game crahs, what the error in my cheat?

Memory scanning, code injection, debugger internals and other gamemodding related discussion
DRDNK1000
Cheater
Cheater
Posts: 33
Joined: Mon May 27, 2019 8:58 pm
Reputation: 6

Re: game crahs, what the error in my cheat?

Post by DRDNK1000 »

GreenHouse wrote:
Sat Jun 29, 2019 8:18 pm
meir_atzmon wrote:
Sat Jun 29, 2019 6:50 pm
sorry i dont understan what screenshot u want
can u give me exeple so i know what to take?
Just the main template of AOB does show some of the nearby code. If I don't know what is doing what, I don't know what's wrong.
According to your script, "FC64.dll"+1F352BE should have what I'm asking for. Go there, and do a screenshot or copy/paste the code that is near that.
movaps xmm1,[rax+00000100]
movaps [rbp+00],xmm1
movaps xmm0,[rax+00000110]
movaps [rbp+10],xmm0
movaps xmm1,[rax+00000120] --the one
movaps [rbp+20],xmm1
test bl,bl

TheByteSize
Expert Cheater
Expert Cheater
Posts: 293
Joined: Sat Mar 04, 2017 7:28 am
Reputation: 232

Re: game crahs, what the error in my cheat?

Post by TheByteSize »

BTW, your're trying to store a 64 bits register into a 32 bits Symbol.
define your symbol with

Code: Select all

dq 0

TimFun13
Expert Cheater
Expert Cheater
Posts: 1354
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 6

Re: game crahs, what the error in my cheat?

Post by TimFun13 »

meir_atzmon wrote:
Sat Jun 29, 2019 8:14 am
...
It might be crashing because you're passing zeros to the value, when you load the saved coordinates.
That and is "teleport" an AOB symbol? It's not set in your script.

With this you're moving 64 bits when you need to move 32 bits for the floating points.

Code: Select all

push rbx
mov rbx,[rax+120]
mov [z_cho],rbx
mov rbx,[rax+124]
mov [x_cho],rbx
mov rbx,[rax+128]
mov [y_cho],rbx
pop rbx
So change it to something like this:

Code: Select all

push rbx
mov ebx,[rax+120]
mov [z_cho],ebx
mov ebx,[rax+124]
mov [x_cho],ebx
mov ebx,[rax+128]
mov [y_cho],ebx
pop rbx
Thus the "dd" is fine but you need to just use the first 32 bits of RBX.


But I would also try to just see if it's the injection point, just use the AOB template and don't add any code and see if it crashes with just the redirect to your script and back to the game's code.


Here is another way of doing it just as an example.

Code: Select all

// This seems to be missing the AOB scan.
// Is "teleport" set with an AOB scan?

assert(teleport, 0F 28 88 20 01 00 00) // I like to use "assert" to insure that I'm in the right place.

alloc(newmem,$1000,"FC64.dll"+1F352BE)
// alloc(newmem,$1000,teleport) // if "teleport" is an AOB symbol then this will work.

label(myCode)
label(load)
label(en_save)
label(en_load)
label(save)
label(z_cho)
label(x_cho)
label(y_cho)
label(code)
label(return)
registersymbol(en_save)
registersymbol(en_load)

newmem:
align 10 // not really needed but insures the aligned instruction won't have any problems.
z_cho: //120
dd (float)0
x_cho:  // 124
dd (float)0
y_cho:  // 128
dd  (float)0
dd 0// Not used just needed for the packed instruction.

en_save:
dd 0

en_load:
dd 0


myCode: // You can just make a label and use that for the redirect so you only need 1 allocation.
cmp [en_save],1
je save
cmp [en_load],1
je load
jmp code


save:
mov [en_save],0
movaps xmm1,[rax+120]
movaps [z_cho],xmm1
jmp return // no need to go to the original code because XMM1 has been set.

load:
mov [en_load],0
movaps xmm1,[z_cho]
movaps [rax+120],xmm1
jmp return // no need to go to the original code because XMM1 has been set.


code:
  movaps xmm1,[rax+120]
  jmp return

teleport:
  jmp myCode // Here you just need to jump to the start of your code.
  nop
  nop
return:
registersymbol(teleport)

[DISABLE]

teleport:
  db 0F 28 88 20 01 00 00

unregistersymbol(en_save)
unregistersymbol(en_load)
unregistersymbol(teleport)
dealloc(newmem)

User avatar
SunBeam
Administration
Administration
Posts: 4704
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4287

Re: game crahs, what the error in my cheat?

Post by SunBeam »

Anyone asked him the version he's playing? I just recorded a video over FC4's VMProtect integrity check. Latest version on Steam/UPlay (1.10) doesn't have those checks in anymore. Older ones do, however not sure up until which version. I used 1.3 in my video here.

In short: in older versions of the game when you enter game world or exit to main menu there's an integrity check over the game's executable code running. If you've used a script that modifies at least 1 byte of that executable code, the game crashes. Hence why everyone said in the past to "disable it before entering game world or when exiting".

DRDNK1000
Cheater
Cheater
Posts: 33
Joined: Mon May 27, 2019 8:58 pm
Reputation: 6

Re: game crahs, what the error in my cheat?

Post by DRDNK1000 »

ShyTwig16 wrote:
Wed Jul 03, 2019 11:06 pm
meir_atzmon wrote:
Sat Jun 29, 2019 8:14 am
...
thank you
i tried my hack in another game and it workd
i tried the cheat on fc4 again only yhit the X and it still crush haha.

also if i talk to you
big thx for your toturials, i learn from the, a lot.

Post Reply

Who is online

Users browsing this forum: No registered users