PULSAR Lost Colony Script Issue

Anything Cheat Engine related, bugs, suggestions, helping others, etc..
Post Reply
User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 226
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 18

PULSAR Lost Colony Script Issue

Post by Kalas » Thu Apr 27, 2017 6:23 am

I'm trying to use lea so the current value will display always:

Code: Select all

  push ebx
  lea ebx,[eax+74]
  mov [CoreTempValue],ebx
  pop ebx
  fstp dword ptr [eax+74]
  jmp 28229A60
  jmp return
I added those as well:

Code: Select all

alloc(CoreTempValue,8)
registersymbol(CoreTempValue)
unregistersymbol(CoreTempValue)
dealloc(CoreTempValue)

The code itself looks like that:

Code: Select all

[ENABLE]

aobscan(aobCoreTemp,D9 58 74 E9 70 00 00 00)
alloc(newmem,$100,aobCoreTemp)
alloc(CoreTempValue,8)

label(code)
label(return)

registersymbol(CoreTempValue)

newmem:

code:
  push ebx
  lea ebx,[eax+74]
  mov [CoreTempValue],ebx
  pop ebx
  fstp dword ptr [eax+74]
  jmp 28229A60
  jmp return

aobCoreTemp:
  jmp newmem
  nop
  nop
  nop
return:
registersymbol(aobCoreTemp)

[DISABLE]

aobCoreTemp:
  db D9 58 74 E9 70 00 00 00

unregistersymbol(aobCoreTemp)
unregistersymbol(CoreTempValue)
dealloc(newmem)
dealloc(CoreTempValue)


The issue here is that, after adding address manually the value will just display as ?? rather then show my current stat, what could be the issue in my code?

PS: Is there any other way of doing what I'm trying in this code, Like more smaller then using lea like that.?

Eric
Hall of Famer
Hall of Famer
Posts: 36
Joined: Thu Mar 02, 2017 11:01 pm
Reputation: 10

Re: PULSAR Lost Colony Script Issue

Post by Eric » Thu Apr 27, 2017 8:41 am

has your injected code been executed at least once ? Else CoreTempValue will stay 0

what you can also do is:
mov [CoreTempValue],eax

and then as pointer give as base address CoreTempValue and as offset 74

User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 226
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 18

Re: PULSAR Lost Colony Script Issue

Post by Kalas » Thu Apr 27, 2017 9:26 am

Ohh...

Thank you Eric :)

User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 226
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 18

Re: PULSAR Lost Colony Script Issue

Post by Kalas » Thu Apr 27, 2017 9:33 am

Hmm I have a question:

So I did a compare between first script and then I found the instrcution agian when I opened the game again, this is weird:

Version 1:

Code: Select all

fstp dword ptr [eax+74]
  jmp 28229A60
  jmp return

Version 2:

Code: Select all

fstp dword ptr [eax+74]
  jmp 1D9F0418
  jmp return
The jmp is different, could it be the reason why my game sometimes crush when I activate the script?

User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 226
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 18

Re: PULSAR Lost Colony Script Issue

Post by Kalas » Thu Apr 27, 2017 9:39 am

Should it look like that:?

Code: Select all

[ENABLE]

aobscan(aobCoreTemp,D9 58 74 E9 70 00 00 00)
alloc(newmem,$100,aobCoreTemp)

label(code)
label(return)
label(CoreTempPtr)

registersymbol(CoreTempPtr)

newmem:

code:
  fstp dword ptr [eax+74]
  mov [CoreTempPtr],ebx
  jmp 1D9F0418
  jmp return

CoreTempPtr:

aobCoreTemp:
  jmp newmem
  nop
  nop
  nop
return:
registersymbol(aobCoreTemp)

[DISABLE]

aobCoreTemp:
  db D9 58 74 E9 70 00 00 00

unregistersymbol(aobCoreTemp)
unregistersymbol(CoreTempValue)
dealloc(newmem)

User avatar
SunBeam
Trouble Makers
Trouble Makers
Posts: 352
Joined: Thu Mar 02, 2017 10:15 pm
Reputation: 95

Re: PULSAR Lost Colony Script Issue

Post by SunBeam » Thu Apr 27, 2017 2:28 pm

Your problem is exactly that JMP.

T̶h̶e̶ ̶a̶d̶d̶r̶e̶s̶s̶ ̶c̶h̶a̶n̶g̶e̶s̶ ̶b̶e̶c̶a̶u̶s̶e̶ ̶t̶h̶e̶ ̶g̶a̶m̶e̶'̶s̶ ̶c̶o̶d̶e̶ ̶i̶s̶ ̶a̶l̶l̶o̶c̶a̶t̶e̶d̶ ̶d̶i̶f̶f̶e̶r̶e̶n̶t̶l̶y̶ ̶i̶n̶ ̶m̶e̶m̶o̶r̶y̶ ̶e̶v̶e̶r̶y̶ ̶t̶i̶m̶e̶ ̶y̶o̶u̶ ̶r̶u̶n̶ ̶i̶t̶ ̶(̶t̶h̶e̶ ̶b̶a̶s̶e̶ ̶f̶o̶r̶ ̶t̶h̶e̶ ̶p̶r̶o̶c̶e̶s̶s̶ ̶c̶h̶a̶n̶g̶e̶s̶)̶.̶ ̶I̶n̶ ̶M̶e̶m̶o̶r̶y̶ ̶V̶i̶e̶w̶ ̶c̶h̶a̶n̶g̶e̶ ̶d̶i̶s̶p̶l̶a̶y̶ ̶t̶o̶ ̶s̶h̶o̶w̶ ̶m̶o̶d̶u̶l̶e̶ ̶n̶a̶m̶e̶s̶ ̶(̶V̶i̶e̶w̶ ̶>̶ ̶S̶h̶o̶w̶ ̶m̶o̶d̶u̶l̶e̶ ̶a̶d̶d̶r̶e̶s̶s̶e̶s̶)̶,̶ ̶t̶h̶e̶n̶ ̶i̶n̶s̶t̶e̶a̶d̶ ̶o̶f̶ ̶"̶1̶D̶9̶F̶0̶4̶1̶8̶"̶ ̶u̶s̶e̶ ̶i̶t̶s̶ ̶s̶y̶m̶b̶o̶l̶i̶c̶ ̶n̶a̶m̶e̶ ̶(̶e̶.̶g̶.̶:̶ ̶g̶a̶m̶e̶.̶e̶x̶e̶+̶5̶0̶4̶1̶8̶)̶.̶ ̶T̶h̶a̶t̶'̶s̶ ̶a̶l̶w̶a̶y̶s̶ ̶g̶o̶i̶n̶g̶ ̶t̶o̶ ̶b̶e̶ ̶s̶t̶a̶t̶i̶c̶,̶ ̶a̶s̶ ̶C̶E̶ ̶w̶i̶l̶l̶ ̶r̶e̶a̶d̶ ̶b̶a̶s̶e̶ ̶o̶f̶ ̶g̶a̶m̶e̶,̶ ̶n̶o̶ ̶m̶a̶t̶t̶e̶r̶ ̶w̶h̶e̶r̶e̶ ̶i̶t̶'̶s̶ ̶a̶l̶l̶o̶c̶a̶t̶e̶d̶ ̶a̶n̶d̶ ̶c̶a̶l̶c̶u̶l̶a̶t̶e̶ ̶y̶o̶u̶r̶ ̶a̶d̶d̶r̶e̶s̶s̶'̶ ̶l̶o̶c̶a̶t̶i̶o̶n̶ ̶b̶a̶s̶e̶d̶ ̶o̶n̶ ̶t̶h̶e̶ ̶o̶f̶f̶s̶e̶t̶.

If this is an Unity game, the above won't work, as your address: 1D9F0418 is part of JIT code. For that you should use CE's Mono interpreter (main window, top up, see Mono menu?). How to proceed further -> google hacking Unity games.

BR,
Sun

EDIT: It's a Unity game.

User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 226
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 18

Re: PULSAR Lost Colony Script Issue

Post by Kalas » Thu Apr 27, 2017 2:33 pm

SunBeam wrote:
Thu Apr 27, 2017 2:28 pm
Your problem is exactly that JMP. The address changes because the game's code is allocated differently in memory every time you run it (the base for the process changes). In Memory View change display to show module names (View > Show module addresses), then instead of "1D9F0418" use its symbolic name (e.g.: game.exe+50418). That's always going to be static, as CE will read base of game, no matter where it's allocated and calculate your address' location based on the offset.
Oh Alright, thank you ill try :)

User avatar
SunBeam
Trouble Makers
Trouble Makers
Posts: 352
Joined: Thu Mar 02, 2017 10:15 pm
Reputation: 95

Re: PULSAR Lost Colony Script Issue

Post by SunBeam » Mon May 01, 2017 3:59 am

Table uploaded here: viewtopic.php?f=4&t=2167.

Post Reply

Who is online

Users browsing this forum: No registered users