help with code injection
Posted: Wed Feb 16, 2022 10:40 pm
Hello. I'm just learning how to use the Cheat Engine...and I would like to learn how to use the "Auto Assemble" feature. For example, I want to enable cpu vs cpu in One Piece Burning Blood... but I can't find the correct address or the game is blocking it. Below are examples of trainers with such a function for other games of the fighting genre. Can I use these codes in my game? What needs to be found, changed? Is it necessary to know the location of the desired object or function in order to change something in the game using code injection?
}
Spoiler
[ENABLE]
aobscanmodule(cpuvs,StreetFighterV.exe,89 9F 8C 01 00 00 41)
alloc(newmem,$100,cpuvs)
registersymbol(cpuvs)
label(code)
label(return)
newmem:
code:
mov [rdi+0000018C],2
jmp return
cpuvs:
jmp newmem
nop
return:
[DISABLE]
cpuvs:
db 89 9F 8C 01 00 00
unregistersymbol(cpuvs)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "StreetFighterV.exe"+75D4B8
"StreetFighterV.exe"+75D48C: FF C9 - dec ecx
"StreetFighterV.exe"+75D48E: 74 10 - je StreetFighterV.exe+75D4A0
"StreetFighterV.exe"+75D490: FF C9 - dec ecx
"StreetFighterV.exe"+75D492: 75 2A - jne StreetFighterV.exe+75D4BE
"StreetFighterV.exe"+75D494: C7 87 8C 01 00 00 03 00 00 00 - mov [rdi+0000018C],00000003
"StreetFighterV.exe"+75D49E: EB 1E - jmp StreetFighterV.exe+75D4BE
"StreetFighterV.exe"+75D4A0: C7 87 8C 01 00 00 02 00 00 00 - mov [rdi+0000018C],00000002
"StreetFighterV.exe"+75D4AA: EB 12 - jmp StreetFighterV.exe+75D4BE
"StreetFighterV.exe"+75D4AC: C7 87 8C 01 00 00 01 00 00 00 - mov [rdi+0000018C],00000001
"StreetFighterV.exe"+75D4B6: EB 06 - jmp StreetFighterV.exe+75D4BE
// ---------- INJECTING HERE ----------
"StreetFighterV.exe"+75D4B8: 89 9F 8C 01 00 00 - mov [rdi+0000018C],ebx
// ---------- DONE INJECTING ----------
"StreetFighterV.exe"+75D4BE: 41 8B 45 28 - mov eax,[r13+28]
"StreetFighterV.exe"+75D4C2: 48 8D 4C 24 20 - lea rcx,[rsp+20]
"StreetFighterV.exe"+75D4C7: 48 8B D7 - mov rdx,rdi
"StreetFighterV.exe"+75D4CA: 89 87 90 01 00 00 - mov [rdi+00000190],eax
"StreetFighterV.exe"+75D4D0: 41 0F B6 45 2C - movzx eax,byte ptr [r13+2C]
"StreetFighterV.exe"+75D4D5: 88 44 24 20 - mov [rsp+20],al
"StreetFighterV.exe"+75D4D9: E8 F2 CB FF FF - call StreetFighterV.exe+75A0D0
"StreetFighterV.exe"+75D4DE: F3 41 0F 10 45 30 - movss xmm0,[r13+30]
"StreetFighterV.exe"+75D4E4: F3 0F 59 05 A4 A1 46 02 - mulss xmm0,[StreetFighterV.exe+2BC7690]
"StreetFighterV.exe"+75D4EC: F3 0F 2C C0 - cvttss2si eax,xmm0
aobscanmodule(cpuvs,StreetFighterV.exe,89 9F 8C 01 00 00 41)
alloc(newmem,$100,cpuvs)
registersymbol(cpuvs)
label(code)
label(return)
newmem:
code:
mov [rdi+0000018C],2
jmp return
cpuvs:
jmp newmem
nop
return:
[DISABLE]
cpuvs:
db 89 9F 8C 01 00 00
unregistersymbol(cpuvs)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "StreetFighterV.exe"+75D4B8
"StreetFighterV.exe"+75D48C: FF C9 - dec ecx
"StreetFighterV.exe"+75D48E: 74 10 - je StreetFighterV.exe+75D4A0
"StreetFighterV.exe"+75D490: FF C9 - dec ecx
"StreetFighterV.exe"+75D492: 75 2A - jne StreetFighterV.exe+75D4BE
"StreetFighterV.exe"+75D494: C7 87 8C 01 00 00 03 00 00 00 - mov [rdi+0000018C],00000003
"StreetFighterV.exe"+75D49E: EB 1E - jmp StreetFighterV.exe+75D4BE
"StreetFighterV.exe"+75D4A0: C7 87 8C 01 00 00 02 00 00 00 - mov [rdi+0000018C],00000002
"StreetFighterV.exe"+75D4AA: EB 12 - jmp StreetFighterV.exe+75D4BE
"StreetFighterV.exe"+75D4AC: C7 87 8C 01 00 00 01 00 00 00 - mov [rdi+0000018C],00000001
"StreetFighterV.exe"+75D4B6: EB 06 - jmp StreetFighterV.exe+75D4BE
// ---------- INJECTING HERE ----------
"StreetFighterV.exe"+75D4B8: 89 9F 8C 01 00 00 - mov [rdi+0000018C],ebx
// ---------- DONE INJECTING ----------
"StreetFighterV.exe"+75D4BE: 41 8B 45 28 - mov eax,[r13+28]
"StreetFighterV.exe"+75D4C2: 48 8D 4C 24 20 - lea rcx,[rsp+20]
"StreetFighterV.exe"+75D4C7: 48 8B D7 - mov rdx,rdi
"StreetFighterV.exe"+75D4CA: 89 87 90 01 00 00 - mov [rdi+00000190],eax
"StreetFighterV.exe"+75D4D0: 41 0F B6 45 2C - movzx eax,byte ptr [r13+2C]
"StreetFighterV.exe"+75D4D5: 88 44 24 20 - mov [rsp+20],al
"StreetFighterV.exe"+75D4D9: E8 F2 CB FF FF - call StreetFighterV.exe+75A0D0
"StreetFighterV.exe"+75D4DE: F3 41 0F 10 45 30 - movss xmm0,[r13+30]
"StreetFighterV.exe"+75D4E4: F3 0F 59 05 A4 A1 46 02 - mulss xmm0,[StreetFighterV.exe+2BC7690]
"StreetFighterV.exe"+75D4EC: F3 0F 2C C0 - cvttss2si eax,xmm0
Spoiler
[ENABLE]
aobscanmodule(CPU_VS_CPU,DBXV2.exe,F3 0F 10 83 F8 00 00 00 0F 57) // should be unique
alloc(newmem,$1000,"DBXV2.exe"+155C11)
label(code)
label(originalcode)
label(return)
label(BACK_to_Normal)
label(FULL_HP)
newmem:
cmp [rbx+44],0
jne originalcode
mov [rbx+50],1
cmp byte ptr[FULL_HP],1
je code
cmp byte ptr [BACK_to_Normal],0
je originalcode
mov [rbx+50],0
cmp byte ptr[FULL_HP],0
je originalcode
code:
movss xmm0,[rbx+000000FC]
xorps xmm6,xmm6
cmp byte ptr [BACK_to_Normal],0
je return
mov [rbx+50],0
jmp return
originalcode:
movss xmm0,[rbx+000000F8]
jmp return
BACK_to_Normal:
db 0
FULL_HP:
db 0
CPU_VS_CPU:
jmp newmem
nop 3
return:
registersymbol(CPU_VS_CPU)
registersymbol(BACK_to_Normal)
registersymbol(FULL_HP)
[DISABLE]
CPU_VS_CPU:
db F3 0F 10 83 F8 00 00 00
unregistersymbol(CPU_VS_CPU)
dealloc(newmem)
unregistersymbol(BACK_to_Normal)
unregistersymbol(FULL_HP)
{
// ORIGINAL CODE - INJECTION POINT: "DBXV2.exe"+155C11
"DBXV2.exe"+155BEA: 0F 29 74 24 30 - movaps [rsp+30],xmm6
"DBXV2.exe"+155BEF: 41 8B F9 - mov edi,r9d
"DBXV2.exe"+155BF2: 0F 29 7C 24 20 - movaps [rsp+20],xmm7
"DBXV2.exe"+155BF7: 0F 28 F1 - movaps xmm6,xmm1
"DBXV2.exe"+155BFA: 0F 28 FA - movaps xmm7,xmm2
"DBXV2.exe"+155BFD: 48 8B D9 - mov rbx,rcx
"DBXV2.exe"+155C00: E8 0B 1B 00 00 - call DBXV2.exe+157710
"DBXV2.exe"+155C05: 83 C0 FE - add eax,-02
"DBXV2.exe"+155C08: 83 F8 01 - cmp eax,01
"DBXV2.exe"+155C0B: 0F 86 86 00 00 00 - jbe DBXV2.exe+155C97
// ---------- INJECTING HERE ----------
"DBXV2.exe"+155C11: F3 0F 10 83 F8 00 00 00 - movss xmm0,[rbx+000000F8]
// ---------- DONE INJECTING ----------
"DBXV2.exe"+155C19: 0F 57 DB - xorps xmm3,xmm3
"DBXV2.exe"+155C1C: F3 0F 5F F3 - maxss xmm6,xmm3
"DBXV2.exe"+155C20: 33 C0 - xor eax,eax
"DBXV2.exe"+155C22: F3 0F 5C C6 - subss xmm0,xmm6
"DBXV2.exe"+155C26: F3 0F 11 83 F8 00 00 00 - movss [rbx+000000F8],xmm0
"DBXV2.exe"+155C2E: 85 FF - test edi,edi
"DBXV2.exe"+155C30: 74 06 - je DBXV2.exe+155C38
"DBXV2.exe"+155C32: 89 83 00 01 00 00 - mov [rbx+00000100],eax
"DBXV2.exe"+155C38: 0F 2F C3 - comiss xmm0,xmm3
"DBXV2.exe"+155C3B: 73 0E - jae DBXV2.exe+155C4B
}
aobscanmodule(CPU_VS_CPU,DBXV2.exe,F3 0F 10 83 F8 00 00 00 0F 57) // should be unique
alloc(newmem,$1000,"DBXV2.exe"+155C11)
label(code)
label(originalcode)
label(return)
label(BACK_to_Normal)
label(FULL_HP)
newmem:
cmp [rbx+44],0
jne originalcode
mov [rbx+50],1
cmp byte ptr[FULL_HP],1
je code
cmp byte ptr [BACK_to_Normal],0
je originalcode
mov [rbx+50],0
cmp byte ptr[FULL_HP],0
je originalcode
code:
movss xmm0,[rbx+000000FC]
xorps xmm6,xmm6
cmp byte ptr [BACK_to_Normal],0
je return
mov [rbx+50],0
jmp return
originalcode:
movss xmm0,[rbx+000000F8]
jmp return
BACK_to_Normal:
db 0
FULL_HP:
db 0
CPU_VS_CPU:
jmp newmem
nop 3
return:
registersymbol(CPU_VS_CPU)
registersymbol(BACK_to_Normal)
registersymbol(FULL_HP)
[DISABLE]
CPU_VS_CPU:
db F3 0F 10 83 F8 00 00 00
unregistersymbol(CPU_VS_CPU)
dealloc(newmem)
unregistersymbol(BACK_to_Normal)
unregistersymbol(FULL_HP)
{
// ORIGINAL CODE - INJECTION POINT: "DBXV2.exe"+155C11
"DBXV2.exe"+155BEA: 0F 29 74 24 30 - movaps [rsp+30],xmm6
"DBXV2.exe"+155BEF: 41 8B F9 - mov edi,r9d
"DBXV2.exe"+155BF2: 0F 29 7C 24 20 - movaps [rsp+20],xmm7
"DBXV2.exe"+155BF7: 0F 28 F1 - movaps xmm6,xmm1
"DBXV2.exe"+155BFA: 0F 28 FA - movaps xmm7,xmm2
"DBXV2.exe"+155BFD: 48 8B D9 - mov rbx,rcx
"DBXV2.exe"+155C00: E8 0B 1B 00 00 - call DBXV2.exe+157710
"DBXV2.exe"+155C05: 83 C0 FE - add eax,-02
"DBXV2.exe"+155C08: 83 F8 01 - cmp eax,01
"DBXV2.exe"+155C0B: 0F 86 86 00 00 00 - jbe DBXV2.exe+155C97
// ---------- INJECTING HERE ----------
"DBXV2.exe"+155C11: F3 0F 10 83 F8 00 00 00 - movss xmm0,[rbx+000000F8]
// ---------- DONE INJECTING ----------
"DBXV2.exe"+155C19: 0F 57 DB - xorps xmm3,xmm3
"DBXV2.exe"+155C1C: F3 0F 5F F3 - maxss xmm6,xmm3
"DBXV2.exe"+155C20: 33 C0 - xor eax,eax
"DBXV2.exe"+155C22: F3 0F 5C C6 - subss xmm0,xmm6
"DBXV2.exe"+155C26: F3 0F 11 83 F8 00 00 00 - movss [rbx+000000F8],xmm0
"DBXV2.exe"+155C2E: 85 FF - test edi,edi
"DBXV2.exe"+155C30: 74 06 - je DBXV2.exe+155C38
"DBXV2.exe"+155C32: 89 83 00 01 00 00 - mov [rbx+00000100],eax
"DBXV2.exe"+155C38: 0F 2F C3 - comiss xmm0,xmm3
"DBXV2.exe"+155C3B: 73 0E - jae DBXV2.exe+155C4B
}