Can I Nop Opcode from script?

[jmkdev]

Hello. I'm working on a freecam mod for an emulated PS2 game. It works fine so far, but I have to manually Nop certain Opcodes that set the camera position. The addresses for these opcodes always stay the same. How do I Nop an opcode from within a Lua script?

[YoucefHam]

Hello. I'm working on a freecam mod for an emulated PS2 game. It works fine so far, but I have to manually Nop certain Opcodes that set the camera position. The addresses for these opcodes always stay the same. How do I Nop an opcode from within a Lua script?

Hi,
Try this Script

Code: Select all

{$lua}
if syntaxcheck then return end
[ENABLE]
autoAssemble([[
"Tutorial-i386.exe"+2C40:
nop 7
]])
[DISABLE]
autoAssemble([[
"Tutorial-i386.exe"+2C40:
db FF 24 8D 50 2C 40 00
]])
{$asm}

{
// ORIGINAL CODE - INJECTION POINT: "Tutorial-i386.exe"+2C40

"Tutorial-i386.exe"+2C2B: 9C                    -  pushfd
"Tutorial-i386.exe"+2C2C: 58                    -  pop eax
"Tutorial-i386.exe"+2C2D: 33 04 24              -  xor eax,[esp]
"Tutorial-i386.exe"+2C30: 9D                    -  popfd
"Tutorial-i386.exe"+2C31: A9 00 00 20 00        -  test eax,00200000
"Tutorial-i386.exe"+2C36: 0F 95 C0              -  setne al
"Tutorial-i386.exe"+2C39: C3                    -  ret
"Tutorial-i386.exe"+2C3A: 00 00                 -  add [eax],al
"Tutorial-i386.exe"+2C3C: 00 00                 -  add [eax],al
"Tutorial-i386.exe"+2C3E: 00 00                 -  add [eax],al
// ---------- INJECTING HERE ----------
"Tutorial-i386.exe"+2C40: FF 24 8D 50 2C 40 00  -  jmp dword ptr [ecx*4+Tutorial-i386.exe+2C50]
// ---------- DONE INJECTING  ----------
"Tutorial-i386.exe"+2C47: 8D B4 26 00 00 00 00  -  lea esi,[esi+00000000]
"Tutorial-i386.exe"+2C4E: 89 F6                 -  mov esi,esi
"Tutorial-i386.exe"+2C50: D2 2D 40 00 CB 2D     -  shr byte ptr [2DCB0040],cl
"Tutorial-i386.exe"+2C56: 40                    -  inc eax
"Tutorial-i386.exe"+2C57: 00 92 2D 40 00 52     -  add [edx+5200402D],dl
"Tutorial-i386.exe"+2C5D: 2D 40 00 14 2D        -  sub eax,2D140040
"Tutorial-i386.exe"+2C62: 40                    -  inc eax
"Tutorial-i386.exe"+2C63: 00 C5                 -  add ch,al
"Tutorial-i386.exe"+2C65: 2D 40 00 8C 2D        -  sub eax,2D8C0040
"Tutorial-i386.exe"+2C6A: 40                    -  inc eax
}

[jmkdev]

Can you explain what exactly this is doing? From what I gather you are NOPing address 2C40. Is that correct?

[YoucefHam]

2C40 its an offset of static address "Tutorial-i386.exe", you can use this like this

autoAssemble([[
address:
nop 7
]])

7 is the number of bytes in that address.

[jmkdev]

Hello. I was able to use what you said to nop a certain address, but now I'm having a different issue.
The opcode address changes every time the game resets. I need to look at what opcodes are accessing an address, like when you right click on an address and click "Find out what writes to this address." Is this possible at all (I assume not)

[aSwedishMagyar]

Hello. I was able to use what you said to nop a certain address, but now I'm having a different issue.
The opcode address changes every time the game resets. I need to look at what opcodes are accessing an address, like when you right click on an address and click "Find out what writes to this address." Is this possible at all (I assume not)

Use an AOB scan. Find the opcode by using "Find out what writes to this address". When the opcode shows up click "Show Disassembler" then go to tools and click "Auto Assemble" select the AOB injection template. It will generate an AOB which you can then use in your Lua script if you need to.

[SunBeam]

The addresses for these opcodes always stay the same

OK.

The opcode address changes every time the game resets.

Guess the previous statement isn't what you thought. You're in an emulator..