|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
fcqgju14156 Newbie cheater Reputation: 0
Joined: 01 Jan 2017 Posts: 18
|
Posted: Tue Jan 10, 2017 10:09 am Post subject: |
|
|
screenshots
Description: |
|
Filesize: |
13.38 KB |
Viewed: |
5758 Time(s) |
|
Description: |
|
Filesize: |
2.25 KB |
Viewed: |
5758 Time(s) |
|
Description: |
|
Filesize: |
1.64 KB |
Viewed: |
5760 Time(s) |
|
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Tue Jan 10, 2017 12:37 pm Post subject: |
|
|
mgr.inz.Player wrote: | ...resize window so we can see everything in top part and bottom part of window, also resize columns. Take a screenshot... |
Your screenshot,
What I meant (just an example screenshot found on CEF)
(top part fully visible, window caption visible, bottom part visible, register values visible)
When you make disassembled screenshot, like this one
Be sure we can see 15 lines above and 15 lines below. Or just copy paste whole autogenerated AA script (use 'aob injection' template)
PS: the game has single player mode and multiplayer mode, and also VAC. So use CE only in steam offline mode, otherwise you will get VAC ban.
PSS: it is unity game. You can try use CE MonoDataCollector (also in offline mode).
_________________
|
|
Back to top |
|
|
fcqgju14156 Newbie cheater Reputation: 0
Joined: 01 Jan 2017 Posts: 18
|
Posted: Tue Jan 10, 2017 1:08 pm Post subject: |
|
|
AOB Injection:
{ Game : BlockNLoad.exe
Version:
Date : 2017-01-10
Author :
This script does blah blah blah
}
[ENABLE]
aobscanmodule(INJECT,BlockNLoad.exe,48 89 86 D0 01 00 00 49) // should be unique
alloc(newmem,$1000,"BlockNLoad.exe"+AD1482)
label(code)
label(return)
newmem:
code:
mov [rsi+000001D0],rax
jmp return
INJECT:
jmp code
nop
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 48 89 86 D0 01 00 00
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "BlockNLoad.exe"+AD1482
"BlockNLoad.exe"+AD143D: 0F 28 BC 24 20 02 00 00 - movaps xmm7,[rsp+00000220]
"BlockNLoad.exe"+AD1445: 0F 28 B4 24 30 02 00 00 - movaps xmm6,[rsp+00000230]
"BlockNLoad.exe"+AD144D: 4C 8B BC 24 48 02 00 00 - mov r15,[rsp+00000248]
"BlockNLoad.exe"+AD1455: 4C 8B AC 24 50 02 00 00 - mov r13,[rsp+00000250]
"BlockNLoad.exe"+AD145D: 4C 8B A4 24 58 02 00 00 - mov r12,[rsp+00000258]
"BlockNLoad.exe"+AD1465: 48 8B BC 24 60 02 00 00 - mov rdi,[rsp+00000260]
"BlockNLoad.exe"+AD146D: 88 86 20 02 00 00 - mov [rsi+00000220],al
"BlockNLoad.exe"+AD1473: 49 8B 46 08 - mov rax,[r14+08]
"BlockNLoad.exe"+AD1477: 48 89 86 C8 01 00 00 - mov [rsi+000001C8],rax
"BlockNLoad.exe"+AD147E: 49 8B 46 10 - mov rax,[r14+10]
// ---------- INJECTING HERE ----------
"BlockNLoad.exe"+AD1482: 48 89 86 D0 01 00 00 - mov [rsi+000001D0],rax
// ---------- DONE INJECTING ----------
"BlockNLoad.exe"+AD1489: 49 8B 46 18 - mov rax,[r14+18]
"BlockNLoad.exe"+AD148D: 48 89 86 D8 01 00 00 - mov [rsi+000001D8],rax
"BlockNLoad.exe"+AD1494: 48 85 C9 - test rcx,rcx
"BlockNLoad.exe"+AD1497: 0F 84 C2 00 00 00 - je BlockNLoad.exe+AD155F
"BlockNLoad.exe"+AD149D: F2 0F 10 44 24 68 - movsd xmm0,[rsp+68]
"BlockNLoad.exe"+AD14A3: F2 0F 10 4C 24 70 - movsd xmm1,[rsp+70]
"BlockNLoad.exe"+AD14A9: F2 41 0F 5C 46 08 - subsd xmm0,[r14+08]
"BlockNLoad.exe"+AD14AF: F2 41 0F 5C 4E 10 - subsd xmm1,[r14+10]
"BlockNLoad.exe"+AD14B5: F2 0F 5A D0 - cvtsd2ss xmm2,xmm0
"BlockNLoad.exe"+AD14B9: F2 0F 10 44 24 78 - movsd xmm0,[rsp+78]
}
Description: |
|
Filesize: |
14.74 KB |
Viewed: |
5723 Time(s) |
|
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Tue Jan 10, 2017 2:12 pm Post subject: |
|
|
mgr.inz.Player wrote: | (top part fully visible, window caption visible, bottom part visible, register values visible) |
But, close enough.
I see RAX value is 4013CCCCBC800004, and that means 4.9499997... is written to [RSI+1D0]
Now do the same for second value.
_________________
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Tue Jan 10, 2017 3:30 pm Post subject: |
|
|
|
|
Back to top |
|
|
fcqgju14156 Newbie cheater Reputation: 0
Joined: 01 Jan 2017 Posts: 18
|
Posted: Wed Jan 11, 2017 3:13 am Post subject: |
|
|
(scr1)
{ Game : BlockNLoad.exe
Version:
Date : 2017-01-11
Author :
This script does blah blah blah
}
[ENABLE]
aobscanmodule(INJECT,BlockNLoad.exe,48 89 86 D0 01 00 00 49) // should be unique
alloc(newmem,$1000,"BlockNLoad.exe"+AD1482)
label(code)
label(return)
newmem:
code:
mov [rsi+000001D0],rax
jmp return
INJECT:
jmp code
nop
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 48 89 86 D0 01 00 00
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "BlockNLoad.exe"+AD1482
"BlockNLoad.exe"+AD143D: 0F 28 BC 24 20 02 00 00 - movaps xmm7,[rsp+00000220]
"BlockNLoad.exe"+AD1445: 0F 28 B4 24 30 02 00 00 - movaps xmm6,[rsp+00000230]
"BlockNLoad.exe"+AD144D: 4C 8B BC 24 48 02 00 00 - mov r15,[rsp+00000248]
"BlockNLoad.exe"+AD1455: 4C 8B AC 24 50 02 00 00 - mov r13,[rsp+00000250]
"BlockNLoad.exe"+AD145D: 4C 8B A4 24 58 02 00 00 - mov r12,[rsp+00000258]
"BlockNLoad.exe"+AD1465: 48 8B BC 24 60 02 00 00 - mov rdi,[rsp+00000260]
"BlockNLoad.exe"+AD146D: 88 86 20 02 00 00 - mov [rsi+00000220],al
"BlockNLoad.exe"+AD1473: 49 8B 46 08 - mov rax,[r14+08]
"BlockNLoad.exe"+AD1477: 48 89 86 C8 01 00 00 - mov [rsi+000001C8],rax
"BlockNLoad.exe"+AD147E: 49 8B 46 10 - mov rax,[r14+10]
// ---------- INJECTING HERE ----------
"BlockNLoad.exe"+AD1482: 48 89 86 D0 01 00 00 - mov [rsi+000001D0],rax
// ---------- DONE INJECTING ----------
"BlockNLoad.exe"+AD1489: 49 8B 46 18 - mov rax,[r14+18]
"BlockNLoad.exe"+AD148D: 48 89 86 D8 01 00 00 - mov [rsi+000001D8],rax
"BlockNLoad.exe"+AD1494: 48 85 C9 - test rcx,rcx
"BlockNLoad.exe"+AD1497: 0F 84 C2 00 00 00 - je BlockNLoad.exe+AD155F
"BlockNLoad.exe"+AD149D: F2 0F 10 44 24 68 - movsd xmm0,[rsp+68]
"BlockNLoad.exe"+AD14A3: F2 0F 10 4C 24 70 - movsd xmm1,[rsp+70]
"BlockNLoad.exe"+AD14A9: F2 41 0F 5C 46 08 - subsd xmm0,[r14+08]
"BlockNLoad.exe"+AD14AF: F2 41 0F 5C 4E 10 - subsd xmm1,[r14+10]
"BlockNLoad.exe"+AD14B5: F2 0F 5A D0 - cvtsd2ss xmm2,xmm0
"BlockNLoad.exe"+AD14B9: F2 0F 10 44 24 78 - movsd xmm0,[rsp+78]
}
(scr2)
{ Game : BlockNLoad.exe
Version:
Date : 2017-01-11
Author :
This script does blah blah blah
}
[ENABLE]
aobscanmodule(INJECT,BlockNLoad.exe,48 89 86 D8 01 00 00 48 85) // should be unique
alloc(newmem,$1000,"BlockNLoad.exe"+AD148D)
label(code)
label(return)
newmem:
code:
mov [rsi+000001D8],rax
jmp return
INJECT:
jmp code
nop
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 48 89 86 D8 01 00 00
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "BlockNLoad.exe"+AD148D
"BlockNLoad.exe"+AD144D: 4C 8B BC 24 48 02 00 00 - mov r15,[rsp+00000248]
"BlockNLoad.exe"+AD1455: 4C 8B AC 24 50 02 00 00 - mov r13,[rsp+00000250]
"BlockNLoad.exe"+AD145D: 4C 8B A4 24 58 02 00 00 - mov r12,[rsp+00000258]
"BlockNLoad.exe"+AD1465: 48 8B BC 24 60 02 00 00 - mov rdi,[rsp+00000260]
"BlockNLoad.exe"+AD146D: 88 86 20 02 00 00 - mov [rsi+00000220],al
"BlockNLoad.exe"+AD1473: 49 8B 46 08 - mov rax,[r14+08]
"BlockNLoad.exe"+AD1477: 48 89 86 C8 01 00 00 - mov [rsi+000001C8],rax
"BlockNLoad.exe"+AD147E: 49 8B 46 10 - mov rax,[r14+10]
"BlockNLoad.exe"+AD1482: 48 89 86 D0 01 00 00 - mov [rsi+000001D0],rax
"BlockNLoad.exe"+AD1489: 49 8B 46 18 - mov rax,[r14+18]
// ---------- INJECTING HERE ----------
"BlockNLoad.exe"+AD148D: 48 89 86 D8 01 00 00 - mov [rsi+000001D8],rax
// ---------- DONE INJECTING ----------
"BlockNLoad.exe"+AD1494: 48 85 C9 - test rcx,rcx
"BlockNLoad.exe"+AD1497: 0F 84 C2 00 00 00 - je BlockNLoad.exe+AD155F
"BlockNLoad.exe"+AD149D: F2 0F 10 44 24 68 - movsd xmm0,[rsp+68]
"BlockNLoad.exe"+AD14A3: F2 0F 10 4C 24 70 - movsd xmm1,[rsp+70]
"BlockNLoad.exe"+AD14A9: F2 41 0F 5C 46 08 - subsd xmm0,[r14+08]
"BlockNLoad.exe"+AD14AF: F2 41 0F 5C 4E 10 - subsd xmm1,[r14+10]
"BlockNLoad.exe"+AD14B5: F2 0F 5A D0 - cvtsd2ss xmm2,xmm0
"BlockNLoad.exe"+AD14B9: F2 0F 10 44 24 78 - movsd xmm0,[rsp+78]
"BlockNLoad.exe"+AD14BF: F2 0F 5A D9 - cvtsd2ss xmm3,xmm1
"BlockNLoad.exe"+AD14C3: F3 0F 59 DB - mulss xmm3,xmm3
}
Description: |
|
Filesize: |
16.5 KB |
Viewed: |
5608 Time(s) |
|
Description: |
|
Filesize: |
16.4 KB |
Viewed: |
5608 Time(s) |
|
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Wed Jan 11, 2017 7:50 am Post subject: |
|
|
What happens when you NOP both opcodes with this script?
Code: | [ENABLE]
"BlockNLoad.exe"+AD1482:
db 90 90 90 90 90 90 90
// 48 89 86 D0 01 00 00 - mov [rsi+000001D0],rax
"BlockNLoad.exe"+AD148D:
db 90 90 90 90 90 90 90
// 48 89 86 D8 01 00 00 - mov [rsi+000001D8],rax
[DISABLE]
"BlockNLoad.exe"+AD1482:
db 48 89 86 D0 01 00 00 // mov [rsi+000001D0],rax
"BlockNLoad.exe"+AD148D:
db 48 89 86 D8 01 00 00 // mov [rsi+000001D8],rax |
_________________
|
|
Back to top |
|
|
fcqgju14156 Newbie cheater Reputation: 0
Joined: 01 Jan 2017 Posts: 18
|
Posted: Wed Jan 11, 2017 3:14 pm Post subject: |
|
|
Why is all this necessary? I need a script.
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Wed Jan 11, 2017 3:28 pm Post subject: |
|
|
fcqgju14156 wrote: | Why is all this necessary? I need a script. | -Are you trolling? mgr.inz.Player is trying to help you. He literally just provided you with a script. If you do as instructed, instead of being difficult, then I am confident that you will get what you need.
|
|
Back to top |
|
|
fcqgju14156 Newbie cheater Reputation: 0
Joined: 01 Jan 2017 Posts: 18
|
Posted: Wed Jan 11, 2017 4:10 pm Post subject: |
|
|
Sorry. I did not notice...
The script was unnecessary rows. This is what I need:
[ENABLE]
"BlockNLoad.exe"+AD1482:
db 90 90 90 90 90 90 90
[DISABLE]
"BlockNLoad.exe"+AD1482:
db 48 89 86 D0 01 00 00
It works.
|
|
Back to top |
|
|
fcqgju14156 Newbie cheater Reputation: 0
Joined: 01 Jan 2017 Posts: 18
|
Posted: Thu Jan 12, 2017 7:36 pm Post subject: |
|
|
This can be done in the form of lua script?
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Thu Jan 12, 2017 8:35 pm Post subject: |
|
|
Code: | autoAssemble([[
"BlockNLoad.exe"+AD1482:
db 90 90 90 90 90 90 90
]]) |
Code: | writeBytes("BlockNLoad.exe+AD1482", 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90) |
|
|
Back to top |
|
|
fcqgju14156 Newbie cheater Reputation: 0
Joined: 01 Jan 2017 Posts: 18
|
Posted: Thu Jan 12, 2017 9:08 pm Post subject: |
|
|
I need to script turned on and off with a button C
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Thu Jan 12, 2017 10:28 pm Post subject: |
|
|
So give your table entry a hotkey.
|
|
Back to top |
|
|
fcqgju14156 Newbie cheater Reputation: 0
Joined: 01 Jan 2017 Posts: 18
|
Posted: Fri Jan 13, 2017 8:11 am Post subject: |
|
|
Where to get it?
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|