View previous topic :: View next topic |
Author |
Message |
it-ty Newbie cheater Reputation: 0
Joined: 05 Jun 2014 Posts: 22
|
Posted: Wed Oct 21, 2015 9:48 am Post subject: Auto Assembler x64 code script jump not work |
|
|
Hi everybody I 'problem about script Auto Assembler x64 code
game deadricing3 64bit
my script
then run script code opcode change but opcode next chang too why?
or sript wrong
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Wed Oct 21, 2015 10:05 am Post subject: |
|
|
http://forum.cheatengine.org/viewtopic.php?t=572487
(not a bug)
You've used AA template. Do not remove NOP instructions between "jmp newmem" and "returnhere:"
Also, I recommend using "full injection" template.
_________________
|
|
Back to top |
|
|
panraven Grandmaster Cheater Reputation: 55
Joined: 01 Oct 2008 Posts: 942
|
Posted: Wed Oct 21, 2015 12:50 pm Post subject: |
|
|
mgr.inz.Player wrote: | http://forum.cheatengine.org/viewtopic.php?t=572487
(not a bug)
You've used AA template. Do not remove NOP instructions between "jmp newmem" and "returnhere:"
Also, I recommend using "full injection" template. |
hi,
I'm making a script in this thread http://forum.cheatengine.org/viewtopic.php?t=584935
There I need to predict if ce will use direct jump of length 5 or the indirect jmp of length 14 in 64bit target. Below vars.HackPoint and vars.Cave is integer type address that the jump will be made across. vars.Cave should always in lower 2G memory space. I would like to seek your confirmation if the following condition check is right? Thank you~
Code: | local JumpLength = targetIs64Bit() and vars.HackPoint - vars.Cave > 0x7fffffff and 14 or 5
|
_________________
- Retarded. |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Wed Oct 21, 2015 2:59 pm Post subject: |
|
|
It may be a bug in ce. Assuming he didn't strip the 3th parameter from alloc before executing the script, newmem should have been near the module (I can't reproduce this)
panraven
always assume 14
alternatively instead of:
Code: |
randomlocation:
jmp randomtarget
|
do
Code: |
alloc(jumper,32, randomlocation)
jumper:
jmp randomtarget
randomlocation:
jmp jumper
|
jmp jumper will be 5 bytes
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
panraven Grandmaster Cheater Reputation: 55
Joined: 01 Oct 2008 Posts: 942
|
Posted: Wed Oct 21, 2015 6:35 pm Post subject: |
|
|
Dark Byte wrote: |
..snip..
always assume 14
..snip..
|
Thanks, I assume I should use this condition check instead (generic use for both 32bit and 64bit target):
Code: | local JumpLength = targetIs64Bit() and 14 or 5 |
_________________
- Retarded. |
|
Back to top |
|
|
it-ty Newbie cheater Reputation: 0
Joined: 05 Jun 2014 Posts: 22
|
Posted: Thu Oct 22, 2015 3:19 am Post subject: |
|
|
mgr.inz.Player wrote: | http://forum.cheatengine.org/viewtopic.php?t=572487
(not a bug)
You've used AA template. Do not remove NOP instructions between "jmp newmem" and "returnhere:"
Also, I recommend using "full injection" template. |
I not understand 3th parameter alloc
Than how edit this code
Do you have samble code?
Thank you reply
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Thu Oct 22, 2015 10:06 am Post subject: |
|
|
If you want "normal" jump you need allocated memory within a 32-bit region of the origin address. To do that, use the 3th parameter for alloc, preferred region.
alloc(newmem,size,preferredRegion)
e.g.
Code: | [ENABLE]
aobscanmodule(armmo,deadrising3.exe,F3 0F 11 42 28 41 80 7B 10 00 74 04 C6 42 2C 01) // should be unique
registersymbol(armmo)
alloc(newmem,256,deadrising3.exe)
label(return)
newmem:
movss xmm0,[rdx+308]
movss [rdx+28],xmm0
jmp return
armmo:
jmp newmem
return:
[DISABLE]
armmo:
db F3 0F 11 42 28
unregistersymbol(armmo)
dealloc(newmem)
|
_________________
|
|
Back to top |
|
|
it-ty Newbie cheater Reputation: 0
Joined: 05 Jun 2014 Posts: 22
|
Posted: Thu Oct 22, 2015 9:42 pm Post subject: |
|
|
mgr.inz.Player wrote: | If you want "normal" jump you need allocated memory within a 32-bit region of the origin address. To do that, use the 3th parameter for alloc, preferred region.
alloc(newmem,size,preferredRegion)
e.g.
Code: | [ENABLE]
aobscanmodule(armmo,deadrising3.exe,F3 0F 11 42 28 41 80 7B 10 00 74 04 C6 42 2C 01) // should be unique
registersymbol(armmo)
alloc(newmem,256,deadrising3.exe)
label(return)
newmem:
movss xmm0,[rdx+308]
movss [rdx+28],xmm0
jmp return
armmo:
jmp newmem
return:
[DISABLE]
armmo:
db F3 0F 11 42 28
unregistersymbol(armmo)
dealloc(newmem)
|
|
l have tested this script. error too
Instuction jmp not work
This is bug of cheat engine old version and version portable script not work and subport winxp,win7 only so
I went to load a new version form homepage install already test scrip again work!
Subport win8,8.1/10
Than you reply ervery body
And @mgr.inz.Player thank you very much help reply
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Fri Oct 23, 2015 1:01 pm Post subject: |
|
|
Weird. Copypaste this script output:
Code: | [ENABLE]
{$lua}
if syntaxcheck then return '' end
script=[[
aobscanmodule(armmo,deadrising3.exe,F3 0F 11 42 28 41 80 7B 10 00 74 04 C6 42 2C 01) // should be unique
registersymbol(armmo)
alloc(newmem,256,deadrising3.exe)
label(return)
label(allocaddress)
registersymbol(allocaddress)
newmem:
allocaddress:
movss xmm0,[rdx+308]
movss [rdx+28],xmm0
jmp return
armmo:
jmp newmem
return:
]]
autoAssemble(script)
print('alloc address: '..string.format("%016X",getAddress('allocaddress')))
print('module addres: '..string.format("%016X",getAddress('deadrising3.exe')))
{$asm}
[DISABLE] |
_________________
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Fri Oct 23, 2015 3:38 pm Post subject: |
|
|
From what I made up from his last reply is that he managed to get it to work after getting a more recent version of cheat engine. (Honestly, every time someone posts a screenshot of CE's gui, and cuts of the title, it means he's using an old ce version)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Fri Oct 23, 2015 4:17 pm Post subject: |
|
|
Which CE version starts supporting third alloc parameter?
6.0 or 6.1? I don't remember.
_________________
|
|
Back to top |
|
|
it-ty Newbie cheater Reputation: 0
Joined: 05 Jun 2014 Posts: 22
|
Posted: Fri Oct 23, 2015 8:36 pm Post subject: |
|
|
At first I tried to use the portable version test games 64 bit but script jump does not work but test with game 32 bit ok, I then load direct link form the homepage is version install and try Taste the game 64 bit then run script again now script run OK work! Now I understand why?
Cause I think that the program version portable may be modified. The command does not work
|
|
Back to top |
|
|
|