 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Winsane
Newbie cheater
![]() Reputation: 0
Joined: 12 Mar 2016
Posts: 12
|
 Posted: Tue Mar 15, 2016 9:18 pm Post subject: Using pointers in auto assembly script |
 |
|
Hello! I'm trying to figure out how to use a pointer in a script, and then move the value of the address into another address.
All the examples I have found uses the format "game.exe+1234567", but I don't understand how to translate my pointers into that.
This is what the pointer looks like in the pointer scanner: (I can't link images)
"THREADSTACK0"-00000864 618 4 5C0 58C 78 0EDABF88
The .exe is FlashPlayerPlugin_19_0_0_245.exe
I tried going by this example I found in another post:
| Code: | newmem:
push eax
mov eax,[game.exe+12345678]
cmp eax, 0
je originalcode
mov eax,[eax+1CC]
cmp eax, 0
je originalcode
mov eax,[eax+B0]
cmp eax, 0
je originalcode
mov [eax+0C],(float)100 |
And this is what I came up with:
| Code: | [ENABLE]
aobscan(VAC2,8C DD 5D 80 F3 0F 7E 4D 80) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
push eax
mov eax,[FlashPlayerPlugin_19_0_0_245.exe+00000000864]
cmp eax, 0
je return
mov eax,[eax+618]
cmp eax, 0
je return
mov eax,[eax+4]
cmp eax, 0
je return
mov eax,[eax+5C0]
cmp eax, 0
je return
mov eax,[eax+58C]
cmp eax, 0
je return
mov eax,[eax+78]
code:
movq xmm0, eax
jmp return
VAC2+04:
jmp code
return:
registersymbol(VAC2)
[DISABLE]
VAC2+04:
db F3 0F 7E 4D 80
unregistersymbol(VAC2)
dealloc(newmem) |
Which didn't work, obviously. If someone could give me an example how to translate this pointer into something I can use in my script, that would be greatly appreciated![/code]
|
|
| Back to top |
|
 |
gid2525
Expert Cheater
![]() Reputation: 2
Joined: 21 Oct 2013
Posts: 103
|
| Posted: Tue Mar 15, 2016 10:43 pm Post subject: |
|
|
I have a pointer I referenced in a simple script that just has one offset. The offset is 59. It works and looks like this:
| Code: |
[fs2_open_3_7_2.exe+00CE82E8]+59
|
Also in the assembler window, I can right click and select Goto Address and paste it in exactly like you see above and it goes to the address I paste 
Im a newb but I got this from a different thread for a pointer with two offsets:
| Code: |
Replace "[game.exe+123]" with your game is.
In the pointer table entry, the boxes would read:
789
456
"game.exe+123"
Its formated as such:
[[game.exe+123]+456]+789
|
So I guess in your pointer table entry, the offset on the bottom goes first, then the next, and so on, and the offset on the very top comes last according to this example someone gave. The last offset gets no bracket.
With more offsets, I saw elsewhere:
| Code: |
for [game.exe+123]
The offsets for the pointer are d0, 100, 320, 20, 1a0. Would be:
[[[[[game.exe+123]+d0]+100]+320]+20]+1a0
For these three offsets: 10, 50, 10
would be:
[[[game.exe+123]+10]+50]+10
|
Ok, from this example, basically you add brackets in front of each offset except for the last offset. Then count the brackets in front of each of the offsets and add exactly that many to the left of your address. In that example the adress is [game.exe+123]. Anyway I am still learning but is that what you needed to know?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25831
Location: The netherlands
|
| Posted: Wed Mar 16, 2016 2:10 am Post subject: |
|
|
your initial script is almost correct.
but change [FlashPlayerPlugin_19_0_0_245.exe+00000000864] with ["THREADSTACK0"-00000864]
as for your aobscan and injection point:movq xmm0, eax
not sure thats what you want there (eax contains the address of the value)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Winsane
Newbie cheater
![]() Reputation: 0
Joined: 12 Mar 2016
Posts: 12
|
| Posted: Wed Mar 16, 2016 8:52 am Post subject: |
|
|
| gid2525 wrote: |
With more offsets, I saw elsewhere:
| Code: |
for [game.exe+123]
The offsets for the pointer are d0, 100, 320, 20, 1a0. Would be:
[[[[[game.exe+123]+d0]+100]+320]+20]+1a0
For these three offsets: 10, 50, 10
would be:
[[[game.exe+123]+10]+50]+10
|
Ok, from this example, basically you add brackets in front of each offset except for the last offset. Then count the brackets in front of each of the offsets and add exactly that many to the left of your address. In that example the adress is [game.exe+123]. Anyway I am still learning but is that what you needed to know? |
This is helpful, thanks. I'm still doing something wrong though.
Is this what my pointer would be?
| Code: | newmem:
push eax
mov eax,[[[["THREADSTACK0"-00000864]+618]+4]+58C]+78 |
When I do that, it gives this error
"Not all code is injectable. (Error in line 12 (mov eax,[[[["THREADSTACK0"-00000864]+618]+4]+58C]+78 ):This instruction can't be compiled)"
I also need to figure out how to get the value of the address from the pointer, and not just the address into eax which apparently is what I'm doing right now 
| Dark Byte wrote: |
as for your aobscan and injection point:movq xmm0, eax
not sure thats what you want there (eax contains the address of the value) |
Oh.. So how do I get the value from the address instead of the actual address into eax? Gonna go tinker some more!
|
|
| Back to top |
|
|
Cake-san
Grandmaster Cheater
 Reputation: 8
Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung
|
| Posted: Wed Mar 16, 2016 10:48 am Post subject: |
|
|
I don't know what you're trying to accomplish but here are some script that made use of pointer:
half of godmode script form Undertale.
| Code: |
push ecx
mov ecx,[p_base]
mov ecx,[ecx]
test ecx,ecx
je exit
mov ecx,[ecx+28]
test ecx,ecx
je exit
mov ecx,[ecx+d8]
test ecx,ecx
je exit
lea ecx,[ecx+140]
cmp edi,ecx
exit:
pop ecx
je _godmode
originalcode:
fld qword ptr [eax]
fstp qword ptr [edi]
pop edi
jmp returnhere
|
Item script from Mamatoto
| Code: |
[[[System39.exe+95094]+b38c]+88]+0:
db 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00 63 00
|
some lines of pointer script from Daiteikoku.
| Code: |
newmem:
push ebx
mov ebx,[ecx+edi*4]
mov ebx,[ebx]
mov ebx,[ebx]
mov [_inj2],ebx
pop ebx
push ebx
mov ebx,[ecx+edi*4]
mov ebx,[ebx]
mov ebx,[ebx+8]
mov [_inj3],ebx
pop ebx
cmp [_inj2],01
je admiral
cmp [_inj2],191
je ship
jmp originalcode
|
Some lines from Beat Blade Haruka's script.
| Code: |
label(_offset1)
label(_offset2)
label(_offset3)
label(_offset4)
label(_offset5)
registersymbol(_offset1)
registersymbol(_offset2)
registersymbol(_offset3)
registersymbol(_offset4)
registersymbol(_offset5)
[[[[[aob_base+10]+c]+1194]+14]]:
_offset5:
[[[[[aob_base+10]+c]+1194]+14]+4]:
_offset4:
[[[[[aob_base+10]+c]+1194]+14]+8]:
_offset3:
[[[[[aob_base+10]+c]+1194]+14]+c]:
_offset2:
[[[[[aob_base+10]+c]+1194]+14]+10]:
_offset1:
|
_________________
... |
|
| Back to top |
|
|
Winsane
Newbie cheater
![]() Reputation: 0
Joined: 12 Mar 2016
Posts: 12
|
| Posted: Wed Mar 16, 2016 11:01 am Post subject: |
|
|
| Cake-san wrote: | I don't know what you're trying to accomplish but here are some script that made use of pointer
|
Thanks, I'll try to use these as reference.
What I'm trying to do is move the enemies in a game to the player!
I have an address that contains the X coordinate, and the pointer is for that address. When I do this, it works:
| Code: | | movq xmm0,[0953CF88] |
So I just want to use my pointer instead of having to manually move the address from the pointer into the script every time I launch the game.
This is the full script that works, with the address manually edited:
| Code: | [ENABLE]
aobscan(HorizontalVac,8C DD 5D 80 F3 0F 7E 4D 80) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
movq xmm0,[0953CF88]
jmp return
HorizontalVac+04:
jmp code
return:
registersymbol(HorizontalVac)
[DISABLE]
HorizontalVac+04:
db F3 0F 7E 4D 80
unregistersymbol(HorizontalVac)
dealloc(newmem) |
So I just want to get the address from the pointer, get the value off the address and put it into xmm0.
|
|
| Back to top |
|
|
Cake-san
Grandmaster Cheater
Reputation: 8
Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung
|
|
| Back to top |
|
|
Winsane
Newbie cheater
![]() Reputation: 0
Joined: 12 Mar 2016
Posts: 12
|
| Posted: Wed Mar 16, 2016 11:32 am Post subject: |
|
|
It works! I had posted the wrong pointer earlier, it was actually
| Code: | | [[[[["THREADSTACK0"-00000864]+618]+4]+5C0]+58C]+78 |
But when I fixed it, it works like a charm Thanks a lot!
EDIT:
I have one last question, and it's driving me nuts that I can't figure it out because I feel like it should be simple.
How do I increase the value of [_xaxis] a bit before putting it in xmm0?
I tried "add [_xaxis], 99" and tried adding from another stored address but I just can't figure it out.. I'll keep trying though.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
