FearLess Cheat Engine

Community Cheat Tables of Cheat Engine
https://fearlessrevolution.com/

How to replace push (string address) instruction AT a specific address

https://fearlessrevolution.com/viewtopic.php?f=14&t=22596

Page 1 of 1

How to replace push (string address) instruction AT a specific address

Posted: Fri Dec 30, 2022 12:16 pm
by peddroelm
its not push register with easy to know opcodes ..
can it be done using Lua string address variable or do I need assembler symbol for the address of the new string ?

Code: Select all

function UI_Water_Cost_LeftStation(params)


local WaterFuelPrice = readInteger(params)
local PermitStringTemplateAddr = readInteger(params+0x4)
local NoPermitStringTemplateAddr = readInteger(params+0x8)
local AOBAddr = readInteger(params+0xC)   // 0x80 before Push PermitString template    0xB9 before  NoPermitString template push instruction

local tempstring =string.format("WF: %d$ TL: %%d Permit: %%d STP: %%d", WaterFuelPrice)
 writeString(PermitStringTemplateAddr, tempstring)
 writeByte(PermitStringTemplateAddr + string.len(tempstring)+1,0)

  tempstring = string.format("WF: %d$ TL: %%d STP: %%d", WaterFuelPrice)
  writeString(NoPermitStringTemplateAddr, tempstring)
  writeByte(NoPermitStringTemplateAddr + string.len(tempstring)+1,0)

  --debug verification
 -- print(string.format("[%s] || [%s] || AOB addr %x ", readString(PermitStringTemplateAddr), readString(NoPermitStringTemplateAddr), AOBAddr  ))

// would like to overwrite 2 push instructions (they push addresses of string printf template)

push StarTradersFrontiersMods.exe+7135C0 { ("Trade Law: %d  Permit: %d  Starport: %d") }
with 
push  PermitStringTemplateAddr // at addr  AOBAddr + 0x80

and

push StarTradersFrontiersMods.exe+713670 { ("Trade Law: %d  Starport: %d") }
with 
push  NoPermitStringTemplateAddr // at addr  AOBAddr + 0xB9


end
Basically I want the hover UI to use printf templates in which I have injected more info (extra calculated parameter value for waterfuel cost)

EDIT can I add stuff here ?

Code: Select all


....
AOB_UI_Add_Water_Cost_Hover_LeftStation:
  jmp code
return:
registersymbol(AOB_UI_Add_Water_Cost_Hover_LeftStation)

AOB_UI_Add_Water_Cost_Hover_LeftStation+80:
push PermitString

AOB_UI_Add_Water_Cost_Hover_LeftStation+B9:
push NoPermitString


[DISABLE]

AOB_UI_Add_Water_Cost_Hover_LeftStation:
 readmem(bytes_save_UI_water_Left_Station,5)   // db E8 75 F4 01 00   // will need save-restore 5 bytes

AOB_UI_Add_Water_Cost_Hover_LeftStation+80: 
readmem(,5) // Restore Push str addr

AOB_UI_Add_Water_Cost_Hover_LeftStation+B9:
readmem(,5) // Restore second Push str addr 

unregistersymbol(AOB_UI_Add_Water_Cost_Hover_LeftStation)
unregisterSymbol(bytes_save_UI_water_Left_Station)
dealloc(newmem)
dealloc(LUA_UI_Water_Cost_LeftStation)
dealloc(UI_Water_Cost_LeftStation_Params)

Just occurred to me , No matter how i do it I will need to (SAVE /) RESTORE those original pushes in For the disable function

Re: How to replace push (string address) instruction AT a specific address with another push String address instruction

Posted: Fri Dec 30, 2022 12:48 pm
by peddroelm
goes this question translates
"Can the result of a single AOB scan (symbol) be used to overwrite instructions at multiple offsets ?

// for the executable part
...
AOB_result:
jmp code
return
...

but could also use
AOB_result+X:
overwrite stuff

AOB_result+Z:
overwrite more stuff

registersymbol(AOB_result)

[DISABLE]


AOB_result:
restore

AOB_result+X:
restore

AOB_result+Z:
restore

unregister ..
dealloc

horrible crashes chain incoming ! :)

EDIT: No crashes it WORKED :))

Image




Code: Select all

....
label(bytes_save_UI_water_Left_Station)
registerSymbol(bytes_save_UI_water_Left_Station)
label(bytes_save_UI_water_Left_Station_2)
registerSymbol(bytes_save_UI_water_Left_Station_2)
label(bytes_save_UI_water_Left_Station_3)
registerSymbol(bytes_save_UI_water_Left_Station_3)

LUA_UI_Water_Cost_LeftStation:
 db 'UI_Water_Cost_LeftStation(parameter)',0

newmem:
  bytes_save_UI_water_Left_Station:
  readmem(AOB_UI_Add_Water_Cost_Hover_LeftStation,5)
  bytes_save_UI_water_Left_Station_2:
  readmem(AOB_UI_Add_Water_Cost_Hover_LeftStation+80,5)
  bytes_save_UI_water_Left_Station_3:
  readmem(AOB_UI_Add_Water_Cost_Hover_LeftStation+B9,5)
  STZoneModel:
  dd 0
  STRumorQuadrantModel:
  dd 0
  PermitString:
  db 'Trade Law: %d Permit: %d Starport: %d',0
  NoPermitString:
  db 'Trade Law: %d Starport: %d',0

code : 

...

....

 call AOB_BM_f_get_Trade_Law  // original code:
  jmp return

AOB_UI_Add_Water_Cost_Hover_LeftStation:
  jmp code
return:

AOB_UI_Add_Water_Cost_Hover_LeftStation+80:
push PermitString

AOB_UI_Add_Water_Cost_Hover_LeftStation+B9:
push NoPermitString

registersymbol(AOB_UI_Add_Water_Cost_Hover_LeftStation)

[DISABLE]

AOB_UI_Add_Water_Cost_Hover_LeftStation:
 readmem(bytes_save_UI_water_Left_Station,5)   // db E8 75 F4 01 00   // restore call AOB_f_get_Trade_Law

AOB_UI_Add_Water_Cost_Hover_LeftStation+80:
 readmem(bytes_save_UI_water_Left_Station_2,5)  //  restore push addr un modded string template

 AOB_UI_Add_Water_Cost_Hover_LeftStation+B9:
 readmem(bytes_save_UI_water_Left_Station_3,5) // restore push addr un modded string template

unregistersymbol(AOB_UI_Add_Water_Cost_Hover_LeftStation)
unregisterSymbol(bytes_save_UI_water_Left_Station)
unregisterSymbol(bytes_save_UI_water_Left_Station_2)
unregisterSymbol(bytes_save_UI_water_Left_Station_3)
dealloc(newmem)
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited