PULSAR Lost Colony Script Issue

Kalas

Cat'n America!
Fearless Donors
Mar 3, 2017
495
15
18
#1
I'm trying to use lea so the current value will display always:
Code:
  push ebx
  lea ebx,[eax+74]
  mov [CoreTempValue],ebx
  pop ebx
  fstp dword ptr [eax+74]
  jmp 28229A60
  jmp return
I added those as well:
Code:
alloc(CoreTempValue,8)
registersymbol(CoreTempValue)
unregistersymbol(CoreTempValue)
dealloc(CoreTempValue)

The code itself looks like that:
Code:
[ENABLE]

aobscan(aobCoreTemp,D9 58 74 E9 70 00 00 00)
alloc(newmem,$100,aobCoreTemp)
alloc(CoreTempValue,8)

label(code)
label(return)

registersymbol(CoreTempValue)

newmem:

code:
  push ebx
  lea ebx,[eax+74]
  mov [CoreTempValue],ebx
  pop ebx
  fstp dword ptr [eax+74]
  jmp 28229A60
  jmp return

aobCoreTemp:
  jmp newmem
  nop
  nop
  nop
return:
registersymbol(aobCoreTemp)

[DISABLE]

aobCoreTemp:
  db D9 58 74 E9 70 00 00 00

unregistersymbol(aobCoreTemp)
unregistersymbol(CoreTempValue)
dealloc(newmem)
dealloc(CoreTempValue)


The issue here is that, after adding address manually the value will just display as ?? rather then show my current stat, what could be the issue in my code?

PS: Is there any other way of doing what I'm trying in this code, Like more smaller then using lea like that.?
 

Eric

Administrator
Administrator
Mar 2, 2017
40
2
8
#2
has your injected code been executed at least once ? Else CoreTempValue will stay 0

what you can also do is:
mov [CoreTempValue],eax

and then as pointer give as base address CoreTempValue and as offset 74
 

Kalas

Cat'n America!
Fearless Donors
Mar 3, 2017
495
15
18
#4
Hmm I have a question:

So I did a compare between first script and then I found the instrcution agian when I opened the game again, this is weird:

Version 1:
Code:
fstp dword ptr [eax+74]
  jmp 28229A60
  jmp return

Version 2:
Code:
fstp dword ptr [eax+74]
  jmp 1D9F0418
  jmp return
The jmp is different, could it be the reason why my game sometimes crush when I activate the script?
 

Kalas

Cat'n America!
Fearless Donors
Mar 3, 2017
495
15
18
#5
Should it look like that:?
Code:
[ENABLE]

aobscan(aobCoreTemp,D9 58 74 E9 70 00 00 00)
alloc(newmem,$100,aobCoreTemp)

label(code)
label(return)
label(CoreTempPtr)

registersymbol(CoreTempPtr)

newmem:

code:
  fstp dword ptr [eax+74]
  mov [CoreTempPtr],ebx
  jmp 1D9F0418
  jmp return

CoreTempPtr:

aobCoreTemp:
  jmp newmem
  nop
  nop
  nop
return:
registersymbol(aobCoreTemp)

[DISABLE]

aobCoreTemp:
  db D9 58 74 E9 70 00 00 00

unregistersymbol(aobCoreTemp)
unregistersymbol(CoreTempValue)
dealloc(newmem)
 

Kalas

Cat'n America!
Fearless Donors
Mar 3, 2017
495
15
18
#6
SunBeam post_id=6708 time=1493303292 user_id=57 said:
Your problem is exactly that JMP. The address changes because the game's code is allocated differently in memory every time you run it (the base for the process changes). In Memory View change display to show module names (View > Show module addresses), then instead of "1D9F0418" use its symbolic name (e.g.: game.exe+50418). That's always going to be static, as CE will read base of game, no matter where it's allocated and calculate your address' location based on the offset.
Oh Alright, thank you ill try :)
 
Top Bottom