Problem with a script, cannot find a correct function in Memory View, cheat engine

[Blayde]

......

I'm fine thanks
Why the asm put this : dword ptr when x64 reg is in use

QQ-Can you tell me what this means:
fild [eax+10]
fstp st(0)
fstp [eax+10]

I mean come on.
Peace

[UltimatePoto42]

......

I'm fine thanks
Why the asm put this : dword ptr when x64 reg is in use

QQ-Can you tell me what this means:
fild [eax+10]
fstp st(0)
fstp [eax+10]

I mean come on.
Peace

First off your comparing a memory address with an immediate, you don't declare a source or destination registry. So there is not a 64 bit registry in use.

Second, just read up.

Code: Select all

DF /0	FILD m16int	Valid	Valid	Push m16int onto the FPU register stack.
DB /0	FILD m32int	Valid	Valid	Push m32int onto the FPU register stack.
DF /5	FILD m64int	Valid	Valid	Push m64int onto the FPU register stack.

D9 /2	FST m32fp	Valid	Valid	Copy ST(0) to m32fp.
DD /2	FST m64fp	Valid	Valid	Copy ST(0) to m64fp.
DD D0+i	FST ST(i)	Valid	Valid	Copy ST(0) to ST(i).
D9 /3	FSTP m32fp	Valid	Valid	Copy ST(0) to m32fp and pop register stack.
DD /3	FSTP m64fp	Valid	Valid	Copy ST(0) to m64fp and pop register stack.
DB /7	FSTP m80fp	Valid	Valid	Copy ST(0) to m80fp and pop register stack.
DD D8+i	FSTP ST(i)	Valid	Valid	Copy ST(0) to ST(i) and pop register stack.

And some more on the compare:

CMP r/m32,imm32
CMP r/m64,imm32

[Link]
[Link]

This means it only works on 32 bit immediate, try some instructions that actually work on 64 bits. Like what sbryzl showed you.

Code: Select all

mov qword ptr [rax],0
mov dword ptr [rax],0
mov word ptr [rax],0
mov byte ptr [rax],0

Code: Select all

memTest - 48 C7 00 00000000     - mov [rax],00000000 { 0 }
030E0047- C7 00 00000000        - mov [rax],00000000 { 0 }
030E004D- 66 C7 00 0000         - mov word ptr [rax],0000 { 0 }
030E0052- C6 00 00              - mov byte ptr [rax],00 { 0 }
030E0055- C3                    - ret 

Here the 48 tells it that this is a qword instruction:

Code: Select all

48 c7 00 00 00 00 00    mov    QWORD PTR [rax],0x0

Just like "mov [player_base],rbx" in your picture. Note the the instruction before it has no 48 because it is working on a DWORD. Cheat Engine doesn't draw either because they are implied.

Better to Remain Silent and Be Thought a Fool than to Speak and Remove All Doubt
- Abraham Lincoln

[Blayde]

.......

Gotcha
This was just a joke.
------------------------
fild [eax+10]
fstp st(0)
Means nothing. Just load and trash.

[UltimatePoto42]

This:

Code: Select all

fild [eax+10]
fstp st(0)
fstp [eax+10]

Is not the same as this:

Code: Select all

fild [eax+10]
fstp st(0)

[Blayde]

This:

Code: Select all

fild [eax+10]
fstp st(0)
fstp [eax+10]

Is not the same as this:

Code: Select all

fild [eax+10]
fstp st(0)

fild [eax+10]
fstp st(0)
means nothing
so...fstp [eax+10] is only valid/usable

[UltimatePoto42]

It's relative to whats on the stack.

And just dropping the conversation I see.

[UltimatePoto42]

Just to add:

fild [eax+10]
fstp st(0)
means nothing
so...fstp [eax+10] is only valid/usable

It's actually all valid, and out of context not much of any thing. Looks nonsensical but still valid. ASM makes on distinction from nonsense opcode and working opcode, I just does what ever you tell it to do.

Code: Select all

memTest - DB 40 10              - fild dword ptr [eax+10]
003E0043- DDD8                  - fstp st(0)
003E0045- D9 58 10              - fstp dword ptr [eax+10]
003E0048- C3                    - ret 

[Blayde]

It's relative to whats on the stack.

And just dropping the conversation I see.

Shh...we have a discord (you guys can communicate real time there i mean)

viewtopic.php?f=8&t=640

I'm apologize

[STN]

I'm apologize

What for? I just said that so you guys could talk realtime instead of waiting for replies on forums . It isn't necessary.

Anyway continue on

[marek1957]

Guys Guys xD Stop arguing just tell me what is correct script because now I am little confused...

[marek1957]

Hey Guys,
I made a little research and looking for a correct code and I know that the correct address for "damaged cars" is: "Asphalt8.exe"+2D5E64: which has function: movzx eax,byte ptr [esi+000001BB] (//Alt: db 0F B6 86 BB 01 00 00).

When I change this original function to: mov [esi+000001BB],0 in "Asphalt8.exe"+2D5E64: its all what I need = what I need? Driving the car, turning and possibility to use nitro but.. it has also broken screen effect, and changing the cam view - how to disable cam view and etc.? how to separate this functions from this address?

Code: Select all

ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here

originalcode:
//movzx eax,byte ptr [esi+000001BB]
mov [esi+000001BB],0

exit:
jmp returnhere

"Asphalt8.exe"+2D5E64:
jmp newmem
nop
nop
returnhere:


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"Asphalt8.exe"+2D5E64:
movzx eax,byte ptr [esi+000001BB]
//Alt: db 0F B6 86 BB 01 00 00

[Blayde]

//movzx eax,byte ptr [esi+000001BB]
mov [esi+000001BB],0

In memory view: movzx eax,byte ptr [esi+000001BB]
Find out what addresses this instruction accesses to see if it's shared (the opcode).

If it's not:
movzx eax,byte ptr [esi+000001BB]
mov eax,0

or
mov eax,0

or
movzx eax,byte ptr [esi+000001BB]
xor eax,eax (sub eax,eax)

(xor eax,eax
sub eax,eax
mov eax,0 - almost the same)


Bad:
//movzx eax,byte ptr [esi+000001BB]
mov [esi+000001BB],0

Some value must be moved into eax

[marek1957]

Thank for your tip Blayde,

the function which is working is: mov eax,1

Now the script is working perfectly.

Code: Select all

[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem:

originalcode:
mov eax,1

exit:
jmp returnhere

"Asphalt8.exe"+2D5E64:
jmp newmem
nop
nop
returnhere:


 
 
[DISABLE]
dealloc(newmem)
"Asphalt8.exe"+2D5E64:
movzx eax,byte ptr [esi+000001BB]
//Alt: db 0F B6 86 BB 01 00 00

[marek1957]

there is only one problem, check this video: [Link]

Script is working but why after respawning, the car is jumping like a crazy?

And it's kind a sad that this script is only working for cars, not working with bicycles but I think that bicycles has other psychics or compelety different model of damages so that is the case why this script is working only for cars in this game.

[Blayde]

there is only one problem, check this video: [Link]

Script is working but why after respawning, the car is jumping like a crazy?

In some games when you die flags are set (game depend).
You must look deeper in the code / function. Backtrack.