code injection works sometimes, replace with code does nothing works well

H

handlingcfg

What is cheating?
Joined
Aug 16, 2019
Messages
2
i have assasins creed origins v1.21 i use two differet table contents for infinite health, teleport vs. plus i need code for infinite arrows

i found code that decreases my arrows, my problem is when i click codelist and replace code does nothing it works fine, but when i use auto assemler or aob assembler for table script it crashes game randomly. code that decreases my arrows is

"ACOrigins.exe"+1BE2C3F: 44 89 07 - mov [rdi],r8d

if i add inc [rdi] after or inc r8d before it generally crashes, sometimes works, but if i dsiable-re enable script it definitely crashes
and addition, same code used for trading in game maybe something else too,


my injection point is few code sooner , it works more stable but not fully stable.
why is my code injection works with problem but replace code does nothing works wery well?

my basic code is

[ENABLE]
aobscanmodule(INJECT,ACOrigins.exe,1F 44 8B 07 45 3B E8) // should be unique
alloc(newmem,$1000,"ACOrigins.exe"+1BE2C2F)

label(code)
label(return)

newmem:

code:
inc [rdi]**************************************only add this
mov r8d,[rdi]
cmp r13d,r8d
jmp return

INJECT+01:
jmp newmem
nop
return:
registersymbol(INJECT)

[DISABLE]

INJECT+01:
db 44 8B 07 45 3B E8

unregistersymbol(INJECT)
dealloc(newmem)



{
// ORIGINAL CODE - INJECTION POINT: "ACOrigins.exe"+1BE2C2F

"ACOrigins.exe"+1BE2C0D: 48 8B 42 08 - mov rax,[rdx+08]
"ACOrigins.exe"+1BE2C11: 48 8B CD - mov rcx,rbp
"ACOrigins.exe"+1BE2C14: 48 8B 12 - mov rdx,[rdx]
"ACOrigins.exe"+1BE2C17: 48 C1 E0 20 - shl rax,20
"ACOrigins.exe"+1BE2C1B: 48 C1 F8 3F - sar rax,3F
"ACOrigins.exe"+1BE2C1F: 48 23 D0 - and rdx,rax
"ACOrigins.exe"+1BE2C22: 48 83 C2 58 - add rdx,58
"ACOrigins.exe"+1BE2C26: E8 A5 80 FF FF - call ACOrigins.exe+1BDACD0
"ACOrigins.exe"+1BE2C2B: 84 C0 - test al,al
"ACOrigins.exe"+1BE2C2D: 75 1F - jne ACOrigins.exe+1BE2C4E
// ---------- INJECTING HERE ----------
"ACOrigins.exe"+1BE2C2F: 44 8B 07 - mov r8d,[rdi]
"ACOrigins.exe"+1BE2C32: 45 3B E8 - cmp r13d,r8d
// ---------- DONE INJECTING ----------
"ACOrigins.exe"+1BE2C35: 41 8B C0 - mov eax,r8d
"ACOrigins.exe"+1BE2C38: 41 0F 46 C5 - cmovbe eax,r13d
"ACOrigins.exe"+1BE2C3C: 44 2B C0 - sub r8d,eax




"ACOrigins.exe"+1BE2C3F: 44 89 07 - mov [rdi],r8d******************** actual code that decreases my arrows



"ACOrigins.exe"+1BE2C42: 75 0A - jne ACOrigins.exe+1BE2C4E
"ACOrigins.exe"+1BE2C44: 8B D6 - mov edx,esi
"ACOrigins.exe"+1BE2C46: 49 8B CF - mov rcx,r15
"ACOrigins.exe"+1BE2C49: E8 72 06 00 00 - call ACOrigins.exe+1BE32C0
"ACOrigins.exe"+1BE2C4E: 48 8B 4D 38 - mov rcx,[rbp+38]
"ACOrigins.exe"+1BE2C52: 48 85 C9 - test rcx,rcx
}
 
Xblade Of Heaven

Xblade Of Heaven

Cheater
Joined
May 2, 2017
Messages
27
is a bug on ce 6.8.3. is fixed on ce 7.0 rc 3, the problem is when enable the script add incorrect bytes and game instacrash...
 
D

DrummerIX

RCE Fanatics
Fearless Donors
Talents
Joined
Mar 22, 2017
Messages
1,750
it could be doing 14 byte jumps instead of 5 byte because of memory issues and causes it to crash
 
Xblade Of Heaven

Xblade Of Heaven

Cheater
Joined
May 2, 2017
Messages
27
yes on ce 7.0 is fixed.
 
J

JohnFK

Expert Cheater
Joined
Aug 29, 2017
Messages
52
Xblade Of Heaven said:
yes on ce 7.0 is fixed.
Which commit fixed it? :shock:
 
SunBeam

SunBeam

Administrator
Staff member
Administrator
Joined
Feb 4, 2018
Messages
3,489
AC Origins and Odyssey are known to be behave like that. It's mostly due to Denuvo. Why isn't anyone checking out WTF I do in my tables? I'm using a code cave in .exe's PE header (ModuleBase + 0x500). Just do "fullAccess(ACOrigins.exe+500)" and use that instead of "alloc(bla)". Why.. cuz alloc(bla) will allocate an address far from your game module, thus what DrummerIX said will happen -> JMP Hook = 14 bytes instead of 5 bytes. It's funny how people are used to x86 (be it they know or not) and act like x64 is done identically...

P.S.: Nothing to do with any CE fixes.
 
H

handlingcfg

What is cheating?
Joined
Aug 16, 2019
Messages
2
SunBeam said:
AC Origins and Odyssey are known to be behave like that. It's mostly due to Denuvo. Why isn't anyone checking out WTF I do in my tables? I'm using a code cave in .exe's PE header (ModuleBase + 0x500). Just do "fullAccess(ACOrigins.exe+500)" and use that instead of "alloc(bla)". Why.. cuz alloc(bla) will allocate an address far from your game module, thus what DrummerIX said will happen -> JMP Hook = 14 bytes instead of 5 bytes. It's funny how people are used to x86 (be it they know or not) and act like x64 is done identically...

P.S.: Nothing to do with any CE fixes.
thanks for info,
im amateur, i'm improving myself step by step, for now, even if i look your cheats i wouldnt understand what you are doing :D
when i learn enough i will look for the more advanced things like your methods etc.
 
Top