View previous topic :: View next topic |
Author |
Message |
spiritcooking How do I cheat? Reputation: 0
Joined: 08 Jul 2017 Posts: 5
|
Posted: Sat Jul 08, 2017 9:47 am Post subject: How does the flow of code work in AA? |
|
|
I'm messing around on the game terraria, and I created a godmode cheat:
Code: |
[ENABLE]
aobscan(INJECT,29 82 40 03 00 00 83) // should be unique
alloc(newmem,$1000)
label(return)
newmem:
sub [edx+00000340],(int)0
jmp return
INJECT:
jmp newmem
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 29 82 40 03 00 00 83
unregistersymbol(INJECT)
dealloc(newmem)
|
The code above is functional.
When I declare INJECT: above newmem:, it stops working. When I declare INJECT: below return:, it also stops working. The game crashes in both scenarios.
Can anyone explain why this is the case? |
|
Back to top |
|
|
STN I post too much Reputation: 42
Joined: 09 Nov 2005 Posts: 2672
|
Posted: Sat Jul 08, 2017 11:01 am Post subject: |
|
|
Because
aobscan(INJECT,29 82 40 03 00 00 83) // should be unique
Inject is blahgameaddress
newmem is allocated memory
when you place inject above allocated memory, you're writing jibberish to your game code. When you place inject below return, you're writing jibberish and return points nowhere.
If this doesn't make sense to you, i suggest learning assembly and do ce tutorial because it's a noob question and you can't understand it completely without understand assembly and how syntax works. For now, just copy paste until you eventually understand it. _________________
|
|
Back to top |
|
|
spiritcooking How do I cheat? Reputation: 0
Joined: 08 Jul 2017 Posts: 5
|
Posted: Sat Jul 08, 2017 12:10 pm Post subject: |
|
|
STN wrote: | Because
aobscan(INJECT,29 82 40 03 00 00 83) // should be unique
Inject is blahgameaddress
newmem is allocated memory
when you place inject above allocated memory, you're writing jibberish to your game code. When you place inject below return, you're writing jibberish and return points nowhere.
If this doesn't make sense to you, i suggest learning assembly and do ce tutorial because it's a noob question and you can't understand it completely without understand assembly and how syntax works. For now, just copy paste until you eventually understand it. |
Despite the arrogance, thanks for your reply.
I understand in the first scenario, that it would write the contents of newmem where INJECT points to. I do not understand what you mean by "When you place inject below return, you're writing jibberish and return points nowhere".
What jibberish are you referring to in this case? Shouldn't it just write the jmp newmem and nop to INJECT?
Also, how does return: know to return back to INJECT? Is there an implied mov instruction? |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25288 Location: The netherlands
|
Posted: Sat Jul 08, 2017 12:26 pm Post subject: |
|
|
also don't forget that memory is writtrn in blocks in the order they are defined.
if inject is before newmem the jmp newmem will be written before the newmem block has been filled with code.
if inject runs before that, crash _________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
spiritcooking How do I cheat? Reputation: 0
Joined: 08 Jul 2017 Posts: 5
|
Posted: Sat Jul 08, 2017 12:37 pm Post subject: |
|
|
Dark Byte wrote: | also don't forget that memory is writtrn in blocks in the order they are defined.
if inject is before newmem the jmp newmem will be written before the newmem block has been filled with code.
if inject runs before that, crash |
That makes sense. I understand that newmem: is a memory block, because I allocated memory for it. But what about return:? |
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1587
|
Posted: Sat Jul 08, 2017 1:01 pm Post subject: |
|
|
spiritcooking wrote: | because I allocated memory for it. But what about return |
since you allocated a new block of memory inside that process you have to jump to it, to execute your code.
so you need to return back to where you jumped from, to continue executing the process code. _________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Sat Jul 08, 2017 1:04 pm Post subject: |
|
|
return in this case for your script is just a label telling CE that the address after your jump and nop should be considered what 'return' equals to.
For example, if your AOB is found at address: 0x1234A000, and you then place your jmp and nop there, that would be:
Code: | 0x1234A000 - jmp <offset_to_newmem>
0x1234A006 - nop
0x1234A007 - <Whatever opcodes follow here> <-- This address is what return would mean to CE. |
_________________
- Retired. |
|
Back to top |
|
|
spiritcooking How do I cheat? Reputation: 0
Joined: 08 Jul 2017 Posts: 5
|
Posted: Sat Jul 08, 2017 1:09 pm Post subject: |
|
|
OldCheatEngineUser wrote: | spiritcooking wrote: | because I allocated memory for it. But what about return |
since you allocated a new block of memory inside that process you have to jump to it, to execute your code.
so you need to return back to where you jumped from, to continue executing the process code. |
I understand it needs to return. Does the AA interpreter just add a mov instruction back to INJECT after the [ENABLE] clause is finished?
Edit: @Atom So basically, return will point to INJECT+7? Doesn't that make the return label redundant? Can I omit it?
Edit2: It's not redundant since I need to jump to it from newmem after executing my code injection. Thanks for the help guys.
Last edited by spiritcooking on Sat Jul 08, 2017 1:42 pm; edited 1 time in total |
|
Back to top |
|
|
STN I post too much Reputation: 42
Joined: 09 Nov 2005 Posts: 2672
|
Posted: Sat Jul 08, 2017 1:42 pm Post subject: |
|
|
Arrogance? Oh because i said it's a noob question. Well, 6 posts later and you're still confused about the basics of code injection.
Like i said this will fly over your head because you're clueless about the basics especially statements like these make you go a big What the?
Quote: | Does the AA interpreter just add a mov instruction back to INJECT after the [ENABLE] clause is finished? |
What??
Quote: | Edit: @Atom So basically, return will point to INJECT+7? Doesn't that make the return label redundant? Can I omit it? |
Do you know what this is for? This is your answer
jmp return
PS: I have actually been toning down and trying to be nice to complete idiots (due to personal life changes, trying to be a better person) but this serves me right. I found your thread because it was being discussed on a chatroom how stupid you are but i went ahead, acted nice and didn't tell you how stupid you are and i get labeled as arrogant People are very nice when i act my usual condescending self _________________
|
|
Back to top |
|
|
spiritcooking How do I cheat? Reputation: 0
Joined: 08 Jul 2017 Posts: 5
|
Posted: Sat Jul 08, 2017 1:58 pm Post subject: |
|
|
STN wrote: | Arrogance? Oh because i said it's a noob question. Well, 6 posts later and you're still confused about the basics of code injection.
Like i said this will fly over your head because you're clueless about the basics especially statements like these make you go a big What the?
Quote: | Does the AA interpreter just add a mov instruction back to INJECT after the [ENABLE] clause is finished? |
What??
Quote: | Edit: @Atom So basically, return will point to INJECT+7? Doesn't that make the return label redundant? Can I omit it? |
Do you know what this is for? This is your answer
jmp return
PS: I have actually been toning down and trying to be nice to complete idiots (due to personal life changes, trying to be a better person) but this serves me right. I found your thread because it was being discussed on a chatroom how stupid you are but i went ahead, acted nice and didn't tell you how stupid you are and i get labeled as arrogant |
Thanks for the laugh dude. I knew calling you out on that would get you tilted. Judging by your comment, it's clear that you have some anger issues. It seems you know this yourself. I'll ask this in the most subtle way I can, my little snowflake. Can you leave my thread? |
|
Back to top |
|
|
|