Page 1 of 1
instruction -> registersymbol -> adress
Posted: Fri May 26, 2017 2:15 pm
by ArchAngelRC
Hello there,
I have run into some problems with scripts and AOB's.
In the game that i want to cheat in, I have found the section where all the adresses are stored.
I cannot find a reliable AOB array in the vicinity there.
I found however the instruction that changes shield in this example.
I made a script that stops it from ever going down.
Now my question, is it possible to use that instruction to give me pointer that always points to the shield value ?
Here the code:
Code: Select all
[ENABLE]
aobscan(tits_shield,41 89 48 5? 48 8B 8D 48 FF FF FF)
alloc(newmem,$100)
label(code)
label(return)
newmem:
code:
mov [r8+58],ecx
mov rcx,[rbp-000000B8]
jmp return
tits_shield:
db 90 90 90 90
return:
registersymbol(tits_shield)
[DISABLE]
tits_shield:
db 41 89 48 58 48 8B 8D 48 FF FF FF
unregistersymbol(tits_shield)
dealloc(newmem)
Sorry if that code looks butchered or bad, I just pieced that together, since I'm really bad at this.
The [r8+58] part points to the shield value.
Is it possible to assign it a register somehow, so I can build a table around it ?
Thanks in advance :)
Re: instruction -> registersymbol -> adress
Posted: Fri May 26, 2017 5:57 pm
by Rudo
You can do something like this:
Code: Select all
aobscan(tits_shield,41 89 48 5? 48 8B 8D 48 FF FF FF)
alloc(newmem,$100)
label(code)
label(return)
label(shield_ptr)
registersymbol(shield_ptr)
newmem:
shield_ptr:
dd 0
code:
mov [shield_ptr],r8
mov [r8+58],ecx
mov rcx,[rbp-000000B8]
jmp return
and then manually add an address like this:
activate the script and then it should point to the shield value
Re: instruction -> registersymbol -> adress
Posted: Fri May 26, 2017 6:20 pm
by ArchAngelRC
Thank you for the response :)
I tried what you suggested, but sadly it only seems to work partially.
This is the code of the script now:
Code: Select all
[ENABLE]
aobscan(tits_shield,41 89 48 5C 48 8B 8D 48 FF FF FF)
alloc(newmem,$100)
label(code)
label(return)
label(shield_ptr)
registersymbol(shield_ptr)
newmem:
shield_ptr:
dd 0
code:
mov [shield_ptr],r8
mov [r8+58],ecx
mov rcx,[rbp-000000B8]
jmp return
return:
[DISABLE]
dealloc(newmem)
unregistersymbol(shield_ptr)
But the pointer with shield_ptr +58 points to this adress:
2504894C00000058
While the shield adress is located here:
34CE53578AC
Did i perhaps do something wrong ?
Re: instruction -> registersymbol -> adress
Posted: Fri May 26, 2017 8:01 pm
by Squall8
Code: Select all
[ENABLE]
aobscan(tits_shield,41 89 48 5C 48 8B 8D 48 FF FF FF)
alloc(newmem,$100)
label(code)
label(return)
label(shield_ptr)
registersymbol(shield_ptr)
registersymbol(tits_shield)
newmem:
mov [shield_ptr],r8
code:
mov [r8+58],ecx
mov rcx,[rbp-000000B8]
jmp return
shield_ptr:
dq 0
tits_shield:
//let cheat engine build the template (AOB Injection) for you to get the correct amount of nops here..
return:
[DISABLE]
dealloc(newmem)
unregistersymbol(shield_ptr)
unregistersymbol(tits_shield)
Re: instruction -> registersymbol -> adress
Posted: Fri May 26, 2017 8:17 pm
by ArchAngelRC
When I try to add your code, it always tells me "Not all code is injectable."
No further error or something.
The amount of nops that CE gives me with aobinjection is this
Code: Select all
jmp newmem
nop
nop
nop
nop
nop
nop
Re: instruction -> registersymbol -> adress
Posted: Fri May 26, 2017 8:35 pm
by Squall8
It shouldn't throw any error codes. Did it give you an "Error at line: XX" message? If you let CE build the script for you and add the required lines from the script above it should work just fine. Paste an unmodified AOB Injection template here for the instruction you found.
Re: instruction -> registersymbol -> adress
Posted: Fri May 26, 2017 9:04 pm
by ArchAngelRC
sorry, you were right. The error was on my part.
Edited your code into a template, and I could add it.
Can activate it, but points somewhere else.
shield_ptr+58 pointer gets adress 000000058
These are the results of the adresses:
This would be the template from CE unaltered
Code: Select all
aobscan(tits_shield,41 89 48 5C 48 8B 8D 48 FF FF FF) // should be unique
alloc(newmem,$1000,3E91E82F817)
label(code)
label(return)
newmem:
code:
mov [r8+5C],ecx
mov rcx,[rbp-000000B8]
jmp return
tits_shield:
jmp newmem
nop
nop
nop
nop
nop
nop
return:
registersymbol(tits_shield)
[DISABLE]
tits_shield:
db 41 89 48 5C 48 8B 8D 48 FF FF FF
unregistersymbol(tits_shield)
dealloc(newmem)
This is currently the latest one that i have changed.
Code: Select all
aobscan(tits_shield,41 89 48 5C 48 8B 8D 48 FF FF FF)
alloc(newmem,$100)
label(code)
label(return)
label(shield_ptr)
registersymbol(shield_ptr)
newmem:
mov [shield_ptr],r8
code:
mov [r8+58],ecx
mov rcx,[rbp-000000B8]
jmp return
shield_ptr:
dq 0
tits_shield:
return:
registersymbol(tits_shield)
[DISABLE]
dealloc(newmem)
unregistersymbol(shield_ptr)
unregistersymbol(tits_shield)
Sorry again if I dont seem to get it, but this is all quite alien to me :(
Re: instruction -> registersymbol -> adress
Posted: Fri May 26, 2017 9:33 pm
by Squall8
Your script needs to have this:
Code: Select all
jmp newmem
nop
nop
nop
nop
nop
nop
return:
[DISABLE]
tits_shield:
db 41 89 48 5C 48 8B 8D 48 FF FF FF
Don't take those out of the script.
Also why did you change [r8+5C],ecx to +58? You debugged on current shield value right?
And if you want the pointer to update you'll need to decrease your shield value in game. Get hit or something.
Re: instruction -> registersymbol -> adress
Posted: Fri May 26, 2017 10:15 pm
by ArchAngelRC
you'll need to decrease your shield value in game. Get hit or something
That was the thing i did not do.
Thank you so much, finally works now :)
Really appreciate the help!
Re: instruction -> registersymbol -> adress
Posted: Sat May 27, 2017 5:02 am
by Rudo
Oh yeah I was wrong using dd lol, should have been used dq and it should have been placed after code, too.
Ah well it seems you got the problem solved
(thanks, squall8)
Re: instruction -> registersymbol -> adress
Posted: Sun May 28, 2017 2:01 am
by Squall8
Rudo wrote: ↑Sat May 27, 2017 5:02 am
Oh yeah I was wrong using dd lol, should have been used dq and it should have been placed after code, too.
Ah well it seems you got the problem solved
(thanks, squall8)
No worries. Actually dd/dq/ect can be placed anywhere outside the newmem/code lines.
Re: instruction -> registersymbol -> adress
Posted: Sun May 28, 2017 6:27 pm
by Squall8
^^ Yep. I'll only move registersymbol if I'm combining scripts just to keep it organized.
I also forgot to mention if you want your pointers populate immediately after you enable your script, find an instruction that is constantly being accessed.
Re: instruction -> registersymbol -> adress
Posted: Mon May 29, 2017 2:27 pm
by ArchAngelRC
SunBeam wrote: ↑Sun May 28, 2017 10:09 pm
..or create a
thread that does it for ya ;)
Just out of healthy interest in learning, how would I do that ?
Squall8 wrote: ↑Sun May 28, 2017 6:27 pm
I also forgot to mention if you want your pointers populate immediately after you enable your script, find an instruction that is constantly being accessed.
I wanted to do that, but the instruction in the posts above is the only one that I found for the actual value.
Other instructions just point towards the visual value, which is nowhere near the actual value.
Re: instruction -> registersymbol -> adress
Posted: Mon May 29, 2017 10:44 pm
by Squall8
ArchAngelRC wrote: ↑Mon May 29, 2017 2:27 pm
I wanted to do that, but the instruction in the posts above is the only one that I found for the actual value.
Other instructions just point towards the visual value, which is nowhere near the actual value.
Is the instruction shared? If so, filter out the addresses you don't want.
SunBeam wrote: ↑Sun May 28, 2017 10:09 pm
..or create a
thread that does it for ya
I'm also a bit curious about this. I've used it on simple pointers before, but I wasn't sure if it was possible to hook it on to an instruction. And if you could, wouldn't the instruction still have to execute in order for your pointers to update?