| View previous topic :: View next topic |
| Author |
Message |
HiSaZuL
Expert Cheater
![]() Reputation: 6
Joined: 09 Aug 2011
Posts: 245
|
 Posted: Tue Oct 11, 2011 5:44 am Post subject: need some help making a script |
 |
|
So after frustrating attempts to get pointer i gave up... no pointers survive reload... and i tried going as far as lvl 7 pointer scan... tried 10 canceled after 3 hours i think... 300gigs and that much time and it still didnt finish was overkill.
I tried making an injection script... failed miserably i dont understand auto assembly script at all.
what im trying to do is freeze a value in e.y.e. divine subermancy update 1... it uses half-life engine so im stuck dealing with dll modules.
what i need is to freeze auxiliary power which is stamina in eye.
finding address w/o even a visual value became something of an automated process for me takes about 10 seconds to get address -_- so you can imagine i spent a while with this.
heres script i used... like i mentioned i don't know/understand AA so its going to be broken in a lot of places and id appreciate any input and pointers in right direction.
| Code: |
[ENABLE]
alloc(stamina,2048) //2kb should be enough
label(returnhere)
"server.dll"+1E196B:
jmp stamina
nop
returnhere:
stamina:
mov [edi], (float)100
fstp dword ptr [edi]
jmp returnhere
[DISABLE]
dealloc(stamina}
"server.dll"+1E196B:
fstp dword ptr [edi]
|
fstp dword ptr [edi] is what CE is pointing me to... as far as i understood it stores float pointer value so before it does that i shoved in mov [edi], (float)100
not entirely sure on the whole use of nop function but i guess i need it to make space for the code line im injecting?
anyhoo would like some input on this >_> my head hurts enough from wasting a month trying to get my new rig to work w/o seeing vgu driver crash reports as soon as i try playing games lol
|
|
| Back to top |
|
 |
HiSaZuL
Expert Cheater
![]() Reputation: 6
Joined: 09 Aug 2011
Posts: 245
|
| Posted: Tue Oct 11, 2011 7:39 pm Post subject: |
|
|
heres the portion where code get executed i just copied whole thing that looks relevant:
| Code: |
162A195A - 5E - pop esi
162A195B - 5D - pop ebp
162A195C - 74 0F - je 162A196D
162A195E - 8B 57 FC - mov edx,[esi-04]
162A1961 - 8B 02 - mov eax,[edx]
162A1963 - 8D 4F FC - lea ecx,[esi-04]
162A1966 - 57 - push edi
162A1967 - FF D0 - call eax
162A1969 - D9 03 - fld dword ptr [ebx]
162A196B - D9 1F - fstp dword ptr [edi] //This is where CE is pointing me to if i use what writes to address.
162A196D - 8B C7 - mov eax,edi
162A196F - 5F - pop edi
162A1970 - 5B - pop ebx
162A1971 - C2 0400 - ret 0004
|
if anyone got half-life 2 auxiliary script that i can look at it would probably work too i think.
|
|
| Back to top |
|
|
haunted5
Cheater
![]() Reputation: 1
Joined: 23 Aug 2011
Posts: 35
|
| Posted: Wed Oct 12, 2011 5:52 am Post subject: |
 |
|
Hi,
Im sure you already know this, but if the game is online, it wont work. Also once you have found the value in cheat engine Im assuming freezing it works.
What happens when you run the script?
The only thing I would change is:
mov [edi], (float)100
to:
mov dword ptr [edi], (float)100
Also you could try:
stamina:
fstp st(0) //This is basically a nop for floats on the stack,it pops the
//value so it wont be stored
jmp returnhere
|
|
| Back to top |
|
|
unknown_k
Expert Cheater
![]() Reputation: 5
Joined: 24 May 2011
Posts: 211
|
| Posted: Wed Oct 12, 2011 9:33 am Post subject: |
|
|
this should be working.
| Code: | 162A196B - D9 1F - fstp dword ptr [edi]
162A196D - 8B C7 - mov eax,edi
162A196F - 5F - pop edi |
jmp need at least 5 bytes, and these are exactly 5 bytes. so nop not needed.
| Code: | [ENABLE]
alloc(stamina,2048)
label(returnhere)
"server.dll"+1E196B:
jmp stamina
//nop
returnhere:
stamina:
fstp dword ptr [edi]
mov [edi],(float)100.0 //put your code after not before
mov eax,edi //rest of the code occupied by jmp
pop edi //same
jmp returnhere
[DISABLE]
dealloc(stamina) //"}" typo
"server.dll"+1E196B:
fstp dword ptr [edi]
mov eax,edi
pop edi
//alt: db D9 1F 8B C7 5F |
good luck!
|
|
| Back to top |
|
|
HiSaZuL
Expert Cheater
![]() Reputation: 6
Joined: 09 Aug 2011
Posts: 245
|
| Posted: Wed Oct 12, 2011 2:05 pm Post subject: |
|
|
haunted its not online :p
unknown_k i did after much tweaking get it to work by some miracle i guess. just didnt post anything because it was very early in the morning today. i gave up on getting it to work at first but i still couldnt understand why after disabling original op codes were getting replaced by something that didnt even look like AA code... so after adding removing stuff i ended up with:
| Code: |
[ENABLE]
alloc(stamina,2048)
label(returnhere)
stamina:
fstp dword ptr [edi]
mov [edi],(float)100
mov eax,edi
pop edi
jmp returnhere
"server.dll"+1E196B:
jmp stamina
returnhere:
[DISABLE]
dealloc(stamina)
"server.dll"+1E196B:
fstp dword ptr [edi]
mov eax,edi
pop edi
|
this seems to work... so going go to go try getting skills and borouzoufs to work with script too and will post a table later... since out of 4 trainers floating around only 1 is for version im using and that trainer doesn't even start.
im guessing bytes taken by jump code were the reason for messing up original code so i had to take out enough bytes of code to equal that of jump since jump was something like ?? ????????
also thank you very much for explanations  it still looks like jibberish to me
Last edited by HiSaZuL on Wed Oct 12, 2011 4:03 pm; edited 1 time in total |
|
| Back to top |
|
|
haunted5
Cheater
![]() Reputation: 1
Joined: 23 Aug 2011
Posts: 35
|
| Posted: Wed Oct 12, 2011 3:01 pm Post subject: |
|
|
| Ah I see, yes the opcode bytes were not same. CE can create a Template for you so the bytes will be automatically the same. It is in Tools>Auto Assemble, then when the AA window opens choose 'Template' menu, select 'Cheat Table framework code' followed by 'Code Injection'.
|
|
| Back to top |
|
|
HiSaZuL
Expert Cheater
![]() Reputation: 6
Joined: 09 Aug 2011
Posts: 245
|
| Posted: Wed Oct 12, 2011 4:03 pm Post subject: |
|
|
yeah... but that got too many labels and i get confused more with that heh
on side note was too happy last night that it worked seems like any sort of map change crashes game unless i disable script before it happens -_-
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
