 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Schwertheiliger
How do I cheat?
![]() Reputation: 0
Joined: 10 Nov 2019
Posts: 7
|
 Posted: Tue Nov 12, 2019 2:53 pm Post subject: [Assembly] Compare pointer and get address from rcx? |
 |
|
Since my last question I was able to gather a lot of knowledge.
But I got stuck on this:
I want to inject some code and get the player base address.
The code is shared between all "living" entities in the game.
I found a specific pointer which is always FFFE2024 in the player address.
I googled and googled and googled and went on cheat wiki and everything but i was not able to find out what i do wrong here.
The game just crashes instantly once i inject.
Can someone please tell me what i am doing wrong?
| Code: |
[ENABLE]
aobscanmodule(PLAYERBASE,sekiro.exe,CC 8B 81 30 01 00 00 C3) // should be unique
alloc(newmem,$1000,"sekiro.exe"+5A6DF0)
alloc(bPlayer,100)
label(code)
label(return)
label(end)
registerSymbol(bPlayer)
registersymbol(PLAYERBASE)
newmem:
code:
push eax
lea eax,[rcx+8]
or eax,eax
je short end //jump if invalid Pointer
lea eax,[eax+0]
or eax,eax
je short end
lea eax,[eax+0]
or eax,eax
je short end
cmp [eax+4C],FFFE2024
jne short end
mov [bPlayer],eax
jmp short end
end:
pop eax
mov eax,[rcx+00000130] //<-THIS IS THE
ret //<-ORIGINAL CODE
PLAYERBASE+01:
jmp newmem
nop
return:
[DISABLE]
PLAYERBASE+01:
db 8B 81 30 01 00 00 C3
unregistersymbol(PLAYERBASE)
unregistersymbol(bPlayer)
dealloc(newmem)
dealloc(bPlayer)
|
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
| Posted: Tue Nov 12, 2019 4:14 pm Post subject: |
|
|
1 is needed because it looks like a 64 bit target
the 3th parameter tells ce to find a free memory region near there (near as in within 2gb distance) else 14 byte jmp's will be needed
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
DanyDollaro
Master Cheater
![]() Reputation: 3
Joined: 01 Aug 2019
Posts: 334
|
| Posted: Tue Nov 12, 2019 4:41 pm Post subject: |
|
|
I rewrite my comment given some of its inaccuracies.
As Dark Byte said, the original code is 8-Byte, while the "Alloc" function under certain conditions can use 14 Byte jumps, consequently it corrupts the above function
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4700
|
| Posted: Tue Nov 12, 2019 5:08 pm Post subject: |
|
|
The newmem alloc is fine. You only need 8 bytes for the bPlayer alloc, and you should probably pass it the same 3rd argument as the newmem alloc:
| Code: | | alloc(bPlayer,8,"sekiro.exe"+5A6DF0) |
You should be using rax instead of eax. I guess CE would assemble that with an address-size override prefix which you do not want (this probably causes it to crash).
Besides that, your code is a bit odd. It's equivalent to this:
| Code: | code:
cmp [rcx+54],FFFE2024
jne short end
lea eax,[rcx+8]
mov [bPlayer],eax
end:
mov eax,[rcx+00000130]
ret
|
I'm guessing you meant to dereference those addresses as nodes in a pointer path:
| Code: | code:
mov rax,[rcx+8]
test rax,rax
je short end
mov rax,[rax]
test rax,rax
je short end
mov rax,[rax]
test rax,rax
je short end
cmp [rax+4C],FFFE2024
jne short end
mov [bPlayer],rax
end:
mov eax,[rcx+00000130]
ret
|
Edit: forgot to change the first lea to mov
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Last edited by ParkourPenguin on Tue Nov 12, 2019 8:14 pm; edited 1 time in total |
|
| Back to top |
|
|
Schwertheiliger
How do I cheat?
![]() Reputation: 0
Joined: 10 Nov 2019
Posts: 7
|
| Posted: Tue Nov 12, 2019 5:32 pm Post subject: |
|
|
Thank you guys, you made it pretty clear to me what i did wrong.
ParkourPenguin, I am sorry to tell you but i think i made another error.
I tried to get the value of a multilevel pointer, but sadly i couldn't get something like | Code: | | lea eax,[[[[[[rcx+8]+0]+0]+4C] |
to work.
If i understand correctly, with cmp [rcx+54],FFFE2024 i will only compare the value in (address of rcx)+54 and not the address the multilevel pointer would point to.
It's atleast not crashing anymore, thanks again  !
|
|
| Back to top |
|
|
predprey
Master Cheater
![]() Reputation: 24
Joined: 08 Oct 2015
Posts: 486
|
| Posted: Tue Nov 12, 2019 7:30 pm Post subject: |
|
|
| Schwertheiliger wrote: | Thank you guys, you made it pretty clear to me what i did wrong.
ParkourPenguin, I am sorry to tell you but i think i made another error.
I tried to get the value of a multilevel pointer, but sadly i couldn't get something like | Code: | | lea eax,[[[[[[rcx+8]+0]+0]+4C] |
to work.
If i understand correctly, with cmp [rcx+54],FFFE2024 i will only compare the value in (address of rcx)+54 and not the address the multilevel pointer would point to.
It's atleast not crashing anymore, thanks again ! |
lea is not what you want to use for multilevel pointers, at least not for getting the pointer itself.
| Code: | mov rcx,[rcx+8]
mov rcx,[rcx+0]
mov rcx,[rcx+0]
mov rcx,[rcx+4C]
|
|
|
| Back to top |
|
|
Schwertheiliger
How do I cheat?
![]() Reputation: 0
Joined: 10 Nov 2019
Posts: 7
|
| Posted: Wed Nov 13, 2019 11:45 am Post subject: |
|
|
I can't stress this enough but thank you guys really really much!
I wasn't able to use the pointer even with your help, luckily i found another unique value for the player.
Here's my final script if anyone is interested:
| Code: |
[ENABLE]
aobscanmodule(PLAYERBASE,sekiro.exe,CC 8B 81 30 01 00 00 C3) // should be unique
alloc(newmem,$1000,PLAYERBASE)
alloc(bPlayer,16,PLAYERBASE)
label(code)
label(return)
label(end)
registerSymbol(bPlayer)
registersymbol(PLAYERBASE)
newmem:
code:
cmp [rcx+1C],0
jne short end
mov [bPlayer],rcx
jmp short end
end:
mov eax,[rcx+00000130]
ret
PLAYERBASE+01:
jmp newmem
nop
return:
[DISABLE]
PLAYERBASE+01:
db 8B 81 30 01 00 00 C3
unregistersymbol(PLAYERBASE)
unregistersymbol(bPlayer)
dealloc(newmem)
dealloc(bPlayer)
|
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
