FearLess Cheat Engine

Posted: **Sat Feb 22, 2020 6:53 am**

So I have this script, which is just two combined scripts here:

aobscanmodule(front_mount_drydockone,StarpointGemini2.exe,44 8B 70 1C E9 7D 00 00 00) // should be unique
alloc(newmem,$1000,"StarpointGemini2.exe"+174719)
aobscanmodule(drydock_mount_light_right,StarpointGemini2.exe,9A EA FF 40 32 F6 44 8B 70 1C E9 7E 00 00 00) // should be unique
alloc(newmem1,$1000,"StarpointGemini2.exe"+1748B8)

label(code)
label(return)
alloc(mounts,4)
registersymbol(mounts)
label(code1)
label(return1)
alloc(right_light,4)
registersymbol(right_light)

newmem:
code:
  mov [mounts],rax
  mov r14d,[rax+1C]
  jmp StarpointGemini2.exe+17479F
  jmp return

newmem1:
code1:
  mov [right_light],rax
  mov r14d,[rax+1C]
  jmp StarpointGemini2.exe+17493F
  jmp return1

front_mount_drydockone:
  jmp newmem
  nop 4
return:
registersymbol(front_mount_drydockone)

drydock_mount_light_right+06:
  jmp newmem1
  nop 4
return1:
registersymbol(drydock_mount_light_right)

[DISABLE]

front_mount_drydockone:
  db 44 8B 70 1C E9 7D 00 00 00
drydock_mount_light_right+06:
  db 44 8B 70 1C E9 7E 00 00 00

unregistersymbol(front_mount_drydockone)
dealloc(newmem)
dealloc(mounts,4)
unregistersymbol(mounts)
unregistersymbol(drydock_mount_light_right)
dealloc(newmem1)
dealloc(right_light,4)
unregistersymbol(right_light)

So its just creating two symbols I can use as pointers in the table to edit a couple of values. Thing is, when the scripts are used separately the two addresses display fine but combined like here only the [right_light] symbol displays the address and the [mounts] symbol displays a long gibberish address. I know both symbols use RAX, but I don't understand the issue as they are at completely different sections of code.

This has happened to me before and I would really like to know how to fix this script so I can do such things in the future. I have several more symbols I need to add to this same script. As it is I'll have to have separate scripts for each one :/ Thanks!

Posted: **Sat Feb 22, 2020 5:33 pm**

gideon25 wrote: ↑
Sat Feb 22, 2020 6:53 am
...

You need to allocate 8 bytes for addresses for a 64 bit process. Not sure if that's the problem but give it a try.

Code: Select all

aobscanmodule(front_mount_drydockone,StarpointGemini2.exe,44 8B 70 1C E9 7D 00 00 00) // should be unique
alloc(newmem,$1000,"StarpointGemini2.exe"+174719)
aobscanmodule(drydock_mount_light_right,StarpointGemini2.exe,9A EA FF 40 32 F6 44 8B 70 1C E9 7E 00 00 00) // should be unique
alloc(newmem1,$1000,"StarpointGemini2.exe"+1748B8)

label(code)
label(return)
alloc(mounts,8) // needs to be 8 bytes for 64 bit process.
registersymbol(mounts)
label(code1)
label(return1)
alloc(right_light,8) // needs to be 8 bytes for 64 bit process.
registersymbol(right_light)

newmem:
code:
  mov [mounts],rax
  mov r14d,[rax+1C]
  jmp StarpointGemini2.exe+17479F
  jmp return // this will never be used because of the previous jump

newmem1:
code1:
  mov [right_light],rax
  mov r14d,[rax+1C]
  jmp StarpointGemini2.exe+17493F
  jmp return1 // this will never be used because of the previous jump

front_mount_drydockone:
  jmp newmem
  nop 4
return:
registersymbol(front_mount_drydockone)

drydock_mount_light_right+06:
  jmp newmem1
  nop 4
return1:
registersymbol(drydock_mount_light_right)

[DISABLE]

front_mount_drydockone:
  db 44 8B 70 1C E9 7D 00 00 00
drydock_mount_light_right+06:
  db 44 8B 70 1C E9 7E 00 00 00

unregistersymbol(front_mount_drydockone)
dealloc(newmem)
dealloc(mounts) // no second parameter for dealloc.
unregistersymbol(mounts)
unregistersymbol(drydock_mount_light_right)
dealloc(newmem1)
dealloc(right_light) // no second parameter for dealloc.
unregistersymbol(right_light)

Posted: **Sat Feb 22, 2020 8:30 pm**

ShyTwig16 wrote: ↑
Sat Feb 22, 2020 5:33 pm
You need to allocate 8 bytes for addresses for a 64 bit process. Not sure if that's the problem but give it a try.

That did it! Strange though that the two scripts worked fine when activated together in separate scripts with allocating just 4 bytes, but seriously, thanks for the fix!

Posted: **Sat Feb 22, 2020 8:35 pm**

gideon25 wrote: ↑
Sat Feb 22, 2020 8:30 pm

ShyTwig16 wrote: ↑
Sat Feb 22, 2020 5:33 pm
You need to allocate 8 bytes for addresses for a 64 bit process. Not sure if that's the problem but give it a try.
That did it! Strange though that the two scripts worked fine when activated together in separate scripts with allocating just 4 bytes, but seriously, thanks for the fix!

Best I can figure is maybe CE now makes one allocation pure script and spaces stuff based on the size you set.

Posted: **Mon Feb 24, 2020 6:05 pm**

I have ran into this before, when CE initialize a script, it generate all the assembly codes then the variables reservation.
So when you have 2 of those script separated, the structure looks something like this.

Code: Select all

 [script1]
 [some space]
 [variable1]
 [some space]
 [script2]
 [some space]
 [variable2]
 [some space]

Although you only reserved 4 bytes(32bits) for 64 bits(8 bytes) address, the above structure didn't cause problem because there is enough blank spaces between scrips and its variable.
But now after you have combined the 2 scripts into 1, the structure will looks something like this.

Code: Select all

 [script1]
 [script2]
 [some space]
 [variable1]
 [variable2]
 [some space]

As you can see, there is no space between 2 variables so when you update one of them, the new data will also override the other variable due to the fact you didn't reserve correct amount of bytes to hold 64 bit address.

FearLess Cheat Engine

Just need a little help with a very simple script. Thanks!

Just need a little help with a very simple script. Thanks!

Re: Just need a little help with a very simple script. Thanks!

Re: Just need a little help with a very simple script. Thanks!

Re: Just need a little help with a very simple script. Thanks!

Re: Just need a little help with a very simple script. Thanks!