Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[SOLVED] Get pointer from x64 r13 register / game crashes

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  

Do you think, this is an advanced method?
Yes
50%
 50%  [ 1 ]
No
50%
 50%  [ 1 ]
Leave me alone
0%
 0%  [ 0 ]
Total Votes : 2

Author Message
Zec
Newbie cheater
Reputation: 0

Joined: 02 Jul 2016
Posts: 17

PostPosted: Tue Aug 22, 2017 2:31 pm    Post subject: [SOLVED] Get pointer from x64 r13 register / game crashes Reply with quote

Hi game manipulators,

could you please help me with this small issue.

I often pick pointers by injecting a tiny AA construct like this:

Code:

[ENABLE]
aobscan...
alloc(newmem...

alloc(_PointerBaseExample,4)
registersymbol(_PointerBaseExample)

label(code)
label(return)

newmem:
  mov [_PointerBaseExample],rax

code:
  ... original ...
  jmp return

aobLocation:
  jmp newmem

return:
registersymbol(aobLocation)

[DISABLE]

aobLocation:
  db ...

unregistersymbol(_PointerBaseExample)
unregistersymbol(aobLocation)
dealloc(newmem)


Now for the first time I need to get the base address from r13.

This code...
Code:

[ENABLE]
aobscanmodule(aob_getPlZ,TheForest.RectT<int>::Height+17788D,F3 41 0F 11 5D 14)
alloc(newmem,$1024)     // here an additional argument was needed (see next post)

alloc(_PlZ,8)
registersymbol(_PlZ)

label(code)
label(return)
registersymbol(aob_getPlZ)

newmem:
    mov [_PlZ],r13

code:
   movss [r13+14],xmm3
   jmp return

aob_getPlZ:
   jmp code    // this made no sense, since the mov unter newmem will not be executed (see next post)
   nop

return:


[DISABLE]

aob_getPlZ:
   movss [r13+14],xmm3

unregistersymbol(_PlZ)
dealloc(_PlZ,4)
unregistersymbol(aob_getPlZ)
dealloc(newmem)

... crashes the game.

When I take a look in the disassembler then the symbol is working and is in the right place.

(I am trying to get the players coordinate base from the gravity function.)

Thanks for reading and sharing your wisdom. Very Happy


Last edited by Zec on Wed Aug 23, 2017 3:57 pm; edited 1 time in total
Back to top
View user's profile Send private message
STN
I post too much
Reputation: 42

Joined: 09 Nov 2005
Posts: 2672

PostPosted: Wed Aug 23, 2017 5:56 am    Post subject: Reply with quote

alloc(newmem,$1024)

to
alloc(newmem,$1024,aob_getPlZ)

aob_getPlZ:
jmp code
nop

to
aob_getPlZ:
jmp newmem
nop

I don't see anything else immediately wrong with it

_________________
Cheat Requests/Tables- Fearless Cheat Engine
https://fearlessrevolution.com
Back to top
View user's profile Send private message
Zec
Newbie cheater
Reputation: 0

Joined: 02 Jul 2016
Posts: 17

PostPosted: Wed Aug 23, 2017 3:55 pm    Post subject: Thank you! Reply with quote

That helped. So maybe the allocated memory was too far away from the original opcodes?

Thanks, learned the third argument for alloc(). Very Happy
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites