instruction -> registersymbol -> adress

Want Cheat Engine to do something specific and no idea how to do that, ask here. (From simple scripts to full trainers and extensions)
Post Reply
User avatar
ArchAngelRC
Cheater
Cheater
Posts: 27
Joined: Sun Apr 02, 2017 6:26 am
Reputation: 7

instruction -> registersymbol -> adress

Post by ArchAngelRC »

Hello there,

I have run into some problems with scripts and AOB's.
In the game that i want to cheat in, I have found the section where all the adresses are stored.
I cannot find a reliable AOB array in the vicinity there.
I found however the instruction that changes shield in this example.
I made a script that stops it from ever going down.

Now my question, is it possible to use that instruction to give me pointer that always points to the shield value ?

Here the code:

Code: Select all

[ENABLE]
aobscan(tits_shield,41 89 48 5? 48 8B 8D 48 FF FF FF)
alloc(newmem,$100)

label(code)
label(return)

newmem:

code:
  mov [r8+58],ecx
  mov rcx,[rbp-000000B8]
  jmp return

tits_shield:
 db 90 90 90 90
return:
registersymbol(tits_shield)

[DISABLE]

tits_shield:
  db 41 89 48 58 48 8B 8D 48 FF FF FF

unregistersymbol(tits_shield)
dealloc(newmem)
Sorry if that code looks butchered or bad, I just pieced that together, since I'm really bad at this.

The [r8+58] part points to the shield value.
Is it possible to assign it a register somehow, so I can build a table around it ?

Thanks in advance :)

User avatar
Rudo
Expert Cheater
Expert Cheater
Posts: 121
Joined: Thu Apr 06, 2017 4:59 pm
Reputation: 77

Re: instruction -> registersymbol -> adress

Post by Rudo »

You can do something like this:

Code: Select all

aobscan(tits_shield,41 89 48 5? 48 8B 8D 48 FF FF FF)
alloc(newmem,$100)

label(code)
label(return)
label(shield_ptr)
registersymbol(shield_ptr)

newmem:
shield_ptr:
dd 0

code:
  mov [shield_ptr],r8
  mov [r8+58],ecx
  mov rcx,[rbp-000000B8]
  jmp return
and then manually add an address like this:
Image
activate the script and then it should point to the shield value

User avatar
ArchAngelRC
Cheater
Cheater
Posts: 27
Joined: Sun Apr 02, 2017 6:26 am
Reputation: 7

Re: instruction -> registersymbol -> adress

Post by ArchAngelRC »

Thank you for the response :)

I tried what you suggested, but sadly it only seems to work partially.
This is the code of the script now:

Code: Select all

[ENABLE]
aobscan(tits_shield,41 89 48 5C 48 8B 8D 48 FF FF FF)
alloc(newmem,$100)

label(code)
label(return)
label(shield_ptr)
registersymbol(shield_ptr)

newmem:
shield_ptr:
dd 0

code:
  mov [shield_ptr],r8
  mov [r8+58],ecx
  mov rcx,[rbp-000000B8]
  jmp return

return:

[DISABLE]
dealloc(newmem)
unregistersymbol(shield_ptr)
But the pointer with shield_ptr +58 points to this adress:
2504894C00000058
While the shield adress is located here:
34CE53578AC

Did i perhaps do something wrong ?

Squall8
RCE Fanatics
RCE Fanatics
Posts: 564
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 1117

Re: instruction -> registersymbol -> adress

Post by Squall8 »

Code: Select all

[ENABLE]
aobscan(tits_shield,41 89 48 5C 48 8B 8D 48 FF FF FF)
alloc(newmem,$100)

label(code)
label(return)
label(shield_ptr)
registersymbol(shield_ptr)
registersymbol(tits_shield)

newmem:
  mov [shield_ptr],r8

code:
  mov [r8+58],ecx
  mov rcx,[rbp-000000B8]
  jmp return
  
shield_ptr:
  dq 0

tits_shield:
  //let cheat engine build the template (AOB Injection) for you to get the correct amount of nops here..
return:

[DISABLE]
dealloc(newmem)
unregistersymbol(shield_ptr)
unregistersymbol(tits_shield)

User avatar
ArchAngelRC
Cheater
Cheater
Posts: 27
Joined: Sun Apr 02, 2017 6:26 am
Reputation: 7

Re: instruction -> registersymbol -> adress

Post by ArchAngelRC »

When I try to add your code, it always tells me "Not all code is injectable."
No further error or something.

The amount of nops that CE gives me with aobinjection is this

Code: Select all

  jmp newmem
  nop
  nop
  nop
  nop
  nop
  nop

Squall8
RCE Fanatics
RCE Fanatics
Posts: 564
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 1117

Re: instruction -> registersymbol -> adress

Post by Squall8 »

It shouldn't throw any error codes. Did it give you an "Error at line: XX" message? If you let CE build the script for you and add the required lines from the script above it should work just fine. Paste an unmodified AOB Injection template here for the instruction you found.

User avatar
ArchAngelRC
Cheater
Cheater
Posts: 27
Joined: Sun Apr 02, 2017 6:26 am
Reputation: 7

Re: instruction -> registersymbol -> adress

Post by ArchAngelRC »

sorry, you were right. The error was on my part.
Edited your code into a template, and I could add it.

Can activate it, but points somewhere else.
shield_ptr+58 pointer gets adress 000000058

These are the results of the adresses:
Image

This would be the template from CE unaltered

Code: Select all

aobscan(tits_shield,41 89 48 5C 48 8B 8D 48 FF FF FF) // should be unique
alloc(newmem,$1000,3E91E82F817)

label(code)
label(return)

newmem:

code:
  mov [r8+5C],ecx
  mov rcx,[rbp-000000B8]
  jmp return

tits_shield:
  jmp newmem
  nop
  nop
  nop
  nop
  nop
  nop
return:
registersymbol(tits_shield)

[DISABLE]

tits_shield:
  db 41 89 48 5C 48 8B 8D 48 FF FF FF

unregistersymbol(tits_shield)
dealloc(newmem)
This is currently the latest one that i have changed.

Code: Select all

aobscan(tits_shield,41 89 48 5C 48 8B 8D 48 FF FF FF)
alloc(newmem,$100)

label(code)
label(return)
label(shield_ptr)
registersymbol(shield_ptr)


newmem:
  mov [shield_ptr],r8
code:
  mov [r8+58],ecx
  mov rcx,[rbp-000000B8]
  jmp return

shield_ptr:
  dq 0

tits_shield:

return:
registersymbol(tits_shield)

[DISABLE]

dealloc(newmem)
unregistersymbol(shield_ptr)
unregistersymbol(tits_shield)
Sorry again if I dont seem to get it, but this is all quite alien to me :(

Squall8
RCE Fanatics
RCE Fanatics
Posts: 564
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 1117

Re: instruction -> registersymbol -> adress

Post by Squall8 »

Your script needs to have this:

Code: Select all

  jmp newmem
  nop
  nop
  nop
  nop
  nop
  nop
return:

[DISABLE]

tits_shield:
  db 41 89 48 5C 48 8B 8D 48 FF FF FF
Don't take those out of the script.
Also why did you change [r8+5C],ecx to +58? You debugged on current shield value right?
And if you want the pointer to update you'll need to decrease your shield value in game. Get hit or something.

User avatar
ArchAngelRC
Cheater
Cheater
Posts: 27
Joined: Sun Apr 02, 2017 6:26 am
Reputation: 7

Re: instruction -> registersymbol -> adress

Post by ArchAngelRC »

you'll need to decrease your shield value in game. Get hit or something
That was the thing i did not do.
Thank you so much, finally works now :)

Really appreciate the help!

User avatar
Rudo
Expert Cheater
Expert Cheater
Posts: 121
Joined: Thu Apr 06, 2017 4:59 pm
Reputation: 77

Re: instruction -> registersymbol -> adress

Post by Rudo »

Oh yeah I was wrong using dd lol, should have been used dq and it should have been placed after code, too.
Ah well it seems you got the problem solved :lol: (thanks, squall8)

Squall8
RCE Fanatics
RCE Fanatics
Posts: 564
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 1117

Re: instruction -> registersymbol -> adress

Post by Squall8 »

Rudo wrote:
Sat May 27, 2017 5:02 am
Oh yeah I was wrong using dd lol, should have been used dq and it should have been placed after code, too.
Ah well it seems you got the problem solved :lol: (thanks, squall8)
No worries. Actually dd/dq/ect can be placed anywhere outside the newmem/code lines.

Squall8
RCE Fanatics
RCE Fanatics
Posts: 564
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 1117

Re: instruction -> registersymbol -> adress

Post by Squall8 »

^^ Yep. I'll only move registersymbol if I'm combining scripts just to keep it organized.
ArchAngelRC wrote:
Fri May 26, 2017 8:17 pm
I also forgot to mention if you want your pointers populate immediately after you enable your script, find an instruction that is constantly being accessed.

User avatar
ArchAngelRC
Cheater
Cheater
Posts: 27
Joined: Sun Apr 02, 2017 6:26 am
Reputation: 7

Re: instruction -> registersymbol -> adress

Post by ArchAngelRC »

SunBeam wrote:
Sun May 28, 2017 10:09 pm
..or create a thread that does it for ya ;)
Just out of healthy interest in learning, how would I do that ?
Squall8 wrote:
Sun May 28, 2017 6:27 pm
I also forgot to mention if you want your pointers populate immediately after you enable your script, find an instruction that is constantly being accessed.
I wanted to do that, but the instruction in the posts above is the only one that I found for the actual value.
Other instructions just point towards the visual value, which is nowhere near the actual value.

Squall8
RCE Fanatics
RCE Fanatics
Posts: 564
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 1117

Re: instruction -> registersymbol -> adress

Post by Squall8 »

ArchAngelRC wrote:
Mon May 29, 2017 2:27 pm
I wanted to do that, but the instruction in the posts above is the only one that I found for the actual value.
Other instructions just point towards the visual value, which is nowhere near the actual value.
Is the instruction shared? If so, filter out the addresses you don't want.
SunBeam wrote:
Sun May 28, 2017 10:09 pm
..or create a thread that does it for ya ;)
I'm also a bit curious about this. I've used it on simple pointers before, but I wasn't sure if it was possible to hook it on to an instruction. And if you could, wouldn't the instruction still have to execute in order for your pointers to update?

Post Reply

Who is online

Users browsing this forum: No registered users