Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Updating CE adresses automatically

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
shakib187
Expert Cheater
Reputation: 0

Joined: 24 May 2007
Posts: 215
PostPosted: Thu Oct 03, 2013 3:59 pm    Post subject: Updating CE adresses automatically Reply with quote
Code:

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscan(swag,89 86 ** ** 00 00 45 8D 7C 24 06 66 66 66 66 0F1F 84 00 00 00 00 00 48 8D 4E 48  BA 02 00 00 00)
alloc(newmem,2048,swag)
label(nope)
registersymbol(nope)
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp [rsi+00000948],(int)45
ja originalcode
mov [rsi+00000948],(int)45
jmp returnhere

originalcode:
mov [rsi+00000948],eax

exit:
jmp returnhere

swag:
nope:
jmp newmem
nop
returnhere:


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
nope:
mov [rsi+00000948],eax
//Alt: db 89 86 48 09 00 00


Is there any possible way to maybe get [rsi+00000948] from the current version of the game and save it to compare it so the instruction will work for all versions of the game?

because 89 86 ** ** 00 00 45 8D 7C 24 06 66 66 66 66 0F1F 84 00 00 00 00 00 48 8D 4E 48 BA 02 00 00 00

is missing the 48 09 from [rsi+00000948], rather than manually AOB scanning and changing it each patch basically I am wondering if anyone has a method to automatically get whatever instruction is there
Back to top
View user's profile Send private message
Gniarf
Grandmaster Cheater Supreme
Reputation: 43

Joined: 12 Mar 2012
Posts: 1285
PostPosted: Fri Oct 04, 2013 9:20 am    Post subject: This post has 1 review(s) Reply with quote
Well when you assemble mov dword [rsi+948],eax you see its byte equivalent: 89 86 48 09 00 00. So what you can do to avoid updating your hack is to tell CE to write 89 86 followed by the 4 bytes at swag+2. In aa script it is done that way:
Code:
db 89 86
readmem(swag+2,4)

Now putting db's and readmems each time you need to this offset might be a bit tedious, so I suggest updating your script that way:
Code:
[ENABLE]
aobscan(swag,89 86 ** ** 00 00 45 8D 7C 24 06 66 66 66 66 0F 1F 84 00 00 00 00 00 48 8D 4E 48 BA 02 00 00 00)
registersymbol(swag)

alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem:
  push rsi                              //save rsi
  db 48 8d b6                        //lea rsi,[rsi+???] equivalent to "add rsi,???" if you're not familiar with lea
  readmem(swag+2,4)          //sets the ??? above to the 4 bytes at swag+2
  cmp dword [rsi],(int)45
  ja short originalcode
    mov eax,(int)45
  originalcode:
  mov dword [rsi],eax

  exit:
  pop rsi                              //restore saved rsi
jmp returnhere

swag:
jmp newmem
nop
returnhere:

 
[DISABLE]
dealloc(newmem)
unregistersymbol(swag)

swag:
//mov dword [rsi+???],eax
db 89 86
readmem(newmem+4,4) //read the ??? from the lea rsi,[rsi+???]


Note: since cheat engine 6.3 you no longer need to create an alias ("nope") for swag.

My development builds doesn't show a error with readmem(AobscanLabel,...), but I don't remember if the precompiled version bitches about it ("there is no memory at address 0" or something like that). Regardless ignore this error message if you get it, any cheat engine 6.3 WILL apply the hack correctly.
_________________
DO NOT PM me if you want help on making/fixing/using a hack.
Back to top
View user's profile Send private message
shakib187
Expert Cheater
Reputation: 0

Joined: 24 May 2007
Posts: 215
PostPosted: Fri Oct 04, 2013 1:20 pm    Post subject: Reply with quote
push rsi
db 48 8d b6 <--how would this look like? lea rsi,[rsi]??
readmem(swag+2,4) what is the difference of this vs readmem(swag+4,4)

somewhat understood whats going on here, I didn't learn push and pop because most of the time it crashed me, I am guessing I did something wrong like adding the pop at the end

cheat engine does bitch about it at the end lol

Anyway thanks again gniarf, for always having my back Smile
Back to top
View user's profile Send private message
Gniarf
Grandmaster Cheater Supreme
Reputation: 43

Joined: 12 Mar 2012
Posts: 1285
PostPosted: Fri Oct 04, 2013 3:23 pm    Post subject: Reply with quote
shakib187 wrote:
db 48 8d b6 <--how would this look like? lea rsi,[rsi]??
It's an incomplete opcode, so your computer will take the 4 bytes after the b6 and think it's the offset in "lea rsi,[rsi+offset].

That being said, next time you wanna know what opcode corresponds to a given bytecode, go to the memory viewer, type your bytecode in the bottom pane, and in the upper pane go to the address you just modified.
...And don't forget to restore the bytes when you're done.

shakib187 wrote:
readmem(swag+2,4) what is the difference of this vs readmem(swag+4,4)
The first parameter of readmem is the address where to read the bytes. So if you do aobscan(MyLabel,11 22 ** 44 55 66 77 88 ) followed by readmem(MyLabel+2,2) the place where you typed the readmem will be replaced by whatever_is_** 44.
readmem(MyLabel+4,4) would become 55 66 77 88
readmem(MyLabel,1) would become 11
...

shakib187 wrote:
cheat engine does bitch about it at the end
Good to know.

shakib187 wrote:
Anyway thanks again gniarf, for always having my back
It's just that your questions are more interesting to answer than "Hey I'm new, how can I cheat with cheat engine?"
_________________
DO NOT PM me if you want help on making/fixing/using a hack.
Back to top
View user's profile Send private message
shakib187
Expert Cheater
Reputation: 0

Joined: 24 May 2007
Posts: 215
PostPosted: Fri Oct 04, 2013 7:14 pm    Post subject: Reply with quote
Hey gniarf, I was fiddling around with the cheat, should the bytes be changing inside memory itself( I thought it would jump to newmem and do its stuff there)? cause when I enable your script it changes and stays that way causing a crash, instead of always being 12 bytes


Edit:
apparently
alloc(newmem,2048) doesnt work with incredible adventures of helsing

and alloc(newmem,2048,swag) does.... thanks for your help again Razz
Back to top
View user's profile Send private message
Gniarf
Grandmaster Cheater Supreme
Reputation: 43

Joined: 12 Mar 2012
Posts: 1285
PostPosted: Fri Oct 04, 2013 8:29 pm    Post subject: Reply with quote
Uhhh...That smells like a 64bit issue. A standard jump stores the (distance to the) target over 32 bits, while in x64 mode addresses are over 64 bits. Probably the basic alloc gives you a buffer that is too far away and a 32bit jump can't reach it, leading to the wrong place, while the 3 parameter alloc forces the allocated memory to be close to swag. I missed that when I patched your script (I don't hack x64 programs that often). Actually I didn't even know a 3 parameter alloc existed.
_________________
DO NOT PM me if you want help on making/fixing/using a hack.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites