Looking for direction: Reading health after restart

[deten]

Hi Folks,

I am trying to get started and, well, its tough to search for things because all the lingo isnt something you know until later on. I tried searching for what I wanted to do (and also for a discord channel) but couldnt find it.

None the less, here is what is going on. I just want to read health and find a way to read health even after closing and restarting the game. My end goal, is to somehow pass this over to AutoHotkey or if CE has the capability, make it so I do certain actions in game if my health hits a certain point.

I found the "health" in a game but its not straightforward its a giant number that changes when health changes but I dont completely understand the correlation.

[Link]

Then I looked at what "wrote" to this and found this:
[Link]

Here is where I get stuck. I dont want to EDIT the health I just want to read it or find a way to get to the same thing even if I close and open the game back up.

[GreenHouse]

It's not a giant number, it's just that you have it as a 4byte when it probably is a Float.
If you want to read it after every restart, you need to make an aobscan script for that instruction and mov the value (rax+08) to your alloc.
Add a 'globalalloc(health,4)' on top of the script but under enable, and on top of the mov make a 'mov [health],rax'. And then add [health+08] to the address list.
And as far as I know, you can't pass the value to AutoHotkey.

[deten]

Thanks Greenhouse. Can I use Templates for this? I am completely new to this and really dont know where to start. I found the correct float address now and you can see that below.

I am not sure exactly how to do that, but maybe I can post here the float and you can point me in the right direction? I appreciate the help!

Here's what I see right now, and I think these are right: [Link]

Seeing what writes to these shows me this: [Link]

This is RDI + 50 so I think what I do is this: [Link]

But this is where I am stuck (if I even did it right in the first place). I am not sure how to now make a script from this.

[deten]

Unfortunately I had to start again, but heres what I did. Found the Float and then did an AOB injection template. This was autopopulated.

I added your recommendations:

• mov the value (rax+08) to your alloc.
  
  Add a 'globalalloc(health,4)' on top of the script but under enable
  
  on top of the mov make a 'mov [health],rax'
  
  add [health+08] to the address list.

Does this look right?

Code: Select all

[ENABLE]

aobscan(injCoordHook,89 50 08 48 63 49 0C 89 48 0C 0F B6 86) // should be unique
alloc(newmem,$1000,13415A6622E)
globalalloc(health,4)

label(code)
label(return)

newmem:

code:
  mov [health],rax
  mov [rax+08],edx
  movsxd  rcx,dword ptr [rcx+0C]
  jmp return

injCoordHook:
  jmp newmem
  nop 2
return:
registersymbol(injCoordHook)

[DISABLE]

injCoordHook:
  db 89 50 08 48 63 49 0C

unregistersymbol(injCoordHook)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: 13415A6622E

13415A66208: 41 FF D3                       -  call r11
13415A6620B: 85 C0                          -  test eax,eax
13415A6620D: 0F 84 4C 00 00 00              -  je 13415A6625F
13415A66213: 48 8B 4D C0                    -  mov rcx,[rbp-40]
13415A66217: 48 8D 86 F8 00 00 00           -  lea rax,[rsi+000000F8]
13415A6621E: 48 63 11                       -  movsxd  rdx,dword ptr [rcx]
13415A66221: 89 10                          -  mov [rax],edx
13415A66223: 48 63 51 04                    -  movsxd  rdx,dword ptr [rcx+04]
13415A66227: 89 50 04                       -  mov [rax+04],edx
13415A6622A: 48 63 51 08                    -  movsxd  rdx,dword ptr [rcx+08]
// ---------- INJECTING HERE ----------
13415A6622E: 89 50 08                       -  mov [rax+08],edx
13415A66231: 48 63 49 0C                    -  movsxd  rcx,dword ptr [rcx+0C]
// ---------- DONE INJECTING  ----------
13415A66235: 89 48 0C                       -  mov [rax+0C],ecx
13415A66238: 0F B6 86 E8 00 00 00           -  movzx eax,byte ptr [rsi+000000E8]
13415A6623F: 85 C0                          -  test eax,eax
13415A66241: 74 10                          -  je 13415A66253
13415A66243: 48 8B CE                       -  mov rcx,rsi
13415A66246: 49 BB 10 63 A6 15 34 01 00 00  -  mov r11,0000013415A66310
13415A66250: 41 FF D3                       -  call r11
13415A66253: 48 8B CE                       -  mov rcx,rsi
13415A66256: 48 8B 06                       -  mov rax,[rsi]
13415A66259: FF 90 30 01 00 00              -  call qword ptr [rax+00000130]
}

[GreenHouse]

Does this look right?

Yes, that's what I meant.
So now adding [health]+8 to the list should give you the address when it's written. Unless that instruction does write multiple addresses, in that case you'll need to do some other things first.

[deten]

Does this look right?

Yes, that's what I meant.
So now adding [health]+8 to the list should give you the address when it's written. Unless that instruction does write multiple addresses, in that case you'll need to do some other things first.

Can you clarify what you meant by:

• mov the value (rax+08) to your alloc.

I dont know if I did that...

Additionally what do you mean by:

• adding [health]+8 to the list should give you the address

How do I add that to the list?

[deten]

Okay question, I think I figured out what I want to do and its a lot more simple than I thought.

The below code finds (2) different values.
One is the MAX health: 00 00 80
The other is Current Health: ?? ?? ??

If they are equal, then both are 00 00 80. How can I distinguish between these two?

Code: Select all

[ENABLE]
aobscan(health,?? ?? ?? 3F 00 00 80 3F 01 00 80 3F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 80 3F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 80 3F 00 00 00 00 0F 00 E0 41 12)
label(louhealth)
registersymbol(louhealth)

health:
louhealth:

[DISABLE]
unregistersymbol(louhealth)

[GreenHouse]

If they are equal, then both are 00 00 80. How can I distinguish between these two?

What do you mean by 'The below code finds (2) different values'? If you're searching for the actual value that way, you could always do a bigger aobscan. Compare both results and search for a difference and add it to the aobscan, so you'll only get one and not two.

[deten]

So in game, theres "max health" (changes based on strength) and "Current Health"

WHen you first start up the game, you have 100% health, so these are equal, so it finds two values in cheat engine.