is it possible to create a pointer from a simple AA script ?

Memory scanning, code injection, debugger internals and other gamemodding related discussion
bachou
Expert Cheater
Expert Cheater
Posts: 155
Joined: Wed Mar 08, 2017 3:18 pm
Reputation: 1

is it possible to create a pointer from a simple AA script ?

Post by bachou »

hey guys please help me, is it possible to create a pointer from a simple AA script ? example :

Code: Select all

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,Artisan.Neptunia.UI:DataContext:PopuplatoreInventory+4a) 
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here

originalcode:
mov [rcx+18],#999999
movsxd  rcx,dword ptr [rcx+18]
mov [rax+18],ecx

exit:
jmp returnhere

Artisan.Neptunia.UI:DataContext:PopuplatoreInventory+4a:
jmp newmem
nop
nop
returnhere:


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
Artisan.Neptunia.UI:DataContext:PopuplatoreInventory+4a:
movsxd  rcx,dword ptr [rcx+18]
mov [rax+18],ecx
//Alt: db 48 63 49 18 89 48 18
this script give 999999 money, is there a way to make a pointer / multi levels pointer out of this script ?

User avatar
Rysefox
Table Makers
Table Makers
Posts: 863
Joined: Sat Jun 23, 2018 3:32 pm
Reputation: 914

Re: is it possible to create a pointer from a simple AA script ?

Post by Rysefox »

bachou wrote:
Wed Jul 03, 2019 10:32 am
hey guys please help me, is it possible to create a pointer from a simple AA script ? example :

Code: Select all

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,Artisan.Neptunia.UI:DataContext:PopuplatoreInventory+4a) 
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here

originalcode:
mov [rcx+18],#999999
movsxd  rcx,dword ptr [rcx+18]
mov [rax+18],ecx

exit:
jmp returnhere

Artisan.Neptunia.UI:DataContext:PopuplatoreInventory+4a:
jmp newmem
nop
nop
returnhere:


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
Artisan.Neptunia.UI:DataContext:PopuplatoreInventory+4a:
movsxd  rcx,dword ptr [rcx+18]
mov [rax+18],ecx
//Alt: db 48 63 49 18 89 48 18
this script give 999999 money, is there a way to make a pointer / multi levels pointer out of this script ?
---------------------------------------

Code: Select all

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,Artisan.Neptunia.UI:DataContext:PopuplatoreInventory+4a) 
label(returnhere)
label(originalcode)
label(exit)
label(Money)
registersymbol(Money)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here

originalcode:
mov [Money],rcx
movsxd  rcx,dword ptr [rcx+18]
mov [rax+18],ecx

exit:
jmp returnhere
Money:
dq 0
Artisan.Neptunia.UI:DataContext:PopuplatoreInventory+4a:
jmp newmem
nop
nop
returnhere:


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
unregistersymbol(Money)
Artisan.Neptunia.UI:DataContext:PopuplatoreInventory+4a:
movsxd  rcx,dword ptr [rcx+18]
mov [rax+18],ecx
//Alt: db 48 63 49 18 89 48 18
Symbol is money, activate the script, add address manually go to the pointer. Offset is 18 and money is the symbol. I have nothing about the instruction, if it is a direct access you do not have to do anything, or you have to trigger the pointer in which you receive / lose money

bachou
Expert Cheater
Expert Cheater
Posts: 155
Joined: Wed Mar 08, 2017 3:18 pm
Reputation: 1

Re: is it possible to create a pointer from a simple AA script ?

Post by bachou »

i don't understand... so how do i make the pointer :?:
offset is 18 but what about the bottom address (something like "game.exe"+0098A978") << how do i find this

User avatar
Rysefox
Table Makers
Table Makers
Posts: 863
Joined: Sat Jun 23, 2018 3:32 pm
Reputation: 914

Re: is it possible to create a pointer from a simple AA script ?

Post by Rysefox »

bachou wrote:
Wed Jul 03, 2019 11:09 am
i don't understand... so how do i make the pointer :?:
offset is 18 but what about the bottom address (something like "game.exe"+0098A978") << how do i find this
1. Add Address Manually
2. Check Pointer
3. At the bottom do you write Money
4. Offset is 18

I dont know about your instruction, if it accessing directly. When yes pointers load directly. When not you need to trigger it (earn / loose) some gold

bachou
Expert Cheater
Expert Cheater
Posts: 155
Joined: Wed Mar 08, 2017 3:18 pm
Reputation: 1

Re: is it possible to create a pointer from a simple AA script ?

Post by bachou »

i got it working
so you changed mov [rcx+18],#999999 to mov [Money],rcx

but when i tried to do this on another script i got an error

Code: Select all

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,Artisan.Neptunia.UI:DataContext:PopuplatoreInventory+66) 
label(returnhere)
label(originalcode)
label(exit)


newmem: //this is allocated memory, you have read,write,execute access
//place your code here

originalcode:
mov [rcx+1C],#999999
movsxd  rcx,dword ptr [rcx+1C]
mov [rax+1C],ecx

exit:
jmp returnhere

Artisan.Neptunia.UI:DataContext:PopuplatoreInventory+66:
jmp newmem
nop
nop
returnhere:


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
Artisan.Neptunia.UI:DataContext:PopuplatoreInventory+66:
movsxd  rcx,dword ptr [rcx+1C]
mov [rax+1C],ecx
//Alt: db 48 63 49 1C 89 48 1C
i changed it to

Code: Select all

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,Artisan.Neptunia.UI:DataContext:PopuplatoreInventory+66) 
label(returnhere)
label(originalcode)
label(exit)
label(Gem)
registersymbol(Gem)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here

originalcode:
mov [Gem],rcx
movsxd  rcx,dword ptr [rcx+1C]
mov [rax+1C],ecx

exit:
jmp returnhere

Artisan.Neptunia.UI:DataContext:PopuplatoreInventory+66:
jmp newmem
nop
nop
returnhere:


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
Artisan.Neptunia.UI:DataContext:PopuplatoreInventory+66:
movsxd  rcx,dword ptr [rcx+1C]
mov [rax+1C],ecx
//Alt: db 48 63 49 1C 89 48 1C


Not all code is injectable.
(Error in line 7 (label(Gem)) :label Gem is not defined in the script)
Are you sure you want to edit it to this?

what is the problem :?:

User avatar
Rysefox
Table Makers
Table Makers
Posts: 863
Joined: Sat Jun 23, 2018 3:32 pm
Reputation: 914

Re: is it possible to create a pointer from a simple AA script ?

Post by Rysefox »

bachou wrote:
Wed Jul 03, 2019 1:02 pm
i got it working
so you changed mov [rcx+18],#999999 to mov [Money],rcx

but when i tried to do this on another script i got an error

Code: Select all

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,Artisan.Neptunia.UI:DataContext:PopuplatoreInventory+66) 
label(returnhere)
label(originalcode)
label(exit)


newmem: //this is allocated memory, you have read,write,execute access
//place your code here

originalcode:
mov [rcx+1C],#999999
movsxd  rcx,dword ptr [rcx+1C]
mov [rax+1C],ecx

exit:
jmp returnhere

Artisan.Neptunia.UI:DataContext:PopuplatoreInventory+66:
jmp newmem
nop
nop
returnhere:


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
Artisan.Neptunia.UI:DataContext:PopuplatoreInventory+66:
movsxd  rcx,dword ptr [rcx+1C]
mov [rax+1C],ecx
//Alt: db 48 63 49 1C 89 48 1C
i changed it to

Code: Select all

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,Artisan.Neptunia.UI:DataContext:PopuplatoreInventory+66) 
label(returnhere)
label(originalcode)
label(exit)
label(Gem)
registersymbol(Gem)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here

originalcode:
mov [Gem],rcx
movsxd  rcx,dword ptr [rcx+1C]
mov [rax+1C],ecx

exit:
jmp returnhere

Artisan.Neptunia.UI:DataContext:PopuplatoreInventory+66:
jmp newmem
nop
nop
returnhere:


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
Artisan.Neptunia.UI:DataContext:PopuplatoreInventory+66:
movsxd  rcx,dword ptr [rcx+1C]
mov [rax+1C],ecx
//Alt: db 48 63 49 1C 89 48 1C


Not all code is injectable.
(Error in line 7 (label(Gem)) :label Gem is not defined in the script)
Are you sure you want to edit it to this?

what is the problem :?:
Definition is missing. write under jmp returnhere

Code: Select all

Gem:
dq 0 (64 bit form)
and under disable

Code: Select all

unregistersymbol(Gem)

bachou
Expert Cheater
Expert Cheater
Posts: 155
Joined: Wed Mar 08, 2017 3:18 pm
Reputation: 1

Re: is it possible to create a pointer from a simple AA script ?

Post by bachou »

thanks man didn't know i missed those lines
also there's another question : is it hard to update a script after a game update ? the script i'm having is for version 1.0 but the game is on version 1.6 now, those scripts are outdated but i have no idea how to update them, is it hard to do that ?

User avatar
Rysefox
Table Makers
Table Makers
Posts: 863
Joined: Sat Jun 23, 2018 3:32 pm
Reputation: 914

Re: is it possible to create a pointer from a simple AA script ?

Post by Rysefox »

bachou wrote:
Wed Jul 03, 2019 2:26 pm
thanks man didn't know i missed those lines
also there's another question : is it hard to update a script after a game update ? the script i'm having is for version 1.0 but the game is on version 1.6 now, those scripts are outdated but i have no idea how to update them, is it hard to do that ?
When you know what to do, then no

bachou
Expert Cheater
Expert Cheater
Posts: 155
Joined: Wed Mar 08, 2017 3:18 pm
Reputation: 1

Re: is it possible to create a pointer from a simple AA script ?

Post by bachou »

can you help me update them when you have time ? :mrgreen: i'll stream my screen from discord

User avatar
SunBeam
RCE Fanatics
RCE Fanatics
Posts: 4665
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4186

Re: is it possible to create a pointer from a simple AA script ?

Post by SunBeam »

I literally said in my mind "let's see, it starts with a question then digresses into 'help mi plix'". And boom ^ That post :D So predictable.

bachou
Expert Cheater
Expert Cheater
Posts: 155
Joined: Wed Mar 08, 2017 3:18 pm
Reputation: 1

Re: is it possible to create a pointer from a simple AA script ?

Post by bachou »

can anyone help me fix this script : i want to add 5 more address, each of them is +4 from the "potion" pointer

this is my script

Code: Select all

function addMoreAddresses(baseAddress, num, step)
  local al = getAddressList()

  local base = al.createMemoryRecord()
  base.setAddress("potion")
  base.setDescription("items")
  base.Type = vtString
  base.String.Size = 0

  for i=0, num-1 do
    local rec = al.createMemoryRecord()
    local str = string.format("+%X", i * step)
    rec.setAddress(str)
    rec.setDescription(str)
    rec.appendToEntry(base)
  end
end

addMoreAddresses("potion", 5, 4)
and it doesn't work

Image

User avatar
SunBeam
RCE Fanatics
RCE Fanatics
Posts: 4665
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4186

Re: is it possible to create a pointer from a simple AA script ?

Post by SunBeam »

See that "num" there? What happens if you do 'addMoreAddresses("potion", 9, 4)'?

User avatar
Cake-san
Table Makers
Table Makers
Posts: 425
Joined: Sun Mar 26, 2017 4:32 pm
Reputation: 770

Re: is it possible to create a pointer from a simple AA script ?

Post by Cake-san »

Code: Select all

function addMoreAddresses(baseAddress, num, step) 
  for i=1, num do
    local rec = getAddressList().createMemoryRecord()
    local str = string.format("+%X", i * step)
    rec.setAddress(str)
    rec.setDescription(str)
    rec.appendToEntry(getAddressList().getMemoryRecordByDescription(baseAddress))
  end
end

addMoreAddresses("potion", 5, 4)

bachou
Expert Cheater
Expert Cheater
Posts: 155
Joined: Wed Mar 08, 2017 3:18 pm
Reputation: 1

Re: is it possible to create a pointer from a simple AA script ?

Post by bachou »

SunBeam wrote:
Wed Jul 10, 2019 5:31 pm
See that "num" there? What happens if you do 'addMoreAddresses("potion", 9, 4)'?
well i don't know a thing about LUA... i just copied this script on the internet, it worked for adding normal address but not the pointer :mrgreen:
Cake-san wrote:
Wed Jul 10, 2019 6:14 pm

Code: Select all

function addMoreAddresses(baseAddress, num, step) 
 for i=1, num do
 local rec = getAddressList().createMemoryRecord()
 local str = string.format("+%X", i * step)
 rec.setAddress(str)
 rec.setDescription(str)
 rec.appendToEntry(getAddressList().getMemoryRecordByDescription(baseAddress))
 end
end

addMoreAddresses("potion", 5, 4)
thanks gonna try this

bachou
Expert Cheater
Expert Cheater
Posts: 155
Joined: Wed Mar 08, 2017 3:18 pm
Reputation: 1

Re: is it possible to create a pointer from a simple AA script ?

Post by bachou »

digging up thread because i got this new script and don't know what i do to create a pointer

original :

Code: Select all

=]
[ENABLE]
aobscanmodule(fill_bGauge,Atelier_Lulua.exe,0F 48 C6 89 47 10)
alloc(newmem,$1000,"Atelier_Lulua.exe"+E246)

label(code)
label(return)
registersymbol(fill_bGauge)

newmem:

code:
  cmovs eax,esi
  mov [rdi+10],#200 //original: mov [rdi+10],eax
  jmp return

fill_bGauge:
  jmp newmem
  nop
return:


[DISABLE]
fill_bGauge:
  db 0F 48 C6 89 47 10

unregistersymbol(fill_bGauge)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "Atelier_Lulua.exe"+E246

"Atelier_Lulua.exe"+E224: BB 0C 00 00 00        -  mov ebx,0000000C
"Atelier_Lulua.exe"+E229: EB 05                 -  jmp Atelier_Lulua.exe+E230
"Atelier_Lulua.exe"+E22B: BB 03 00 00 00        -  mov ebx,00000003
"Atelier_Lulua.exe"+E230: 01 5F 10              -  add [rdi+10],ebx
"Atelier_Lulua.exe"+E233: B9 C8 00 00 00        -  mov ecx,000000C8
"Atelier_Lulua.exe"+E238: 8B 47 10              -  mov eax,[rdi+10]
"Atelier_Lulua.exe"+E23B: 3B C1                 -  cmp eax,ecx
"Atelier_Lulua.exe"+E23D: 0F 4F C1              -  cmovg eax,ecx
"Atelier_Lulua.exe"+E240: 48 8B 4F 18           -  mov rcx,[rdi+18]
"Atelier_Lulua.exe"+E244: 85 C0                 -  test eax,eax
// ---------- INJECTING HERE ----------
"Atelier_Lulua.exe"+E246: 0F 48 C6              -  cmovs eax,esi
"Atelier_Lulua.exe"+E249: 89 47 10              -  mov [rdi+10],eax
// ---------- DONE INJECTING  ----------
"Atelier_Lulua.exe"+E24C: E8 9F DD 39 00        -  call Atelier_Lulua.exe+3ABFF0
"Atelier_Lulua.exe"+E251: 48 8B 74 24 38        -  mov rsi,[rsp+38]
"Atelier_Lulua.exe"+E256: 48 8B 5C 24 30        -  mov rbx,[rsp+30]
"Atelier_Lulua.exe"+E25B: 48 83 C4 20           -  add rsp,20
"Atelier_Lulua.exe"+E25F: 5F                    -  pop rdi
"Atelier_Lulua.exe"+E260: C3                    -  ret 
"Atelier_Lulua.exe"+E261: CC                    -  int 3 
"Atelier_Lulua.exe"+E262: CC                    -  int 3 
"Atelier_Lulua.exe"+E263: CC                    -  int 3 
"Atelier_Lulua.exe"+E264: CC                    -  int 3 
}
my edit (not working)

Code: Select all

[ENABLE]
aobscanmodule(fill_bGauge,Atelier_Lulua.exe,0F 48 C6 89 47 10)
alloc(newmem,$1000,"Atelier_Lulua.exe"+E246)

label(code)
label(return)
registersymbol(fill_bGauge)
label(AP)
registersymbol(AP)

newmem:

code:
  cmovs eax,esi
  mov [rdi+10],#200 //original: mov [rdi+10],eax
  jmp return

fill_bGauge:
  jmp newmem
AP:
dq 0
  nop
return:


[DISABLE]
fill_bGauge:
  db 0F 48 C6 89 47 10

unregistersymbol(fill_bGauge)
dealloc(newmem)
unregistersymbol(AP)

{
// ORIGINAL CODE - INJECTION POINT: "Atelier_Lulua.exe"+E246

"Atelier_Lulua.exe"+E224: BB 0C 00 00 00        -  mov ebx,0000000C
"Atelier_Lulua.exe"+E229: EB 05                 -  jmp Atelier_Lulua.exe+E230
"Atelier_Lulua.exe"+E22B: BB 03 00 00 00        -  mov ebx,00000003
"Atelier_Lulua.exe"+E230: 01 5F 10              -  add [rdi+10],ebx
"Atelier_Lulua.exe"+E233: B9 C8 00 00 00        -  mov ecx,000000C8
"Atelier_Lulua.exe"+E238: 8B 47 10              -  mov eax,[rdi+10]
"Atelier_Lulua.exe"+E23B: 3B C1                 -  cmp eax,ecx
"Atelier_Lulua.exe"+E23D: 0F 4F C1              -  cmovg eax,ecx
"Atelier_Lulua.exe"+E240: 48 8B 4F 18           -  mov rcx,[rdi+18]
"Atelier_Lulua.exe"+E244: 85 C0                 -  test eax,eax
// ---------- INJECTING HERE ----------
"Atelier_Lulua.exe"+E246: 0F 48 C6              -  cmovs eax,esi
"Atelier_Lulua.exe"+E249: 89 47 10              -  mov [rdi+10],eax
// ---------- DONE INJECTING  ----------
"Atelier_Lulua.exe"+E24C: E8 9F DD 39 00        -  call Atelier_Lulua.exe+3ABFF0
"Atelier_Lulua.exe"+E251: 48 8B 74 24 38        -  mov rsi,[rsp+38]
"Atelier_Lulua.exe"+E256: 48 8B 5C 24 30        -  mov rbx,[rsp+30]
"Atelier_Lulua.exe"+E25B: 48 83 C4 20           -  add rsp,20
"Atelier_Lulua.exe"+E25F: 5F                    -  pop rdi
"Atelier_Lulua.exe"+E260: C3                    -  ret
"Atelier_Lulua.exe"+E261: CC                    -  int 3
"Atelier_Lulua.exe"+E262: CC                    -  int 3
"Atelier_Lulua.exe"+E263: CC                    -  int 3
"Atelier_Lulua.exe"+E264: CC                    -  int 3
}

Post Reply

Who is online

Users browsing this forum: No registered users