Page 1 of 1
Help create a script to find game instance
Posted: Tue Feb 13, 2024 7:48 pm
by DH264
Hello,
I am using mono and found a class called GameManager which has the value of game instance below:
Now i want to create a script that will find this value automatically so i can populate pointers based on this address.
I am not sure how to trace where this value is coming from in the disassembler.
Thank you for the help
Re: Help create a script to find game instance
Posted: Wed Feb 21, 2024 8:53 am
by Toga
not rly sure what you mean
but JIT the method... set a breakpoint... then create an AOB ? ( not a fan here of using mono names )
Re: Help create a script to find game instance
Posted: Fri Feb 23, 2024 2:10 pm
by Uknown coder
Hell every one i made aa script that changes certain values via code injection and it works fine
(dont blame me if code look clunky i made it via teplates cuz im new to aa scripts)
now what i want is to easy manipulate value that i changed (0x32) from adress list
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscanmodule(INJECT,Stronghold_Crusader_Extreme.exe,66 89 86 C4 D3 45 01 5E 5D 5B C3 66 83 FA 07) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
mov [esi+Stronghold_Crusader_Extreme.exe+105D3C4],0x32
jmp return
INJECT:
jmp newmem
nop 2
return:
registersymbol(INJECT)
aobscanmodule(INJECT2,Stronghold_Crusader_Extreme.exe,66 89 86 C4 D3 45 01 57 B9 28 CA 45 01 66 C7) // should be unique
alloc(newmem2,$1000)
label(code2)
label(return2)
newmem2:
code2:
mov [esi+Stronghold_Crusader_Extreme.exe+105D3C4],0x32
jmp return2
INJECT2:
jmp newmem2
nop 2
return2:
registersymbol(INJECT2)
aobscanmodule(INJECT3,Stronghold_Crusader_Extreme.exe,66 89 86 C4 D3 45 01 5E 5D 5B C3 66 83 FA 05 0F 85 B2) // should be unique
alloc(newmem3,$1000)
label(code3)
label(return3)
newmem3:
code3:
mov [esi+Stronghold_Crusader_Extreme.exe+105D3C4],0x32
jmp return3
INJECT3:
jmp newmem3
nop 2
return3:
registersymbol(INJECT3)
aobscanmodule(INJECT4,Stronghold_Crusader_Extreme.exe,66 89 86 C4 D3 45 01 5E 5D 5B C3 66 83 FA 05 0F 85 E1) // should be unique
alloc(newmem4,$1000)
label(code4)
label(return4)
newmem4:
code4:
mov [esi+Stronghold_Crusader_Extreme.exe+105D3C4],0x32
jmp return4
INJECT4:
jmp newmem4
nop 2
return4:
registersymbol(INJECT4)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT:
db 66 89 86 C4 D3 45 01
unregistersymbol(INJECT)
dealloc(newmem)
INJECT2:
db 66 89 86 C4 D3 45 01
unregistersymbol(INJECT2)
dealloc(newmem2)
INJECT3:
db 66 89 86 C4 D3 45 01
unregistersymbol(INJECT3)
dealloc(newmem3)
INJECT4:
db 66 89 86 C4 D3 45 01
unregistersymbol(INJECT4)
dealloc(newmem4)
Re: Help create a script to find game instance
Posted: Fri Feb 23, 2024 3:52 pm
by LeFiXER
Firstly, you should make your own thread rather than hijack this one.
Uknown coder wrote: ↑Fri Feb 23, 2024 2:10 pm
Hell every one i made aa script that changes certain values via code injection and it works fine
(dont blame me if code look clunky i made it via teplates cuz im new to aa scripts)
now what i want is to easy manipulate value that i changed (0x32) from adress list
Code: Select all
[ENABLE]
aobscanmodule(INJECT,Stronghold_Crusader_Extreme.exe,66 89 86 C4 D3 45 01 5E 5D 5B C3 66 83 FA 07) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
label(mycustomvalue1)
label(mycustomvalue2)
label(mycustomvalue3)
label(mycustomvalue4)
registersymbol(mycustomvalue1)
registersymbol(mycustomvalue2)
registersymbol(mycustomvalue3)
registersymbol(mycustomvalue4)
newmem:
push ebx
mov ebx,[mycustomvalue1]
mov [esi+Stronghold_Crusader_Extreme.exe+105D3C4],ebx
pop ebx
jmp return
mycustomvalue1:
dd 0
mycustomvalue2:
dd 0
mycustomvalue3:
dd 0
mycustomvalue4:
dd 0
code:
mov [esi+Stronghold_Crusader_Extreme.exe+105D3C4],0x32
jmp return
INJECT:
jmp newmem
nop 2
return:
registersymbol(INJECT)
aobscanmodule(INJECT2,Stronghold_Crusader_Extreme.exe,66 89 86 C4 D3 45 01 57 B9 28 CA 45 01 66 C7) // should be unique
alloc(newmem2,$1000)
label(code2)
label(return2)
newmem2:
push ebx
mov ebx,[mycustomvalue2]
mov [esi+Stronghold_Crusader_Extreme.exe+105D3C4],ebx
pop ebx
jmp return2
code2:
mov [esi+Stronghold_Crusader_Extreme.exe+105D3C4],0x32
jmp return2
INJECT2:
jmp newmem2
nop 2
return2:
registersymbol(INJECT2)
aobscanmodule(INJECT3,Stronghold_Crusader_Extreme.exe,66 89 86 C4 D3 45 01 5E 5D 5B C3 66 83 FA 05 0F 85 B2) // should be unique
alloc(newmem3,$1000)
label(code3)
label(return3)
newmem3:
push ebx
mov ebx,[mycustomvalue3]
mov [esi+Stronghold_Crusader_Extreme.exe+105D3C4],ebx
pop ebx
jmp return3
code3:
mov [esi+Stronghold_Crusader_Extreme.exe+105D3C4],0x32
jmp return3
INJECT3:
jmp newmem3
nop 2
return3:
registersymbol(INJECT3)
aobscanmodule(INJECT4,Stronghold_Crusader_Extreme.exe,66 89 86 C4 D3 45 01 5E 5D 5B C3 66 83 FA 05 0F 85 E1) // should be unique
alloc(newmem4,$1000)
label(code4)
label(return4)
newmem4:
push ebx
mov ebx,[mycustomvalue4]
mov [esi+Stronghold_Crusader_Extreme.exe+105D3C4],ebx
pop ebx
jmp return4
code4:
mov [esi+Stronghold_Crusader_Extreme.exe+105D3C4],0x32
jmp return4
INJECT4:
jmp newmem4
nop 2
return4:
registersymbol(INJECT4)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT:
db 66 89 86 C4 D3 45 01
unregistersymbol(INJECT)
dealloc(newmem)
INJECT2:
db 66 89 86 C4 D3 45 01
unregistersymbol(INJECT2)
dealloc(newmem2)
INJECT3:
db 66 89 86 C4 D3 45 01
unregistersymbol(INJECT3)
dealloc(newmem3)
INJECT4:
db 66 89 86 C4 D3 45 01
unregistersymbol(INJECT4)
dealloc(newmem4)
unregistersymbol(mycustomvalue1)
unregistersymbol(mycustomvalue2)
unregistersymbol(mycustomvalue3)
unregistersymbol(mycustomvalue4)
Please use code tags when posting code. Secondly, the changes you have made are not distinguishable from the original code. Also, the templates do not produce clunky code, the user does. That said, you should a) place new instructions under newmem so that you
can distinguish modified code from the original, and b) use more meaningful names other than "INJECT". The reasons being that when you come to update the table at a later date you will have a better idea of what's happening and it will make your life easier.
To create create symbols to use within the address list, you allocate memory for them, register them as a symbol then adapt the code to move the value from the allocated symbol's memory location for use depending on how the game handles the value to be used. See the adapted code above for an idea how this is done.
Re: Help create a script to find game instance
Posted: Fri Feb 23, 2024 6:23 pm
by Uknown coder
thx
Re: Help create a script to find game instance
Posted: Wed May 08, 2024 9:54 am
by DH264
Toga wrote: ↑Wed Feb 21, 2024 8:53 am
not rly sure what you mean
but JIT the method... set a breakpoint... then create an AOB ? ( not a fan here of using mono names )
Sorry for the late reply for some reason i did not get a notification. I managed to get the address i am looking for using breakpoint and tracing it. For example if gold value is XXXX+40, i found XXXX and just added 40 to create the gold pointer by creating a script and taking that XXXX value from a register. But this was all done using break and trace in the memory disassesmbler.
I will look into using JIT.
Thanks!