You should post your scripts, not really sure what you have done or haven't done.
But here is an example:
Code: Select all
{
Process : BorderlandsGOTY.exe - (x64)
Module : BorderlandsGOTY.exe
Game Title : Borderlands GOTY Enhanced
Game Version : 1.5.0.0
CE Version : 6.83
Script Version : 0.0.1
Date : 04/06/19
Author : ShyTwig16
Name : IsInVehicleHook
Is In Vehicle Hook
}
{$STRICT}
define(address, BorderlandsGOTY.exe+13CA7EE)
define(bytes, 41 80 BC 37 50 02 00 00 00)
////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
// aobScanModule(aobIsInVehicleHook, BorderlandsGOTY.exe, 48xxxxxxxx48xxxxxx41xxxxxxxxxxxxxxxx74xx4Axxxxxxxxxxxxxx48xxxx74xx48)
i2aobScanModule(aobIsInVehicleHook, BorderlandsGOTY.exe, 48xxxxxxxx48xxxxxx41xxxxxxxxxxxxxxxx74xx4Axxxxxxxxxxxxxx48xxxx74xx48)
define(injIsInVehicleHook, aobIsInVehicleHook+9)
// assert(injIsInVehicleHook, bytes)
i2assert(injIsInVehicleHook, bytes)
registerSymbol(injIsInVehicleHook)
alloc(memIsInVehicleHook, 0x400, injIsInVehicleHook)
label(ptrIsInVehicleHook) // <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
registerSymbol(ptrIsInVehicleHook) // <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
label(n_code)
label(o_code)
label(exit)
label(return)
memIsInVehicleHook:
ptrIsInVehicleHook:
dq 0 // <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
align 10 CC
n_code:
push rax
lea rax,[r15+rsi+250]
mov [ptrIsInVehicleHook],rax // <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
pop rax
o_code:
cmp byte ptr [r15+rsi+00000250],00
exit:
jmp return
////
//// ---------- Injection Point ----------
injIsInVehicleHook:
jmp n_code
nop
nop
nop
nop
return:
////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injIsInVehicleHook:
db bytes
unregisterSymbol(injIsInVehicleHook)
unregisterSymbol(ptrIsInVehicleHook)
dealloc(memIsInVehicleHook)
{
//// Injection Point: BorderlandsGOTY.exe+13CA7EE - 000000014069A7EE
//// AOB address: 000000014069A7E5 - BorderlandsGOTY.exe+13CA7E5
//// Process: BorderlandsGOTY.exe - 000000013F2D0000
//// Module: BorderlandsGOTY.exe - 000000013F2D0000
//// Module Size: 00000000028FA000
BorderlandsGOTY.exe+13CA788: 4C 8D 44 24 50 - lea r8,[rsp+50]
BorderlandsGOTY.exe+13CA78D: 48 8B CF - mov rcx,rdi
BorderlandsGOTY.exe+13CA790: FF 13 - call qword ptr [rbx]
BorderlandsGOTY.exe+13CA792: 0FB6 5C 24 50 - movzx ebx,byte ptr [rsp+50]
BorderlandsGOTY.exe+13CA797: 41 38 9C 37 60020000 - cmp [r15+rsi+00000260],bl
BorderlandsGOTY.exe+13CA79F: 74 18 - je 14069A7B9
BorderlandsGOTY.exe+13CA7A1: 42 C7 84 BE 90040000 FFFFFFFF - mov [rsi+r15*4+00000490],FFFFFFFF
BorderlandsGOTY.exe+13CA7AD: 42 C7 84 BE A0040000 FFFFFFFF - mov [rsi+r15*4+000004A0],FFFFFFFF
BorderlandsGOTY.exe+13CA7B9: 49 8B C5 - mov rax,r13
BorderlandsGOTY.exe+13CA7BC: 48 89 45 88 - mov [rbp-78],rax
BorderlandsGOTY.exe+13CA7C0: 48 89 44 24 60 - mov [rsp+60],rax
BorderlandsGOTY.exe+13CA7C5: 4C 89 6C 24 68 - mov [rsp+68],r13
BorderlandsGOTY.exe+13CA7CA: 48 8B 54 24 54 - mov rdx,[rsp+54]
BorderlandsGOTY.exe+13CA7CF: 48 85 D2 - test rdx,rdx
BorderlandsGOTY.exe+13CA7D2: 74 1A - je 14069A7EE
BorderlandsGOTY.exe+13CA7D4: 48 81 C2 C4020000 - add rdx,000002C4
BorderlandsGOTY.exe+13CA7DB: 48 8D 4C 24 60 - lea rcx,[rsp+60]
BorderlandsGOTY.exe+13CA7E0: E8 2B8ECDFE - call 13F373610
BorderlandsGOTY.exe+13CA7E5: 48 8B 44 24 60 - mov rax,[rsp+60] <<<--- AOB Starts Here
BorderlandsGOTY.exe+13CA7EA: 48 89 45 88 - mov [rbp-78],rax
//// INJECTING START ----------------------------------------------------------
BorderlandsGOTY.exe+13CA7EE: 41 80 BC 37 50020000 00 - cmp byte ptr [r15+rsi+00000250],00
//// INJECTING END ----------------------------------------------------------
BorderlandsGOTY.exe+13CA7F7: 74 26 - je 14069A81F
BorderlandsGOTY.exe+13CA7F9: 4A 8B 8C FE B8010000 - mov rcx,[rsi+r15*8+000001B8]
BorderlandsGOTY.exe+13CA801: 48 85 C9 - test rcx,rcx
BorderlandsGOTY.exe+13CA804: 74 19 - je 14069A81F
BorderlandsGOTY.exe+13CA806: 48 8B 89 60020000 - mov rcx,[rcx+00000260]
BorderlandsGOTY.exe+13CA80D: E8 2E68E8FF - call 140521040
BorderlandsGOTY.exe+13CA812: 48 85 C0 - test rax,rax
BorderlandsGOTY.exe+13CA815: C7 44 24 48 01000000 - mov [rsp+48],00000001
BorderlandsGOTY.exe+13CA81D: 75 05 - jne 14069A824
BorderlandsGOTY.exe+13CA81F: 44 89 6C 24 48 - mov [rsp+48],r13d
BorderlandsGOTY.exe+13CA824: 42 8B 84 BE 90040000 - mov eax,[rsi+r15*4+00000490]
BorderlandsGOTY.exe+13CA82C: 85 C0 - test eax,eax
BorderlandsGOTY.exe+13CA82E: 0F8F DD010000 - jg 14069AA11
BorderlandsGOTY.exe+13CA834: 45 85 E4 - test r12d,r12d
BorderlandsGOTY.exe+13CA837: 0F8E CC010000 - jng 14069AA09
BorderlandsGOTY.exe+13CA83D: 48 8D 4C 24 20 - lea rcx,[rsp+20]
BorderlandsGOTY.exe+13CA842: 45 85 FF - test r15d,r15d
BorderlandsGOTY.exe+13CA845: 75 5F - jne 14069A8A6
BorderlandsGOTY.exe+13CA847: 4C 8D 05 6234AD00 - lea r8,[14116DCB0] [""protean.lb._visible""]
BorderlandsGOTY.exe+13CA84E: 48 8D 15 AB34AD00 - lea rdx,[14116DD00] [""p1.%s""]
//// Template: I2CEA_AOBFullInjection
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}
Code: Select all
{
Process : BorderlandsGOTY.exe - (x64)
Module : BorderlandsGOTY.exe
Game Title : Borderlands GOTY Enhanced
Game Version : 1.5.0.0
CE Version : 6.83
Script Version : 0.0.1
Date : 04/05/19
Author : ShyTwig16
Name : HealthDecHook
Health Dec Hook
}
{$STRICT}
define(address, BorderlandsGOTY.exe+46CAF0)
define(bytes, F3 0F 11 81 98 00 00 00)
////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
// aobScanModule(aobHealthDecHook, BorderlandsGOTY.exe, 0F2Fxx72xxF3xxxxxx0F28xxF3xxxxxxxxxxxxxx48xxxxxxxxxxxx48xxxx74xxE8)
i2aobScanModule(aobHealthDecHook, BorderlandsGOTY.exe, 0F2Fxx72xxF3xxxxxx0F28xxF3xxxxxxxxxxxxxx48xxxxxxxxxxxx48xxxx74xxE8)
define(injHealthDecHook, aobHealthDecHook+C)
// assert(injHealthDecHook, bytes)
i2assert(injHealthDecHook, bytes)
registerSymbol(injHealthDecHook)
alloc(memHealthDecHook, 0x400, injHealthDecHook)
label(flgHealthDecHook)
registerSymbol(flgHealthDecHook)
label(ptrHealthDecHook)
registerSymbol(ptrHealthDecHook)
label(ph_code)
label(ps_code)
label(oh_code)
label(pvh_code)
label(n_code)
label(o_code)
label(exit)
label(return)
memHealthDecHook:
flgHealthDecHook:
db 01
db 01
db 00
db 01
align 10
ptrHealthDecHook:
dq 0
dq 0
dq 0
dq 0
dq 0
align 10 CC
ph_code:
mov [ptrHealthDecHook],rcx
cmp byte ptr [flgHealthDecHook],0
je o_code
movss xmm0,[rcx+118]
jmp o_code
align 10 CC
ps_code:
mov [ptrHealthDecHook+8],rcx
cmp byte ptr [flgHealthDecHook+1],0
je o_code
movss xmm0,[rcx+118]
jmp o_code
align 10 CC
oh_code:
mov [ptrHealthDecHook+10],rcx
cmp byte ptr [flgHealthDecHook+2],0
je o_code
xorps xmm0,xmm0
jmp o_code
align 10 CC
pvh_code:
mov [ptrHealthDecHook+18],rcx
cmp byte ptr [flgHealthDecHook+3],0
je o_code
movss xmm0,[rcx+118]
jmp o_code
align 10 CC
n_code:
pushfq
push rax
push rbx
mov rax,[ptrIsInVehicleHook] // <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
test rax,rax
jz @f
cmp byte ptr [rax],1
jne @f
mov rax,[ptrPlayerHook]
test rax,rax
jz o_code
mov rax,[rax+260]
test rax,rax
jz o_code
mov rax,[rax+458+C]
test rax,rax
jz o_code
cmp rax,rcx
je pvh_code
@@:
mov rax,[ptrPlayerHook]
test rax,rax
jz o_code
mov rax,[rax+450]
test rax,rax
jz o_code
// Player Grenades
mov rbx,[rax+5*8+258]
test rbx,rbx
jz o_code
cmp rbx,rcx
je o_code
// Player Health
mov rbx,[rax+6*8+258]
test rbx,rbx
jz o_code
cmp rbx,rcx
je ph_code
// Player Sheild
mov rbx,[rax+7*8+258]
test rbx,rbx
jz o_code
cmp rbx,rcx
je ps_code
// Player Ammo
mov rbx,[rax+9*8+258]
test rbx,rbx
jz o_code
mov rbx,[rbx]
test rbx,rbx
jz o_code
cmp [rcx],rbx
je o_code
// Other Health/Sheild
mov rbx,[rax+6*8+258]
test rbx,rbx
jz o_code
mov rbx,[rbx]
test rbx,rbx
jz o_code
cmp [rcx],rbx
je oh_code
mov [ptrHealthDecHook+20],rcx
o_code:
movss [rcx+00000098],xmm0
exit:
pop rbx
pop rax
popfq
jmp return
////
//// ---------- Injection Point ----------
injHealthDecHook:
jmp n_code
nop
nop
nop
return:
////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injHealthDecHook:
db bytes
unregisterSymbol(injHealthDecHook)
unregisterSymbol(flgHealthDecHook)
unregisterSymbol(ptrHealthDecHook)
dealloc(memHealthDecHook)
{
//// Injection Point: BorderlandsGOTY.exe+46CAF0 - 000000013FD7CAF0
//// AOB address: 000000013FD7CAE4 - BorderlandsGOTY.exe+46CAE4
//// Process: BorderlandsGOTY.exe - 000000013F910000
//// Module: BorderlandsGOTY.exe - 000000013F910000
//// Module Size: 00000000028FA000
BorderlandsGOTY.exe+46CAB1: 89 87 D4060000 - mov [rdi+000006D4],eax
BorderlandsGOTY.exe+46CAB7: 48 83 C4 30 - add rsp,30
BorderlandsGOTY.exe+46CABB: 5F - pop rdi
BorderlandsGOTY.exe+46CABC: C3 - ret
BorderlandsGOTY.exe+46CABD: CC - int 3
BorderlandsGOTY.exe+46CABE: CC - int 3
BorderlandsGOTY.exe+46CABF: CC - int 3
BorderlandsGOTY.exe+46CAC0: 40 53 - push rbx
BorderlandsGOTY.exe+46CAC2: 48 83 EC 20 - sub rsp,20
BorderlandsGOTY.exe+46CAC6: F6 81 48010000 01 - test byte ptr [rcx+00000148],01
BorderlandsGOTY.exe+46CACD: 48 8B D9 - mov rbx,rcx
BorderlandsGOTY.exe+46CAD0: 74 4C - je 13FD7CB1E
BorderlandsGOTY.exe+46CAD2: F3 0F10 41 68 - movss xmm0,[rcx+68]
BorderlandsGOTY.exe+46CAD7: F3 0F10 91 80000000 - movss xmm2,[rcx+00000080]
BorderlandsGOTY.exe+46CADF: 0F2F C2 - comiss xmm0,xmm2
BorderlandsGOTY.exe+46CAE2: 77 0C - ja 13FD7CAF0
BorderlandsGOTY.exe+46CAE4: 0F2F C8 - comiss xmm1,xmm0 <<<--- AOB Starts Here
BorderlandsGOTY.exe+46CAE7: 72 07 - jb 13FD7CAF0
BorderlandsGOTY.exe+46CAE9: F3 0F5D D1 - minss xmm2,xmm1
BorderlandsGOTY.exe+46CAED: 0F28 C2 - movaps xmm0,xmm2
//// INJECTING START ----------------------------------------------------------
BorderlandsGOTY.exe+46CAF0: F3 0F11 81 98000000 - movss [rcx+00000098],xmm0
//// INJECTING END ----------------------------------------------------------
BorderlandsGOTY.exe+46CAF8: 48 8B 0D 09781502 - mov rcx,[141ED4308] [8B352040]
BorderlandsGOTY.exe+46CAFF: 48 85 C9 - test rcx,rcx
BorderlandsGOTY.exe+46CB02: 74 07 - je 13FD7CB0B
BorderlandsGOTY.exe+46CB04: E8 37C16000 - call 140388C40
BorderlandsGOTY.exe+46CB09: EB 03 - jmp 13FD7CB0E
BorderlandsGOTY.exe+46CB0B: 0F57 C0 - xorps xmm0,xmm0
BorderlandsGOTY.exe+46CB0E: F3 0F58 83 E4000000 - addss xmm0,dword ptr [rbx+000000E4]
BorderlandsGOTY.exe+46CB16: F3 0F11 83 20010000 - movss [rbx+00000120],xmm0
BorderlandsGOTY.exe+46CB1E: 48 83 C4 20 - add rsp,20
BorderlandsGOTY.exe+46CB22: 5B - pop rbx
BorderlandsGOTY.exe+46CB23: C3 - ret
BorderlandsGOTY.exe+46CB24: CC - int 3
BorderlandsGOTY.exe+46CB25: CC - int 3
BorderlandsGOTY.exe+46CB26: CC - int 3
BorderlandsGOTY.exe+46CB27: CC - int 3
BorderlandsGOTY.exe+46CB28: CC - int 3
BorderlandsGOTY.exe+46CB29: CC - int 3
BorderlandsGOTY.exe+46CB2A: CC - int 3
BorderlandsGOTY.exe+46CB2B: CC - int 3
BorderlandsGOTY.exe+46CB2C: CC - int 3
//// Template: I2CEA_AOBFullInjectionWithValues
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}
The main thing is create the label, place it, and register it with the user symbol list using
registerSymbol
.
[Link]
[Link]