 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
kagato1980
Cheater
![]() Reputation: 0
Joined: 30 Oct 2020
Posts: 30
Location: The netherlands
|
 Posted: Thu Feb 11, 2021 1:44 pm Post subject: AOB crashes game, correct NOP? |
 |
|
I created the following script, but the game exits once I activate it.
It's supposed to run only a part of the original script in case of a certain condition. There's a nop 2 in the generated template, should I change that?
| Code: | [ENABLE]
aobscan(INJECT,89 4A 30 48 8B 4D 10 8B 49 3C 48 8B 55 10) // should be unique
alloc(newmem,$1000,7FFAA25B4532)
label(code)
label(return)
newmem:
cmp [rdx+41],4
jne code
mov [rdx+30],ecx
code:
mov rcx,[rbp+10]
jmp return
INJECT:
jmp newmem
nop 2
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 89 4A 30 48 8B 4D 10
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 7FFAA25B4532
7FFAA25B4518: 8B 88 28 01 00 00 - mov ecx,[rax+00000128]
7FFAA25B451E: 85 F6 - test esi,esi
7FFAA25B4520: 7D 04 - jnl 7FFAA25B4526
7FFAA25B4522: 33 C9 - xor ecx,ecx
7FFAA25B4524: EB 08 - jmp 7FFAA25B452E
7FFAA25B4526: 3B F1 - cmp esi,ecx
7FFAA25B4528: 7E 02 - jle 7FFAA25B452C
7FFAA25B452A: EB 02 - jmp 7FFAA25B452E
7FFAA25B452C: 8B CE - mov ecx,esi
7FFAA25B452E: 48 8B 55 10 - mov rdx,[rbp+10]
// ---------- INJECTING HERE ----------
7FFAA25B4532: 89 4A 30 - mov [rdx+30],ecx
7FFAA25B4535: 48 8B 4D 10 - mov rcx,[rbp+10]
// ---------- DONE INJECTING ----------
7FFAA25B4539: 8B 49 3C - mov ecx,[rcx+3C]
7FFAA25B453C: 48 8B 55 10 - mov rdx,[rbp+10]
7FFAA25B4540: 03 4A 34 - add ecx,[rdx+34]
7FFAA25B4543: 48 8B 55 10 - mov rdx,[rbp+10]
7FFAA25B4547: 89 4A 3C - mov [rdx+3C],ecx
7FFAA25B454A: FF C9 - dec ecx
7FFAA25B454C: 85 C9 - test ecx,ecx
7FFAA25B454E: 7E 02 - jle 7FFAA25B4552
7FFAA25B4550: EB 02 - jmp 7FFAA25B4554
7FFAA25B4552: 33 C9 - xor ecx,ecx
} |
Thanks for any advice!
|
|
| Back to top |
|
 |
sbryzl
Master Cheater
![]() Reputation: 6
Joined: 25 Jul 2016
Posts: 252
|
| Posted: Thu Feb 11, 2021 1:50 pm Post subject: |
|
|
rdx+41 is probably not always a real address.
| Code: | newmem:
lea rdx,[rdx]
// cmp [rdx+41],4
jne code
mov [rdx+30],ecx
|
Put trace on lea rdx,[rdx] and see what comes up.
edit: actually [rdx+41] should be a good pointer.
maybe check to see where the memory is allocated.
comment the injection so it doesn't jump then see where newmem is allocated.
INJECT:
// jmp newmem
// nop 2
return:
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4706
|
| Posted: Thu Feb 11, 2021 3:17 pm Post subject: |
|
|
| kagato1980 wrote: | | Code: | aobscan(INJECT,89 4A 30 48 8B 4D 10 8B 49 3C 48 8B 55 10) // should be unique
alloc(newmem,$1000,7FFAA25B4532) |
|
Change 7FFAA25B4532 to INJECT
| Code: | | alloc(newmem,$1000,INJECT) |
If you have more than one script active at a time, make sure you use unique symbols (don't use INJECT more than once)
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
kagato1980
Cheater
![]() Reputation: 0
Joined: 30 Oct 2020
Posts: 30
Location: The netherlands
|
| Posted: Thu Feb 11, 2021 3:33 pm Post subject: |
|
|
Thanks for the tips, I managed to get it working by changing the injection address, tweaking the amount of injection bytes and setting memory to 2000.. but I will use INJECT (or similar) in the future.
I also changed the structure a bit..the [rdx+41] contains a friend/foe seperator value, so when it's a friend, health is set to 30 standard. Foes get 0 for insta kill 
| Code: |
[ENABLE]
aobscan(INJECT,89 4A 30 48 8B 4D 10 8B 49 3C) // should be unique
alloc(newmem,$2000,7FFDDCBD4032)
label(code)
label(multi)
label(return)
newmem:
cmp [rdx+41],4
jne multi
mov ecx,30
jmp code
multi:
mov ecx,0
code:
mov [rdx+30],ecx
mov rcx,[rbp+10]
jmp return
INJECT:
jmp newmem
nop 2
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 89 4A 30 48 8B 4D 10
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 7FFAA25B4532
7FFAA25B4518: 8B 88 28 01 00 00 - mov ecx,[rax+00000128]
7FFAA25B451E: 85 F6 - test esi,esi
7FFAA25B4520: 7D 04 - jnl 7FFAA25B4526
7FFAA25B4522: 33 C9 - xor ecx,ecx
7FFAA25B4524: EB 08 - jmp 7FFAA25B452E
7FFAA25B4526: 3B F1 - cmp esi,ecx
7FFAA25B4528: 7E 02 - jle 7FFAA25B452C
7FFAA25B452A: EB 02 - jmp 7FFAA25B452E
7FFAA25B452C: 8B CE - mov ecx,esi
7FFAA25B452E: 48 8B 55 10 - mov rdx,[rbp+10]
// ---------- INJECTING HERE ----------
7FFAA25B4532: 89 4A 30 - mov [rdx+30],ecx
7FFAA25B4535: 48 8B 4D 10 - mov rcx,[rbp+10]
// ---------- DONE INJECTING ----------
7FFAA25B4539: 8B 49 3C - mov ecx,[rcx+3C]
7FFAA25B453C: 48 8B 55 10 - mov rdx,[rbp+10]
7FFAA25B4540: 03 4A 34 - add ecx,[rdx+34]
7FFAA25B4543: 48 8B 55 10 - mov rdx,[rbp+10]
7FFAA25B4547: 89 4A 3C - mov [rdx+3C],ecx
7FFAA25B454A: FF C9 - dec ecx
7FFAA25B454C: 85 C9 - test ecx,ecx
7FFAA25B454E: 7E 02 - jle 7FFAA25B4552
7FFAA25B4550: EB 02 - jmp 7FFAA25B4554
7FFAA25B4552: 33 C9 - xor ecx,ecx
}
|
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
