 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4719
|
 Posted: Fri Nov 06, 2020 10:31 am Post subject: |
 |
|
| Code: | alloc(stack,15)
...
alloc(stack2,25) |
This is bad- allocs should ideally be specified in descending powers of 2, or at the very least in multiples of 8.
| Code: | | mov rax,[r8] // move the 4 bytes in memory at the address contained in r8 into rax |
rax is an 8 byte register- that moves 8 bytes. If you only want to move 4, use eax.
| Code: | | mov [stack],r8 // move the contents in r8 into the 4 bytes at memory address stack |
The stack alloc only needs 8 bytes (or 4 if you change rax to eax). I have no clue why you put 15.
| Code: | | push rbx // push rbx into the stack of "UserAssembly.dll"+10AC5C9 |
Stacks are associated with threads. I don't know what you try to convey with that address.
| Code: | mov rbx,r8 // copies the content of r8 to rbx
add rbx,170 // adds 170 to the value stored in rbx
mov rbx,[rbx] // moves 4 bytes in memory at the address contained in rbx into rbx |
This is needlessly complicated. Replace these 3 instructions with "mov rbx,[r8+170]".
And again, it's moving 8 bytes. Use ebx for 4 bytes.
| Code: | | mov [stack2],rbx // moves content of rbx to 4 bytes at memory address stack2 |
Moving 8 bytes here.
| Code: | mov rbx,r8 //copies the content of r8 to rbx
add rbx,178 // add 178 to values stored in rbx
mov rbx,[rbx] //move the 4 bytes in memory at the address contained in rbx to rbx |
Same mistake as before. Use "mov rbx,[r8+178]"; use ebx if you want to move 4 bytes.
| Code: | | mov [stack2+8],rbx // moves the content contained in rbx to the 4 bytes at the memory address stack+8 |
This is moving 8 bytes. Also, stack2 only needs to be 16 bytes in size.
| Code: | | pop rbx // removes rbx from "UserAssembly.dll"+10AC5C9 |
No clue why you think that address is relevant to push/pop.
| Code: | | movzx ecx,byte ptr [rdx+00000104] |
I'm guessing this is part of the original code.
| Code: | | Jmp address+17 //jump to address + 17 |
Whoever wrote this should stop writing code and follow the default template as much as they can. This is an incredibly stupid way of jumping back to the original code- leave it at "jmp return".
| Code: | code:
mov rax,[r8]
movzx ecx,byte ptr [rdx+00000104]
jmp return |
If you're not going to use this, get rid of it.
| Code: | | registersymbol(address) |
Minor detail: organize your code better and put this with the other allocs / registersymbols.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
 |
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4719
|
| Posted: Fri Nov 06, 2020 4:35 pm Post subject: |
|
|
| zbobfrank90 wrote: | | so the push and pop have nothing to do with the address being injected but just adding to the thread of the memory address? am i right to say that the purpose of push and pop is to store the content in r8 to [stack2] and filter out so it contains only the coordinates of monsters/npc. |
It seems like you've heard those words before but have no idea what they mean. (I'm not going to write a dozen paragraphs going over everything wrong with those couple sentences)
Whoever wrote that script doesn't know what they're doing. I would strongly encourage you to learn from some other source.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Sun Nov 08, 2020 7:33 pm Post subject: |
|
|
it means multiply.
8 multiplied by the content of rax plus content of r11.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
