 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Tum
Cheater
![]() Reputation: 0
Joined: 10 Jan 2010
Posts: 28
|
 Posted: Sat Jun 03, 2017 2:43 pm Post subject: How do i do this script using mono ? |
 |
|
Hi,
I have used the mono dissector on a game, that am trying to remove the fog from.
I have found what i need to, and when i NOP a certain call function, i get no fog.
I have written a script and added it to my table, and it works.
The problem am having is the script only works the first time. After reloading the game, the call function has changed address.
Is there a different way to do this please.
| Quote: | {$lua}
LaunchMonoDataCollector()
{$asm}
[ENABLE]
aobscanregion(aob, GlobalFog:OnRenderImage+e00 , GlobalFog:OnRenderImage+f04 ,E8 89 9F ?? FF)
aob:
db 90 90 90 90 90
[DISABLE]
aobscanregion(aob, GlobalFog:OnRenderImage+e00 , GlobalFog:OnRenderImage+f04 ,90 90 90 ?? 90)
aob:
db E8 89 9F FF FF |
Now on this script, the E8 is the code for CALL, and the 899F??FF is the location, which on the memory viewer screen it actually says
" CALL UnityEngine:Mathf:Max "
I can see why my script is not working, as the array of bytes am searching( the address of UnityEngine:Mathf:Max ), is changing with each load, but how would i go about getting around this please ?
EDIT:
The address where this CALL function is located is always the same location. GlobalFog:OnRenderImage+e42
So i was wondering, knowing that its this location always, can i not get a script copy the 5 bytes from this address, then replace with 5 x NOP, and when i want to disable the scrip, replace the 5 bytes i copied ?
|
|
| Back to top |
|
 |
Rudo
Advanced Cheater
 Reputation: 2
Joined: 27 Jun 2015
Posts: 80
|
| Posted: Sat Jun 03, 2017 11:57 pm Post subject: |
 |
|
Try this:
| Code: | usemono()
define(removeFog, GlobalFog:OnRenderImage+e42)
[ENABLE]
assert(removeFog, E8 89 9F ?? FF)
alloc(removeFog_bkp, 5)
registersymbol(removeFog_bkp)
removeFog_bkp:
readmem(removeFog, 5)
removeFog:
db 90 90 90 90 90
[DISABLE]
removeFog:
readmem(removeFog_bkp, 5)
dealloc(removeFog_bkp)
unregistersymbol(removeFog_bkp) |
|
|
| Back to top |
|
|
Tum
Cheater
![]() Reputation: 0
Joined: 10 Jan 2010
Posts: 28
|
| Posted: Sun Jun 04, 2017 12:42 am Post subject: |
|
|
Thanks I'll give that a try.
Looking quickly at the code though, what is the assert command for ?
As those 5 bytes I was scanning for will be different with every load.
The E8 is the CALL function, and the next numbers were the address.
So only the E8 will be there, the following numbers will be different every load.
EDIT..
Nice 1 thanks a lot.
Just tried your code, and had to just change the numbers in the line with assert, to just scan for the E8 , instead of searching the 5 numbers.
Works great.
|
|
| Back to top |
|
|
Rudo
Advanced Cheater
Reputation: 2
Joined: 27 Jun 2015
Posts: 80
|
| Posted: Sun Jun 04, 2017 1:35 am Post subject: |
|
|
Glad you got it worked. Cheers! 
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
