How to replace push (string address) instruction AT a specific address

Want Cheat Engine to do something specific and no idea how to do that, ask here. (From simple scripts to full trainers and extensions)
Post Reply
peddroelm
Cheater
Cheater
Posts: 40
Joined: Fri Apr 05, 2019 9:15 am
Reputation: 17

How to replace push (string address) instruction AT a specific address

Post by peddroelm »

its not push register with easy to know opcodes ..
can it be done using Lua string address variable or do I need assembler symbol for the address of the new string ?

Code: Select all

function UI_Water_Cost_LeftStation(params)


local WaterFuelPrice = readInteger(params)
local PermitStringTemplateAddr = readInteger(params+0x4)
local NoPermitStringTemplateAddr = readInteger(params+0x8)
local AOBAddr = readInteger(params+0xC)   // 0x80 before Push PermitString template    0xB9 before  NoPermitString template push instruction

local tempstring =string.format("WF: %d$ TL: %%d Permit: %%d STP: %%d", WaterFuelPrice)
 writeString(PermitStringTemplateAddr, tempstring)
 writeByte(PermitStringTemplateAddr + string.len(tempstring)+1,0)

  tempstring = string.format("WF: %d$ TL: %%d STP: %%d", WaterFuelPrice)
  writeString(NoPermitStringTemplateAddr, tempstring)
  writeByte(NoPermitStringTemplateAddr + string.len(tempstring)+1,0)

  --debug verification
 -- print(string.format("[%s] || [%s] || AOB addr %x ", readString(PermitStringTemplateAddr), readString(NoPermitStringTemplateAddr), AOBAddr  ))

// would like to overwrite 2 push instructions (they push addresses of string printf template)

push StarTradersFrontiersMods.exe+7135C0 { ("Trade Law: %d  Permit: %d  Starport: %d") }
with 
push  PermitStringTemplateAddr // at addr  AOBAddr + 0x80

and

push StarTradersFrontiersMods.exe+713670 { ("Trade Law: %d  Starport: %d") }
with 
push  NoPermitStringTemplateAddr // at addr  AOBAddr + 0xB9


end
Basically I want the hover UI to use printf templates in which I have injected more info (extra calculated parameter value for waterfuel cost)

EDIT can I add stuff here ?

Code: Select all


....
AOB_UI_Add_Water_Cost_Hover_LeftStation:
  jmp code
return:
registersymbol(AOB_UI_Add_Water_Cost_Hover_LeftStation)

AOB_UI_Add_Water_Cost_Hover_LeftStation+80:
push PermitString

AOB_UI_Add_Water_Cost_Hover_LeftStation+B9:
push NoPermitString


[DISABLE]

AOB_UI_Add_Water_Cost_Hover_LeftStation:
 readmem(bytes_save_UI_water_Left_Station,5)   // db E8 75 F4 01 00   // will need save-restore 5 bytes

AOB_UI_Add_Water_Cost_Hover_LeftStation+80: 
readmem(,5) // Restore Push str addr

AOB_UI_Add_Water_Cost_Hover_LeftStation+B9:
readmem(,5) // Restore second Push str addr 

unregistersymbol(AOB_UI_Add_Water_Cost_Hover_LeftStation)
unregisterSymbol(bytes_save_UI_water_Left_Station)
dealloc(newmem)
dealloc(LUA_UI_Water_Cost_LeftStation)
dealloc(UI_Water_Cost_LeftStation_Params)

Just occurred to me , No matter how i do it I will need to (SAVE /) RESTORE those original pushes in For the disable function

peddroelm
Cheater
Cheater
Posts: 40
Joined: Fri Apr 05, 2019 9:15 am
Reputation: 17

Re: How to replace push (string address) instruction AT a specific address with another push String address instruction

Post by peddroelm »

goes this question translates
"Can the result of a single AOB scan (symbol) be used to overwrite instructions at multiple offsets ?

// for the executable part
...
AOB_result:
jmp code
return
...

but could also use
AOB_result+X:
overwrite stuff

AOB_result+Z:
overwrite more stuff

registersymbol(AOB_result)

[DISABLE]


AOB_result:
restore

AOB_result+X:
restore

AOB_result+Z:
restore

unregister ..
dealloc

horrible crashes chain incoming ! :)

EDIT: No crashes it WORKED :))

Image




Code: Select all

....
label(bytes_save_UI_water_Left_Station)
registerSymbol(bytes_save_UI_water_Left_Station)
label(bytes_save_UI_water_Left_Station_2)
registerSymbol(bytes_save_UI_water_Left_Station_2)
label(bytes_save_UI_water_Left_Station_3)
registerSymbol(bytes_save_UI_water_Left_Station_3)

LUA_UI_Water_Cost_LeftStation:
 db 'UI_Water_Cost_LeftStation(parameter)',0

newmem:
  bytes_save_UI_water_Left_Station:
  readmem(AOB_UI_Add_Water_Cost_Hover_LeftStation,5)
  bytes_save_UI_water_Left_Station_2:
  readmem(AOB_UI_Add_Water_Cost_Hover_LeftStation+80,5)
  bytes_save_UI_water_Left_Station_3:
  readmem(AOB_UI_Add_Water_Cost_Hover_LeftStation+B9,5)
  STZoneModel:
  dd 0
  STRumorQuadrantModel:
  dd 0
  PermitString:
  db 'Trade Law: %d Permit: %d Starport: %d',0
  NoPermitString:
  db 'Trade Law: %d Starport: %d',0

code : 

...

....

 call AOB_BM_f_get_Trade_Law  // original code:
  jmp return

AOB_UI_Add_Water_Cost_Hover_LeftStation:
  jmp code
return:

AOB_UI_Add_Water_Cost_Hover_LeftStation+80:
push PermitString

AOB_UI_Add_Water_Cost_Hover_LeftStation+B9:
push NoPermitString

registersymbol(AOB_UI_Add_Water_Cost_Hover_LeftStation)

[DISABLE]

AOB_UI_Add_Water_Cost_Hover_LeftStation:
 readmem(bytes_save_UI_water_Left_Station,5)   // db E8 75 F4 01 00   // restore call AOB_f_get_Trade_Law

AOB_UI_Add_Water_Cost_Hover_LeftStation+80:
 readmem(bytes_save_UI_water_Left_Station_2,5)  //  restore push addr un modded string template

 AOB_UI_Add_Water_Cost_Hover_LeftStation+B9:
 readmem(bytes_save_UI_water_Left_Station_3,5) // restore push addr un modded string template

unregistersymbol(AOB_UI_Add_Water_Cost_Hover_LeftStation)
unregisterSymbol(bytes_save_UI_water_Left_Station)
unregisterSymbol(bytes_save_UI_water_Left_Station_2)
unregisterSymbol(bytes_save_UI_water_Left_Station_3)
dealloc(newmem)



Post Reply

Who is online

Users browsing this forum: No registered users