| View previous topic :: View next topic |
| Author |
Message |
SEKTION
Cheater
 Reputation: 0
Joined: 05 Nov 2017
Posts: 39
Location: Behind the keyboard
|
 Posted: Mon Feb 05, 2018 8:28 am Post subject: Can't freeze the value! |
 |
|
What to do if you cant freeze the value.Value keeps changing in the background while im able to freeze the display value.This is the case with NFS Rivals in which im trying to freeze the car health.I tried whatever i know like noping,modyfying the code to set it to maximum but nothing works.If i set it to like Infinite value then it shows a health bar from top to bottom of the screen in the RHS.
And the other case is with the Hitman Absolution in which neither im able to change the original value nor display.
Aob's aren't gonna help here cuz they are used by me at least to find the address again and again quickly or to modify the code like byte manipulation.And thats what i know and i know im not a expert just yet.
Soo.. If someone please help me with that i'll b very thankful.
And also lemme know if aob's can really make a dent here in anyway...
|
|
| Back to top |
|
 |
TheyCallMeTim13
Wiki Contributor
 Reputation: 51
Joined: 24 Feb 2017
Posts: 976
Location: Pluto
|
| Posted: Mon Feb 05, 2018 8:38 am Post subject: |
|
|
If changing the value does nothing, how do you know you have the right value?
_________________
|
|
| Back to top |
|
|
SEKTION
Cheater
Reputation: 0
Joined: 05 Nov 2017
Posts: 39
Location: Behind the keyboard
|
| Posted: Mon Feb 05, 2018 8:42 am Post subject: |
|
|
Cuz it locks the health bar
can it be a false value?
|
|
| Back to top |
|
|
TheyCallMeTim13
Wiki Contributor
Reputation: 51
Joined: 24 Feb 2017
Posts: 976
Location: Pluto
|
| Posted: Mon Feb 05, 2018 9:01 am Post subject: |
|
|
| badboy_16 wrote: | Cuz it locks the health bar
can it be a false value? |
Yes. The value could be stored if lots of ways, it can even be encrypted, and is only converted for the display. See if you can find what writes to it and where this value comes from, and it may go back a few.
And health on driving games tend to be a complicated mess of values for the different sections of the car.
_________________
|
|
| Back to top |
|
|
SEKTION
Cheater
Reputation: 0
Joined: 05 Nov 2017
Posts: 39
Location: Behind the keyboard
|
| Posted: Mon Feb 05, 2018 1:12 pm Post subject: |
|
|
Thanks!!
will try again
Could you please help me with one more thing😀
the thing is that I want to make one hit kill script and I did make that and its working but problem is that when I turn it off,game crashes
I'll tell you how I did that
the game has shared code for health so I used aob script for finding my health and freeze it(wasn't so lucky with dissecting)
and then I modified the code which decreases the health of both to get one hit kill
it works but only problem is after disabling it
is my way of doing this right or wrong??
|
|
| Back to top |
|
|
FreeER
Grandmaster Cheater Supreme
![]() Reputation: 53
Joined: 09 Aug 2013
Posts: 1091
|
| Posted: Mon Feb 05, 2018 2:11 pm Post subject: |
|
|
| badboy_16 wrote: | | but problem is that when I turn it off,game crashes |
If it's a 64 bit game there's a common issue with allocating memory being farther away from the hook than will fit in a 5 byte jmp but CE doesn't generate the disable section to properly handle that case causing incorrect bytes to be there after disabling, generally a simple solution is to make sure the newmem alloc has a third argument telling it to allocate memory near the code you're hooking eg. instead of alloc(newmem,$1000) use alloc(newmem,$1000, INJECT) (where INJECT is whatever label/symbol was used for the aobscan).
|
|
| Back to top |
|
|
TheyCallMeTim13
Wiki Contributor
Reputation: 51
Joined: 24 Feb 2017
Posts: 976
Location: Pluto
|
| Posted: Mon Feb 05, 2018 2:24 pm Post subject: |
|
|
It sounds like the disable section isn't right, if you're using ASM in the disable section CE might be assembling a different number of bytes, I would pause/freeze the game and enable and disable it and watch to see if it is right. This is why most write the exact bytes when disabling.
As for OHKs I prefer to find a good spot to pull the a health address base, then in some health decrease/write instructions I just check the base address, and kill all that don't match. But some games will have even objects like tables or chairs running in the same code, and you will have to find a class pointer or ID value in the structure to determine if it's the right thing to kill. But most times just checking against the base I store else where is fine. I like to really test the instruction for the base, see what addresses it accesses in all conditions, even load screens, to see that I get the expected behavior, and I like to find places that even clear the value during loading and what not, so as to make it easy to check for.
_________________
|
|
| Back to top |
|
|
SEKTION
Cheater
Reputation: 0
Joined: 05 Nov 2017
Posts: 39
Location: Behind the keyboard
|
| Posted: Tue Feb 06, 2018 1:21 pm Post subject: |
|
|
| FreeER wrote: | | generally a simple solution is to make sure the newmem alloc has a third argument telling it to allocate memory near the code you're hooking eg. instead of alloc(newmem,$1000) use alloc(newmem,$1000, INJECT) (where INJECT is whatever label/symbol was used for the aobscan). |
But i have two different scripts-one is aob for my health and the other is for OHK
see below SS
Could you please make some time to teach me how to combine my both scripts??
@TheyCallMeTim13
I checked if the disable part is assigning the same bytes after disabling and yes it does
| Quote: | | As for OHKs I prefer to find a good spot to pull the a health address base, then in some health decrease/write instructions I just check the base address, and kill all that don't match. But some games will have even objects like tables or chairs running in the same code, and you will have to find a class pointer or ID value in the structure to determine if it's the right thing to kill. But most times just checking against the base I store else where is fine. I like to really test the instruction for the base, see what addresses it accesses in all conditions, even load screens, to see that I get the expected behavior, and I like to find places that even clear the value during loading and what not, so as to make it easy to check for. |
In dissecting?
I tried with that and found the difference too but making script and disabling it again causes the crash:(
I think problem is with my code editing cuz its not as simple as that of a 'mov'
| Description: |
this is for ohk
See how i edit the code
tell me if im doing something wrong somewhere |
|
| Filesize: |
169.19 KB |
| Viewed: |
26648 Time(s) |
|
| Description: |
| And this is simple aob for my health |
|
| Filesize: |
185.35 KB |
| Viewed: |
26648 Time(s) |
|
|
|
| Back to top |
|
|
FreeER
Grandmaster Cheater Supreme
![]() Reputation: 53
Joined: 09 Aug 2013
Posts: 1091
|
| Posted: Tue Feb 06, 2018 1:40 pm Post subject: |
|
|
the OHK script is already doing as I mentioned and the other isn't using alloc so it doesn't apply there (nor could it be crashing on disable since it doesn't do anything other than unregister a symbol, even if it was used in another AA script it wouldn't cause a crash here)
hm... all I can think of here is to try moving the dealloc to the bottom.
| Code: | [DISABLE]
"BatmanAK.exe"+5341E73:
sub [rsi], edi
mov eax, [rsi]
mov rbx, [rsp+40]
dealloc(newmem) |
that way, in theory, the hook is replaced before the memory is deallocated which means the memory can't be deallocated and then the hook gets executed and jmps to the now invalid memory, before the hook is replaced with the original code. Not actually sure if CE follows the code order there but, as I said it's the only thing I can think of right now.
|
|
| Back to top |
|
|
TheyCallMeTim13
Wiki Contributor
Reputation: 51
Joined: 24 Feb 2017
Posts: 976
Location: Pluto
|
| Posted: Tue Feb 06, 2018 5:07 pm Post subject: |
|
|
I think the help file says some where that "dealloc" runs last, and it shouldn't do that. But I had crashes when testing with a thread in a hooked process, that were only solved be moving the "dealloc"s to the end of the scripts. But even there you can get crashes if the thread gets stuck in the deallocated memory, so if the instructions fire too quickly then this can cause crashes.
_________________
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 468
Joined: 09 May 2003
Posts: 25708
Location: The netherlands
|
| Posted: Tue Feb 06, 2018 5:34 pm Post subject: |
|
|
try it without dealloc (just as a test to figure out if it's the restoring of the bytes, or the freeing of the memory)
(and dealloc acts as a suggestion for CE to free the memory, only if you've provided dealloc of all the alloc's in the enable script, CE will free it, else nope)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
SEKTION
Cheater
Reputation: 0
Joined: 05 Nov 2017
Posts: 39
Location: Behind the keyboard
|
| Posted: Wed Feb 07, 2018 7:08 am Post subject: |
|
|
Thanks for replying and sorry for late response
Tried both moving dealloc to bottom and without dealloc
But nothing seems to work
Any other solutions??
|
|
| Back to top |
|
|
TheyCallMeTim13
Wiki Contributor
Reputation: 51
Joined: 24 Feb 2017
Posts: 976
Location: Pluto
|
| Posted: Wed Feb 07, 2018 7:22 am Post subject: |
|
|
Have you tried to pause/freeze the process before disabling, that or set a breakpoint before the injection point and disable and step through the code to see where it crashes at.
_________________
|
|
| Back to top |
|
|
SEKTION
Cheater
Reputation: 0
Joined: 05 Nov 2017
Posts: 39
Location: Behind the keyboard
|
| Posted: Wed Feb 07, 2018 8:47 am Post subject: |
|
|
I got that working!!!!!!
Problem was that changing sub [rsi],edi to sub [rsi],25 also noping the mov eax,[rsi] but I was keeping this as it was
Thank you all for your precious time and information
You guys are the best
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
