Page 1 of 1

Lea

Posted: Mon Mar 20, 2017 4:57 pm
by Kalas

Code: Select all

[ENABLE]

// ========================================================//

aobscan(aobModifier,F3 0F 11 AE D8 00 00 00 48 8B)
alloc(newmem,$100,19D22008)

label(code)
label(return)
label(Health)

alloc(Health,4)

registersymbol(Health)

newmem:

Health:
  push rbx
  lea rbx,[rsi+000000D8]
  mov [Health],rbx
  pop rbx

code:
  movss [rsi+000000D8],xmm5
  jmp return

aobModifier:
  jmp newmem
  nop
  nop
  nop
return:
registersymbol(aobModifier)

// ========================================================//

aobscan(aobModifierv2,F3 0F 11 AE DC 00 00 00 48)
alloc(newmemv2,$100,19D21836)

label(codev2)
label(returnv2)

alloc(Warm,4)

registersymbol(Warm)

newmemv2:

Warm:
  push ebx
  lea ebx,[rsi+000000DC]
  mov [Warm],ebx
  pop ebx

codev2:
  movss [rsi+000000DC],xmm5
  jmp returnv2

aobModifierv2:
  jmp newmemv2
  nop
  nop
  nop
returnv2:
registersymbol(aobModifierv2)

// ========================================================//

aobscan(aobModifierv3,F3 0F 11 AE E0 00 00 00 48 8B 86)
alloc(newmemv3,$1000,19D525A2)

label(codev3)
label(returnv3)

alloc(Stress,4)

registersymbol(Stress)

newmemv3:

Stress:
  push edi
  lea edi,[rsi+000000E0]
  mov [Stress],edi
  pop edi

codev3:
  movss [rsi+000000E0],xmm5
  jmp returnv3

aobModifierv3:
  jmp newmemv3
  nop
  nop
  nop
returnv3:
registersymbol(aobModifierv3)


[DISABLE]

// ========================================================//

aobModifier:
  db F3 0F 11 AE D8 00 00 00

unregistersymbol(aobModifier)
dealloc(newmem)

dealloc(Health)
unregistersymbol(Health)

// ========================================================//

aobModifierv2:
  db F3 0F 11 AE DC 00 00 00

unregistersymbol(aobModifierv2)
dealloc(newmemv2)

dealloc(Warm)
unregistersymbol(Warm)

// ========================================================//

aobModifierv3:
  db F3 0F 11 AE E0 00 00 00

unregistersymbol(aobModifierv3)
dealloc(newmemv3)

dealloc(Stress)
unregistersymbol(Stress)

I'm trying to make a script where I add address manually for 3 stats, Health - Warm and Stress. they are in a float value so I guess 4 bytes is enough? correct me if I'm wrong.

But for some reason the script wont activate nor show the correct value it will just display ?? in the value tab, I must be doing something wrong here.

Re: Lea

Posted: Mon Mar 20, 2017 5:08 pm
by ++METHOS
Did you double-check to make sure that your AOB signatures were unique?

Re: Lea

Posted: Mon Mar 20, 2017 5:09 pm
by Kalas
++METHOS wrote:
Mon Mar 20, 2017 5:08 pm
Did you double-check to make sure that your AOB signatures were unique?
Hmm yes, I've made on another Table just Infinite for each thing and the AOB is matches, which means It's fine, I'll try to rescan and check aob again

Re: Lea

Posted: Mon Mar 20, 2017 5:12 pm
by Kalas
Yep just searched for the address again and the AOB is unique.

Re: Lea

Posted: Mon Mar 20, 2017 5:19 pm
by Kalas
I tried to make a new Script just using lea on WARM:

Code: Select all

[ENABLE]

aobscan(aobWarm,F3 0F 11 AE DC 00 00 00 48)
alloc(newmem,$100,2B2E09D6)

label(code)
label(return)

alloc(Warm,4)
registersymbol(Warm)

newmem:

Warm:
  push rbx
  lea rbx,[rsi+000000DC]
  mov [Warm],rbx
  pop rbx

code:
  movss [rsi+000000DC],xmm5
  jmp return

aobWarm:
  jmp newmem
  nop
  nop
  nop
return:
registersymbol(aobWarm)

[DISABLE]

aobWarm:
  db F3 0F 11 AE DC 00 00 00

unregistersymbol(aobWarm)
dealloc(newmem)

dealloc(Warm,4)
unregistersymbol(Warm)

{
// ORIGINAL CODE - INJECTION POINT: 2B2E09D6

""+2B2E09A7: F3 0F 10 45 F4                 -  movss xmm0,[rbp-0C]
""+2B2E09AC: F3 0F 5A C0                    -  cvtss2sd xmm0,xmm0
""+2B2E09B0: F3 0F 10 8E DC 00 00 00        -  movss xmm1,[rsi+000000DC]
""+2B2E09B8: F3 0F 5A C9                    -  cvtss2sd xmm1,xmm1
""+2B2E09BC: F2 0F 5C C1                    -  subsd xmm0,xmm1
""+2B2E09C0: F2 0F 5A E8                    -  cvtsd2ss xmm5,xmm0
""+2B2E09C4: F3 0F 11 6D F0                 -  movss [rbp-10],xmm5
""+2B2E09C9: F3 0F 10 45 F4                 -  movss xmm0,[rbp-0C]
""+2B2E09CE: F3 0F 5A C0                    -  cvtss2sd xmm0,xmm0
""+2B2E09D2: F2 0F 5A E8                    -  cvtsd2ss xmm5,xmm0
// ---------- INJECTING HERE ----------
""+2B2E09D6: F3 0F 11 AE DC 00 00 00        -  movss [rsi+000000DC],xmm5
// ---------- DONE INJECTING  ----------
""+2B2E09DE: 48 8B 86 80 00 00 00           -  mov rax,[rsi+00000080]
""+2B2E09E5: 48 85 C0                       -  test rax,rax
""+2B2E09E8: 0F 84 3D 00 00 00              -  je 2B2E0A2B
""+2B2E09EE: 48 8B 86 80 00 00 00           -  mov rax,[rsi+00000080]
""+2B2E09F5: F3 0F 10 86 DC 00 00 00        -  movss xmm0,[rsi+000000DC]
""+2B2E09FD: F3 0F 5A C0                    -  cvtss2sd xmm0,xmm0
""+2B2E0A01: F3 0F 10 4D F0                 -  movss xmm1,[rbp-10]
""+2B2E0A06: F3 0F 5A C9                    -  cvtss2sd xmm1,xmm1
""+2B2E0A0A: 48 8B C8                       -  mov rcx,rax
""+2B2E0A0D: F2 0F 10 D1                    -  movsd xmm2,xmm1
}
This seems to crash my game when activating, I might be doing something wrong, but either way the first script which includes all the 3 of them wont activate at all.

Re: Lea

Posted: Mon Mar 20, 2017 5:30 pm
by ++METHOS
Make sure that you are letting CE build your scripts for you. If you are able to use AOBScanModule, use that instead.

Anyway, try setting it up like this:
[ENABLE]

aobscan(aobWarm,F3 0F 11 AE DC 00 00 00 48)
alloc(newmem,$1000,2B2E09D6)

label(Warm)
label(code)
label(return)

registersymbol(Warm)
registersymbol(aobWarm)

newmem:
push rbx
lea rbx,[rsi+000000DC]
mov [Warm],rbx
pop rbx

code:
movss [rsi+000000DC],xmm5
jmp return

Warm:
dq 0

aobWarm:
jmp newmem
nop
nop
nop
return:

[DISABLE]
dealloc(newmem)

aobWarm:
db F3 0F 11 AE DC 00 00 00

unregistersymbol(aobWarm)
unregistersymbol(Warm)

{
// ORIGINAL CODE - INJECTION POINT: 2B2E09D6

""+2B2E09A7: F3 0F 10 45 F4 - movss xmm0,[rbp-0C]
""+2B2E09AC: F3 0F 5A C0 - cvtss2sd xmm0,xmm0
""+2B2E09B0: F3 0F 10 8E DC 00 00 00 - movss xmm1,[rsi+000000DC]
""+2B2E09B8: F3 0F 5A C9 - cvtss2sd xmm1,xmm1
""+2B2E09BC: F2 0F 5C C1 - subsd xmm0,xmm1
""+2B2E09C0: F2 0F 5A E8 - cvtsd2ss xmm5,xmm0
""+2B2E09C4: F3 0F 11 6D F0 - movss [rbp-10],xmm5
""+2B2E09C9: F3 0F 10 45 F4 - movss xmm0,[rbp-0C]
""+2B2E09CE: F3 0F 5A C0 - cvtss2sd xmm0,xmm0
""+2B2E09D2: F2 0F 5A E8 - cvtsd2ss xmm5,xmm0
// ---------- INJECTING HERE ----------
""+2B2E09D6: F3 0F 11 AE DC 00 00 00 - movss [rsi+000000DC],xmm5
// ---------- DONE INJECTING ----------
""+2B2E09DE: 48 8B 86 80 00 00 00 - mov rax,[rsi+00000080]
""+2B2E09E5: 48 85 C0 - test rax,rax
""+2B2E09E8: 0F 84 3D 00 00 00 - je 2B2E0A2B
""+2B2E09EE: 48 8B 86 80 00 00 00 - mov rax,[rsi+00000080]
""+2B2E09F5: F3 0F 10 86 DC 00 00 00 - movss xmm0,[rsi+000000DC]
""+2B2E09FD: F3 0F 5A C0 - cvtss2sd xmm0,xmm0
""+2B2E0A01: F3 0F 10 4D F0 - movss xmm1,[rbp-10]
""+2B2E0A06: F3 0F 5A C9 - cvtss2sd xmm1,xmm1
""+2B2E0A0A: 48 8B C8 - mov rcx,rax
""+2B2E0A0D: F2 0F 10 D1 - movsd xmm2,xmm1
}

Re: Lea

Posted: Mon Mar 20, 2017 5:35 pm
by Kalas
Now it works, that was odd.

so basically adding this:

Warm:
dq 0

And yea moving all that push rbx form to newmem. ill try with the whole three scripts now :P

Re: Lea

Posted: Mon Mar 20, 2017 5:35 pm
by Schnitzelmaker
I would suggest the same, but save rsi instead and use Warm as pointer.

Also this could save time and scripts since Warm is now you base pointer for player and you could use it with offsets for the 3 options.

Code: Select all

[ENABLE]

aobscan(aobWarm,F3 0F 11 AE DC 00 00 00 48)
alloc(newmem,$1000,2B2E09D6)

label(Warm)
label(code)
label(return)

registersymbol(Warm)
registersymbol(aobWarm)

newmem:
mov [Warm],rsi

code:
movss [rsi+000000DC],xmm5
jmp return

Warm:
dq 0

aobWarm:
jmp newmem
nop
nop
nop
return:

[DISABLE]
dealloc(newmem)

aobWarm:
db F3 0F 11 AE DC 00 00 00

unregistersymbol(aobWarm)
unregistersymbol(Warm)

Re: Lea

Posted: Mon Mar 20, 2017 5:40 pm
by Kalas
Oh I'll try that as well

I ahve another quesiton, can I use rbx in all of that push?

for example I have 3 push, can I use 3 RBX in each one as I poped them each time

Re: Lea

Posted: Mon Mar 20, 2017 5:46 pm
by Kalas
Schnitzelmaker wrote:
Mon Mar 20, 2017 5:35 pm
I would suggest the same, but save rsi instead and use Warm as pointer.

Also this could save time and scripts since Warm is now you base pointer for player and you could use it with offsets for the 3 options.

Code: Select all

[ENABLE]

aobscan(aobWarm,F3 0F 11 AE DC 00 00 00 48)
alloc(newmem,$1000,2B2E09D6)

label(Warm)
label(code)
label(return)

registersymbol(Warm)
registersymbol(aobWarm)

newmem:
mov [Warm],rsi

code:
movss [rsi+000000DC],xmm5
jmp return

Warm:
dq 0

aobWarm:
jmp newmem
nop
nop
nop
return:

[DISABLE]
dealloc(newmem)

aobWarm:
db F3 0F 11 AE DC 00 00 00

unregistersymbol(aobWarm)
unregistersymbol(Warm)


DOesnt seem to work, I get -1 results in the value

Re: Lea

Posted: Mon Mar 20, 2017 5:50 pm
by Kalas
So I'm now using this method:

Code: Select all

aobscan(aobModifier,F3 0F 11 AE D8 00 00 00 48 8B)
alloc(newmem,$1000,19D22008)

label(code)
label(return)
label(Health)

registersymbol(Health)

newmem:
  push rbx
  lea rbx,[rsi+000000D8]
  mov [Health],rbx
  pop rbx

code:
  movss [rsi+000000D8],xmm5
  jmp return

Health:
  dq 0

aobModifier:
  jmp newmem
  nop
  nop
  nop
return:
registersymbol(aobModifier)

[DISABLE]

aobModifier:
  db F3 0F 11 AE D8 00 00 00

unregistersymbol(aobModifier)
dealloc(newmem)

unregistersymbol(Health)

For some reason only this one does not show the rest of the values, Warm and Stress shows perfectly.

Re: Lea

Posted: Mon Mar 20, 2017 5:58 pm
by Kalas
Ok everything works fine, thank you both guys!

Re: Lea

Posted: Mon Mar 20, 2017 6:31 pm
by Kalas
That's the final script just incase you wonder :)
[ENABLE]

// ======================================================== //

aobscan(aobHealthModifier,F3 0F 11 AE D8 00 00 00 48 8B)
alloc(newmemHealthModifier,$1000,2AB01D88)

label(Health)
label(codeHealthModifier)
label(returnHealthModifier)

registersymbol(Health)
registersymbol(aobHealthModifier)

newmemHealthModifier:
push rbx
lea rbx,[rsi+000000D8]
mov [Health],rbx
pop rbx

codeHealthModifier:
movss [rsi+000000D8],xmm5
jmp returnHealthModifier

Health:
dq 0

aobHealthModifier:
jmp newmemHealthModifier
nop
nop
nop
returnHealthModifier:

// ======================================================== //

aobscan(aobWarmModifier,F3 0F 11 AE DC 00 00 00 48)
alloc(newmemWarmModifier,$1000,2AB015B6)

label(Warm)
label(codeWarmModifier)
label(returnWarmModifier)

registersymbol(Warm)
registersymbol(aobWarmModifier)

newmemWarmModifier:
push ebx
lea ebx,[rsi+000000DC]
mov [Warm],ebx
pop ebx

codeWarmModifier:
movss [rsi+000000DC],xmm5
jmp returnWarmModifier

Warm:
dq 0

aobWarmModifier:
jmp newmemWarmModifier
nop
nop
nop
returnWarmModifier:

// ======================================================== //

aobscan(aobStressModifier,F3 0F 11 AE E0 00 00 00 48 8B 86)
alloc(newmemStressModifier,$1000,2C362382)

label(Stress)
label(codeStressModifier)
label(returnStressModifier)

registersymbol(Stress)
registersymbol(aobStressModifier)

newmemStressModifier:
push ecx
lea ecx,[rsi+000000E0]
mov [Stress],ecx
pop ecx

codeStressModifier:
movss [rsi+000000E0],xmm5
jmp returnStressModifier

Stress:
dq 0

aobStressModifier:
jmp newmemStressModifier
nop
nop
nop
returnStressModifier:

[DISABLE]

aobHealthModifier:
db F3 0F 11 AE D8 00 00 00

dealloc(newmemHealthModifier)

unregistersymbol(Health)
unregistersymbol(aobHealthModifier)

// ======================================================== //

aobWarmModifier:
db F3 0F 11 AE DC 00 00 00

dealloc(newmemWarmModifier)

unregistersymbol(Warm)
unregistersymbol(aobWarmModifier)

// ======================================================== //

aobStressModifier:
db F3 0F 11 AE E0 00 00 00

dealloc(newmemStressModifier)

unregistersymbol(Stress)
unregistersymbol(aobStressModifier)