 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
scoobz1234
How do I cheat?
![]() Reputation: 0
Joined: 17 May 2019
Posts: 4
|
 Posted: Fri May 17, 2019 4:55 pm Post subject: Help with Reading and writing to XMM registers |
 |
|
Hey everyone, I am still pretty new to writing scripts in CE, and I'm trying to write a teleport script for a game. The player position is stored in xmm13 and is in x,y,z,0 format where zero is not being used. my question/ issue i am having is reading from xmm13, storing that value for later use, and then loading that value and setting the player position to that value. here is what i have...
please be gentle...
| Code: |
[ENABLE]
aobscanmodule(teleport,SuperCoolGame,44 0F 29 AB 90 01 00 00 B2)
alloc(newmem,$1000,"SuperCoolGame"+1BBAA18)
alloc(location,128)
//::::::LABELS:::::://
label(code)
label(return)
label(location)
label(en_save) //enable save flag
label(en_load) //enable load flag
label(save)
label(load)
//::::::SYMBOLS:::::://
registersymbol(en_save)
registersymbol(en_load)
registersymbol(location)
//::::::CODE:::::://
en_save: //preset flag to 0
dd 0
en_load: //preset flag to 0
dd 0
location: //trying to use this to store and retrieve a specific location to teleport to...
dd (float)0.0
dd (float)0.0
dd (float)0.0
dd (float)0.0
newmem: //new mem, compare to check if player has pressed hotkeys...
cmp [en_save],1
je save
cmp [en_load],1
je load
jmp code
//::::::SAVE FUNCTION:::::://
save:
mov [en_save],0
movaps [location],xmm13
jmp code
//::::::LOAD FUNCTION:::::://
load:
mov [en_load],0
mov rax,location
movaps xmm13,[rax]
movaps [rbx+190],xmm13
jmp return
//::::::ORIGINAL CODE:::::://
code:
movaps [rbx+00000190],xmm13
jmp return
teleport:
jmp newmem
nop
nop
nop
return:
registersymbol(teleport)
[DISABLE]
teleport:
db 44 0F 29 AB 90 01 00 00
unregistersymbol(teleport)
unregistersymbol(en_save)
unregistersymbol(en_load)
unregistersymbol(location)
dealloc(newmem)
dealloc(location)
|
Last edited by scoobz1234 on Fri May 17, 2019 8:31 pm; edited 1 time in total |
|
| Back to top |
|
 |
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Fri May 17, 2019 7:34 pm Post subject: |
|
|
put en_save and en_load under newmem or location. (since you did not allocate any memory for them)
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
scoobz1234
How do I cheat?
![]() Reputation: 0
Joined: 17 May 2019
Posts: 4
|
| Posted: Fri May 17, 2019 7:49 pm Post subject: |
|
|
moved them to the allocated memory space under newmem, still instant crash
| Code: | [ENABLE]
aobscanmodule(teleport,SuperCoolGame,44 0F 29 AB 90 01 00 00 B2)
alloc(newmem,$1000,"SuperCoolGame"+1BBAA18)
alloc(location,128)
//::::::LABELS:::::://
label(code)
label(return)
label(location)
label(en_save) //enable save flag
label(en_load) //enable load flag
label(save)
label(load)
//::::::SYMBOLS:::::://
registersymbol(en_save)
registersymbol(en_load)
registersymbol(location)
//::::::CODE:::::://
location: //trying to use this to store and retrieve a specific location to teleport to...
dd (float)0.0
dd (float)0.0
dd (float)0.0
dd (float)0.0
newmem: //new mem, compare to check if player has pressed hotkeys...
en_save: //preset flag to 0
dd 0
en_load: //preset flag to 0
dd 0
cmp [en_save],1
je save
cmp [en_load],1
je load
jmp code
//::::::SAVE FUNCTION:::::://
save:
mov [en_save],0
movaps [location],xmm13
jmp code
//::::::LOAD FUNCTION:::::://
load:
mov [en_load],0
mov rax,location
movaps xmm13,[rax]
movaps [rbx+190],xmm13
jmp return
//::::::ORIGINAL CODE:::::://
code:
movaps [rbx+00000190],xmm13
jmp return
teleport:
jmp newmem
nop
nop
nop
return:
registersymbol(teleport)
[DISABLE]
teleport:
db 44 0F 29 AB 90 01 00 00
unregistersymbol(teleport)
unregistersymbol(en_save)
unregistersymbol(en_load)
unregistersymbol(location)
dealloc(newmem)
dealloc(location)
|
[/code]
Last edited by scoobz1234 on Fri May 17, 2019 8:30 pm; edited 1 time in total |
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 150
Joined: 06 Jul 2014
Posts: 4652
|
| Posted: Fri May 17, 2019 7:55 pm Post subject: |
|
|
What problem are you having?
small details:
| Code: | load:
mov [en_load],0
mov rax,location
movaps xmm13,[rax]
movaps [rbx+190],xmm13
jmp return rax] |
You're not backing up rax, which might cause problems if it's read from later on before being overwritten again.
You wouldn't need to use rax if you allocated location next to newmem. This allows for rip-relative addressing as you're trying to do in the save section. (this might happen fortuitously)
The last two instructions in load are unnecessary since you could let it fall through and have the same effect.
| Code: | alloc(location,128,"????????.exe"+1BBAA18)
...
load:
mov [en_load],0
movaps xmm13,[location]
code:
... |
????????.exe should probably be the name of the actual exe file. If you tried to censor this, do a better job of looking through your script- the aobscanmodule call isn't the only place that name appears.
en_save and en_load aren't allocated under anything. Put them at the end of location or something (not above x/y/z- that would screw with the alignment of movaps). If you put it at the beginning of newmem, make sure the injection point jumps to the code and not the data.
You should also put the teleport registersymbol with the others.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
scoobz1234
How do I cheat?
![]() Reputation: 0
Joined: 17 May 2019
Posts: 4
|
| Posted: Fri May 17, 2019 8:30 pm Post subject: |
|
|
ParkourPenguin
It was a sad...sad... attempt removing the name...haha..
so thing's i have done with your recommendations:
Moved registersymbol(teleport) up with other symbols..not sure how i missed that.
en_save and en_load were moved to directly below newmem:
dropped last two lines from load: I see what you mean by following through to the code: section and then running the same line...
with all these corrections, the game still crashes instantly once the script is enabled in the table. (prior to even pressing a hotkey)
| Code: |
[ENABLE]
aobscanmodule(teleport,SuperCoolGame,44 0F 29 AB 90 01 00 00 B2)
alloc(newmem,$1000,"SuperCoolGame"+1BBAA18)
alloc(location,128)
//::::::LABELS:::::://
label(code)
label(return)
label(location)
label(en_save) //enable save flag
label(en_load) //enable load flag
label(save)
label(load)
//::::::SYMBOLS:::::://
registersymbol(en_save)
registersymbol(en_load)
registersymbol(location)
registersymbol(teleport)
//::::::CODE:::::://
location: //trying to use this to store and retrieve a specific location to teleport to...
dd (float)0.0
dd (float)0.0
dd (float)0.0
dd (float)0.0
newmem: //new mem, compare to check if player has pressed hotkeys...
en_save: //preset flag to 0
dd 0
en_load: //preset flag to 0
dd 0
cmp [en_save],1
je save
cmp [en_load],1
je load
jmp code
//::::::SAVE FUNCTION:::::://
save:
mov [en_save],0
movaps [location],xmm13
jmp code
//::::::LOAD FUNCTION:::::://
load:
mov [en_load],0
mov rax,location
movaps xmm13,[rax]
//::::::ORIGINAL CODE:::::://
code:
movaps [rbx+00000190],xmm13
jmp return
teleport:
jmp newmem
nop
nop
nop
return:
[DISABLE]
teleport:
db 44 0F 29 AB 90 01 00 00
unregistersymbol(teleport)
unregistersymbol(en_save)
unregistersymbol(en_load)
unregistersymbol(location)
dealloc(newmem)
dealloc(location)
|
[/code]
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 150
Joined: 06 Jul 2014
Posts: 4652
|
| Posted: Sat May 18, 2019 7:50 am Post subject: |
|
|
| ParkourPenguin wrote: | | If you put it at the beginning of newmem, make sure the injection point jumps to the code and not the data. |
| Code: | newmem: //new mem, compare to check if player has pressed hotkeys...
en_save: //preset flag to 0
dd 0
en_load: //preset flag to 0
dd 0
cmp [en_save],1
...
teleport:
jmp newmem |
The injection point (i.e. the instruction at teleport) is jumping into data. Make it jump to the cmp instruction instead.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
scoobz1234
How do I cheat?
![]() Reputation: 0
Joined: 17 May 2019
Posts: 4
|
| Posted: Sat May 18, 2019 9:39 am Post subject: |
|
|
Okay, instant crash has since been rectified, the data in xmm13 is being saved to location, but the teleport function does not work, nothing happens.. also it looks like the data thats being saved to location is not correct.. I.E my Z in game says -361.5 and the location on the computer is -200 somthing..
[ENABLE]
aobscanmodule(teleport,SuperCoolGame,44 0F 29 AB 90 01 00 00 B2)
alloc(newmem,$1000,"SuperCoolGame"+1BBAA18)
alloc(location,128)
alloc(setup,256)
//::::::LABELS:::::://
label(code)
label(return)
label(location)
label(en_save)
label(en_load)
label(save)
label(load)
//::::::SYMBOLS:::::://
registersymbol(en_save)
registersymbol(en_load)
registersymbol(location)
registersymbol(teleport)
//::::::CODE:::::://
setup:
location:
dd (float)0.0
dd (float)0.0
dd (float)0.0
dd (float)0.0
en_save:
dd 0
en_load:
dd 0
newmem:
cmp [en_save],1
je save
cmp [en_load],1
je load
jmp code
//::::::SAVE FUNCTION:::::://
save:
mov [en_save],0
movups [location],xmm13
jmp code
//::::::LOAD FUNCTION:::::://
load:
mov [en_load],0
mov rax,location
movaps xmm13,[rax]
movaps [rbx+190],xmm13
jmp return
//::::::ORIGINAL CODE:::::://
code:
movaps [rbx+00000190],xmm13
jmp return
teleport:
jmp newmem
nop
nop
nop
return:
[DISABLE]
teleport:
db 44 0F 29 AB 90 01 00 00
unregistersymbol(teleport)
unregistersymbol(en_save)
unregistersymbol(en_load)
unregistersymbol(location)
dealloc(newmem)
dealloc(location)
dealloc(setup
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 150
Joined: 06 Jul 2014
Posts: 4652
|
| Posted: Sat May 18, 2019 12:14 pm Post subject: |
|
|
Did you check to see if that instruction accesses other addresses? (Right click in disassembler -> find out what addresses this instruction accesses)
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
