Breaking Down Shared Opcodes in Scripts

[subZero]

Hi everyone,



I've been trying to figure something out for some time now but I just can't get it to work. My question is how can I split a script that is using a shared opcode from affecting multiple variables in the game and spread them out to multiple scripts instead? To clarify I have a script like this:



[CODE][ENABLE]



aobscanmodule(endurance, game.exe, F3 0F 11 49 18 45)

alloc(compareRegisters, $1000, "game.exe"+465E6A5)

label(easyKills)

label(return)



compareRegisters:

cmp r13w, 0 // Oxygen

jz @f

cmp r13w, 1 // Stamina

jz @f

cmp ebx, 42B02600 // Animal Health

jz easyKills

cmp ebx, 42B026A8 // Enemy Health

jz easyKills

movss [rcx+18], xmm1

jmp return



@@:

//movss [rcx+18], xmm1

jmp return



easyKills:

mov [rcx+18], (float)0

jmp return



endurance:

jmp compareRegisters



return:

registersymbol(endurance)



[DISABLE]



endurance:

db F3 0F 11 49 18



unregistersymbol(endurance)

dealloc(compareRegisters)[/CODE]



So if you look at that script above, it's affecting Oxygen, Stamina, and One Hit Kill for animals and enemy objects all in one script. How can I split these into say 4 separate scripts where one is used for infinite oxygen, another for infinite stamina, etc.



There must be a way to do this but when I try and split them, enabling one makes it so that the others can no longer be enabled because that opcode location is already modified with a jmp instruction.

[FreeER]

You can't... hooking it once changes the bytes to jump to some other memory and since it changes the bytes the others can't find the original code and if you used static addresses instead of AOB then you'd overwrite one jmp with another.



hm... I suppose if you used function pointers or something like that you might be able to kind of manage it, but I can't really imagine it being worth the effort.





What is usually done is creating "flags" that the user can set to 0 or 1 and then check those in the script to see whether you should do each hack.

[subZero]

[QUOTE="FreeER, post: 47908, member: 980"]You can't... hooking it once changes the bytes to jump to some other memory and since it changes the bytes the others can't find the original code and if you used static addresses instead of AOB then you'd overwrite one jmp with another.



hm... I suppose if you used function pointers or something like that you might be able to kind of manage it, but I can't really imagine it being worth the effort.





What is usually done is creating "flags" that the user can set to 0 or 1 and then check those in the script to see whether you should do each hack.[/QUOTE]



I see setting up flags would work, that makes sense. Do you have an example I can reference to see how I'd set that up on my own?

[SunBeam]

I suggest you properly learn to hack game engines such as Unreal rather than asking how to filter crap. Much simpler than struggling. You people think CE is the only thing you're supposed to know for gamehacking that you rarely go beyond the horizon.

[subZero]

[QUOTE="SunBeam, post: 47929, member: 12587"]I suggest you properly learn to hack game engines such as Unreal rather than asking how to filter crap. Much simpler than struggling. You people think CE is the only thing you're supposed to know for gamehacking that you rarely go beyond the horizon.[/QUOTE]



Thanks SunBeam but that's not very helpful. I know you have a lot of experience with assembly but not everyone does. I also don't believe it should be necessary to use multiple tools if I already have the script written out in CE. I'll look into it more and figure something out. Thanks for your suggestion FreeER.

[subZero]

So I have come up with a solution for this using flags like FreeER suggested. I'm sharing my code in case anyone else had the same question. Here's how I handled this:



[CODE][ENABLE]



aobscanmodule(memModifier, game.exe, F3 0F 11 49 18 45)

alloc(compareRegisters, $1000, "game.exe"+465E6A5)

label(originalCode)

label(animalHealth)

label(oxygen)

label(stamina)

label(oxygen_flag)

label(stamina_flag)

label(animal_ohk_flag)

label(return)



compareRegisters:

cmp r13w, 0

jz oxygen

cmp r13w, 1

jz stamina

cmp r13w, 26A8

jz animalHealth

jmp originalCode



originalCode:

movss [rcx+18], xmm1

jmp return



oxygen_flag:

dd 0



stamina_flag:

dd 0



animal_ohk_flag:

dd 0



oxygen:

cmp [oxygen_flag], 1

jne originalCode

//movss [rcx+18], xmm1

jmp return



stamina:

cmp [stamina_flag], 1

jne originalCode

movss [rcx+18], xmm3

jmp return



animalHealth:

cmp [animal_ohk_flag], 1

jne originalCode

movss [rcx+18], xmm4

jmp return



memModifier:

jmp compareRegisters



return:

registersymbol(memModifier)

registersymbol(oxygen_flag)

registersymbol(stamina_flag)

registersymbol(animal_ohk_flag)



[DISABLE]



memModifier:

db F3 0F 11 49 18



unregistersymbol(memModifier)

unregistersymbol(oxygen_flag)

unregistersymbol(stamina_flag)

unregistersymbol(animal_ohk_flag)

dealloc(compareRegisters)[/CODE]



All you have to do once the script is enabled is 'Add Address Manually' and use the symbol names from above. Going off of my example, click 'Add Address Manually' and set 'Address' field to oxygen_flag. Once you set the value of this address to 1 it will enable only Oxygen while leaving the others disabled. Pretty cool stuff!

[SunBeam]

And when game updates and those IDs you cmp by change?.. Happened to me. Think you'll then consider what I said and go the extra mile. Not many do, as you simply put it, sufficing themselves with quick hack-ups. Post the name of your game and I may be able to further help. It's not an online game, is it, that you had to mask it as "game.exe"?

[SunBeam]

I actually think this [I]might[/I] be Far Cry 5, having rechecked the script.

[subZero]

[QUOTE="SunBeam, post: 47989, member: 12587"]And when game updates and those IDs you cmp by change?.. Happened to me. Think you'll then consider what I said and go the extra mile. Not many do, as you simply put it, sufficing themselves with quick hack-ups. Post the name of your game and I may be able to further help. It's not an online game, is it, that you had to mask it as "game.exe"?[/QUOTE]



This is from far cry primal. I have actually named the executable game.exe that is why the script has that in it. I'm always open to learning what would you suggest I study or learn in order to better solve problems like these? Also, regardless of what you compare to when the game gets patches or updates won't the values change anyway?

[SunBeam]

Am talking about the statics you compare your registers with. Not addresses, which usually change with just a restart of the map. Figured it's something to do with Far Cry from those generic movss instructions :D I'd suggest identifying the entity whose health routine is being processed. And by that, not an id, but the actual pointer to said entity's structure.



Check my script for Primal, it might serve useful. If you can't find it, I'll post it (and more) tomorrow evening when I get back to town.



BR,

Sun

[subZero]

[QUOTE="SunBeam, post: 48001, member: 12587"]Am talking about the statics you compare your registers with. Not addresses, which usually change with just a restart of the map. Figured it's something to do with Far Cry from those generic movss instructions :D I'd suggest identifying the entity whose health routine is being processed. And by that, not an id, but the actual pointer to said entity's structure.



Check my script for Primal, it might serve useful. If you can't find it, I'll post it (and more) tomorrow evening when I get back to town.



BR,

Sun[/QUOTE]



I did find your cheat table and I see what you mean by comparing it to a pointer. Is that a more reliable method of comparing? I hadn't done that before I'll give it a try. Thanks for your help SunBeam