Can I Nop Opcode from script?

Want Cheat Engine to do something specific and no idea how to do that, ask here. (From simple scripts to full trainers and extensions)
Post Reply
jmkdev
What is cheating?
What is cheating?
Posts: 3
Joined: Fri Oct 09, 2020 12:11 am
Reputation: 0

Can I Nop Opcode from script?

Post by jmkdev »

Hello. I'm working on a freecam mod for an emulated PS2 game. It works fine so far, but I have to manually Nop certain Opcodes that set the camera position. The addresses for these opcodes always stay the same. How do I Nop an opcode from within a Lua script?

User avatar
YoucefHam
Expert Cheater
Expert Cheater
Posts: 92
Joined: Sun Jan 21, 2018 10:21 pm
Reputation: 202

Re: Can I Nop Opcode from script?

Post by YoucefHam »

jmkdev wrote:
Fri Oct 09, 2020 12:14 am
Hello. I'm working on a freecam mod for an emulated PS2 game. It works fine so far, but I have to manually Nop certain Opcodes that set the camera position. The addresses for these opcodes always stay the same. How do I Nop an opcode from within a Lua script?
Hi,
Try this Script

Code: Select all

{$lua}
if syntaxcheck then return end
[ENABLE]
autoAssemble([[
"Tutorial-i386.exe"+2C40:
nop 7
]])
[DISABLE]
autoAssemble([[
"Tutorial-i386.exe"+2C40:
db FF 24 8D 50 2C 40 00
]])
{$asm}

{
// ORIGINAL CODE - INJECTION POINT: "Tutorial-i386.exe"+2C40

"Tutorial-i386.exe"+2C2B: 9C                    -  pushfd
"Tutorial-i386.exe"+2C2C: 58                    -  pop eax
"Tutorial-i386.exe"+2C2D: 33 04 24              -  xor eax,[esp]
"Tutorial-i386.exe"+2C30: 9D                    -  popfd
"Tutorial-i386.exe"+2C31: A9 00 00 20 00        -  test eax,00200000
"Tutorial-i386.exe"+2C36: 0F 95 C0              -  setne al
"Tutorial-i386.exe"+2C39: C3                    -  ret
"Tutorial-i386.exe"+2C3A: 00 00                 -  add [eax],al
"Tutorial-i386.exe"+2C3C: 00 00                 -  add [eax],al
"Tutorial-i386.exe"+2C3E: 00 00                 -  add [eax],al
// ---------- INJECTING HERE ----------
"Tutorial-i386.exe"+2C40: FF 24 8D 50 2C 40 00  -  jmp dword ptr [ecx*4+Tutorial-i386.exe+2C50]
// ---------- DONE INJECTING  ----------
"Tutorial-i386.exe"+2C47: 8D B4 26 00 00 00 00  -  lea esi,[esi+00000000]
"Tutorial-i386.exe"+2C4E: 89 F6                 -  mov esi,esi
"Tutorial-i386.exe"+2C50: D2 2D 40 00 CB 2D     -  shr byte ptr [2DCB0040],cl
"Tutorial-i386.exe"+2C56: 40                    -  inc eax
"Tutorial-i386.exe"+2C57: 00 92 2D 40 00 52     -  add [edx+5200402D],dl
"Tutorial-i386.exe"+2C5D: 2D 40 00 14 2D        -  sub eax,2D140040
"Tutorial-i386.exe"+2C62: 40                    -  inc eax
"Tutorial-i386.exe"+2C63: 00 C5                 -  add ch,al
"Tutorial-i386.exe"+2C65: 2D 40 00 8C 2D        -  sub eax,2D8C0040
"Tutorial-i386.exe"+2C6A: 40                    -  inc eax
}

jmkdev
What is cheating?
What is cheating?
Posts: 3
Joined: Fri Oct 09, 2020 12:11 am
Reputation: 0

Re: Can I Nop Opcode from script?

Post by jmkdev »

Can you explain what exactly this is doing? From what I gather you are NOPing address 2C40. Is that correct?

User avatar
YoucefHam
Expert Cheater
Expert Cheater
Posts: 92
Joined: Sun Jan 21, 2018 10:21 pm
Reputation: 202

Re: Can I Nop Opcode from script?

Post by YoucefHam »

2C40 its an offset of static address "Tutorial-i386.exe", you can use this like this

autoAssemble([[
address:
nop 7
]])

7 is the number of bytes in that address.

jmkdev
What is cheating?
What is cheating?
Posts: 3
Joined: Fri Oct 09, 2020 12:11 am
Reputation: 0

Re: Can I Nop Opcode from script?

Post by jmkdev »

Hello. I was able to use what you said to nop a certain address, but now I'm having a different issue.
The opcode address changes every time the game resets. I need to look at what opcodes are accessing an address, like when you right click on an address and click "Find out what writes to this address." Is this possible at all (I assume not)

aSwedishMagyar
Table Makers
Table Makers
Posts: 670
Joined: Mon Jul 06, 2020 3:19 am
Reputation: 1188

Re: Can I Nop Opcode from script?

Post by aSwedishMagyar »

jmkdev wrote:
Sat Oct 10, 2020 1:07 am
Hello. I was able to use what you said to nop a certain address, but now I'm having a different issue.
The opcode address changes every time the game resets. I need to look at what opcodes are accessing an address, like when you right click on an address and click "Find out what writes to this address." Is this possible at all (I assume not)
Use an AOB scan. Find the opcode by using "Find out what writes to this address". When the opcode shows up click "Show Disassembler" then go to tools and click "Auto Assemble" select the AOB injection template. It will generate an AOB which you can then use in your Lua script if you need to.

User avatar
SunBeam
RCE Fanatics
RCE Fanatics
Posts: 4665
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4186

Re: Can I Nop Opcode from script?

Post by SunBeam »

jmkdev wrote:
Fri Oct 09, 2020 12:14 am
The addresses for these opcodes always stay the same
OK.
jmkdev wrote:
Sat Oct 10, 2020 1:07 am
The opcode address changes every time the game resets.
Guess the previous statement isn't what you thought. You're in an emulator..

Post Reply

Who is online

Users browsing this forum: No registered users