| View previous topic :: View next topic |
| Author |
Message |
Crimson Viper
Newbie cheater
![]() Reputation: 0
Joined: 15 May 2011
Posts: 18
Location: Norway
|
 Posted: Sun Dec 31, 2017 6:52 am Post subject: Scripting problem CE 6.7 |
 |
|
I'm using scripting alot, but after CE6.7 i always got a problem:
- I can find ex: infinite health
- but if i restart the game/script, noting works anymore
- This happend almost every time/game i try to script something.
Do you got any idea whats wrong in this case?
PS: Every scripts made with CE 6.6 still work.
|
|
| Back to top |
|
 |
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1587
|
| Posted: Sun Dec 31, 2017 3:50 pm Post subject: |
|
|
i dont believe it has to do with ce version, no! check your script and the game.
you said everytime you restart the game the script no longer work, so maybe you are using code injection on a specific memory region that dont have module addressing.
make sure to enable symbols.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
Crimson Viper
Newbie cheater
![]() Reputation: 0
Joined: 15 May 2011
Posts: 18
Location: Norway
|
| Posted: Mon Jan 01, 2018 6:52 pm Post subject: |
|
|
Here are one very simple AOB script to "NOP" out a timer (Stop timer) for the game Zombillie (Steam).
| Code: | [ENABLE]
aobscan(Timer,D9 5F 2C 83 EC 0C) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
// fstp dword ptr [edi+2C]
// sub esp,0C
db 90 90 90
jmp return
Timer:
jmp newmem
nop
return:
registersymbol(Timer)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
Timer:
db D9 5F 2C 83 EC 0C
unregistersymbol(Timer)
dealloc(newmem)
|
1st time the script was used everything went well
2nd time the script was used, it couldn't be activated
|
|
| Back to top |
|
|
TheyCallMeTim13
Wiki Contributor
 Reputation: 50
Joined: 24 Feb 2017
Posts: 976
Location: Pluto
|
| Posted: Mon Jan 01, 2018 8:07 pm Post subject: |
|
|
So first off if only NOPing the instruction this would work
| Code: | [ENABLE]
aobscan(Timer, D9 5F 2C 83 EC 0C)
registersymbol(Timer)
Timer:
db 90 90 90 90 90 90
[DISABLE]
Timer:
db D9 5F 2C 83 EC 0C
unregistersymbol(Timer) |
But with that "fstp dword ptr [edi+2C]" this is throwing off the stack and I am surprised the game didn't crash on you. And the "sub esp,0C" instruction moves the stack which by NOPing it, is throwing off the stack even more.
So I would try some thing like this.
| Code: | [ENABLE]
aobscan(Timer,D9 5F 2C 83 EC 0C) // should be unique
alloc(falseTime, 4)
falseTime:
dd 0
Timer:
fstp dword ptr [falseTime]
registersymbol(Timer)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
Timer:
fstp dword ptr [edi+2C] // I would replace this with original bytes, just don't know what they are.
unregistersymbol(Timer)
dealloc(falseTime) |
_________________
|
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1587
|
| Posted: Mon Jan 01, 2018 9:06 pm Post subject: |
|
|
alternatively:
| Code: | fstp st(0)
sub esp,0C |
also extend the searching byte pattern.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
FreeER
Grandmaster Cheater Supreme
![]() Reputation: 53
Joined: 09 Aug 2013
Posts: 1091
|
| Posted: Mon Jan 01, 2018 9:28 pm Post subject: |
|
|
To avoid allocating memory to write to you can just use fstp st(0) which stores the value on the top of the fpu stack and then pops the top of the fpu stack, and is only 2 bytes so can always be used without allocating memory. It's also the exact same code for both float and doubles which is always nice 
eg | Code: | [ENABLE]
aobscan(Timer,D9 5F 2C 83 EC 0C)
Timer:
fstp st(0) // 2 bytes
db 90 // extra byte from original code
registersymbol(Timer)
[DISABLE]
Timer:
db D9 5F 2C
unregistersymbol(Timer) |
I think that theoretically the fpu stack could be full and that'd cause a value to be lost, though I've never had an issue, if you're worried about it in some cases you could also potentially use fstp [esp-70] but it does take 4 bytes (70 should be much larger than anything that might be on top of the stack, 10 (16 decimal) would probably be fairly safe as well since the largest thing that should be pushed is an 8 byte x64 register or double value, but why not go the "max" ~7F?). Since it's a 4 byte instruction it may require the code to be hooked (jump to some other (probably allocated) memory with the code and a jump back)... such as here where the instruction you actually want to replace is only 3 bytes. In which case it may be simpler to do as TheyCallMeTim13 showed.
I suppose you could also do an aobscan(freemem,00 00 00 00 00 00 00 00) and use fullaccess(freemem,8 ), yeah floats are only 4 but might as well use 8 so the same code works for doubles as well, I've never actually tried that method however...might not be worth the additional scan time.
|
|
| Back to top |
|
|
Crimson Viper
Newbie cheater
![]() Reputation: 0
Joined: 15 May 2011
Posts: 18
Location: Norway
|
| Posted: Tue Jan 02, 2018 11:22 am Post subject: |
|
|
| Thank you for all answers, i'll try this out and hope this will work.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
