|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Noobrzor Advanced Cheater Reputation: 0
Joined: 19 May 2014 Posts: 74
|
Posted: Fri Apr 29, 2016 12:41 pm Post subject: Div/Idiv causing the script to crash the game. Why...? |
|
|
Greetings
A)The script is for the game Dark Souls: Prepare to Die Edition. It's a health regeneration effect, restoring 2% of max health every second.
B)It works under normal circumstances, just as expected.
C)When a 'bleed effect bar' shows up indicating bleed effect being filled up (game mechanic) the game instantly crashes.
D)Under the 'bleed effect bar' the code doesn't access any other addresses but the one it does normally. Neither does the [eax+000002D8] value change.
E)I thought it was some flags being set. The original code is cmp function, which accesses a health value. Cmp sets flags for certain. So I modified the code to first do what I want and then, finally, do the originally intended cmp (therefore resetting the flags). Didn't help.
F) //-ing the div/idiv (removing it from the script) completely nullifies the problem. Since eax holds a high value the script gives a full-hp-every-second effect.
Now, I checked various assembly references. But for the life of me I can't figure out what is causing the script to go haywire. I have the various backups set and whatnot. Also, no need to advice on making the script neater or more efficient with push/pops, it's the way I learned and I'm sticking to it out of habit, since it doesn't really affect anything.
Script:
Code: | [ENABLE]
aobscanmodule(healthAccess,DATA.exe,39 98 D4 02 00 00 7E)
alloc(newmem,$1000)
alloc(value1,$100)
alloc(backupEAX,$100)
alloc(backupECX,$100)
alloc(backupEDX,$100)
label(hack)
label(nohack)
label(clearvalue)
label(increasevalue)
label(return)
newmem:
cmp [value1],#30 //if 30 frames per second (FPS) then HealthTick happens every second
je clearvalue
ja clearvalue
jmp increasevalue
clearvalue:
mov [value1],#0
jmp hack
increasevalue:
inc [value1]
jmp nohack
hack:
cmp [eax+000002D4],ebx
mov [backupEAX],eax
mov [backupECX],ecx
mov [backupEDX],edx
mov eax,[eax+000002D8]
mov ecx,#50 //1/50 is 2/100 which is 2%
idiv ecx //divides maxHP value currently stored in eax by ecx
// putting // in front of the idiv, again, makes the game stop crashing.
mov ecx,eax
mov eax,[backupEAX]
mov edx,[backupEDX]
add [eax+000002D4],ecx
mov ecx,[backupECX]
jmp return //changing this to jmp nohack, again, doesn't help.
nohack:
cmp [eax+000002D4],ebx
jmp return
healthAccess:
jmp newmem
nop
return:
registersymbol(healthAccess)
[DISABLE]
healthAccess:
db 39 98 D4 02 00 00
unregistersymbol(healthAccess)
dealloc(newmem)
dealloc(value1)
dealloc(backupEAX)
dealloc(backupECX)
dealloc(backupEDX) |
Appreciate all the help. Best Regards!
EDIT1:
I even tried pushf/popf before and after the idiv. No works either.
Last edited by Noobrzor on Fri Apr 29, 2016 3:54 pm; edited 1 time in total |
|
Back to top |
|
|
Cake-san Grandmaster Cheater Reputation: 8
Joined: 18 Dec 2014 Posts: 541 Location: Semenanjung
|
Posted: Fri Apr 29, 2016 3:02 pm Post subject: |
|
|
Well,when I'm making health script, I always inject code that write to that address because it's more efficient. Like this:
Code: |
[ENABLE]
aobscanmodule(aob_B,DATA.exe,A1 * * * * 39 48 3C)
label(_B)
aob_B+1:
_B:
aobscanmodule(inj_H,DATA.exe,89 85 D4 02 00 00)
registersymbol(inj_H)
alloc(newmem,248)
label(returnhere)
label(originalcode)
label(_temp)
newmem:
mov [_temp],ebx
mov ebx,[_B]
cmp ebx,0
je originalcode
mov ebx,[ebx]
cmp ebx,0
je originalcode
mov ebx,[ebx+3c]
cmp ebp,ebx
jne originalcode
mov eax,[ebx+2d8]
originalcode:
mov ebx,[_temp]
mov [ebp+000002D4],eax
jmp returnhere
_temp:
dd 0
inj_H:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
inj_H:
db 89 85 D4 02 00 00
//mov [ebp+000002D4],eax
unregistersymbol(inj_H)
|
_________________
... |
|
Back to top |
|
|
Noobrzor Advanced Cheater Reputation: 0
Joined: 19 May 2014 Posts: 74
|
Posted: Fri Apr 29, 2016 3:47 pm Post subject: |
|
|
I'm sorry, I don't quite understand?
First of all, I stated I'm not looking for more efficiency, just fixing a bug.
Second, what do you mean 'write to this address'? You mean a code that doesn't access a health address and then modified via injection to also write to the health address, but a code that specifically writes to this adress? If that's so, I would disagree - I like modifying code that only accesses an address, not inheretnly writes to it.
If you didn't mean that, then i don't know, because:
add [eax+000002D4],ecx
is adding ecx, which is the result of maxHP/50 (so 2% of maxhealth) to the address of health. I said it works as intended, only that dividing breaks it, and only in certain circumstances. And I wish to know the reason why is that happening.
Also, I apologize but I hardly understand your script.
|
|
Back to top |
|
|
Cake-san Grandmaster Cheater Reputation: 8
Joined: 18 Dec 2014 Posts: 541 Location: Semenanjung
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Fri Apr 29, 2016 4:07 pm Post subject: |
|
|
Before IDIV, add:
You should remove that JMP RETURN at the end of "hack".
Just let it fall through to the "nohack" label.
|
|
Back to top |
|
|
Noobrzor Advanced Cheater Reputation: 0
Joined: 19 May 2014 Posts: 74
|
Posted: Fri Apr 29, 2016 5:24 pm Post subject: |
|
|
Zanzer wrote: | Before IDIV, add:
You should remove that JMP RETURN at the end of "hack".
Just let it fall through to the "nohack" label. |
God damn it worked! Didn't crash!
How in the hell does xor edx,edx fix it? The way I understand it only clears the EDX register (0000000), no? And the EDX holds the 'remainder' of a divided value?
Or is it that EDX is 0 in normal circumstances, changed under the bleed effect bar, and the code tries to divide EDX+EAX causing something funky behaviour? And then the EDX is set to whatever 'remains'?
As for the fall through to the nohack label yeah, I know that, I just like keeping it this way. It doesn't do much for performance any way.
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Fri Apr 29, 2016 5:43 pm Post subject: |
|
|
I suggested the fall through just so it executes the original code at the correct time.
No reason to do a CMP when you're about to do a bunch of other instructions.
Those instructions may throw off the conditional flags causing the game to make the wrong jump as it normally would.
When using divide, your dividend spans registers EDX:EAX.
So when you don't clear it, it's trying to divide by some random big number.
Whatever value you had in EDX was causing a divide exception.
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|