How to Create script?

[BlackDragon2121]

For the games I play, I can find just about any value I look for. I know what scans to use, I know how to view where they come from, where they write too etc... I just cant figure out how to like put it at the bottom and make the little box to activate it and deactivate it. Frankly its kind of tiresome to refind values and make my cheats from scratch everytime i boot up a game. I've done the CE tutorial a few times, and im just not comprehending it I guess. Would really appreciate some guidance.

[BlackDragon2121]

This is as far as I get, I just want to be able to make that static, or something that gets the address, so the next time i load into the game I'm able to just toggle it on/off, and also upload scripts im working on, and planning to make

[TimFun13]

Here is a tutorial for setting up an injection script.
viewtopic.php?f=11&t=6539

Check out this tutorial, in the step 9 video I go over adding a value to create your own pointer (look for "ptrStep9"). But I'd say to do the whole set since each builds on what the last one had.
viewtopic.php?f=11&t=9400&p=89674#p89674

[BlackDragon2121]

Here is a tutorial for setting up an injection script.
viewtopic.php?f=11&t=6539

Check out this tutorial, in the step 9 video I go over adding a value to create your own pointer (look for "ptrStep9"). But I'd say to do the whole set since each builds on what the last one had.
viewtopic.php?f=11&t=9400&p=89674#p89674

Thank you! Now I just gotta figure out how to make it stay in one spot!

[BlackDragon2121]

Here is a tutorial for setting up an injection script.
viewtopic.php?f=11&t=6539

Check out this tutorial, in the step 9 video I go over adding a value to create your own pointer (look for "ptrStep9"). But I'd say to do the whole set since each builds on what the last one had.
viewtopic.php?f=11&t=9400&p=89674#p89674

So this is where I am, I've isolated my code, triple checked to make sure this is the address it comes back to, Following your videos i'm now trying to make my pointer. The thing is, whenever I add the address manually, there is no offset to put in place like your video. Im sure you touched on that somewhere else but my brain is fried xD
Here is the original code:
{ Game : NSUNS4.exe

Code: Select all

{ Game   : NSUNS4.exe
  Version: 
  Date   : 2021-05-07
  Author : thebl

  This script does blah blah blah
}

define(address,"NSUNS4.exe"+74B610)
define(bytes,F3 0F 11 40 18)

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

 
 
assert(address,bytes)
alloc(newmem,$1000,"NSUNS4.exe"+74B610)

label(code)
label(return)

newmem:

code:
  movss [rax+18],xmm0
  jmp return

address:
  jmp newmem
return:

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
address:
  db bytes
  // movss [rax+18],xmm0

dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: NSUNS4.exe+74B610

NSUNS4.exe+74B5ED: 0F 28 F2        - movaps xmm6,xmm2
NSUNS4.exe+74B5F0: E8 27 FD FF FF  - call NSUNS4.exe+74B31C
NSUNS4.exe+74B5F5: 48 85 C0        - test rax,rax
NSUNS4.exe+74B5F8: 74 22           - je NSUNS4.exe+74B61C
NSUNS4.exe+74B5FA: F3 0F 10 48 1C  - movss xmm1,[rax+1C]
NSUNS4.exe+74B5FF: F3 0F 10 40 18  - movss xmm0,[rax+18]
NSUNS4.exe+74B604: 0F 2F C1        - comiss xmm0,xmm1
NSUNS4.exe+74B607: 73 13           - jae NSUNS4.exe+74B61C
NSUNS4.exe+74B609: F3 0F 58 C6     - addss xmm0,xmm6
NSUNS4.exe+74B60D: 0F 2F C1        - comiss xmm0,xmm1
// ---------- INJECTING HERE ----------
NSUNS4.exe+74B610: F3 0F 11 40 18  - movss [rax+18],xmm0
// ---------- DONE INJECTING  ----------
NSUNS4.exe+74B615: 76 05           - jna NSUNS4.exe+74B61C
NSUNS4.exe+74B617: F3 0F 11 48 18  - movss [rax+18],xmm1
NSUNS4.exe+74B61C: 0F 28 74 24 20  - movaps xmm6,[rsp+20]
NSUNS4.exe+74B621: 48 83 C4 38     - add rsp,38
NSUNS4.exe+74B625: C3              - ret 
NSUNS4.exe+74B626: CC              - int 3 
NSUNS4.exe+74B627: CC              - int 3 
NSUNS4.exe+74B628: 48 83 EC 38     - sub rsp,38
NSUNS4.exe+74B62C: 0F 29 74 24 20  - movaps [rsp+20],xmm6
NSUNS4.exe+74B631: 0F 28 F2        - movaps xmm6,xmm2
}

And here is how i'm trying to add the pointer in:

Code: Select all

{ Game   : NSUNS4.exe
  Version:
  Date   : 2021-05-07
  Author : thebl

  This script does blah blah blah
}

define(address,"NSUNS4.exe"+74B610)
define(bytes,F3 0F 11 40 18)

[ENABLE]

assert(address,bytes)
alloc(newmem,$1000,"NSUNS4.exe"+74B610)

label(code)
label(return)

label(ptrChakra)
registerSymbol(ptrChakra)
newmem:
	ptrChakra:
	  dd 0
       mov [ptrChakra],rax
code:
  movss [rax+18],xmm0
  jmp return

address:
  jmp newmem
return:

[DISABLE]

address:
  db bytes
  // movss [rax+18],xmm0

unregisterSymbol(ptrChakra)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: NSUNS4.exe+74B610

NSUNS4.exe+74B5ED: 0F 28 F2        - movaps xmm6,xmm2
NSUNS4.exe+74B5F0: E8 27 FD FF FF  - call NSUNS4.exe+74B31C
NSUNS4.exe+74B5F5: 48 85 C0        - test rax,rax
NSUNS4.exe+74B5F8: 74 22           - je NSUNS4.exe+74B61C
NSUNS4.exe+74B5FA: F3 0F 10 48 1C  - movss xmm1,[rax+1C]
NSUNS4.exe+74B5FF: F3 0F 10 40 18  - movss xmm0,[rax+18]
NSUNS4.exe+74B604: 0F 2F C1        - comiss xmm0,xmm1
NSUNS4.exe+74B607: 73 13           - jae NSUNS4.exe+74B61C
NSUNS4.exe+74B609: F3 0F 58 C6     - addss xmm0,xmm6
NSUNS4.exe+74B60D: 0F 2F C1        - comiss xmm0,xmm1
// ---------- INJECTING HERE ----------
NSUNS4.exe+74B610: F3 0F 11 40 18  - movss [rax+18],xmm0
// ---------- DONE INJECTING  ----------
NSUNS4.exe+74B615: 76 05           - jna NSUNS4.exe+74B61C
NSUNS4.exe+74B617: F3 0F 11 48 18  - movss [rax+18],xmm1
NSUNS4.exe+74B61C: 0F 28 74 24 20  - movaps xmm6,[rsp+20]
NSUNS4.exe+74B621: 48 83 C4 38     - add rsp,38
NSUNS4.exe+74B625: C3              - ret
NSUNS4.exe+74B626: CC              - int 3
NSUNS4.exe+74B627: CC              - int 3
NSUNS4.exe+74B628: 48 83 EC 38     - sub rsp,38
NSUNS4.exe+74B62C: 0F 29 74 24 20  - movaps [rsp+20],xmm6
NSUNS4.exe+74B631: 0F 28 F2        - movaps xmm6,xmm2
}

I dont exactly understand what the code is saying either with the terms like :rax,xmm0, movss and such. Im kinda picking up on it but im basically at a beginner level. Thanks for any tips!

[TimFun13]

...

I like to use [Link] for checking ASM I don't know, or forgot. The [Link] has a far amount of the ASM commands, and will likely have a more CE style usage.

For adding the address just click the pointer check box, that will give you an offset option. I probably just clicked it and forgot to mention it, not sure really. You can also just use a bracket notation for the address and it will work like a pointer (e.g. [ptrChakra]+18).

If you put the stored values at the start of the allocated memory ("newmem"). You need to put a label below it and jump to that. Else you'll be executing what ever bytes the stored value holds. I just like to put it at the start for some reason, but most people just stick it at the end of the allocated memory.

With movss [rax+18],xmm0, MOVSS is just writing a single (32 bits) float value from the XMM0 registry to the address at EAX+0x18.

Here is the script with the stored value a the start of "newmem":

Code: Select all

{ Game   : NSUNS4.exe
  Version:
  Date   : 2021-05-07
  Author : thebl

  This script does blah blah blah
}

define(address,"NSUNS4.exe"+74B610)
define(bytes,F3 0F 11 40 18)

[ENABLE]

assert(address,bytes)
alloc(newmem,$1000,"NSUNS4.exe"+74B610)

label(n_code)
label(o_code)
label(return)

label(ptrChakra)
registerSymbol(ptrChakra)
newmem:
  ptrChakra:
    dd 0
  n_code:
    mov [ptrChakra],rax
  o_code:
    movss [rax+18],xmm0
    jmp return

address:
  jmp n_code
  return:

[DISABLE]

address:
  db bytes
  // movss [rax+18],xmm0

unregisterSymbol(ptrChakra)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: NSUNS4.exe+74B610

NSUNS4.exe+74B5ED: 0F 28 F2        - movaps xmm6,xmm2
NSUNS4.exe+74B5F0: E8 27 FD FF FF  - call NSUNS4.exe+74B31C
NSUNS4.exe+74B5F5: 48 85 C0        - test rax,rax
NSUNS4.exe+74B5F8: 74 22           - je NSUNS4.exe+74B61C
NSUNS4.exe+74B5FA: F3 0F 10 48 1C  - movss xmm1,[rax+1C]
NSUNS4.exe+74B5FF: F3 0F 10 40 18  - movss xmm0,[rax+18]
NSUNS4.exe+74B604: 0F 2F C1        - comiss xmm0,xmm1
NSUNS4.exe+74B607: 73 13           - jae NSUNS4.exe+74B61C
NSUNS4.exe+74B609: F3 0F 58 C6     - addss xmm0,xmm6
NSUNS4.exe+74B60D: 0F 2F C1        - comiss xmm0,xmm1
// ---------- INJECTING HERE ----------
NSUNS4.exe+74B610: F3 0F 11 40 18  - movss [rax+18],xmm0
// ---------- DONE INJECTING  ----------
NSUNS4.exe+74B615: 76 05           - jna NSUNS4.exe+74B61C
NSUNS4.exe+74B617: F3 0F 11 48 18  - movss [rax+18],xmm1
NSUNS4.exe+74B61C: 0F 28 74 24 20  - movaps xmm6,[rsp+20]
NSUNS4.exe+74B621: 48 83 C4 38     - add rsp,38
NSUNS4.exe+74B625: C3              - ret
NSUNS4.exe+74B626: CC              - int 3
NSUNS4.exe+74B627: CC              - int 3
NSUNS4.exe+74B628: 48 83 EC 38     - sub rsp,38
NSUNS4.exe+74B62C: 0F 29 74 24 20  - movaps [rsp+20],xmm6
NSUNS4.exe+74B631: 0F 28 F2        - movaps xmm6,xmm2
}

Here is the script with the stored value a the end of "newmem":

Code: Select all

{ Game   : NSUNS4.exe
  Version:
  Date   : 2021-05-07
  Author : thebl

  This script does blah blah blah
}

define(address,"NSUNS4.exe"+74B610)
define(bytes,F3 0F 11 40 18)

[ENABLE]

assert(address,bytes)
alloc(newmem,$1000,"NSUNS4.exe"+74B610)

label(code)
label(return)

label(ptrChakra)
registerSymbol(ptrChakra)
newmem:
  mov [ptrChakra],rax
  code:
    movss [rax+18],xmm0
    jmp return
  ptrChakra:
    dd 0

address:
  jmp newmem
  return:

[DISABLE]

address:
  db bytes
  // movss [rax+18],xmm0

unregisterSymbol(ptrChakra)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: NSUNS4.exe+74B610

NSUNS4.exe+74B5ED: 0F 28 F2        - movaps xmm6,xmm2
NSUNS4.exe+74B5F0: E8 27 FD FF FF  - call NSUNS4.exe+74B31C
NSUNS4.exe+74B5F5: 48 85 C0        - test rax,rax
NSUNS4.exe+74B5F8: 74 22           - je NSUNS4.exe+74B61C
NSUNS4.exe+74B5FA: F3 0F 10 48 1C  - movss xmm1,[rax+1C]
NSUNS4.exe+74B5FF: F3 0F 10 40 18  - movss xmm0,[rax+18]
NSUNS4.exe+74B604: 0F 2F C1        - comiss xmm0,xmm1
NSUNS4.exe+74B607: 73 13           - jae NSUNS4.exe+74B61C
NSUNS4.exe+74B609: F3 0F 58 C6     - addss xmm0,xmm6
NSUNS4.exe+74B60D: 0F 2F C1        - comiss xmm0,xmm1
// ---------- INJECTING HERE ----------
NSUNS4.exe+74B610: F3 0F 11 40 18  - movss [rax+18],xmm0
// ---------- DONE INJECTING  ----------
NSUNS4.exe+74B615: 76 05           - jna NSUNS4.exe+74B61C
NSUNS4.exe+74B617: F3 0F 11 48 18  - movss [rax+18],xmm1
NSUNS4.exe+74B61C: 0F 28 74 24 20  - movaps xmm6,[rsp+20]
NSUNS4.exe+74B621: 48 83 C4 38     - add rsp,38
NSUNS4.exe+74B625: C3              - ret
NSUNS4.exe+74B626: CC              - int 3
NSUNS4.exe+74B627: CC              - int 3
NSUNS4.exe+74B628: 48 83 EC 38     - sub rsp,38
NSUNS4.exe+74B62C: 0F 29 74 24 20  - movaps [rsp+20],xmm6
NSUNS4.exe+74B631: 0F 28 F2        - movaps xmm6,xmm2
}

[BlackDragon2121]

...

I like to use [Link] for checking ASM I don't know, or forgot. The [Link] has a far amount of the ASM commands, and will likely have a more CE style usage.

For adding the address just click the pointer check box, that will give you an offset option. I probably just clicked it and forgot to mention it, not sure really. You can also just use a bracket notation for the address and it will work like a pointer (e.g. [ptrChakra]+18).

If you put the stored values at the start of the allocated memory ("newmem"). You need to put a label below it and jump to that. Else you'll be executing what ever bytes the stored value holds. I just like to put it at the start for some reason, but most people just stick it at the end of the allocated memory.

With movss [rax+18],xmm0, MOVSS is just writing a single (32 bits) float value from the XMM0 registry to the address at EAX+0x18.

Here is the script with the stored value a the start of "newmem":

Code: Select all

{ Game   : NSUNS4.exe
  Version:
  Date   : 2021-05-07
  Author : thebl

  This script does blah blah blah
}

define(address,"NSUNS4.exe"+74B610)
define(bytes,F3 0F 11 40 18)

[ENABLE]

assert(address,bytes)
alloc(newmem,$1000,"NSUNS4.exe"+74B610)

label(n_code)
label(o_code)
label(return)

label(ptrChakra)
registerSymbol(ptrChakra)
newmem:
	ptrChakra:
	  dd 0
  n_code:
    mov [ptrChakra],rax
  o_code:
    movss [rax+18],xmm0
    jmp return

address:
  jmp n_code
  return:

[DISABLE]

address:
  db bytes
  // movss [rax+18],xmm0

unregisterSymbol(ptrChakra)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: NSUNS4.exe+74B610

NSUNS4.exe+74B5ED: 0F 28 F2        - movaps xmm6,xmm2
NSUNS4.exe+74B5F0: E8 27 FD FF FF  - call NSUNS4.exe+74B31C
NSUNS4.exe+74B5F5: 48 85 C0        - test rax,rax
NSUNS4.exe+74B5F8: 74 22           - je NSUNS4.exe+74B61C
NSUNS4.exe+74B5FA: F3 0F 10 48 1C  - movss xmm1,[rax+1C]
NSUNS4.exe+74B5FF: F3 0F 10 40 18  - movss xmm0,[rax+18]
NSUNS4.exe+74B604: 0F 2F C1        - comiss xmm0,xmm1
NSUNS4.exe+74B607: 73 13           - jae NSUNS4.exe+74B61C
NSUNS4.exe+74B609: F3 0F 58 C6     - addss xmm0,xmm6
NSUNS4.exe+74B60D: 0F 2F C1        - comiss xmm0,xmm1
// ---------- INJECTING HERE ----------
NSUNS4.exe+74B610: F3 0F 11 40 18  - movss [rax+18],xmm0
// ---------- DONE INJECTING  ----------
NSUNS4.exe+74B615: 76 05           - jna NSUNS4.exe+74B61C
NSUNS4.exe+74B617: F3 0F 11 48 18  - movss [rax+18],xmm1
NSUNS4.exe+74B61C: 0F 28 74 24 20  - movaps xmm6,[rsp+20]
NSUNS4.exe+74B621: 48 83 C4 38     - add rsp,38
NSUNS4.exe+74B625: C3              - ret
NSUNS4.exe+74B626: CC              - int 3
NSUNS4.exe+74B627: CC              - int 3
NSUNS4.exe+74B628: 48 83 EC 38     - sub rsp,38
NSUNS4.exe+74B62C: 0F 29 74 24 20  - movaps [rsp+20],xmm6
NSUNS4.exe+74B631: 0F 28 F2        - movaps xmm6,xmm2
}

Here is the script with the stored value a the end of "newmem":

Code: Select all

{ Game   : NSUNS4.exe
  Version:
  Date   : 2021-05-07
  Author : thebl

  This script does blah blah blah
}

define(address,"NSUNS4.exe"+74B610)
define(bytes,F3 0F 11 40 18)

[ENABLE]

assert(address,bytes)
alloc(newmem,$1000,"NSUNS4.exe"+74B610)

label(code)
label(return)

label(ptrChakra)
registerSymbol(ptrChakra)
newmem:
  mov [ptrChakra],rax
  code:
    movss [rax+18],xmm0
    jmp return
  ptrChakra:
    dd 0

address:
  jmp newmem
  return:

[DISABLE]

address:
  db bytes
  // movss [rax+18],xmm0

unregisterSymbol(ptrChakra)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: NSUNS4.exe+74B610

NSUNS4.exe+74B5ED: 0F 28 F2        - movaps xmm6,xmm2
NSUNS4.exe+74B5F0: E8 27 FD FF FF  - call NSUNS4.exe+74B31C
NSUNS4.exe+74B5F5: 48 85 C0        - test rax,rax
NSUNS4.exe+74B5F8: 74 22           - je NSUNS4.exe+74B61C
NSUNS4.exe+74B5FA: F3 0F 10 48 1C  - movss xmm1,[rax+1C]
NSUNS4.exe+74B5FF: F3 0F 10 40 18  - movss xmm0,[rax+18]
NSUNS4.exe+74B604: 0F 2F C1        - comiss xmm0,xmm1
NSUNS4.exe+74B607: 73 13           - jae NSUNS4.exe+74B61C
NSUNS4.exe+74B609: F3 0F 58 C6     - addss xmm0,xmm6
NSUNS4.exe+74B60D: 0F 2F C1        - comiss xmm0,xmm1
// ---------- INJECTING HERE ----------
NSUNS4.exe+74B610: F3 0F 11 40 18  - movss [rax+18],xmm0
// ---------- DONE INJECTING  ----------
NSUNS4.exe+74B615: 76 05           - jna NSUNS4.exe+74B61C
NSUNS4.exe+74B617: F3 0F 11 48 18  - movss [rax+18],xmm1
NSUNS4.exe+74B61C: 0F 28 74 24 20  - movaps xmm6,[rsp+20]
NSUNS4.exe+74B621: 48 83 C4 38     - add rsp,38
NSUNS4.exe+74B625: C3              - ret
NSUNS4.exe+74B626: CC              - int 3
NSUNS4.exe+74B627: CC              - int 3
NSUNS4.exe+74B628: 48 83 EC 38     - sub rsp,38
NSUNS4.exe+74B62C: 0F 29 74 24 20  - movaps [rsp+20],xmm6
NSUNS4.exe+74B631: 0F 28 F2        - movaps xmm6,xmm2
}

Okay, Let me try and read all of the wiki and take notes Ill get back to you if Hit another issue. Thanks again man, youre awesome!