instruction -> registersymbol -> adress

Want Cheat Engine to do something specific and no idea how to do that, ask here. (From simple scripts to full trainers and extensions)
User avatar
ArchAngelRC
Novice Cheater
Novice Cheater
Posts: 22
Joined: Sun Apr 02, 2017 6:26 am
Reputation: 5

instruction -> registersymbol -> adress

Post by ArchAngelRC » Fri May 26, 2017 2:15 pm

Hello there,

I have run into some problems with scripts and AOB's.
In the game that i want to cheat in, I have found the section where all the adresses are stored.
I cannot find a reliable AOB array in the vicinity there.
I found however the instruction that changes shield in this example.
I made a script that stops it from ever going down.

Now my question, is it possible to use that instruction to give me pointer that always points to the shield value ?

Here the code:

Code: Select all

[ENABLE]
aobscan(tits_shield,41 89 48 5? 48 8B 8D 48 FF FF FF)
alloc(newmem,$100)

label(code)
label(return)

newmem:

code:
  mov [r8+58],ecx
  mov rcx,[rbp-000000B8]
  jmp return

tits_shield:
 db 90 90 90 90
return:
registersymbol(tits_shield)

[DISABLE]

tits_shield:
  db 41 89 48 58 48 8B 8D 48 FF FF FF

unregistersymbol(tits_shield)
dealloc(newmem)
Sorry if that code looks butchered or bad, I just pieced that together, since I'm really bad at this.

The [r8+58] part points to the shield value.
Is it possible to assign it a register somehow, so I can build a table around it ?

Thanks in advance :)

User avatar
Rudo
Expert Cheater
Expert Cheater
Posts: 106
Joined: Thu Apr 06, 2017 4:59 pm
Reputation: 44
Contact:

Re: instruction -> registersymbol -> adress

Post by Rudo » Fri May 26, 2017 5:57 pm

You can do something like this:

Code: Select all

aobscan(tits_shield,41 89 48 5? 48 8B 8D 48 FF FF FF)
alloc(newmem,$100)

label(code)
label(return)
label(shield_ptr)
registersymbol(shield_ptr)

newmem:
shield_ptr:
dd 0

code:
  mov [shield_ptr],r8
  mov [r8+58],ecx
  mov rcx,[rbp-000000B8]
  jmp return
and then manually add an address like this:
Image
activate the script and then it should point to the shield value

User avatar
ArchAngelRC
Novice Cheater
Novice Cheater
Posts: 22
Joined: Sun Apr 02, 2017 6:26 am
Reputation: 5

Re: instruction -> registersymbol -> adress

Post by ArchAngelRC » Fri May 26, 2017 6:20 pm

Thank you for the response :)

I tried what you suggested, but sadly it only seems to work partially.
This is the code of the script now:

Code: Select all

[ENABLE]
aobscan(tits_shield,41 89 48 5C 48 8B 8D 48 FF FF FF)
alloc(newmem,$100)

label(code)
label(return)
label(shield_ptr)
registersymbol(shield_ptr)

newmem:
shield_ptr:
dd 0

code:
  mov [shield_ptr],r8
  mov [r8+58],ecx
  mov rcx,[rbp-000000B8]
  jmp return

return:

[DISABLE]
dealloc(newmem)
unregistersymbol(shield_ptr)
But the pointer with shield_ptr +58 points to this adress:
2504894C00000058
While the shield adress is located here:
34CE53578AC

Did i perhaps do something wrong ?

Squall8
Expert Cheater
Expert Cheater
Posts: 171
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 89

Re: instruction -> registersymbol -> adress

Post by Squall8 » Fri May 26, 2017 8:01 pm

Code: Select all

[ENABLE]
aobscan(tits_shield,41 89 48 5C 48 8B 8D 48 FF FF FF)
alloc(newmem,$100)

label(code)
label(return)
label(shield_ptr)
registersymbol(shield_ptr)
registersymbol(tits_shield)

newmem:
  mov [shield_ptr],r8

code:
  mov [r8+58],ecx
  mov rcx,[rbp-000000B8]
  jmp return
  
shield_ptr:
  dq 0

tits_shield:
  //let cheat engine build the template (AOB Injection) for you to get the correct amount of nops here..
return:

[DISABLE]
dealloc(newmem)
unregistersymbol(shield_ptr)
unregistersymbol(tits_shield)

User avatar
ArchAngelRC
Novice Cheater
Novice Cheater
Posts: 22
Joined: Sun Apr 02, 2017 6:26 am
Reputation: 5

Re: instruction -> registersymbol -> adress

Post by ArchAngelRC » Fri May 26, 2017 8:17 pm

When I try to add your code, it always tells me "Not all code is injectable."
No further error or something.

The amount of nops that CE gives me with aobinjection is this

Code: Select all

  jmp newmem
  nop
  nop
  nop
  nop
  nop
  nop

Squall8
Expert Cheater
Expert Cheater
Posts: 171
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 89

Re: instruction -> registersymbol -> adress

Post by Squall8 » Fri May 26, 2017 8:35 pm

It shouldn't throw any error codes. Did it give you an "Error at line: XX" message? If you let CE build the script for you and add the required lines from the script above it should work just fine. Paste an unmodified AOB Injection template here for the instruction you found.

User avatar
ArchAngelRC
Novice Cheater
Novice Cheater
Posts: 22
Joined: Sun Apr 02, 2017 6:26 am
Reputation: 5

Re: instruction -> registersymbol -> adress

Post by ArchAngelRC » Fri May 26, 2017 9:04 pm

sorry, you were right. The error was on my part.
Edited your code into a template, and I could add it.

Can activate it, but points somewhere else.
shield_ptr+58 pointer gets adress 000000058

These are the results of the adresses:
Image

This would be the template from CE unaltered

Code: Select all

aobscan(tits_shield,41 89 48 5C 48 8B 8D 48 FF FF FF) // should be unique
alloc(newmem,$1000,3E91E82F817)

label(code)
label(return)

newmem:

code:
  mov [r8+5C],ecx
  mov rcx,[rbp-000000B8]
  jmp return

tits_shield:
  jmp newmem
  nop
  nop
  nop
  nop
  nop
  nop
return:
registersymbol(tits_shield)

[DISABLE]

tits_shield:
  db 41 89 48 5C 48 8B 8D 48 FF FF FF

unregistersymbol(tits_shield)
dealloc(newmem)
This is currently the latest one that i have changed.

Code: Select all

aobscan(tits_shield,41 89 48 5C 48 8B 8D 48 FF FF FF)
alloc(newmem,$100)

label(code)
label(return)
label(shield_ptr)
registersymbol(shield_ptr)


newmem:
  mov [shield_ptr],r8
code:
  mov [r8+58],ecx
  mov rcx,[rbp-000000B8]
  jmp return

shield_ptr:
  dq 0

tits_shield:

return:
registersymbol(tits_shield)

[DISABLE]

dealloc(newmem)
unregistersymbol(shield_ptr)
unregistersymbol(tits_shield)
Sorry again if I dont seem to get it, but this is all quite alien to me :(

Squall8
Expert Cheater
Expert Cheater
Posts: 171
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 89

Re: instruction -> registersymbol -> adress

Post by Squall8 » Fri May 26, 2017 9:33 pm

Your script needs to have this:

Code: Select all

  jmp newmem
  nop
  nop
  nop
  nop
  nop
  nop
return:

[DISABLE]

tits_shield:
  db 41 89 48 5C 48 8B 8D 48 FF FF FF
Don't take those out of the script.
Also why did you change [r8+5C],ecx to +58? You debugged on current shield value right?
And if you want the pointer to update you'll need to decrease your shield value in game. Get hit or something.

User avatar
ArchAngelRC
Novice Cheater
Novice Cheater
Posts: 22
Joined: Sun Apr 02, 2017 6:26 am
Reputation: 5

Re: instruction -> registersymbol -> adress

Post by ArchAngelRC » Fri May 26, 2017 10:15 pm

you'll need to decrease your shield value in game. Get hit or something
That was the thing i did not do.
Thank you so much, finally works now :)

Really appreciate the help!

User avatar
Rudo
Expert Cheater
Expert Cheater
Posts: 106
Joined: Thu Apr 06, 2017 4:59 pm
Reputation: 44
Contact:

Re: instruction -> registersymbol -> adress

Post by Rudo » Sat May 27, 2017 5:02 am

Oh yeah I was wrong using dd lol, should have been used dq and it should have been placed after code, too.
Ah well it seems you got the problem solved :lol: (thanks, squall8)

Squall8
Expert Cheater
Expert Cheater
Posts: 171
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 89

Re: instruction -> registersymbol -> adress

Post by Squall8 » Sun May 28, 2017 2:01 am

Rudo wrote:
Sat May 27, 2017 5:02 am
Oh yeah I was wrong using dd lol, should have been used dq and it should have been placed after code, too.
Ah well it seems you got the problem solved :lol: (thanks, squall8)
No worries. Actually dd/dq/ect can be placed anywhere outside the newmem/code lines.

User avatar
SunBeam
Trouble Makers
Trouble Makers
Posts: 354
Joined: Thu Mar 02, 2017 10:15 pm
Reputation: 95

Re: instruction -> registersymbol -> adress

Post by SunBeam » Sun May 28, 2017 2:05 am

Also registersymbol can be declared in the script's initialization section (not necessarily near the location where it's going to be used, after the reference's been declared). tits_shield will be looked-up by the parser, no matter where you put it in the [ENABLE] section :P

Squall8
Expert Cheater
Expert Cheater
Posts: 171
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 89

Re: instruction -> registersymbol -> adress

Post by Squall8 » Sun May 28, 2017 6:27 pm

^^ Yep. I'll only move registersymbol if I'm combining scripts just to keep it organized.
ArchAngelRC wrote:
Fri May 26, 2017 8:17 pm
I also forgot to mention if you want your pointers populate immediately after you enable your script, find an instruction that is constantly being accessed.

User avatar
SunBeam
Trouble Makers
Trouble Makers
Posts: 354
Joined: Thu Mar 02, 2017 10:15 pm
Reputation: 95

Re: instruction -> registersymbol -> adress

Post by SunBeam » Sun May 28, 2017 10:09 pm

..or create a thread that does it for ya ;)

User avatar
ArchAngelRC
Novice Cheater
Novice Cheater
Posts: 22
Joined: Sun Apr 02, 2017 6:26 am
Reputation: 5

Re: instruction -> registersymbol -> adress

Post by ArchAngelRC » Mon May 29, 2017 2:27 pm

SunBeam wrote:
Sun May 28, 2017 10:09 pm
..or create a thread that does it for ya ;)
Just out of healthy interest in learning, how would I do that ?
Squall8 wrote:
Sun May 28, 2017 6:27 pm
I also forgot to mention if you want your pointers populate immediately after you enable your script, find an instruction that is constantly being accessed.
I wanted to do that, but the instruction in the posts above is the only one that I found for the actual value.
Other instructions just point towards the visual value, which is nowhere near the actual value.

Post Reply

Who is online

Users browsing this forum: No registered users