Help create a script to find game instance

DH264 · Post by **DH264** » Tue Feb 13, 2024 7:48 pm

Hello,

I am using mono and found a class called GameManager which has the value of game instance below:

Now i want to create a script that will find this value automatically so i can populate pointers based on this address.

I am not sure how to trace where this value is coming from in the disassembler.

Thank you for the help

Toga · Post by **Toga** » Wed Feb 21, 2024 8:53 am

not rly sure what you mean
but JIT the method... set a breakpoint... then create an AOB ? ( not a fan here of using mono names )

Uknown coder · Post by **Uknown coder** » Fri Feb 23, 2024 2:10 pm

Hell every one i made aa script that changes certain values via code injection and it works fine

(dont blame me if code look clunky i made it via teplates cuz im new to aa scripts)

now what i want is to easy manipulate value that i changed (0x32) from adress list

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

aobscanmodule(INJECT,Stronghold_Crusader_Extreme.exe,66 89 86 C4 D3 45 01 5E 5D 5B C3 66 83 FA 07) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:

code:
mov [esi+Stronghold_Crusader_Extreme.exe+105D3C4],0x32
jmp return

INJECT:
jmp newmem
nop 2
return:
registersymbol(INJECT)

aobscanmodule(INJECT2,Stronghold_Crusader_Extreme.exe,66 89 86 C4 D3 45 01 57 B9 28 CA 45 01 66 C7) // should be unique
alloc(newmem2,$1000)

label(code2)
label(return2)

newmem2:

code2:
mov [esi+Stronghold_Crusader_Extreme.exe+105D3C4],0x32
jmp return2

INJECT2:
jmp newmem2
nop 2
return2:
registersymbol(INJECT2)

aobscanmodule(INJECT3,Stronghold_Crusader_Extreme.exe,66 89 86 C4 D3 45 01 5E 5D 5B C3 66 83 FA 05 0F 85 B2) // should be unique
alloc(newmem3,$1000)

label(code3)
label(return3)

newmem3:

code3:
mov [esi+Stronghold_Crusader_Extreme.exe+105D3C4],0x32
jmp return3

INJECT3:
jmp newmem3
nop 2
return3:
registersymbol(INJECT3)

aobscanmodule(INJECT4,Stronghold_Crusader_Extreme.exe,66 89 86 C4 D3 45 01 5E 5D 5B C3 66 83 FA 05 0F 85 E1) // should be unique
alloc(newmem4,$1000)

label(code4)
label(return4)

newmem4:

code4:
mov [esi+Stronghold_Crusader_Extreme.exe+105D3C4],0x32
jmp return4

INJECT4:
jmp newmem4
nop 2
return4:
registersymbol(INJECT4)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT:
db 66 89 86 C4 D3 45 01

unregistersymbol(INJECT)
dealloc(newmem)

INJECT2:
db 66 89 86 C4 D3 45 01

unregistersymbol(INJECT2)
dealloc(newmem2)

INJECT3:
db 66 89 86 C4 D3 45 01

unregistersymbol(INJECT3)
dealloc(newmem3)

INJECT4:
db 66 89 86 C4 D3 45 01

unregistersymbol(INJECT4)
dealloc(newmem4)

LeFiXER · Post by **LeFiXER** » Fri Feb 23, 2024 3:52 pm

Firstly, you should make your own thread rather than hijack this one.

Uknown coder wrote: ↑

Fri Feb 23, 2024 2:10 pm

Hell every one i made aa script that changes certain values via code injection and it works fine

(dont blame me if code look clunky i made it via teplates cuz im new to aa scripts)

now what i want is to easy manipulate value that i changed (0x32) from adress list

Code: Select all

[ENABLE]
aobscanmodule(INJECT,Stronghold_Crusader_Extreme.exe,66 89 86 C4 D3 45 01 5E 5D 5B C3 66 83 FA 07) // should be unique
alloc(newmem,$1000)

label(code)
label(return)
label(mycustomvalue1)
label(mycustomvalue2)
label(mycustomvalue3)
label(mycustomvalue4)

registersymbol(mycustomvalue1)
registersymbol(mycustomvalue2)
registersymbol(mycustomvalue3)
registersymbol(mycustomvalue4)

newmem:
  push ebx
  mov ebx,[mycustomvalue1]
  mov [esi+Stronghold_Crusader_Extreme.exe+105D3C4],ebx
  pop ebx
  jmp return
  
mycustomvalue1:
 dd 0
mycustomvalue2:
 dd 0
mycustomvalue3:
 dd 0
mycustomvalue4:
 dd 0

code:
  mov [esi+Stronghold_Crusader_Extreme.exe+105D3C4],0x32
  jmp return

INJECT:
  jmp newmem
  nop 2
return:
registersymbol(INJECT)

aobscanmodule(INJECT2,Stronghold_Crusader_Extreme.exe,66 89 86 C4 D3 45 01 57 B9 28 CA 45 01 66 C7) // should be unique
alloc(newmem2,$1000)

label(code2)
label(return2)

newmem2:
  push ebx
  mov ebx,[mycustomvalue2]
  mov [esi+Stronghold_Crusader_Extreme.exe+105D3C4],ebx
  pop ebx
  jmp return2
  
code2:
  mov [esi+Stronghold_Crusader_Extreme.exe+105D3C4],0x32
  jmp return2

INJECT2:
  jmp newmem2
  nop 2
return2:
registersymbol(INJECT2)

aobscanmodule(INJECT3,Stronghold_Crusader_Extreme.exe,66 89 86 C4 D3 45 01 5E 5D 5B C3 66 83 FA 05 0F 85 B2) // should be unique
alloc(newmem3,$1000)

label(code3)
label(return3)

newmem3:
  push ebx
  mov ebx,[mycustomvalue3]
  mov [esi+Stronghold_Crusader_Extreme.exe+105D3C4],ebx
  pop ebx
  jmp return3
  
code3:
  mov [esi+Stronghold_Crusader_Extreme.exe+105D3C4],0x32
  jmp return3

INJECT3:
  jmp newmem3
  nop 2
return3:
registersymbol(INJECT3)

aobscanmodule(INJECT4,Stronghold_Crusader_Extreme.exe,66 89 86 C4 D3 45 01 5E 5D 5B C3 66 83 FA 05 0F 85 E1) // should be unique
alloc(newmem4,$1000)

label(code4)
label(return4)

newmem4:
  push ebx
  mov ebx,[mycustomvalue4]
  mov [esi+Stronghold_Crusader_Extreme.exe+105D3C4],ebx
  pop ebx
  jmp return4
  
code4:
  mov [esi+Stronghold_Crusader_Extreme.exe+105D3C4],0x32
  jmp return4

INJECT4:
  jmp newmem4
  nop 2
return4:
registersymbol(INJECT4)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT:
  db 66 89 86 C4 D3 45 01

unregistersymbol(INJECT)
dealloc(newmem)


INJECT2:
  db 66 89 86 C4 D3 45 01

unregistersymbol(INJECT2)
dealloc(newmem2)


INJECT3:
  db 66 89 86 C4 D3 45 01

unregistersymbol(INJECT3)
dealloc(newmem3)


INJECT4:
  db 66 89 86 C4 D3 45 01

unregistersymbol(INJECT4)
dealloc(newmem4)

unregistersymbol(mycustomvalue1)
unregistersymbol(mycustomvalue2)
unregistersymbol(mycustomvalue3)
unregistersymbol(mycustomvalue4)

Please use code tags when posting code. Secondly, the changes you have made are not distinguishable from the original code. Also, the templates do not produce clunky code, the user does. That said, you should a) place new instructions under newmem so that you can distinguish modified code from the original, and b) use more meaningful names other than "INJECT". The reasons being that when you come to update the table at a later date you will have a better idea of what's happening and it will make your life easier.

To create create symbols to use within the address list, you allocate memory for them, register them as a symbol then adapt the code to move the value from the allocated symbol's memory location for use depending on how the game handles the value to be used. See the adapted code above for an idea how this is done.

Uknown coder · Post by **Uknown coder** » Fri Feb 23, 2024 6:23 pm

thx

DH264 · Post by **DH264** » Wed May 08, 2024 9:54 am

Toga wrote: ↑
Wed Feb 21, 2024 8:53 am
not rly sure what you mean
but JIT the method... set a breakpoint... then create an AOB ? ( not a fan here of using mono names )

Sorry for the late reply for some reason i did not get a notification. I managed to get the address i am looking for using breakpoint and tracing it. For example if gold value is XXXX+40, i found XXXX and just added 40 to create the gold pointer by creating a script and taking that XXXX value from a register. But this was all done using break and trace in the memory disassesmbler.

I will look into using JIT.

Thanks!

FearLess Cheat Engine

Help create a script to find game instance

Help create a script to find game instance

Re: Help create a script to find game instance

Re: Help create a script to find game instance

Re: Help create a script to find game instance

Re: Help create a script to find game instance

Re: Help create a script to find game instance

Who is online