[SOLVED] Pointers to <value>. How to find and add.
Posted: Mon Jul 10, 2017 12:36 pm
Hi there,
for the game I'm trying to learn cheat engine with, i have found the value for armor. However, CE is unable to freeze is, but my own 'script' does the job. I have found that the function is called "handleDamage" and is not triggered by me damaging enemies. I can't for the life of me figure out where it checks for 0 armor and thus should jump to the health part, but that's a whole different story.
Question is, I see a heck of a lot of tables having pointers to such values (P->????????). I can't figure out how to find and add the correct pointer to the adress list. In tutorials it just magically happens || worse, the tutor skips at this time to his next trick, thus ommiting the interesting part.
Why i want to do this? It is my understanding that it would negate the need for the script; not forgetting knowledge.
The RDI has a structue with the armor in it. RDI+00 is "autocreate pointers".
Am i missing something or is perhaps JIT-compiling the issue? It's a mono/unity game.
My code (iirc, stop mov-ing the calculated new armor value into the address where armor lives):
Full code:
for the game I'm trying to learn cheat engine with, i have found the value for armor. However, CE is unable to freeze is, but my own 'script' does the job. I have found that the function is called "handleDamage" and is not triggered by me damaging enemies. I can't for the life of me figure out where it checks for 0 armor and thus should jump to the health part, but that's a whole different story.
Question is, I see a heck of a lot of tables having pointers to such values (P->????????). I can't figure out how to find and add the correct pointer to the adress list. In tutorials it just magically happens || worse, the tutor skips at this time to his next trick, thus ommiting the interesting part.
Why i want to do this? It is my understanding that it would negate the need for the script; not forgetting knowledge.
The RDI has a structue with the armor in it. RDI+00 is "autocreate pointers".
Am i missing something or is perhaps JIT-compiling the issue? It's a mono/unity game.
My code (iirc, stop mov-ing the calculated new armor value into the address where armor lives):
Code: Select all
:
aobscan(INJECT,F3 0F 11 AF B0 00 00 00 EB 22) // should be unique
... bla....
code:
nop
//movss [rdi+000000B0],xmm5
jmp return
Spoiler
Code: Select all
[ENABLE]
aobscan(INJECT,F3 0F 11 AF B0 00 00 00 EB 22) // should be unique
alloc(newmem,$1000,1AC7752E)
label(code)
label(return)
newmem:
code:
nop
//movss [rdi+000000B0],xmm5
jmp return
INJECT:
jmp newmem
nop
nop
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db F3 0F 11 AF B0 00 00 00
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 1AC7752E
""+1AC774FF: F3 0F 10 45 D4 - movss xmm0,[rbp-2C]
""+1AC77504: F3 0F 5A C0 - cvtss2sd xmm0,xmm0
""+1AC77508: F3 0F 10 0D A0 02 00 00 - movss xmm1,[1AC777B0]
""+1AC77510: F3 0F 5A C9 - cvtss2sd xmm1,xmm1
""+1AC77514: F2 0F 5C C1 - subsd xmm0,xmm1
""+1AC77518: F2 0F 5A E8 - cvtsd2ss xmm5,xmm0
""+1AC7751C: F3 0F 11 6D D4 - movss [rbp-2C],xmm5
""+1AC77521: F3 0F 10 45 D4 - movss xmm0,[rbp-2C]
""+1AC77526: F3 0F 5A C0 - cvtss2sd xmm0,xmm0
""+1AC7752A: F2 0F 5A E8 - cvtsd2ss xmm5,xmm0
// ---------- INJECTING HERE ----------
""+1AC7752E: F3 0F 11 AF B0 00 00 00 - movss [rdi+000000B0],xmm5
// ---------- DONE INJECTING ----------
""+1AC77536: EB 22 - jmp 1AC7755A
""+1AC77538: F3 0F 10 45 D8 - movss xmm0,[rbp-28]
""+1AC7753D: F3 0F 5A C0 - cvtss2sd xmm0,xmm0
""+1AC77541: F3 0F 10 0D 57 02 00 00 - movss xmm1,[1AC777A0]
""+1AC77549: F3 0F 5A C9 - cvtss2sd xmm1,xmm1
""+1AC7754D: F2 0F 58 C1 - addsd xmm0,xmm1
""+1AC77551: F2 0F 5A E8 - cvtsd2ss xmm5,xmm0
""+1AC77555: F3 0F 11 6D D8 - movss [rbp-28],xmm5
""+1AC7755A: F3 0F 10 87 B0 00 00 00 - movss xmm0,[rdi+000000B0]
""+1AC77562: F3 0F 5A C0 - cvtss2sd xmm0,xmm0
}
)