How to compare a list?

Post by **SilverRabbit90** » Mon Feb 12, 2024 3:37 pm

I tried to make a "compare" of a list, between multiples offset, but it doesn't work as it should.

I tried to do this:

Spoiler

[ENABLE]

aobscanmodule(TEST,$process,45 89 4F 08 C4 C1 7B 10 47 10) // should be unique
alloc(newmem,$1000,TEST)


alloc(changeHp,8)
registersymbol(changeHp)

changeHp:
dd 0


alloc(changeAtt,8)
registersymbol(changeAtt)

changeAtt:
dd 0


alloc(changeStunRate,8)
registersymbol(changeStunRate)

changeStunRate:
dd 0


alloc(changeCriticalRate,8)
registersymbol(changeCriticalRate)

changeCriticalRate:
dd 0


alloc(changePTZ,8)
registersymbol(changePTZ)

changePTZ:
dd 0



label(code)
label(return)

label(setHpOnSigilEquip)
registersymbol(setHpOnSigilEquip)

label(setAttOnSigilEquip)
registersymbol(setAttOnSigilEquip)

label(setStunRateOnSigilEquip)
registersymbol(setStunRateOnSigilEquip)

label(setCriticalRateOnSigilEquip)
registersymbol(setCriticalRateOnSigilEquip)

label(addPTZ_OnSigilEquip)
registersymbol(addPTZ_OnSigilEquip)



newmem:


cmp [changeHp],1
jne ATT

mov r9d,[setHpOnSigilEquip]
  mov [r15+04],r9d
  vmovsd xmm0,[r15+10]
  jmp return

ATT:
cmp [changeAtt],1
jne STUN

mov r9d,[setAttOnSigilEquip]
  mov [r15+08],r9d
  vmovsd xmm0,[r15+10]
  jmp return


STUN:
cmp [changeStunRate],1
jne CRIT

mov r9d,[setStunRateOnSigilEquip]
  mov [r15+10],r9d
  vmovsd xmm0,[r15+10]
  jmp return


CRIT:
cmp [changeCriticalRate],1
jne PTZ

mov r9d,[setCriticalRateOnSigilEquip]
  mov [r15+14],r9d
  vmovsd xmm0,[r15+10]
  jmp return


PTZ:
cmp [changePTZ],1
jne code

mov r9d,[addPTZ_OnSigilEquip]
  add [r15+18],r9d
  vmovsd xmm0,[r15+10]
  jmp return


code:

  mov [r15+08],r9d
  vmovsd xmm0,[r15+10]
  jmp return


  setHpOnSigilEquip:
  dd (int)1000

  setAttOnSigilEquip:
  dd (int)2000

  setStunRateOnSigilEquip:
  dd (float)100

  setCriticalRateOnSigilEquip:
  dd (float)200

  addPTZ_OnSigilEquip:
  dd (int)10000

TEST:
  jmp newmem
  nop 5
return:
registersymbol(TEST)

[DISABLE]

TEST:
  db 45 89 4F 08 C4 C1 7B 10 47 10

unregistersymbol(*)
dealloc(*)

{
// ORIGINAL CODE - INJECTION POINT: granblue_fantasy_relink.exe+911217

granblue_fantasy_relink.exe+9111E9: 44 0F 4E C9              - cmovle r9d,ecx
granblue_fantasy_relink.exe+9111ED: 41 81 F9 9F 86 01 00     - cmp r9d,0001869F
granblue_fantasy_relink.exe+9111F4: 41 B8 9F 86 01 00        - mov r8d,0001869F
granblue_fantasy_relink.exe+9111FA: 45 0F 42 C1              - cmovb r8d,r9d
granblue_fantasy_relink.exe+9111FE: 45 89 47 04              - mov [r15+04],r8d
granblue_fantasy_relink.exe+911202: 85 D2                    - test edx,edx
granblue_fantasy_relink.exe+911204: 0F 4E D1                 - cmovle edx,ecx
granblue_fantasy_relink.exe+911207: 81 FA 3F 42 0F 00        - cmp edx,000F423F
granblue_fantasy_relink.exe+91120D: 41 B9 3F 42 0F 00        - mov r9d,000F423F
granblue_fantasy_relink.exe+911213: 44 0F 42 CA              - cmovb r9d,edx
// ---------- INJECTING HERE ----------
granblue_fantasy_relink.exe+911217: 45 89 4F 08              - mov [r15+08],r9d
// ---------- DONE INJECTING  ----------
granblue_fantasy_relink.exe+91121B: C4 C1 7B 10 47 10        - vmovsd xmm0,[r15+10]
granblue_fantasy_relink.exe+911221: C5 F0 57 C9              - vxorps xmm1,xmm1,xmm1
granblue_fantasy_relink.exe+911225: C5 F0 5F C0              - vmaxps xmm0,xmm1,xmm0
granblue_fantasy_relink.exe+911229: C5 F8 28 0D EF A5 DC 03  - vmovaps xmm1,[granblue_fantasy_relink.exe+46DB820]
granblue_fantasy_relink.exe+911231: C5 F0 5D C0              - vminps xmm0,xmm1,xmm0
granblue_fantasy_relink.exe+911235: C4 C1 78 13 47 10        - vmovlps [r15+10],xmm0
granblue_fantasy_relink.exe+91123B: 48 8B 44 24 38           - mov rax,[rsp+38]
granblue_fantasy_relink.exe+911240: 8B A8 D8 32 00 00        - mov ebp,[rax+000032D8]
granblue_fantasy_relink.exe+911246: 41 8B 46 68              - mov eax,[r14+68]
granblue_fantasy_relink.exe+91124A: 21 E8                    - and eax,ebp

In this case, when you activate one script at a time everything works perfectly, but if active all the scripts together does not even work.

Work:

Spoiler

Not Work:

Spoiler

What should I change to make it work?

Post by **aSwedishMagyar** » Sat Feb 17, 2024 1:55 am

Get rid of every jmp return except for the last one.

Post by **SilverRabbit90** » Mon Feb 26, 2024 9:28 pm

aSwedishMagyar wrote: ↑
Sat Feb 17, 2024 1:55 am
Get rid of every jmp return except for the last one.

Thank you for answering.

I tried this:

Spoiler

Code: Select all

[ENABLE]

aobscanmodule(TEST,$process,45 89 4F 08 C4 C1 7B 10 47 10) // should be unique
alloc(newmem,$1000,TEST)


alloc(changeHp,8)
registersymbol(changeHp)

changeHp:
dd 0


alloc(changeAtt,8)
registersymbol(changeAtt)

changeAtt:
dd 0


alloc(changeStunRate,8)
registersymbol(changeStunRate)

changeStunRate:
dd 0


alloc(changeCriticalRate,8)
registersymbol(changeCriticalRate)

changeCriticalRate:
dd 0


alloc(changePTZ,8)
registersymbol(changePTZ)

changePTZ:
dd 0



label(code)
label(return)

label(setHpOnSigilEquip)
registersymbol(setHpOnSigilEquip)

label(setAttOnSigilEquip)
registersymbol(setAttOnSigilEquip)

label(setStunRateOnSigilEquip)
registersymbol(setStunRateOnSigilEquip)

label(setCriticalRateOnSigilEquip)
registersymbol(setCriticalRateOnSigilEquip)

label(addPTZ_OnSigilEquip)
registersymbol(addPTZ_OnSigilEquip)



newmem:


cmp [changeHp],1
jne @f

mov r9d,[setHpOnSigilEquip]
  mov [r15+04],r9d
  vmovsd xmm0,[r15+10]


@@:
cmp [changeAtt],1
jne @f

mov r9d,[setAttOnSigilEquip]
  mov [r15+08],r9d
  vmovsd xmm0,[r15+10]



@@:
cmp [changeStunRate],1
jne @f

mov r9d,[setStunRateOnSigilEquip]
  mov [r15+10],r9d
  vmovsd xmm0,[r15+10]



@@:
cmp [changeCriticalRate],1
jne @f

mov r9d,[setCriticalRateOnSigilEquip]
  mov [r15+14],r9d
  vmovsd xmm0,[r15+10]



@@:
cmp [changePTZ],1
jne code

mov r9d,[addPTZ_OnSigilEquip]
  mov [r15+18],r9d
  vmovsd xmm0,[r15+10]
  jmp return


code:

  mov [r15+08],r9d
  vmovsd xmm0,[r15+10]
  jmp return


  setHpOnSigilEquip:
  dd (int)10000

  setAttOnSigilEquip:
  dd (int)5000

  setStunRateOnSigilEquip:
  dd (float)25

  setCriticalRateOnSigilEquip:
  dd (float)55

  addPTZ_OnSigilEquip:
  dd (int)10000

TEST:
  jmp newmem
  nop 5
return:
registersymbol(TEST)

[DISABLE]

TEST:
  db 45 89 4F 08 C4 C1 7B 10 47 10

unregistersymbol(*)
dealloc(*)

In any case, it doesn't work, I solved with a script for every cheat.

Too bad it would be useful to make a list of "compare" in a single script.

Post by **Rhark** » Mon Feb 26, 2024 10:38 pm

SilverRabbit90 wrote: ↑
Mon Feb 26, 2024 9:28 pm
...

The place you are injecting at seems to write to whatever is at [R15+08] so the code will only be triggered once that is affected by something. This is not a good place to inject for multiple things like this. You're better off finding an instruction that is always being accessed whilst using that structure.

In "theory" this code should work but as I said due to your injection point it may not.

Code: Select all

[ENABLE]

aobscanmodule(TEST,$process,45 89 4F 08 C4 C1 7B 10 47 10) // should be unique
alloc(newmem,$1000,TEST)


alloc(changeHp,8)
registersymbol(changeHp)

changeHp:
dd 0


alloc(changeAtt,8)
registersymbol(changeAtt)

changeAtt:
dd 0


alloc(changeStunRate,8)
registersymbol(changeStunRate)

changeStunRate:
dd 0


alloc(changeCriticalRate,8)
registersymbol(changeCriticalRate)

changeCriticalRate:
dd 0


alloc(changePTZ,8)
registersymbol(changePTZ)

changePTZ:
dd 0



label(code)
label(return)

label(setHpOnSigilEquip)
registersymbol(setHpOnSigilEquip)

label(setAttOnSigilEquip)
registersymbol(setAttOnSigilEquip)

label(setStunRateOnSigilEquip)
registersymbol(setStunRateOnSigilEquip)

label(setCriticalRateOnSigilEquip)
registersymbol(setCriticalRateOnSigilEquip)

label(addPTZ_OnSigilEquip)
registersymbol(addPTZ_OnSigilEquip)



newmem:
  push rdx
  cmp [changeHp],1
  jne @f
  mov edx,[setHpOnSigilEquip]
  mov [r15+04],edx

@@:
  cmp [changeAtt],1
  jne @f
  mov r9d,[setAttOnSigilEquip] // this will write to [R15+08] at the end of the compare list

@@:
  cmp [changeStunRate],1
  jne @f
  mov edx,[setStunRateOnSigilEquip]
  mov [r15+10],edx

@@:
  cmp [changeCriticalRate],1
  jne @f
  mov edx,[setCriticalRateOnSigilEquip]
  mov [r15+14],edx

@@:
  cmp [changePTZ],1
  jne @f
  mov edx,[addPTZ_OnSigilEquip]
  mov [r15+18],edx

@@:
  pop rdx

code:
  mov [r15+08],r9d
  vmovsd xmm0,[r15+10]
  jmp return

newmem+200:
setHpOnSigilEquip:
  dd (int)10000
setAttOnSigilEquip:
  dd (int)5000
setStunRateOnSigilEquip:
  dd (float)25
setCriticalRateOnSigilEquip:
  dd (float)55
addPTZ_OnSigilEquip:
  dd (int)10000

TEST:
  jmp newmem
  nop 5
return:
registersymbol(TEST)

[DISABLE]

TEST:
  db 45 89 4F 08 C4 C1 7B 10 47 10

unregistersymbol(*)
dealloc(*)

Post by **SilverRabbit90** » Mon Feb 26, 2024 10:53 pm

Rhark wrote: ↑

Mon Feb 26, 2024 10:38 pm

SilverRabbit90 wrote: ↑
Mon Feb 26, 2024 9:28 pm
...

The place you are injecting at seems to write to whatever is at [R15+08] so the code will only be triggered once that is affected by something. This is not a good place to inject for multiple things like this. You're better off finding an instruction that is always being accessed whilst using that structure.

In "theory" this code should work but as I said due to your injection point it may not.

Code: Select all

[ENABLE]

aobscanmodule(TEST,$process,45 89 4F 08 C4 C1 7B 10 47 10) // should be unique
alloc(newmem,$1000,TEST)


alloc(changeHp,8)
registersymbol(changeHp)

changeHp:
dd 0


alloc(changeAtt,8)
registersymbol(changeAtt)

changeAtt:
dd 0


alloc(changeStunRate,8)
registersymbol(changeStunRate)

changeStunRate:
dd 0


alloc(changeCriticalRate,8)
registersymbol(changeCriticalRate)

changeCriticalRate:
dd 0


alloc(changePTZ,8)
registersymbol(changePTZ)

changePTZ:
dd 0



label(code)
label(return)

label(setHpOnSigilEquip)
registersymbol(setHpOnSigilEquip)

label(setAttOnSigilEquip)
registersymbol(setAttOnSigilEquip)

label(setStunRateOnSigilEquip)
registersymbol(setStunRateOnSigilEquip)

label(setCriticalRateOnSigilEquip)
registersymbol(setCriticalRateOnSigilEquip)

label(addPTZ_OnSigilEquip)
registersymbol(addPTZ_OnSigilEquip)



newmem:
  push rdx
  cmp [changeHp],1
  jne @f
  mov edx,[setHpOnSigilEquip]
  mov [r15+04],edx

@@:
  cmp [changeAtt],1
  jne @f
  mov r9d,[setAttOnSigilEquip] // this will write to [R15+08] at the end of the compare list

@@:
  cmp [changeStunRate],1
  jne @f
  mov edx,[setStunRateOnSigilEquip]
  mov [r15+10],edx

@@:
  cmp [changeCriticalRate],1
  jne @f
  mov edx,[setCriticalRateOnSigilEquip]
  mov [r15+14],edx

@@:
  cmp [changePTZ],1
  jne @f
  mov edx,[addPTZ_OnSigilEquip]
  mov [r15+18],edx

@@:
  pop rdx

code:
  mov [r15+08],r9d
  vmovsd xmm0,[r15+10]
  jmp return

newmem+200:
setHpOnSigilEquip:
  dd (int)10000
setAttOnSigilEquip:
  dd (int)5000
setStunRateOnSigilEquip:
  dd (float)25
setCriticalRateOnSigilEquip:
  dd (float)55
addPTZ_OnSigilEquip:
  dd (int)10000

TEST:
  jmp newmem
  nop 5
return:
registersymbol(TEST)

[DISABLE]

TEST:
  db 45 89 4F 08 C4 C1 7B 10 47 10

unregistersymbol(*)
dealloc(*)

WoW it works perfectly thank you very mutch.

Now I'll just have to do some testing to see how more "comparison" works in other registers.

FearLess Cheat Engine

How to compare a list?

How to compare a list?

Re: How to compare a list?

Re: How to compare a list?

Re: How to compare a list?

Re: How to compare a list?

Who is online