Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How to make code injection can be even usable at next time?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
jaehui48
Newbie cheater
Reputation: 0

Joined: 13 Mar 2017
Posts: 10

PostPosted: Mon Mar 13, 2017 12:29 am    Post subject: How to make code injection can be even usable at next time? Reply with quote

first, sorry my bad english
i hope to know how to use code injection at next time
i made a one script but it's not work when i shutdown game and
re launch the game.
how to make it stable?
i'm already try it

1.
pointer scan address (stable)
find access address => auto assembly and code injection with [ENABLE] and [DISABLE]
it's work perfectly but not work when i shutdown a game and restart the game.

2.
pointer scan address (stable)
find access address => auto assembly and AOB injection with [ENABLE] and [DISABLE]
it's work perfectly but not work when i shutdown a game and restart the game.

my game is Slime Rancher 0.5.0b
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Mon Mar 13, 2017 12:54 am    Post subject: Reply with quote

Did you try the AOB Injection template when creating your script?
Back to top
View user's profile Send private message
STN
I post too much
Reputation: 42

Joined: 09 Nov 2005
Posts: 2672

PostPosted: Mon Mar 13, 2017 12:55 am    Post subject: Reply with quote

If its using dynamic code locations like in mono/unity games then you need to use aobscan.
_________________
Cheat Requests/Tables- Fearless Cheat Engine
https://fearlessrevolution.com
Back to top
View user's profile Send private message
jaehui48
Newbie cheater
Reputation: 0

Joined: 13 Mar 2017
Posts: 10

PostPosted: Mon Mar 13, 2017 1:19 am    Post subject: Reply with quote

++METHOS wrote:
Did you try the AOB Injection template when creating your script?

yes i already try it

{ Game : SlimeRancher.exe
Version:
Date : 2017-03-13
Author : ??????

This script does blah blah blah
}

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat



aobscan(INJECT,3B C1 0F 8C 64 00 00 00 48 8B 47) // should be unique
alloc(newmem,$1000,43D268E1)

label(code)
label(return)

newmem:

code:
cmp eax,eax
jl 43D2694D
jmp return

INJECT:
jmp code
nop
nop
nop
return:
registersymbol(INJECT)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT:
db 3B C1 0F 8C 64 00 00 00

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: 43D268E1

43D268C2: 8B EC - mov ebp,esp
43D268C4: 56 - push rsi
43D268C5: 57 - push rdi
43D268C6: 48 8B F9 - mov rdi,rcx
43D268C9: 48 8B F2 - mov rsi,rdx
43D268CC: 48 8B 47 48 - mov rax,[rdi+48]
43D268D0: 48 8B C8 - mov rcx,rax
43D268D3: 83 39 00 - cmp dword ptr [rcx],00
43D268D6: 48 63 80 0C 01 00 00 - movsxd rax,dword ptr [rax+0000010C]
43D268DD: 48 63 4E 20 - movsxd rcx,dword ptr [rsi+20]
// ---------- INJECTING HERE ----------
43D268E1: 3B C1 - cmp eax,ecx
43D268E3: 0F 8C 64 00 00 00 - jl 43D2694D
// ---------- DONE INJECTING ----------
43D268E9: 48 8B 47 48 - mov rax,[rdi+48]
43D268ED: 48 63 56 20 - movsxd rdx,dword ptr [rsi+20]
43D268F1: 48 8B C8 - mov rcx,rax
43D268F4: 45 33 C0 - xor r8d,r8d
43D268F7: 48 83 EC 20 - sub rsp,20
43D268FB: 83 38 00 - cmp dword ptr [rax],00
43D268FE: 49 BB D2 69 D2 43 00 00 00 00 - mov r11,0000000043D269D2
43D26908: 41 FF D3 - call r11d
43D2690B: 48 83 C4 20 - add rsp,20
43D2690F: 48 8B CF - mov rcx,rdi
}
Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252

PostPosted: Mon Mar 13, 2017 1:40 am    Post subject: Reply with quote

You should try using 43D268DD instead.

The reason is the jl 43D2694D is not reliable code. It could change each time the game starts depending on how it works. I always try to avoid jumps even moreso jump longs whenever possible and allow the game to do it's thing with those.

43D268DD looks good. You can still have access to the value in rcx there too if you wanted it.
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Mon Mar 13, 2017 1:41 am    Post subject: Reply with quote

Code:
jl 43D2694D


...this may be your problem.

When you start a new game, are you able to activate the script?

If you can activate the script, but it crashes, try this:

Code:
code:
cmp eax,eax
db 0F 8C 64 00 00 00
jmp return
Back to top
View user's profile Send private message
jaehui48
Newbie cheater
Reputation: 0

Joined: 13 Mar 2017
Posts: 10

PostPosted: Mon Mar 13, 2017 4:29 am    Post subject: Reply with quote

++METHOS wrote:
Code:
jl 43D2694D


...this may be your problem.

When you start a new game, are you able to activate the script?

If you can activate the script, but it crashes, try this:

Code:
code:
cmp eax,eax
db 0F 8C 64 00 00 00
jmp return


thanks i try this
and it's work!
please can you explain this code for me?
i'm noob Smile


Last edited by jaehui48 on Mon Mar 13, 2017 4:35 am; edited 1 time in total
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Mon Mar 13, 2017 4:32 am    Post subject: Reply with quote

Then use readmem.
Back to top
View user's profile Send private message
jaehui48
Newbie cheater
Reputation: 0

Joined: 13 Mar 2017
Posts: 10

PostPosted: Mon Mar 13, 2017 4:36 am    Post subject: Reply with quote

++METHOS wrote:
Then use readmem.

nvm i was wrote wrong code.
now it's work perfectly !!
really thanks Smile
can you explain this code for me?
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Mon Mar 13, 2017 4:40 am    Post subject: Reply with quote

See here for readmem.

Regarding the above code:

Code:
// ---------- INJECTING HERE ----------
43D268E1: 3B C1 - cmp eax,ecx
43D268E3: 0F 8C 64 00 00 00 - jl 43D2694D
// ---------- DONE INJECTING ----------


I just wrote out the bytes, instead of using the address. Since the address (43D2694D) is likely to change each time you run the game, but the jump distance is not, the bytes for the instruction should stay the same (0F 8C 64 00 00 00).
Back to top
View user's profile Send private message
jaehui48
Newbie cheater
Reputation: 0

Joined: 13 Mar 2017
Posts: 10

PostPosted: Mon Mar 13, 2017 4:48 am    Post subject: Reply with quote

sbryzl wrote:
You should try using 43D268DD instead.

The reason is the jl 43D2694D is not reliable code. It could change each time the game starts depending on how it works. I always try to avoid jumps even moreso jump longs whenever possible and allow the game to do it's thing with those.

43D268DD looks good. You can still have access to the value in rcx there too if you wanted it.


can you advise to me for change that value to ????
i'm really noob and i don't have a good idea for changing another code without cmp eax,eax or jl 43D2694D => nop
if you advise to me the better code, it'll be really good to me!
Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252

PostPosted: Mon Mar 13, 2017 12:13 pm    Post subject: Reply with quote

jaehui48 wrote:
sbryzl wrote:
You should try using 43D268DD instead.

The reason is the jl 43D2694D is not reliable code. It could change each time the game starts depending on how it works. I always try to avoid jumps even moreso jump longs whenever possible and allow the game to do it's thing with those.

43D268DD looks good. You can still have access to the value in rcx there too if you wanted it.


can you advise to me for change that value to ????
i'm really noob and i don't have a good idea for changing another code without cmp eax,eax or jl 43D2694D => nop
if you advise to me the better code, it'll be really good to me!


Code:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

aobscan(INJECT,48 63 4E 20 3B C1 0F ? ? ? ? ? 48 8B 47 48) // should be unique
alloc(newmem,$1000,43D268E1)

label(code)
label(return)

newmem:

code:
movsxd rcx,dword ptr [rsi+20]
cmp eax,ecx
jmp return

INJECT:
jmp code
nop
return:
registersymbol(INJECT)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT:
db 48 63 4E 20 3B C1

unregistersymbol(INJECT)
dealloc(newmem)

It would be better to use the aob template since I am prone to mistake but it should look something like this. Notice the wildcards in the aob where the jump location is. If the game tries to use the address for the aob then you can do something like this and test the aob with the wildcards in Cheat Engine's aob scan to make sure it's unique.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites