 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
etioplmld
Advanced Cheater
![]() Reputation: 0
Joined: 09 Feb 2021
Posts: 74
|
 Posted: Mon Apr 15, 2024 12:32 pm Post subject: What prevents this script execut standalone? |
 |
|
When it is activated in a large script, it works. However, copy it into other scripts ,it can't be activate . Its code seems pretty complete. But why can't it activate? The main script does not provide anything about it
| Code: |
[ENABLE]
{$lua}
if syntaxcheck then return end
if not readInteger('CancelGravityAob') then
santable.AobSanning('CancelGravityAob' , 'eldenring.exe' , 'E8 xx xx xx xx 84 C0 74 xx C6 xx xx xx xx xx 01 66' , 1)
end
if not readInteger('StandOnTheGroundAob') then
santable.AobSanning('StandOnTheGroundAob' , 'eldenring.exe' , '48 8B F9 C6 xx xx xx xx xx xx C6 xx xx xx xx xx xx 48 81 xx xx xx xx xx 49' , 1)
end
if not readInteger('SpiritHorseFlyingAob') then
santable.AobSanning('SpiritHorseFlyingAob' , 'eldenring.exe' , '0F xx xx xx xx xx 48 8B 88 90 01 00 00 48 8B 51 68' , 1)
end
{$asm}
assert(CancelGravityAob,E8 xx xx xx xx 84 C0)
assert(StandOnTheGroundAob,48 8B F9 C6 xx xx xx xx xx xx C6)
alloc(newmem,$1000,CancelGravityAob)
label(code_1)
label(code_2)
label(return_1)
label(code_3)
label(code_4)
label(return_2)
label(code_5)
label(return_3)
label(CancelGravity_Ptr)
registersymbol(CancelGravity_Ptr)
label(SpiritHorseFlying_Ptr)
registersymbol(SpiritHorseFlying_Ptr)
newmem:
code_1:
reassemble(CancelGravityAob)//call eldenring.exe+46B550
cmp rbx,[CancelGravity_Ptr]
je code_2
cmp rbx,[SpiritHorseFlying_Ptr]
je code_2
jmp return_1
code_2:
mov al,01
jmp return_1
code_3:
cmp rcx,[CancelGravity_Ptr]
je code_4
cmp rcx,[SpiritHorseFlying_Ptr]
je code_4
readmem(StandOnTheGroundAob+a,6)
db 00//mov byte ptr [rcx+000001D1],00
jmp return_2
code_4:
readmem(StandOnTheGroundAob+a,6)
db 01//mov byte ptr [rcx+000001D1],00
jmp return_2
code_5:
readmem(SpiritHorseFlyingAob+6,11)//mov rcx,[rax+00000190]
//mov rdx,[rcx+68]
mov [SpiritHorseFlying_Ptr],rdx
jmp return_3
SpiritHorseFlying_Ptr:
dq 0
readmem(SpiritHorseFlyingAob+6,11)
CancelGravity_Ptr:
dq 0
readmem(CancelGravityAob,5)
readmem(StandOnTheGroundAob+a,7)
CancelGravityAob:
jmp code_1
return_1:
StandOnTheGroundAob+a:
jmp code_3
nop 2
return_2:
SpiritHorseFlyingAob+6:
jmp code_5
nop 6 //2
return_3:
[DISABLE]
CancelGravityAob:
readmem(CancelGravity_Ptr+8,5)//db bytes
// call eldenring.exe+46B550
StandOnTheGroundAob+a:
readmem(CancelGravity_Ptr+d,7)//db bytes
// mov byte ptr [rcx+000001D1],00
SpiritHorseFlyingAob+6:
readmem(SpiritHorseFlying_Ptr+8,11)//db 48 8B 88 90 01 00 00
// mov rcx,[rax+00000190]
dealloc(newmem)
unregistersymbol(CancelGravity_Ptr)
unregistersymbol(SpiritHorseFlying_Ptr)
|
| Code: |
[ENABLE]
{$lua}
if syntaxcheck then return end
if not readInteger('ForcedLossOfTreasureAob') then
if not santable.AobSanning('ForcedLossOfTreasureAob' , 'eldenring.exe' , '0F 28 D8 45 0F B6 C5' , 1) then error() end
end
{$asm}
assert(ForcedLossOfTreasureAob,0F 28 D8 45 0F B6 C5)
alloc(newmem,$1000,ForcedLossOfTreasureAob)
label(code)
label(return)
newmem:
code:
mov edx,#9999
movd xmm0,edx
cvtdq2ps xmm0,xmm0
movaps xmm3,xmm0
movzx r8d,r13l
jmp return
ForcedLossOfTreasureAob:
jmp code
nop 2
return:
[DISABLE]
ForcedLossOfTreasureAob:
db 0F 28 D8 45 0F B6 C5
// movaps xmm3,xmm0
// movzx r8d,r13l
dealloc(newmem)
|
Last edited by etioplmld on Mon Apr 15, 2024 5:51 pm; edited 2 times in total |
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 140
Joined: 06 Jul 2014
Posts: 4310
|
| Posted: Mon Apr 15, 2024 1:27 pm Post subject: |
|
|
After failing to enable a memory record, right click it and look at the top to see why it failed
The first script doesn't have [ENABLE] at the top
What is `santable.AobSanning`?
If CE does a syntaxcheck and the symbols haven't been registered yet, CE will probably complain about the symbols being undefined (or something to that effect)
It's technically possible for `newmem` to be within 2 GiB of `CancelGravityAob` but not the other symbols (`jmp code` instructions could be 14 bytes instead of 5); however, this is unlikely to happen in practice
`readmem(SpiritHorseFlyingAob+6,11)//mov rcx,[rax+00000190] / mov rdx,[rcx+68]` - you should probably just write the original instructions out
You can add more labels to make your code more readable. More specifically, don't reuse `CancelGravity_Ptr` and `SpiritHorseFlying_Ptr` for backing up the injection point
Why do you check the return value of `santable.AobSanning` in the second script but not in the first script? No need for that anyway- the `assert` in the AA script covers it
`movd xmm0,edx` - this zero-extends to the other 3 values in the register. I assume you intend to overwrite the other 3 values too
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
etioplmld
Advanced Cheater
![]() Reputation: 0
Joined: 09 Feb 2021
Posts: 74
|
| Posted: Mon Apr 15, 2024 5:55 pm Post subject: |
|
|
Thank you, there were these in the main script, maybe the author made the code confusion.
Some scripts can be activated, and work but some do not work.
| Code: |
{$lua}
local function aobScanSelfs(name , imodule , bytes , var)
local index = var - 1
if (imodule == '') then
local resultSet = AOBScan(bytes , '+X-W-C' , 1)
if (not resultSet) then
unregisterSymbol(name)
return false
else
unregisterSymbol(name)
registerSymbol(name , resultSet[index] , true)
resultSet.destroy()
end
else
if (not getModuleSize(imodule)) then
return false
else
local memScanner = createMemScan()
local memFoundList = createFoundList(memScanner)
memScanner.firstScan(
soExactValue , vtByteArray , rtRounded , bytes , nil ,
getAddress(imodule) , (getAddress(imodule) + getModuleSize(imodule)) , '' ,
fsmNotAligned , "" , true , false , false , false)
memScanner.waitTillDone()
memFoundList.initialize()
if (memFoundList.Count == 0) then
unregisterSymbol(name)
return false
else
unregisterSymbol(name)
registerSymbol(name , memFoundList.Address[index] , true)
end
memScanner.destroy()
memFoundList.destroy()
end
end
return true
end
santable = {
AobSanning = aobScanSelfs , ReadSingnedInt = readSignedInteger ,
}
|
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 140
Joined: 06 Jul 2014
Posts: 4310
|
| Posted: Mon Apr 15, 2024 7:08 pm Post subject: |
|
|
AOBScan - whoever wrote this specified 1 (fsmAligned) for the alignmenttype param but didn't specify an alignment??
You don't need parenthesis around the expression used as the condition of an `if` statement
Maybe the game simply updated and the AOB signature isn't correct anymore
If you didn't make this table, ask whoever made it to update the table
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
