[HELP] Pointer Compare in rcx

GMan · Post by **GMan** » Tue May 26, 2020 8:18 am

the value i want to compare is in [rcx + 98] +10 but it doesn't work, what am i doing wrong?

what i know so far is [rcx + 98] is a pointer, this pointer changes after every game start and +10 is the value i want to compare.

and how can i add an on off switch for one hit kills (enemyhealth)?

i am not yet very familiar with cheatengine but i am learning but I'm stuck at this point

[CODE][ENABLE]

aobscanmodule(HealthInject,GameAssembly.dll,CC 48 8B 41 70 C3)

alloc(newmem,$1000,"GameAssembly.dll"+1413E80)

label(code)

label(return)

label(playerhealth)

label(enemyhealth)

//playerhealthcomparevalue 11

//enemyhealthcomparevalue 8

//[rcx+98]+10

newmem:

cmp byte ptr [rcx+98]+10,0B //this compare wont work

je playerhealth

cmp byte ptr [rcx+98]+10,08 //this compare wont work

je enemyhealth

code:

mov rax,[rcx+70]

ret

jmp return

enemyhealth:

mov [rcx+70],(int)0

jmp return

playerhealth:

mov [rcx+70],(int)999999

jmp return

HealthInject+01:

jmp newmem

return:

registersymbol(HealthInject)

[DISABLE]

HealthInject+01:

db 48 8B 41 70 C3

unregistersymbol(HealthInject)

dealloc(newmem)

[/CODE]

GreenHouse · Post by **GreenHouse** » Tue May 26, 2020 10:07 am

[CODE=nasm][ENABLE]

aobscanmodule(HealthInject,GameAssembly.dll,CC 48 8B 41 70 C3)

alloc(newmem,$1000,"GameAssembly.dll"+1413E80)

label(code)

label(return)

label(playerhealth)

label(enemyhealth)

//playerhealthcomparevalue 11

//enemyhealthcomparevalue 8

//[rcx+98]+10

newmem:

push rdi

mov rdi,[rcx+98]

cmp byte ptr [rdi+10],0B

je playerhealth

cmp byte ptr [rdi+10],08

je enemyhealth

code:

pop rdi

mov rax,[rcx+70]

ret

jmp return

enemyhealth:

pop rdi

mov [rcx+70],(int)0

jmp return

playerhealth:

pop rdi

mov [rcx+70],(int)999999

jmp return

HealthInject+01:

jmp newmem

return:

registersymbol(HealthInject)

[DISABLE]

HealthInject+01:

db 48 8B 41 70 C3

unregistersymbol(HealthInject)

dealloc(newmem)[/CODE]

GMan · Post by **GMan** » Tue May 26, 2020 11:10 am

ty for the help, why rdi? Can you please explain this to me?

when activating the table the game crashes as soon as opponents appear

GreenHouse · Post by **GreenHouse** » Tue May 26, 2020 11:25 am

There's no specific reason, that's the first register I could think of. RAX and RCX are used already, so I don't want to use them.

You mov what's inside [RCX+98] to RDI, that being the pointer address, so now inside [RDI+10] will be what you wanted to compare.

The crash is because you're jumping to return instead of having the rest of the code execute. Try this:

[CODE=nasm][ENABLE]

aobscanmodule(HealthInject,GameAssembly.dll,CC 48 8B 41 70 C3)

alloc(newmem,$1000,"GameAssembly.dll"+1413E80)

label(code)

label(return)

label(playerhealth)

label(enemyhealth)

//playerhealthcomparevalue 11

//enemyhealthcomparevalue 8

//[rcx+98]+10

newmem:

push rdi

mov rdi,[rcx+98]

cmp byte ptr [rdi+10],0B

je playerhealth

cmp byte ptr [rdi+10],08

je enemyhealth

code:

pop rdi

mov rax,[rcx+70]

ret

jmp return

enemyhealth:

mov [rcx+70],(int)0

jmp code

playerhealth:

mov [rcx+70],(int)999999

jmp code

HealthInject+01:

jmp newmem

return:

registersymbol(HealthInject)

[DISABLE]

HealthInject+01:

db 48 8B 41 70 C3

unregistersymbol(HealthInject)

dealloc(newmem)[/CODE]

GMan · Post by **GMan** » Tue May 26, 2020 11:57 am

still get a crash.

how can I find out which registers can be used?

rdi may already be in use, I think!

or is there possibly another solution?

my code worked without any problems but I had to enter the pointervalue manually with every game start (cmp [rcx + 98], pointervalue), I would like to skip this process ...

GreenHouse · Post by **GreenHouse** » Tue May 26, 2020 1:14 pm

[QUOTE="GMan, post: 136940, member: 38079"]

still get a crash.

how can I find out which registers can be used?

[/QUOTE]

All can be used. It's just that in that instruction RAX is being written and RCX is where the values that you need are, so you can't use them or you won't be able to get what you need.

And as for the crash, I'm not sure why it happens. Does every address accessed by that instruction have a pointer in [RCX+98]? If not all of them do, then before that, you'll need to add a compare to ignore those.

Post by **happyTugs** » Tue May 26, 2020 3:30 pm

Alternatively, you could write the value into rax since it will be overwritten anyway.

[CODE=cea][ENABLE]

aobscanmodule(HealthInject,GameAssembly.dll,CC 48 8B 41 70 C3)

alloc(newmem,$1000,"GameAssembly.dll"+1413E80)

label(code)

label(return)

label(playerhealth)

label(enemyhealth)

//playerhealthcomparevalue 11

//enemyhealthcomparevalue 8

//[rcx+98]+10

newmem:

pushf // might as well preserve your flags since you say you are crashing

mov rax,[rcx+98]

test rax,rax

jz code

cmp byte ptr [rax+10],0B

jz playerhealth

cmp byte ptr [rax+10],08

jz enemyhealth

code:

popf

mov rax,[rcx+70]

ret // generally, I don't recommend injecting where there is a return

jmp return // jmp isn't needed because of the return, but oh well.

enemyhealth:

mov dword ptr [rcx+70],0

jmp code

playerhealth:

mov dword ptr [rcx+70],F423F

jmp code

HealthInject+01:

jmp newmem

return:

registersymbol(HealthInject)

[DISABLE]

HealthInject+01:

db 48 8B 41 70 C3

unregistersymbol(HealthInject)

dealloc(newmem)[/CODE]I would suggest finding a different place to inject that is before the return; it could also be one of the reasons as to why you are crashing.

GMan · Post by **GMan** » Tue May 26, 2020 5:25 pm

The game no longer crashes instantly, now it crashes after the first opponents are dead. :(

Post by **astor** » Tue May 26, 2020 6:32 pm

[QUOTE="GMan, post: 136989, member: 38079"]

The game no longer crashes instantly, now it crashes after the first opponents are dead. :(

[/QUOTE]

try this, let me know if it worked.

[CODE=cea][ENABLE]

aobscanmodule(HealthInject,GameAssembly.dll,CC 48 8B 41 70 C3)

alloc(newmem,$1000,"GameAssembly.dll"+1413E80)

label(code)

label(return)

label(playerhealth)

label(enemyhealth)

//playerhealthcomparevalue 11

//enemyhealthcomparevalue 8

//[rcx+98]+10

newmem:

push rcx

mov rcx,[rcx+10]

mov rcx,[rcx+98]

cmp rcx,B

pop rcx

je playerhealth

@@:

push rcx

mov rcx,[rcx+10]

mov rcx,[rcx+98]

cmp rcx,8

pop rcx

je enemyhealth

@@:

code:

mov rax,[rcx+70]

ret

jmp return

enemyhealth:

mov [rcx+70],0

ret

jmp return

playerhealth:

mov [rcx+70],#999999

ret

jmp return

HealthInject+01:

jmp newmem

return:

registersymbol(HealthInject)

[DISABLE]

HealthInject+01:

db 48 8B 41 70 C3

unregistersymbol(HealthInject)

dealloc(newmem)[/CODE]

GMan · Post by **GMan** » Tue May 26, 2020 8:15 pm

unfortunately does not work either, game crashes instantly.

TimFun13 · Post by **TimFun13** » Tue May 26, 2020 9:49 pm

Try something like this:

[CODE=cea][ENABLE]

aobscanmodule(HealthInject,GameAssembly.dll,CC 48 8B 41 70 C3)

alloc(newmem,$1000,"GameAssembly.dll"+1413E80)

label(ocode)

label(playerhealth)

label(enemyhealth)

//playerhealthcomparevalue 11

//enemyhealthcomparevalue 8

//[rcx+98]+10

newmem:

mov rax,[rcx+98]

test rax,rax

jz @f

mov al,[rax+10]

cmp al,B

je playerhealth

@@:

cmp al,8

je enemyhealth

ocode:

mov rax,[rcx+70]

ret

enemyhealth:

mov [rcx+70],0

jmp ocode

playerhealth:

mov [rcx+70],#999999

jmp ocode

HealthInject+01:

jmp newmem

registersymbol(HealthInject)

[DISABLE]

HealthInject+01:

db 48 8B 41 70 C3

unregistersymbol(HealthInject)

dealloc(newmem)[/CODE]

Post by **astor** » Tue May 26, 2020 11:57 pm

[QUOTE="GMan, post: 137002, member: 38079"]

unfortunately does not work either, game crashes instantly.

[/QUOTE]

i think the crash has to do with your wrong pointer.

i tested it on legend of streets just now and it didnt crash the game:

[MEDIA=streamable]aqnbcp[/MEDIA]

BADORGOOD · Post by **BADORGOOD** » Thu May 28, 2020 5:42 am

yeah is a bad pointer, the procedures are all ok.

mov rax,[rcx+98]

mov al,[rax+10]

not always is 8 or B.

Regards

FearLess Cheat Engine