and paste the code I posted. You don't even need to understand it. All you need to do is not add anything new that'll screw it up.
I believe that I'm just wasting my time if I try to help you learn this on your own, so I'll just give you the full script.
Code: | [ENABLE]
aobscan(Gold,DD 40 30 DD 45 0C DE C1 DD 58 30) // should be unique
alloc(newmem,$1000)
alloc(dgold,8)
registersymbol(Gold)
dgold:
dq (double)999999999999999999999
newmem:
fld qword ptr[dgold]
jmp return
Gold:
jmp newmem
nop
nop
nop
return:
[DISABLE]
Gold:
db DD 40 30 DD 45 0C DE C1
unregistersymbol(Gold)
dealloc(newmem)
dealloc(dgold) |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
johnkittz Advanced Cheater Reputation: 0
Joined: 17 May 2016 Posts: 95 Location: orderandhacks
|
Posted: Thu Jun 23, 2016 10:37 pm Post subject: |
|
|
ParkourPenguin wrote: | Why do you have those two instructions after the label return?
That code section is still there. Remove it.
All you need to do is copy and paste the code I posted. You don't even need to understand it. All you need to do is not add anything new that'll screw it up.
I believe that I'm just wasting my time if I try to help you learn this on your own, so I'll just give you the full script.
Code: | [ENABLE]
aobscan(Gold,DD 40 30 DD 45 0C DE C1 DD 58 30) // should be unique
alloc(newmem,$1000)
alloc(dgold,8)
registersymbol(Gold)
dgold:
dq (double)999999999999999999999
newmem:
fld qword ptr[dgold]
jmp return
Gold:
jmp newmem
nop
nop
nop
return:
[DISABLE]
Gold:
db DD 40 30 DD 45 0C DE C1
unregistersymbol(Gold)
dealloc(newmem)
dealloc(dgold) |
|
im trying to learn it says "seek help in the forums" but yet when people want help people act like there stupid
im not posting here anymore ill learn on my own
sorry for seeking help and sorry i dont have a HUGE understanding of assembly
cya
|
|
Back to top |
|
|
|