Cheat Engine

[shark2003]

Hello, I have been trying to get a script working with Super Mario Odyssey for moon jump. I can find the address pretty easy from seeing what access' the instruction and I can find the instruction via an aob scan. I copied a sort of template to make this work in a script. What I am trying to do is get the address from whats accessing an instruction because it changes quite often. If I try to activate it either crashes or I get a memory too far or not near errors.

[ENABLE]

aobscan(playerScan,45 89 5C 05 00 48 8B 44 24 30 41 BC 08 00 00 00 4C 01 E0 45 8B 64 05 00 45 89 E4 66 49 0F 6E CC 45 0F 28 BF 90 01 00 00)
alloc(newmem,$1001,playerScan)
label(playerBase)
label(code)
label(return)

playerBase:
dq 0

newmem:



code:
mov [r13+rax+00],r11d
mov [playerBase],r13
jmp return

playerScan:
jmp newmem
nop
nop
nop
nop
nop


return:
registersymbol(newmem)
registersymbol(playerScan)
registersymbol(playerBase)

[DISABLE]

playerScan:
db 45 89 5C 05 00

unregistersymbol(playerBase)
unregistersymbol(playerScan)
unregistersymbol(newmem)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: 1D57138E26D

1D57138E240: 48 8B 44 24 30 - mov rax,[rsp+30]
1D57138E245: 41 BB 08 00 00 00 - mov r11d,yuzu.g_MicroProfileThreadLog
1D57138E24B: 4C 01 D8 - add rax,r11
1D57138E24E: 45 89 64 05 00 - mov [r13+rax+00],r12d
1D57138E253: 8B 44 24 40 - mov eax,[rsp+40]
1D57138E257: C4 63 7B F0 E0 14 - rorx r12d,eax,,14
1D57138E25D: 48 8B 44 24 30 - mov rax,[rsp+30]
1D57138E262: 45 31 DB - xor r11d,r11d
1D57138E265: 4C 01 D8 - add rax,r11
1D57138E268: 44 8B 5C 24 50 - mov r11d,[rsp+50]
// ---------- INJECTING HERE ----------
1D57138E26D: 45 89 5C 05 00 - mov [r13+rax+00],r11d
// ---------- DONE INJECTING ----------
1D57138E272: 66 0F 3A 16 C8 00 - pextrd al,xmm1,00
1D57138E278: 89 44 24 40 - mov [rsp+40],eax
1D57138E27C: 89 C0 - mov eax,eax
1D57138E27E: 49 89 47 58 - mov [r15+58],rax
1D57138E282: 8B 44 24 40 - mov eax,[rsp+40]
1D57138E286: C4 63 7B F0 D8 0C - rorx r11d,eax,,0C
1D57138E28C: 41 81 E3 00 00 F0 0F - and r11d,0FF00000
1D57138E293: 41 81 E4 00 F0 0F 00 - and r12d,000FF000
1D57138E29A: 45 09 DC - or r12d,r11d
1D57138E29D: 41 81 E4 FF FF FF 0F - and r12d,0FFFFFFF
}

[TheyCallMeTim13]

The "playerBase" label needs to be inside allocated memory, try placing after the "jmp return". And you register "newmem" as a symbol and if you have anything else that uses newmem it will cause conflicts and my even "move" newmem to a different location; either don't register it as a symbol or make sure it's a unique name.

[shark2003]

[TheyCallMeTim13]

Also just noticed you have the jump (5 bytes) and then you have 5 nops, for a total of 10 bytes but the injection point and the following instruction are 11 bytes thus you end up with a corrupted instruction. If you start with one of the CE templates it will handle that stuff for you. Try with a template and don't change anything just inject as is and see if that crashes.

[ParkourPenguin]

CE might not be able to find any free memory within 2 GiB of the injection point (3rd parameter to alloc).

Try allocating newmem anywhere (no 3rd parameter) and force a 14-byte jump by using "jmp far newmem". You'll need to modify the amount of nops as needed as well as the original code in your code injection.

[shark2003]

Yeah I did let CE create a script and that one just crashed the emulator. I am going to try jmp far newmem ...lol which i never seen before..... and correct my nops etc. and see what happens.

[shark2003]

"Try allocating newmem anywhere (no 3rd parameter) and force a 14-byte jump by using "jmp far newmem".

How would I do this in the script? i searched around for examples but couldnt find any.

[ParkourPenguin]

Do you really need an example for those two directions?
"Try allocating newmem anywhere (no 3rd parameter)" means remove the third parameter to alloc:

[shark2003]

[TheyCallMeTim13]

[ParkourPenguin]

I really don't mean to be rude. I was just surprised that was the part that gave you trouble. I figured, if anything, the part about nops and the original code wouldn't make sense.

If you're new to CE, try completing the tutorial. There are plenty of guides online.

This search query: