My script won't disable, in Ark. Never had a problem before... Template is always the same, and disable always works in every other game. What's going on with this game? Check this script out:
Code: Select all
{ Game : ShooterGame.exe
Version:
Date : 2018-11-14
Author : Sigan
This script gets Engrams pointer and sets a flag to ignore the subtraction upon learning
}
define(address,"ShooterGame.exe"+65ADCB)
define(bytes,41 29 87 34 0C 00 00)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,"ShooterGame.exe"+65ADCB)
globalalloc(_Engrams,4)
label(_setMax)
label(code)
label(return)
newmem:
code:
mov [_Engrams],r15
cmp [_setMax],1
je @f
jmp return
@@:
sub [r15+00000C34],eax
jmp return
_setMax:
dd 0
address:
jmp newmem
nop
nop
return:
registersymbol(_setMax)
[DISABLE]
address:
db bytes
// sub [r15+00000C34],eax
unregistersymbol(_setMax)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "ShooterGame.exe"+65ADCB
"ShooterGame.exe"+65AD93: 48 8D 15 46 4D C0 02 - lea rdx,[ShooterGame.exe+325FAE0]
"ShooterGame.exe"+65AD9A: 48 8D 0D DF 4A C0 02 - lea rcx,[ShooterGame.exe+325F880]
"ShooterGame.exe"+65ADA1: 41 B8 3C 02 00 00 - mov r8d,0000023C
"ShooterGame.exe"+65ADA7: 89 7C 24 20 - mov [rsp+20],edi
"ShooterGame.exe"+65ADAB: E8 50 A5 9A 00 - call ShooterGame.exe+1005300
"ShooterGame.exe"+65ADB0: 48 8B 8B B0 0A 00 00 - mov rcx,[rbx+00000AB0]
"ShooterGame.exe"+65ADB7: 48 63 C7 - movsxd rax,edi
"ShooterGame.exe"+65ADBA: 4C 8D 34 C5 00 00 00 00 - lea r14,[rax*8+00000000]
"ShooterGame.exe"+65ADC2: 49 8B 0C 0E - mov rcx,[r14+rcx]
"ShooterGame.exe"+65ADC6: E8 B5 2B CA FF - call ShooterGame.exe+2FD980
// ---------- INJECTING HERE ----------
"ShooterGame.exe"+65ADCB: 41 29 87 34 0C 00 00 - sub [r15+00000C34],eax
// ---------- DONE INJECTING ----------
"ShooterGame.exe"+65ADD2: 48 8B 05 27 21 04 03 - mov rax,[ShooterGame.exe+369CF00]
"ShooterGame.exe"+65ADD9: 48 8B 88 D0 01 00 00 - mov rcx,[rax+000001D0]
"ShooterGame.exe"+65ADE0: 48 8B 59 30 - mov rbx,[rcx+30]
"ShooterGame.exe"+65ADE4: 48 85 DB - test rbx,rbx
"ShooterGame.exe"+65ADE7: 75 04 - jne ShooterGame.exe+65ADED
"ShooterGame.exe"+65ADE9: 48 8B 59 28 - mov rbx,[rcx+28]
"ShooterGame.exe"+65ADED: 8B 8B B8 0A 00 00 - mov ecx,[rbx+00000AB8]
"ShooterGame.exe"+65ADF3: 8B C5 - mov eax,ebp
"ShooterGame.exe"+65ADF5: 3B F9 - cmp edi,ecx
"ShooterGame.exe"+65ADF7: 0F 9C C0 - setl al
}
And then, below that would be this:
Code: Select all
[ENABLE]
_setMax:
dd 1
[DISABLE]
_setMax:
dd 0
Then, beneath that would be the pointer, with the address as: _Engrams+C34
With this code, I should be able to turn on and off the functionality of the Engrams being subtracted, as well have the pointer so that I could set the value to whatever number I wanted. In other words, once all Engrams are leveled up to the max, I could zero it out. Or, I could never turn that script on, but I'd have the pointer available to add points whenever I liked.
All of this would hinge on spending an Engram point to begin with, in order to find the code.
Edit: That's not the AOB inject point. That injection point would either be an AOB scan or someplace labeled correctly. Barring that, the code enabled once, then disabled, but then wasn't really disabled and couldn't be enabled again. I couldn't turn on or off anything. Using Cheat Engine on Ark is a weird thing...