Save register address to a variable in Auto Assemble to revert the values when disabling

Jan 22, 2018
5
0
1
#1
How do I get a register address in auto assemble to a variable so I can properly revert the values I've modified?

I have a code that looks like these:
Code:
code:
code:
  mov [edi+40], 0x3c23d70a  //orig: 0.4
  mov [edi+50], 0x41400000  //orig: 6
  fstp dword ptr [edi+60]
  mov [edi+60], 0 //orig: 1.6
  fld dword ptr [edi+60]
  lea eax,[ebp-00000160]
  jmp return
The original auto assembled one was only meant to change [edi+60], but since I found found some relevant values around [edi+60], I also modified them here.

How do I store the value of [edi] so I can disable the cheat properly by reverting those values previously(edi+40 and +50)?
 

Blayde

Expert Cheater
Aug 25, 2017
229
1
16
#2
mdnpascual post_id=30426 time=1516622912 user_id=12259 said:
How do I store the value of [edi] so I can disable the cheat properly by reverting those values previously(edi+40 and +50)?
Can you post your script with original values ?
You can also just find poiter to [edi+40].
 
Jan 22, 2018
5
0
1
#3
I found a thread on the old cheat engine forums where apparently I can create a variable dynamically and use it as long I allocate memory for it. I removed all but one address where I want to revert its value but when I tried it, it still won't disable
Blayde post_id=30434 time=1516629546 user_id=8084 said:
mdnpascual post_id=30426 time=1516622912 user_id=12259 said:
How do I store the value of [edi] so I can disable the cheat properly by reverting those values previously(edi+40 and +50)?
Can you post your script with original values ?
Code:
[ENABLE]

registersymbol(edipointer)

aobscan(AccANDrange,D9 47 60 8D 85 A0 FE FF FF 83 EC 04 D9 1C 24 83 EC 08) // should be unique
alloc(newmem,$2048)
alloc(edipointer,$4)

label(code)
label(return)

newmem:

code:
  mov [edipointer],edi
  ////////
  mov [edi+50], 0x41400000  //orig: 6
  mov [edi+60], 0 //orig 1.6
  fld dword ptr [edi+60]
  lea eax,[ebp-00000160]
  jmp return

AccANDrange:
  jmp newmem
  nop
  nop
  nop
  nop
return:
registersymbol(AccANDrange)

[DISABLE]

mov [edipointer+50], 0x40c00000
AccANDrange:

  db D9 47 60 8D 85 A0 FE FF FF


unregistersymbol(edipointer)
unregistersymbol(AccANDrange)
dealloc(newmem)
dealloc(edipointer)

{
// ORIGINAL CODE - INJECTION POINT: 1CDB45BD

""+1CDB4597: 89 08                          -  mov [eax],ecx
""+1CDB4599: 8B 8D DC FE FF FF              -  mov ecx,[ebp-00000124]
""+1CDB459F: 89 48 04                       -  mov [eax+04],ecx
""+1CDB45A2: 8B 8D E0 FE FF FF              -  mov ecx,[ebp-00000120]
""+1CDB45A8: 89 48 08                       -  mov [eax+08],ecx
""+1CDB45AB: 8D 85 E4 FE FF FF              -  lea eax,[ebp-0000011C]
""+1CDB45B1: 83 EC 0C                       -  sub esp,0C
""+1CDB45B4: 50                             -  push eax
""+1CDB45B5: E8 66 12 FF FF                 -  call 1CDA5820
""+1CDB45BA: 83 C4 0C                       -  add esp,0C
// ---------- INJECTING HERE ----------
""+1CDB45BD: D9 47 60                       -  fld dword ptr [edi+60]
""+1CDB45C0: 8D 85 A0 FE FF FF              -  lea eax,[ebp-00000160]
// ---------- DONE INJECTING  ----------
""+1CDB45C6: 83 EC 04                       -  sub esp,04
""+1CDB45C9: D9 1C 24                       -  fstp dword ptr [esp]
""+1CDB45CC: 83 EC 08                       -  sub esp,08
""+1CDB45CF: 8B 8D E4 FE FF FF              -  mov ecx,[ebp-0000011C]
""+1CDB45D5: 89 0C 24                       -  mov [esp],ecx
""+1CDB45D8: 8B 8D E8 FE FF FF              -  mov ecx,[ebp-00000118]
""+1CDB45DE: 89 4C 24 04                    -  mov [esp+04],ecx
""+1CDB45E2: 50                             -  push eax
""+1CDB45E3: E8 A8 C2 85 E9                 -  call 06610890
""+1CDB45E8: 83 C4 0C                       -  add esp,0C
}
 

Blayde

Expert Cheater
Aug 25, 2017
229
1
16
#4
I'm not sure if this will work. :?
If you find pointer to "original value 0.4" (mov [edi+40], 0x3c23d70a //orig: 0.4) i think i can help you.
Btw is this (0.4) the same every time you start/restart the game ?
 
Jan 22, 2018
5
0
1
#5
ye, those values are always the same. It's just different addresses and same offset against edi found on that aobscan
 

Blayde

Expert Cheater
Aug 25, 2017
229
1
16
#6
Ok. Now search for this value (0.4) and find pointer to it (instead of what writes).
 

TheyCallMeTim13

Wiki Monster
Talents
Fearless Donors
Mar 3, 2017
418
46
28
#7
You could use readMem for this.
Example:
Code:
define(oldBytes, 5C 0A 00 00)
	// 00000A64
		// mov edx,[ecx+00000A5C]
define(newBytes, 60 0A 00 00)
	// 00000A60
		// mov edx,[ecx+00000A60]
define(byteLenght, 4)
////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobManaChargeHook, game.exe, ...)
define(injManaChargeHook, aobManaChargeHook+12)
registerSymbol(injManaChargeHook)

alloc(memManaChargeHook, byteLenght)
registerSymbol(memManaChargeHook)

memManaChargeHook:
	readMem(injManaChargeHook, byteLenght) // save the bytes some where for later.

////
//// ---------- Injection Point ----------
injManaChargeHook:
	db newBytes // write new bytes for hook.


////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injManaChargeHook:
	readMem(memManaChargeHook, byteLenght) // restore old bytes that where saved.

dealloc(memManaChargeHook)
unregisterSymbol(injManaChargeHook)
unregisterSymbol(memManaChargeHook)
Just change the address from injection points to the values address and set the byte length to the size of your values.

EDIT:
Or you could use a luaCall for this:
Code:
...
[DISABLE]
...
luaCall(readInteger('[SomeSymbolToTheValue]', writeInteger('[SomeSymbolItWasSavedTo]')))
Or for a float:
Code:
...
[DISABLE]
...
luaCall(readFloat('[SomeSymbolToTheValue]', writeFloat('[SomeSymbolItWasSavedTo]')))
Just know that the Lua code will always run first in a Cheat Engine memory record.
 

sbryzl

Expert Cheater
Mar 4, 2017
97
6
8
#8
If you don't know the original address you can record it within your codecave.
Code:
[ENABLE]

label(edipointer)
registersymbol(edipointer)

aobscan(AccANDrange,D9 47 60 8D 85 A0 FE FF FF 83 EC 04 D9 1C 24 83 EC 08)
registersymbol(AccANDrange)

alloc(newmem,$204)
//alloc(edipointer,$4)

label(code)
label(return)

newmem:
edipointer:
dq 0

code:
  mov [edipointer],edi
  mov [edipointer+4],1
  ////////
  mov [edi+50], 0x41400000  //orig: 6
  mov [edi+60], 0 //orig 1.6
  fld dword ptr [edi+60]
  lea eax,[ebp-00000160]
  jmp return

AccANDrange:
  jmp code
  nop
  nop
  nop
  nop
return:

[DISABLE]
assert(edipointer+4,1)

[edipointer]+50:
dd (float)6
[edipointer]+60:
dd (float)1.6

//mov [edipointer+50], 0x40c00000
AccANDrange:

  db D9 47 60 8D 85 A0 FE FF FF


unregistersymbol(edipointer)
unregistersymbol(AccANDrange)
dealloc(newmem)
edit: needed to comment this: mov [edipointer+50], 0x40c00000
 

Blayde

Expert Cheater
Aug 25, 2017
229
1
16
#9
Why you gays read this?
Hi/she just need one timer. So?
STN please i just want ot help.
Can i just hack this gays ? (not misspelled)


Codecave?
Readmem?
Simple and stupid.
 

TheyCallMeTim13

Wiki Monster
Talents
Fearless Donors
Mar 3, 2017
418
46
28
#10
Blayde post_id=30450 time=1516654623 user_id=8084 said:
Why you gays read this?
Hi/she just need one timer. So?
STN please i just want ot help.
Can i just hack this gays ? (not misspelled)
...
Are you sure, because with the miss use of the your singulars and plurals kinda make it seem like misspelling would make more sense?

So just to conform, you're just homophobic, not misspelling?
 

Blayde

Expert Cheater
Aug 25, 2017
229
1
16
#11
TheyCallMeTim13 post_id=30453 time=1516657977 user_id=91 said:
Blayde post_id=30450 time=1516654623 user_id=8084 said:
Why you gays read this?
Hi/she just need one timer. So?
STN please i just want ot help.
Can i just hack this gays ? (not misspelled)
...
Are you sure, because with the miss use of the your singulars and plurals kinda make it seem like misspelling would make more sense?

So just to conform, you're just homophobic, not misspelling?
Try your luck in trainer / table section if you are that smart sir. ;)
Peace
 
Jan 22, 2018
5
0
1
#12
sbryzl post_id=30447 time=1516644954 user_id=592 said:
If you don't know the original address you can record it within your codecave.
Code:
[ENABLE]

label(edipointer)
registersymbol(edipointer)

aobscan(AccANDrange,D9 47 60 8D 85 A0 FE FF FF 83 EC 04 D9 1C 24 83 EC 08)
registersymbol(AccANDrange)

alloc(newmem,$204)
//alloc(edipointer,$4)

label(code)
label(return)

newmem:
edipointer:
dq 0

code:
  mov [edipointer],edi
  mov [edipointer+4],1
  ////////
  mov [edi+50], 0x41400000  //orig: 6
  mov [edi+60], 0 //orig 1.6
  fld dword ptr [edi+60]
  lea eax,[ebp-00000160]
  jmp return

AccANDrange:
  jmp code
  nop
  nop
  nop
  nop
return:

[DISABLE]
assert(edipointer+4,1)

[edipointer]+50:
dd (float)6
[edipointer]+60:
dd (float)1.6

//mov [edipointer+50], 0x40c00000
AccANDrange:

  db D9 47 60 8D 85 A0 FE FF FF


unregistersymbol(edipointer)
unregistersymbol(AccANDrange)
dealloc(newmem)
edit: needed to comment this: mov [edipointer+50], 0x40c00000
At first I was wondering why the game was crashing at enable, then I noticed that the jmp was changed from newmem to code. Fixed the problem and it works for all the static values I'm changing! Thank you
 

Blayde

Expert Cheater
Aug 25, 2017
229
1
16
#13
mdnpascual post_id=30455 time=1516661633 user_id=12259 said:
..I noticed that the jmp was changed from newmem to code. .
Your code was ok (check your second post)
NEVER put new memory under newmem. You can, but it's not good decision. Ask the "professionals" why.
 

TheyCallMeTim13

Wiki Monster
Talents
Fearless Donors
Mar 3, 2017
418
46
28
#14
Blayde post_id=30454 time=1516659829 user_id=8084 said:
TheyCallMeTim13 post_id=30453 time=1516657977 user_id=91 said:
Blayde post_id=30450 time=1516654623 user_id=8084 said:
Why you gays read this?
Hi/she just need one timer. So?
STN please i just want ot help.
Can i just hack this gays ? (not misspelled)
...
Are you sure, because with the miss use of the your singulars and plurals kinda make it seem like misspelling would make more sense?

So just to conform, you're just homophobic, not misspelling?
Try your luck in trainer / table section if you are that smart sir. ;)
Peace
I can only hope others can understand and answer questions as well as you.

Why avoid the questions?
 

sbryzl

Expert Cheater
Mar 4, 2017
97
6
8
#15
Blayde post_id=30456 time=1516662987 user_id=8084 said:
NEVER put new memory under newmem. You can, but it's not good decision. Ask the "professionals" why.
If you think that's bad you should see what I did to Mount and Blade's skillset function.
 
Top Bottom