 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Game Hacking Dojo
Master Cheater
 Reputation: 1
Joined: 17 Sep 2023
Posts: 250
|
 Posted: Mon Dec 16, 2024 11:26 am Post subject: Avoid RegisterSymbol |
 |
|
Is there a way to avoid using registersymbol() in an assembly AA script?
If I make a script without using registersymbol() it works fine with no issues at all. However, once I add some bytes to the AOB location it no longer disables it.
Here is an example:
| Code: | [ENABLE]
aobscanmodule(INJECT,$process,33 C2 03 CB 2B C2 3B C8 0F 8D 31) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
xor eax,edx
add ecx,ebx
sub eax,edx
jmp return
INJECT+2: //added bytes
jmp newmem
nop
return:
//registersymbol(INJECT)
[DISABLE]
INJECT+2: //added bytes
db 33 C2 03 CB 2B C2
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 0050B415
0050B3FB: 7F 2E - jg 0050B42B
0050B3FD: 8B 16 - mov edx,[esi]
0050B3FF: 8B CE - mov ecx,esi
0050B401: FF 52 40 - call dword ptr [edx+40]
0050B404: 50 - push eax
0050B405: 8D 8D B4 55 00 00 - lea ecx,[ebp+000055B4]
0050B40B: E8 D0 46 F9 FF - call 0049FAE0
0050B410: 8B C8 - mov ecx,eax
0050B412: 8B C7 - mov eax,edi
0050B414: 99 - cdq
// ---------- INJECTING HERE ----------
0050B415: 33 C2 - xor eax,edx
// ---------- DONE INJECTING ----------
0050B417: 03 CB - add ecx,ebx
0050B419: 2B C2 - sub eax,edx
0050B41B: 3B C8 - cmp ecx,eax
0050B41D: 0F 8D 31 02 00 00 - jnl 0050B654
0050B423: 85 FF - test edi,edi
0050B425: 0F 8E 35 02 00 00 - jng 0050B660
0050B42B: 8B 16 - mov edx,[esi]
0050B42D: 8B CE - mov ecx,esi
0050B42F: FF 52 40 - call dword ptr [edx+40]
0050B432: 50 - push eax
} |
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4697
|
| Posted: Mon Dec 16, 2024 12:11 pm Post subject: |
|
|
Use a more unique symbol name. If two different scripts both try to use "INJECT" and both are enabled then disabled, bad things will happen.
The original code in your code injection isn't correct. While you were overwriting the `xor`, `add`, and `sub` instructions, you're now overwriting the `add`, `sub`, and `cmp` instructions. Delete the `xor` line and add `cmp ecx,eax` just before the return.
Normally, you'd also have to modify the number of `nop`s to align the return label properly. Luckily, that's unnecessary in this case.
The [DISABLE] section isn't overwriting the correct bytes. The AOB pattern starts with `33 C2...`- i.e. at `xor eax,edx`. The symbol "INJECT" will be assigned to that address. The bytes at "INJECT+2" would be the bytes 2 after the ones at "INJECT"- i.e. the memory starting at "INJECT+2" should be `03 CB 2B C2 3B C8`.
You can't change the injection point by adding "+2" without fixing that other stuff too. If you don't want to do that, the easiest thing you can do is make a new AOB injection script at the new injection point.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25785
Location: The netherlands
|
| Posted: Mon Dec 16, 2024 12:31 pm Post subject: |
|
|
label the actual part you edit , then you don't need to register it
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Game Hacking Dojo
Master Cheater
Reputation: 1
Joined: 17 Sep 2023
Posts: 250
|
| Posted: Mon Dec 16, 2024 1:29 pm Post subject: |
|
|
| ParkourPenguin wrote: | Use a more unique symbol name. If two different scripts both try to use "INJECT" and both are enabled then disabled, bad things will happen.
The original code in your code injection isn't correct. While you were overwriting the `xor`, `add`, and `sub` instructions, you're now overwriting the `add`, `sub`, and `cmp` instructions. Delete the `xor` line and add `cmp ecx,eax` just before the return.
Normally, you'd also have to modify the number of `nop`s to align the return label properly. Luckily, that's unnecessary in this case.
The [DISABLE] section isn't overwriting the correct bytes. The AOB pattern starts with `33 C2...`- i.e. at `xor eax,edx`. The symbol "INJECT" will be assigned to that address. The bytes at "INJECT+2" would be the bytes 2 after the ones at "INJECT"- i.e. the memory starting at "INJECT+2" should be `03 CB 2B C2 3B C8`.
You can't change the injection point by adding "+2" without fixing that other stuff too. If you don't want to do that, the easiest thing you can do is make a new AOB injection script at the new injection point. |
Thank you for the reply but my question wasn't related to the assembly. The script is an example (nothing in it has do with an actual script) and the assembly in it is what's in the process anyway I didn't write that. Checkout the snippet code. Supposedly, Cheat Engine saves the address of the injection point and reads whatever is in the disable section to write at said location. Why adding an extra amount of bytes not work?
| Dark Byte wrote: | | label the actual part you edit , then you don't need to register it |
Could you explain a bit about what you mean by labelling the actual part?
If you mean I should move my AOB to that part then that is not what I am looking for.
Imagine you have a function you use a signature pattern to find it. However, your injection point is at the bottom of the function. I deal with it by adding bytes from the head of the function or however much is necessary for a good signature and add the needed bytes to reach my desired injection point
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25785
Location: The netherlands
|
| Posted: Mon Dec 16, 2024 2:03 pm Post subject: |
|
|
this works:
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscan(bla,90 90 90 90 90)
label(bla2)
bla+2:
bla2:
nop 3
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
bla2:
db 90 90 90
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Csimbi
I post too much
 Reputation: 97
Joined: 14 Jul 2007
Posts: 3321
|
| Posted: Mon Dec 16, 2024 2:33 pm Post subject: |
|
|
You need to register variables in case you want to refer to them by name.
As DB said, inside a single script label as fine, no need to register anything.
However, if you would to add a name to the cheat table for example, then yes, you need to register a name that refers to the right address.
|
|
| Back to top |
|
|
Game Hacking Dojo
Master Cheater
Reputation: 1
Joined: 17 Sep 2023
Posts: 250
|
| Posted: Mon Dec 16, 2024 2:33 pm Post subject: |
|
|
| Dark Byte wrote: | this works:
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscan(bla,90 90 90 90 90)
label(bla2)
bla+2:
bla2:
nop 3
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
bla2:
db 90 90 90
|
|
Thank you this works
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
