Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Newbie issue with AoB + assembly

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Whomping Walrus
How do I cheat?
Reputation: 0

Joined: 18 Oct 2016
Posts: 4
Location: Rune Midgard

PostPosted: Tue Oct 18, 2016 11:19 pm    Post subject: Newbie issue with AoB + assembly Reply with quote

Hi guys,

I've been screwing around with Metal Gear Solid V, and it's been going well - I've created plenty of AoB scripts which function just fine, but now I can't even create one that won't crash the application.

Take this for example:

Code:

[ENABLE]

aobscanmodule(MultipliedAcceleration,mgsvtpp.exe,F3 0F 59 C4 F3 0F 10 9F 60 01 00 00)
alloc(newmem,$1000,"mgsvtpp.exe"+4271190)

label(code)
label(return)

newmem:
  jmp code

code:
  mulss xmm0,xmm4
  movss xmm3,[rdi+00000160]
  jmp return

MultipliedAcceleration:
  jmp newmem
  nop
  nop
  nop
  nop
  nop
  nop
  nop
return:
registersymbol(MultipliedAcceleration)

[DISABLE]

MultipliedAcceleration:
  db F3 0F 59 C4 F3 0F 10 9F 60 01 00 00

unregistersymbol(MultipliedAcceleration)
dealloc(newmem)


It looks to me like it should do nothing. Absolutely nothing. It's pretty much just the AoB template. I'm missing something critical though, because it still crashes the application. Can you guys see what i'm missing?

Thanks in advance (:
Back to top
View user's profile Send private message
Betcha
Expert Cheater
Reputation: 4

Joined: 13 Aug 2015
Posts: 232
Location: Somewhere In Space

PostPosted: Wed Oct 19, 2016 2:51 am    Post subject: Re: Newbie issue with AoB + assembly Reply with quote

Code:

[ENABLE]

aobscanmodule(MultipliedAcceleration,mgsvtpp.exe,F3 0F 59 C4 F3 0F 10 9F 60 01 00 00)
alloc(newmem,$100)
label(return)

newmem:
  mulss xmm0,xmm4
  movss xmm3,[rdi+00000160]
  jmp return

MultipliedAcceleration:
  jmp newmem
  nop
  nop
  nop
  nop
  nop
  nop
  nop
return:
registersymbol(MultipliedAcceleration)

[DISABLE]

MultipliedAcceleration:
  db F3 0F 59 C4 F3 0F 10 9F 60 01 00 00

unregistersymbol(MultipliedAcceleration)
dealloc(newmem)


If still crashes, try check if array of bytes are unique.
Back to top
View user's profile Send private message
Whomping Walrus
How do I cheat?
Reputation: 0

Joined: 18 Oct 2016
Posts: 4
Location: Rune Midgard

PostPosted: Wed Oct 19, 2016 3:44 am    Post subject: Reply with quote

Yup, still crashing.

I double checked that the bytes were unique before activating (with r/w checked), & I double checked that those are in fact the original instructions. I don't think it's performing CRCs either, since I can nop out the entire first instruction and it functions just fine.

Here's the disassembly window in case it's useful for anyone:
i_imgur_com/6AkZtfy.png
(can't linkify it because my account is new)
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Wed Oct 19, 2016 7:28 am    Post subject: Reply with quote

Are you sure nothing jumps to the instruction movss xmm3,[rdi+00000160]? If anything does, it'll jump into the middle of your jump and probably execute something it shouldn't. You can use "Tools -> Dissect Code" to make sure.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Wed Oct 19, 2016 8:21 am    Post subject: Reply with quote

alloc(newmem,$100,mgsvtpp.exe)

Else the jmp can be either 5 or 14 bytes long

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Whomping Walrus
How do I cheat?
Reputation: 0

Joined: 18 Oct 2016
Posts: 4
Location: Rune Midgard

PostPosted: Wed Oct 19, 2016 10:50 pm    Post subject: Reply with quote

ParkourPenguin wrote:
Are you sure nothing jumps to the instruction movss xmm3,[rdi+00000160]? If anything does, it'll jump into the middle of your jump and probably execute something it shouldn't. You can use "Tools -> Dissect Code" to make sure.


Ahh, you're 100% right! I didn't see any local jumps, but apparently there is a jump to that second line somewhere. I can inject a line earlier and still achieve what I'm working toward. Thank you, man.

Here's the fixed version for anyone who's interested:
Code:

[ENABLE]

aobscanmodule(MultipliedAcceleration,mgsvtpp.exe,F3 0F 10 85 08 01 00 00 F3 0F 59 C4)
alloc(newmem,$1000,"mgsvtpp.exe"+4271188)

label(return)

newmem:
  movss xmm0,[rbp+00000108]   // Original code which was nop'd
  mulss xmm0,xmm4             // Original code which was nop'd
  jmp return

MultipliedAcceleration:
  jmp newmem
  nop
  nop
  nop
  nop
  nop
  nop
  nop
return:
registersymbol(MultipliedAcceleration)

[DISABLE]

MultipliedAcceleration:
  db F3 0F 10 85 08 01 00 00 F3 0F 59 C4

unregistersymbol(MultipliedAcceleration)
dealloc(newmem)



Dark Byte wrote:
alloc(newmem,$100,mgsvtpp.exe)

Else the jmp can be either 5 or 14 bytes long


Ahh, that's great to know - I was wondering why only sometimes the executable is specified explicitly. Is there somewhere where I can read up on the auto-assembler's syntax specifics like that, or should I just study other people's scripts and learn by inference? My Google-fu is weak, & I don't see it on the AA wiki page.
Back to top
View user's profile Send private message
STN
I post too much
Reputation: 42

Joined: 09 Nov 2005
Posts: 2672

PostPosted: Thu Oct 20, 2016 1:54 am    Post subject: Reply with quote

http://wiki.cheatengine.org/index.php?title=Cheat_Engine:Auto_Assembler#Assigning_a_Script_to_a_CheatTable

Still the best place to get info about AA commands (i guess the alloc one hasnt been updated)

_________________
Cheat Requests/Tables- Fearless Cheat Engine
https://fearlessrevolution.com
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Thu Oct 20, 2016 5:12 am    Post subject: Reply with quote

the helpfile also has some info

I also updated the wiki (Everyone can edit it though, you just need to register for editing to work)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Whomping Walrus
How do I cheat?
Reputation: 0

Joined: 18 Oct 2016
Posts: 4
Location: Rune Midgard

PostPosted: Thu Oct 20, 2016 3:13 pm    Post subject: Reply with quote

Great stuff, thank you guys.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites