| View previous topic :: View next topic |
| Author |
Message |
Illusion11316
How do I cheat?
![]() Reputation: 0
Joined: 12 Jul 2018
Posts: 5
|
 Posted: Tue Oct 13, 2020 10:57 am Post subject: Stuck on Step 9 Cheat Engine Tutorial |
 |
|
| Code: | { Game : Tutorial-x86_64.exe
Version:
Date : 2020-10-13
Author : Prince
This script does blah blah blah
}
[ENABLE]
aobscanmodule(INJECT,Tutorial-x86_64.exe,F3 0F 11 43 08 0F) // should be unique
alloc(newmem,$1000,"Tutorial-x86_64.exe"+2EB6D)
label(code)
label(return)
label(value)
label(player)
value:
dq (float)500.0
newmem:
cmp [rbx+14],1
je player
jmp code
player:
movss xmm0,[value]
jmp code
code:
movss [rbx+08],xmm0
jmp return
INJECT:
jmp newmem
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db F3 0F 11 43 08
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Tutorial-x86_64.exe"+2EB6D
"Tutorial-x86_64.exe"+2EB43: E9 97 00 00 00 - jmp Tutorial-x86_64.exe+2EBDF
"Tutorial-x86_64.exe"+2EB48: F3 0F 2A C6 - cvtsi2ss xmm0,esi
"Tutorial-x86_64.exe"+2EB4C: F3 0F 10 4B 08 - movss xmm1,[rbx+08]
"Tutorial-x86_64.exe"+2EB51: F3 0F 5C C8 - subss xmm1,xmm0
"Tutorial-x86_64.exe"+2EB55: 0F 2F 0D 24 DC 1F 00 - comiss xmm1,[Tutorial-x86_64.exe+22C780]
"Tutorial-x86_64.exe"+2EB5C: 7A 0C - jp Tutorial-x86_64.exe+2EB6A
"Tutorial-x86_64.exe"+2EB5E: 73 0A - jae Tutorial-x86_64.exe+2EB6A
"Tutorial-x86_64.exe"+2EB60: F3 0F 10 05 18 DC 1F 00 - movss xmm0,[Tutorial-x86_64.exe+22C780]
"Tutorial-x86_64.exe"+2EB68: EB 03 - jmp Tutorial-x86_64.exe+2EB6D
"Tutorial-x86_64.exe"+2EB6A: 0F 28 C1 - movaps xmm0,xmm1
// ---------- INJECTING HERE ----------
"Tutorial-x86_64.exe"+2EB6D: F3 0F 11 43 08 - movss [rbx+08],xmm0
// ---------- DONE INJECTING ----------
"Tutorial-x86_64.exe"+2EB72: 0F 2F 05 07 DC 1F 00 - comiss xmm0,[Tutorial-x86_64.exe+22C780]
"Tutorial-x86_64.exe"+2EB79: 7A 14 - jp Tutorial-x86_64.exe+2EB8F
"Tutorial-x86_64.exe"+2EB7B: 75 12 - jne Tutorial-x86_64.exe+2EB8F
"Tutorial-x86_64.exe"+2EB7D: 48 8B 4B 60 - mov rcx,[rbx+60]
"Tutorial-x86_64.exe"+2EB81: 48 8B 15 40 10 18 00 - mov rdx,[Tutorial-x86_64.exe+1AFBC8]
"Tutorial-x86_64.exe"+2EB88: E8 43 CB 07 00 - call Tutorial-x86_64.exe+AB6D0
"Tutorial-x86_64.exe"+2EB8D: EB 42 - jmp Tutorial-x86_64.exe+2EBD1
"Tutorial-x86_64.exe"+2EB8F: F3 0F 10 4B 08 - movss xmm1,[rbx+08]
"Tutorial-x86_64.exe"+2EB94: 48 8D 4D E0 - lea rcx,[rbp-20]
"Tutorial-x86_64.exe"+2EB98: E8 73 B6 01 00 - call Tutorial-x86_64.exe+4A210
} |
I dunno where is my mistakes, please help mee.
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 468
Joined: 09 May 2003
Posts: 25706
Location: The netherlands
|
| Posted: Tue Oct 13, 2020 11:12 am Post subject: |
|
|
You're not describing what goes wrong. The value doesn't change properly, or the tutorial gives an error/crashes, or it refuses to get injected ?
Looking at the script, it likely refuses because you declared value as a label and not an alloc(value,4) , which causes the label to be at address 0 , and writing the value at address 0 will fail as it's nonexisting memory
(and it should be a dd instead of dq)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Illusion11316
How do I cheat?
![]() Reputation: 0
Joined: 12 Jul 2018
Posts: 5
|
| Posted: Wed Oct 14, 2020 12:27 am Post subject: |
|
|
| Dark Byte wrote: | You're not describing what goes wrong. The value doesn't change properly, or the tutorial gives an error/crashes, or it refuses to get injected ?
Looking at the script, it likely refuses because you declared value as a label and not an alloc(value,4) , which causes the label to be at address 0 , and writing the value at address 0 will fail as it's nonexisting memory
(and it should be a dd instead of dq) |
here is it
| Description: |
|
| Filesize: |
140.09 KB |
| Viewed: |
3139 Time(s) |
|
|
|
| Back to top |
|
|
sgsgwv$6263
Advanced Cheater
![]() Reputation: 0
Joined: 05 Aug 2020
Posts: 82
|
| Posted: Wed Oct 14, 2020 1:58 am Post subject: |
|
|
you can't move an immediate value into an xmm register.
Try this:
| Code: |
alloc(temp,4)
temp:
dd (float)100.0
player:
movss xmm0,[temp] |
Last edited by sgsgwv$6263 on Wed Oct 14, 2020 2:01 am; edited 1 time in total |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 468
Joined: 09 May 2003
Posts: 25706
Location: The netherlands
|
| Posted: Wed Oct 14, 2020 2:00 am Post subject: |
|
|
add alloc(value,4)
initialize it using:
value:
dd (float)100
and then do movss xmm0,[value]
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Illusion11316
How do I cheat?
![]() Reputation: 0
Joined: 12 Jul 2018
Posts: 5
|
| Posted: Wed Oct 14, 2020 6:52 am Post subject: |
|
|
Thanks for the help!!..
Anyway, something is bothering, it's actually work and instant kill the enemies, but it wont make the box show if it activated or not.
| Code: |
[ENABLE]
aobscanmodule(INJECT,Tutorial-x86_64.exe,F3 0F 11 43 08 0F) // should be unique
alloc(newmem,$1000,"Tutorial-x86_64.exe"+2EB6D)
label(code)
label(return)
label(value)
alloc(value,4)
value:
dd (float)100.0
newmem:
cmp [rbx+14],2
jne code
movss xmm0,[value]
movss [rbx+08],xmm0
jmp return
code:
movss [rbx+08],xmm0
jmp return
INJECT:
jmp newmem
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db F3 0F 11 43 08
unregistersymbol(INJECT)
dealloc(newmem) |
| Description: |
|
| Filesize: |
132.8 KB |
| Viewed: |
3108 Time(s) |
|
|
|
| Back to top |
|
|
sgsgwv$6263
Advanced Cheater
![]() Reputation: 0
Joined: 05 Aug 2020
Posts: 82
|
| Posted: Wed Oct 14, 2020 7:03 am Post subject: |
|
|
just before the:
line in the end,add this line
because anything that gets alloc() ated should be dealloc() ated when the script is deactivated.
|
|
| Back to top |
|
|
Illusion11316
How do I cheat?
![]() Reputation: 0
Joined: 12 Jul 2018
Posts: 5
|
| Posted: Wed Oct 14, 2020 7:42 am Post subject: |
|
|
| sgsgwv$6263 wrote: | just before the:
line in the end,add this line
because anything that gets alloc() ated should be dealloc() ated when the script is deactivated. |
Still didnt work... :3
| Description: |
|
| Filesize: |
130.02 KB |
| Viewed: |
3098 Time(s) |
|
|
|
| Back to top |
|
|
sgsgwv$6263
Advanced Cheater
![]() Reputation: 0
Joined: 05 Aug 2020
Posts: 82
|
| Posted: Wed Oct 14, 2020 8:52 am Post subject: |
|
|
| restart the game
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
