Problem with a script, cannot find a correct function in Memory View, cheat engine

STN

Pleb
Staff member
Administrator
Mar 2, 2017
3,061
75
48
#22
TheyCallMeTim13 post_id=30261 time=1516347035 user_id=91 said:
It's relative to whats on the stack.

And just dropping the conversation I see.
Shh...we have a discord :shock: (you guys can communicate real time there i mean)

http://fearlessrevolution.com/viewtopic.php?f=8&t=640
 

TheyCallMeTim13

Wiki Monster
Talents
Fearless Donors
Mar 3, 2017
418
46
28
#23
Just to add:
Blayde post_id=30260 time=1516346949 user_id=8084 said:
fild [eax+10]
fstp st(0)
means nothing
so...fstp [eax+10] is only valid/usable
It's actually all valid, and out of context not much of any thing. Looks nonsensical but still valid. ASM makes on distinction from nonsense opcode and working opcode, I just does what ever you tell it to do.
Code:
memTest - DB 40 10              - fild dword ptr [eax+10]
003E0043- DDD8                  - fstp st(0)
003E0045- D9 58 10              - fstp dword ptr [eax+10]
003E0048- C3                    - ret
 

Blayde

Expert Cheater
Aug 25, 2017
229
1
16
#24
STN post_id=30262 time=1516349526 user_id=48 said:
TheyCallMeTim13 post_id=30261 time=1516347035 user_id=91 said:
It's relative to whats on the stack.

And just dropping the conversation I see.
Shh...we have a discord :shock: (you guys can communicate real time there i mean)

http://fearlessrevolution.com/viewtopic.php?f=8&t=640
I'm apologize
 

STN

Pleb
Staff member
Administrator
Mar 2, 2017
3,061
75
48
#25
Blayde post_id=30264 time=1516350723 user_id=8084 said:
I'm apologize
What for? I just said that so you guys could talk realtime instead of waiting for replies on forums :D. It isn't necessary.

Anyway continue on
 

marek1957

Expert Cheater
Dec 16, 2017
82
0
6
#26
Guys Guys xD Stop arguing :-D just tell me what is correct script because now I am little confused... :p
 

marek1957

Expert Cheater
Dec 16, 2017
82
0
6
#27
Hey Guys,
I made a little research and looking for a correct code and I know that the correct address for "damaged cars" is: "Asphalt8.exe"+2D5E64: which has function: movzx eax,byte ptr [esi+000001BB] (//Alt: db 0F B6 86 BB 01 00 00).

When I change this original function to: mov [esi+000001BB],0 in "Asphalt8.exe"+2D5E64: its all what I need = what I need? Driving the car, turning and possibility to use nitro but.. it has also broken screen effect, and changing the cam view - how to disable cam view and etc.? how to separate this functions from this address?
Code:
ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here

originalcode:
//movzx eax,byte ptr [esi+000001BB]
mov [esi+000001BB],0

exit:
jmp returnhere

"Asphalt8.exe"+2D5E64:
jmp newmem
nop
nop
returnhere:


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"Asphalt8.exe"+2D5E64:
movzx eax,byte ptr [esi+000001BB]
//Alt: db 0F B6 86 BB 01 00 00
 

Blayde

Expert Cheater
Aug 25, 2017
229
1
16
#28
marek1957 post_id=30418 time=1516617229 user_id=11389 said:
//movzx eax,byte ptr [esi+000001BB]
mov [esi+000001BB],0
In memory view: movzx eax,byte ptr [esi+000001BB]
Find out what addresses this instruction accesses to see if it's shared (the opcode).

If it's not:
movzx eax,byte ptr [esi+000001BB]
mov eax,0

or
mov eax,0

or
movzx eax,byte ptr [esi+000001BB]
xor eax,eax (sub eax,eax)

(xor eax,eax
sub eax,eax
mov eax,0 - almost the same)


Bad:
//movzx eax,byte ptr [esi+000001BB]
mov [esi+000001BB],0

Some value must be moved into eax
 

marek1957

Expert Cheater
Dec 16, 2017
82
0
6
#29
Thank for your tip Blayde,

the function which is working is: mov eax,1

Now the script is working perfectly.
Code:
[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem:

originalcode:
mov eax,1

exit:
jmp returnhere

"Asphalt8.exe"+2D5E64:
jmp newmem
nop
nop
returnhere:


 
 
[DISABLE]
dealloc(newmem)
"Asphalt8.exe"+2D5E64:
movzx eax,byte ptr [esi+000001BB]
//Alt: db 0F B6 86 BB 01 00 00
 

marek1957

Expert Cheater
Dec 16, 2017
82
0
6
#30
there is only one problem, check this video: https://streamable.com/3t6lx

Script is working but why after respawning, the car is jumping like a crazy? :-D

And it's kind a sad that this script is only working for cars, not working with bicycles but I think that bicycles has other psychics or compelety different model of damages so that is the case why this script is working only for cars in this game.
 

Blayde

Expert Cheater
Aug 25, 2017
229
1
16
#31
marek1957 post_id=30424 time=1516621123 user_id=11389 said:
there is only one problem, check this video: https://streamable.com/3t6lx

Script is working but why after respawning, the car is jumping like a crazy? :-D
In some games when you die flags are set (game depend).
You must look deeper in the code / function. Backtrack.
 

marek1957

Expert Cheater
Dec 16, 2017
82
0
6
#32
Hey Blade,
I was trying to break and trace this function by this tutorial -->
Code:
https://youtu.be/po_d2oilgLA
but I failed... can you help me do it or maybe you have better tutorial?
 

Blayde

Expert Cheater
Aug 25, 2017
229
1
16
#33
marek1957 post_id=30432 time=1516627677 user_id=11389 said:
Hey Blade,
I was trying to break and trace this function by this tutorial....

Not sure if i can help you. I don't know how the game works (and i hate win 10). With just one video you'll not learn how to. Keep watching.
Try here as well: https://www.youtube.com/user/seowhistleblower/videos
 
Top Bottom