 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
pdh0224
How do I cheat?
![]() Reputation: 0
Joined: 20 Oct 2024
Posts: 7
|
 Posted: Sun Oct 20, 2024 1:17 am Post subject: Could somebody help me please?- AOB injection |
 |
|
I did aob injection. there is some problem.
Cheat engine says
<<63:This instruction can not be assembled because the current address and the addressed address is too big. Try placing the address in a register first and use that.>>
I want to know what the problem is and how I can fix it.
Could somebody help me, please?
Thank you!
[/code]
| Description: |
|
| Filesize: |
35.03 KB |
| Viewed: |
3088 Time(s) |
|
|
|
| Back to top |
|
 |
LeFiXER
Grandmaster Cheater Supreme
![]() Reputation: 20
Joined: 02 Sep 2011
Posts: 1069
Location: 0x90
|
| Posted: Sun Oct 20, 2024 7:21 am Post subject: |
|
|
Since you haven't posted your whole script it's difficult to ascertain where and how you are dealing with the allocation of several symbols in your script.
Based on that information one can assume that you are using a single block of allocated memory and defining labels for each symbol. If that is the case then place this section of code:
| Code: |
store_coord:
xpos:
dd 0
zpos:
dd 0
mark1:
dd 0
en_load:
dd 0
en_save:
dd 0
marker_load:
dd 0
above:
dd (float) 30
|
Below this section of code:
| Code: |
newmem:
cmp [en_save],1
je save
cmp [en_load],1
je load
cmp [marker_load],1
je load2
jmp code
|
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4697
|
| Posted: Sun Oct 20, 2024 9:25 am Post subject: |
|
|
Whatever address `en_save` was assigned is more than 2 GiB away from newmem. If that label is defined in the same script, I'd like to see how it's defined (post the full script)
If it's defined in some other script, you'd have to access it through a register:
| Code: | push rax
mov rax,en_save
cmp [rax],1
... |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
pdh0224
How do I cheat?
![]() Reputation: 0
Joined: 20 Oct 2024
Posts: 7
|
| Posted: Mon Oct 21, 2024 7:31 am Post subject: |
|
|
| LeFiXER wrote: | Since you haven't posted your whole script it's difficult to ascertain where and how you are dealing with the allocation of several symbols in your script.
Based on that information one can assume that you are using a single block of allocated memory and defining labels for each symbol. If that is the case then place this section of code:
| Code: |
store_coord:
xpos:
dd 0
zpos:
dd 0
mark1:
dd 0
en_load:
dd 0
en_save:
dd 0
marker_load:
dd 0
above:
dd (float) 30
|
Below this section of code:
| Code: |
newmem:
cmp [en_save],1
je save
cmp [en_load],1
je load
cmp [marker_load],1
je load2
jmp code
|
|
I did as you suggested. The cheat engine says
<<62:This instruction can not be assembled because the current address and the addressed address is too big. Try placing the address in a register first and use that.>>
| Code: | .....
60 mark1:
61 dd 0
62 en_load:
63 dd 0
64 en_save:
65 dd 0
.... |
I post the whole script. Could you check this please?
| Code: |
[ENABLE]
aobscanmodule(teleport6,ShadowOfWar.exe,F3 0F 10 B0 AC 00 00 00 F3 0F 10)
aobscanmodule(markerteleport6,ShadowOfWar.exe,0F 10 4B 10 48 89 45 07)
alloc(newmem,$1000)
alloc(store_coord,256)
alloc(newmema,$1000)
alloc(store_marker,256)
label(code)
label(xpos)
label(ypos)
label(zpos)
label(load)
label(load2)
label(save)
label(en_load)
label(en_save)
label(return)
label(codea)
label(returna)
label(xpos2)
label(ypos2)
label(zpos2)
label(save2)
label(marker_save)
label(marker_load)
label(yincrease)
label(above)
registersymbol(xpos2)
registersymbol(ypos2)
registersymbol(zpos2)
registersymbol(marker_save)
registersymbol(marker_load)
registersymbol(xpos)
registersymbol(ypos)
registersymbol(zpos)
registersymbol(en_load)
registersymbol(en_save)
registersymbol(yincrease)
registersymbol(above)
store_coord:
xpos:
dd 0
ypos:
dd 0
zpos:
dd 0
mark1:
dd 0
en_load:
dd 0
en_save:
dd 0
marker_load:
dd 0
above:
dd (float)30
newmem:
cmp [en_save],1
je save
cmp [en_load],1
je load
cmp [marker_load],1
je load2
jmp code
save:
mov [en_save],0
push rbx
mov rbx,[rax+000000AC]
mov [xpos],rbx
mov rbx,[rax+000000B0]
mov [ypos],rbx
mov rbx,[rax+000000B4]
mov [zpos],rbx
pop rbx
jmp code
load:
mov [en_load],0
push rbx
mov rbx,[xpos]
mov [rax+000000AC],rbx
mov rbx,[ypos]
mov [rax+000000B0],rbx
mov rbx,[zpos]
mov [rax+000000B4],rbx
pop rbx
jmp code
load2:
mov [marker_load],0
push rbx
mov rbx,[xpos2]
mov [rax+000000AC],rbx
call yincrease
mov rbx,[ypos2]
mov [rax+000000B0],rbx
mov rbx,[zpos2]
mov [rax+000000B4],rbx
pop rbx
jmp code
yincrease:
fld [ypos2]
fadd [above]
fstp [ypos2]
ret
code:
movss xmm6,[rax+000000AC]
jmp return
teleport6:
jmp newmem
return:
registersymbol(teleport6)
/////////////////////////////////////////////////////////////////
////// MARKER Coords Store ////
///////////////////////////////////////////////////////////////
store_marker:
xpos2:
dd 0
ypos2:
dd 0
zpos2:
dd 0
marker_save:
dd 0
newmema:
cmp [marker_save],1
je save2
jmp codea
save2:
mov [marker_save],0
push rcx
mov rcx,[rbx+10]
mov [xpos2],rcx
mov rcx,[rbx+14]
mov [ypos2],rcx
mov rcx,[rbx+18]
mov [zpos2],rcx
pop rcx
jmp codea
codea:
movups xmm1,[rbx+10]
mov [rbp+07],rax
jmp returna
markerteleport6:
jmp newmema
returna:
registersymbol(markerteleport6)
[DISABLE]
teleport6:
db F3 0F 10 B0 AC 00 00 00
markerteleport6:
db 0F 10 4B 10 48 89 45 07
unregistersymbol(markerteleport6)
unregistersymbol(teleport6)
unregistersymbol(xpos2)
unregistersymbol(ypos2)
unregistersymbol(zpos2)
unregistersymbol(marker_save)
unregistersymbol(marker_load)
unregistersymbol(yincrease)
unregistersymbol(above)
dealloc(newmema)
dealloc(store_marker)
dealloc(newmem)
dealloc(store_coord)
unregistersymbol(en_load)
unregistersymbol(en_save)
unregistersymbol(xpos)
unregistersymbol(ypos)
unregistersymbol(zpos)
|
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4697
|
| Posted: Mon Oct 21, 2024 10:15 am Post subject: |
|
|
You're missing the third parameter to alloc. Generate an aobscan template and you'll see alloc uses a third parameter.
newmem needs to be allocated near teleport6, and newmema needs to be allocated near markerteleport6.
Worst case scenario, newmem and newmema are far away from each other, and therefore at least one can't directly access the other allocs. In that case, access that memory indirectly through a register as I showed and as CE told you to do.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
pdh0224
How do I cheat?
![]() Reputation: 0
Joined: 20 Oct 2024
Posts: 7
|
| Posted: Tue Oct 22, 2024 10:11 am Post subject: |
|
|
| ParkourPenguin wrote: | You're missing the third parameter to alloc. Generate an aobscan template and you'll see alloc uses a third parameter.
newmem needs to be allocated near teleport6, and newmema needs to be allocated near markerteleport6. |
I did as you suggested.
| Code: |
aobscanmodule(teleport6,ShadowOfWar.exe,F3 0F 10 B0 AC 00 00 00 F3 0F 10)
alloc(newmem,$1000,teleport6)
aobscanmodule(markerteleport6,ShadowOfWar.exe,0F 10 4B 10 48 89 45 07)
alloc(newmema,$1000,markerteleport6)
alloc(store_coord,256)
alloc(store_marker,256)
label(code)
label(xpos)
label(ypos)
...
|
| ParkourPenguin wrote: | | Worst case scenario, newmem and newmema are far away from each other, and therefore at least one can't directly access the other allocs. In that case, access that memory indirectly through a register as I showed and as CE told you to do. |
Where should I put those code you mentioned?
I put them like this.
| Code: |
/////////////////////////////////////////////////////////////////
////// MARKER Coords Store ////
///////////////////////////////////////////////////////////////
push rax
mov rax,en_save
cmp [rax],1
store_marker:
xpos2:
dd 0
ypos2:
dd 0
zpos2:
dd 0
marker_save:
dd 0
...
|
then, when I activate the code, the game is crashed immediately.
Could you tell me what to do?
Thank you!
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4697
|
| Posted: Tue Oct 22, 2024 12:49 pm Post subject: |
|
|
I have no idea where you put those 3 instructions, but that's the wrong place.
Instead of this:
| Code: | newmem:
cmp [en_save],1
je save
cmp [en_load],1
je load
cmp [marker_load],1
... |
Do this:
| Code: | newmem:
push rax
mov rax,en_save
cmp [rax],1
je save
mov rax,en_load
cmp [rax],1
je load
mov rax,marker_load
cmp [rax],1
... |
Remember to `pop rax` too
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
pdh0224
How do I cheat?
![]() Reputation: 0
Joined: 20 Oct 2024
Posts: 7
|
| Posted: Wed Oct 23, 2024 2:00 pm Post subject: |
|
|
| ParkourPenguin wrote: | I have no idea where you put those 3 instructions, but that's the wrong place.
Instead of this:
| Code: | newmem:
cmp [en_save],1
je save
cmp [en_load],1
je load
cmp [marker_load],1
... |
Do this:
| Code: | newmem:
push rax
mov rax,en_save
cmp [rax],1
je save
mov rax,en_load
cmp [rax],1
je load
mov rax,marker_load
cmp [rax],1
... |
Remember to `pop rax` too |
I did like this as you recommended.
| Code: | newmem:
push rax
mov rax,en_save
cmp [rax],1
je save
mov rax,en_load
cmp [rax],1
je load
mov rax,marker_load
cmp [rax],1
je load2
pop rax
jmp code |
but the game is also crashed. Could you recommend the next step, please?
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4697
|
| Posted: Wed Oct 23, 2024 2:47 pm Post subject: |
|
|
`pop rax` needs to be executed regardless of which branch is taken
| Code: | newmem:
push rax
mov rax,en_save
cmp [rax],1
je save
mov rax,en_load
cmp [rax],1
je load
mov rax,marker_load
cmp [rax],1
je load2
pop rax
jmp code
save:
pop rax
...
load:
pop rax
...
load2:
pop rax
... |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
pdh0224
How do I cheat?
![]() Reputation: 0
Joined: 20 Oct 2024
Posts: 7
|
| Posted: Thu Oct 24, 2024 7:55 am Post subject: |
|
|
| ParkourPenguin wrote: | `pop rax` needs to be executed regardless of which branch is taken
| Code: |
newmem:
push rax
mov rax,en_save
cmp [rax],1
je save
mov rax,en_load
cmp [rax],1
je load
mov rax,marker_load
cmp [rax],1
je load2
pop rax
jmp code
save:
pop rax
...
load:
pop rax
...
load2:
pop rax
... |
|
I did like this as you said
| Code: | newmem:
push rax
mov rax,en_save
cmp [rax],1
je save
mov rax,en_load
cmp [rax],1
je load
mov rax,marker_load
cmp [rax],1
je load2
pop rax
jmp code
save:
pop rax
mov [en_save],0
push rbx
mov rbx,[rax+000000AC]
mov [xpos],rbx
mov rbx,[rax+000000B0]
mov [ypos],rbx
mov rbx,[rax+000000B4]
mov [zpos],rbx
pop rbx
jmp code
load:
pop rax
mov [en_load],0
push rbx
mov rbx,[xpos]
mov [rax+000000AC],rbx
mov rbx,[ypos]
mov [rax+000000B0],rbx
mov rbx,[zpos]
mov [rax+000000B4],rbx
pop rbx
jmp code
load2:
pop rax
mov [marker_load],0
push rbx
mov rbx,[xpos2]
mov [rax+000000AC],rbx
call yincrease
mov rbx,[ypos2]
mov [rax+000000B0],rbx
mov rbx,[zpos2]
mov [rax+000000B4],rbx
pop rbx
jmp code |
But the game also crashed when the script is activated. Could you tell me what to do please?
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4697
|
| Posted: Thu Oct 24, 2024 12:34 pm Post subject: |
|
|
| pdh0224 wrote: | | Code: | ...
mov rbx,[rax+000000AC]
mov [xpos],rbx
mov rbx,[rax+000000B0]
mov [ypos],rbx
mov rbx,[rax+000000B4]
mov [zpos],rbx
... |
|
These instructions are moving 8 bytes, not 4 bytes. rbx is a 64-bit (8-byte) register. If you want to move 4 bytes, use ebx instead- it's the lower half of rbx. Keep `push rbx` / `pop rbx` to save and restore the entire register.
| pdh0224 wrote: | | Code: | push rax
mov rax,en_save
cmp [rax],1
...
mov [en_save],0
... |
|
It looks like you don't even need to use a register to access that memory indirectly...
If it still crashes and you want to know where it's crashing, enable Memory View -> Debug -> Break on unexpected exceptions -> Always
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
pdh0224
How do I cheat?
![]() Reputation: 0
Joined: 20 Oct 2024
Posts: 7
|
| Posted: Fri Oct 25, 2024 3:41 pm Post subject: |
|
|
| ParkourPenguin wrote: | | pdh0224 wrote: | | Code: | ...
mov rbx,[rax+000000AC]
mov [xpos],rbx
mov rbx,[rax+000000B0]
mov [ypos],rbx
mov rbx,[rax+000000B4]
mov [zpos],rbx
... |
|
These instructions are moving 8 bytes, not 4 bytes. rbx is a 64-bit (8-byte) register. If you want to move 4 bytes, use ebx instead- it's the lower half of rbx. Keep `push rbx` / `pop rbx` to save and restore the entire register.
| pdh0224 wrote: | | Code: | push rax
mov rax,en_save
cmp [rax],1
...
mov [en_save],0
... |
|
It looks like you don't even need to use a register to access that memory indirectly...
If it still crashes and you want to know where it's crashing, enable Memory View -> Debug -> Break on unexpected exceptions -> Always |
According to your advice, I edited it like this. I changed the setting in Memory View too.
| Code: |
save:
pop rax
mov [en_save],0
push rbx
mov ebx,[rax+000000AC]
mov [xpos],ebx
mov ebx,[rax+000000B0]
mov [ypos],ebx
mov ebx,[rax+000000B4]
mov [zpos],ebx
pop rbx
jmp code
load:
pop rax
mov [en_load],0
push rbx
mov ebx,[xpos]
mov [rax+000000AC],ebx
mov ebx,[ypos]
mov [rax+000000B0],ebx
mov ebx,[zpos]
mov [rax+000000B4],ebx
pop rbx
jmp code
load2:
pop rax
mov [marker_load],0
push rbx
mov ebx,[xpos2]
mov [rax+000000AC],ebx
call yincrease
mov ebx,[ypos2]
mov [rax+000000B0],ebx
mov ebx,[zpos2]
mov [rax+000000B4],ebx
pop rbx
jmp code |
When the script is activated, there are some error messages.
| Description: |
|
| Filesize: |
63.21 KB |
| Viewed: |
2233 Time(s) |
|
| Description: |
|
| Filesize: |
69.81 KB |
| Viewed: |
2235 Time(s) |
|
| Description: |
|
| Filesize: |
101.75 KB |
| Viewed: |
2235 Time(s) |
|
| Description: |
|
| Filesize: |
19.14 KB |
| Viewed: |
2235 Time(s) |
|
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4697
|
| Posted: Fri Oct 25, 2024 9:30 pm Post subject: |
|
|
You'll need to change the scripts so they work without a nearby allocation. This means starting over again, but you can copy & paste some of the work you've done so far.
Open a new AA window (Memory view -> Tools -> Auto Assemble) and select Template -> 14 Byte JMP. Using a 14-byte jmp means you don't need the third parameter to alloc.
Generate new templates using Template -> AOB Injection for those two injection points (i.e. teleport6 and markerteleport6). Merge those scripts, then copy / paste your other code.
Since your values (e.g. en_save) will be allocated near your injected code, there's no need to access them indirectly- `cmp [en_save],1` will work
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
pdh0224
How do I cheat?
![]() Reputation: 0
Joined: 20 Oct 2024
Posts: 7
|
| Posted: Mon Oct 28, 2024 8:50 am Post subject: |
|
|
| ParkourPenguin wrote: | You'll need to change the scripts so they work without a nearby allocation. This means starting over again, but you can copy & paste some of the work you've done so far.
Open a new AA window (Memory view -> Tools -> Auto Assemble) and select Template -> 14 Byte JMP. Using a 14-byte jmp means you don't need the third parameter to alloc.
Generate new templates using Template -> AOB Injection for those two injection points (i.e. teleport6 and markerteleport6). Merge those scripts, then copy / paste your other code.
Since your values (e.g. en_save) will be allocated near your injected code, there's no need to access them indirectly- `cmp [en_save],1` will work |
Thank you for your advice. As you suggested, I started all over again with new settings. It was really helpful. I appreciate that.
There some other problems. Even though I increase Ypos , the character can't go through the objects (walls, buildings, trees and so on) so it can't be teleported.
When I push the hotkey for 'marker_load', the character is stuck before the objects. Could you tell me how to solve this problem? Thank you.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
