View previous topic :: View next topic |
Author |
Message |
Crimson Viper Newbie cheater Reputation: 0
Joined: 15 May 2011 Posts: 18 Location: Norway
|
Posted: Sun Dec 31, 2017 6:52 am Post subject: Scripting problem CE 6.7 |
|
|
I'm using scripting alot, but after CE6.7 i always got a problem:
- I can find ex: infinite health
- but if i restart the game/script, noting works anymore
- This happend almost every time/game i try to script something.
Do you got any idea whats wrong in this case?
PS: Every scripts made with CE 6.6 still work.
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1587
|
Posted: Sun Dec 31, 2017 3:50 pm Post subject: |
|
|
i dont believe it has to do with ce version, no! check your script and the game.
you said everytime you restart the game the script no longer work, so maybe you are using code injection on a specific memory region that dont have module addressing.
make sure to enable symbols.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
Crimson Viper Newbie cheater Reputation: 0
Joined: 15 May 2011 Posts: 18 Location: Norway
|
Posted: Mon Jan 01, 2018 6:52 pm Post subject: |
|
|
Here are one very simple AOB script to "NOP" out a timer (Stop timer) for the game Zombillie (Steam).
Code: | [ENABLE]
aobscan(Timer,D9 5F 2C 83 EC 0C) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
// fstp dword ptr [edi+2C]
// sub esp,0C
db 90 90 90
jmp return
Timer:
jmp newmem
nop
return:
registersymbol(Timer)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
Timer:
db D9 5F 2C 83 EC 0C
unregistersymbol(Timer)
dealloc(newmem)
|
1st time the script was used everything went well
2nd time the script was used, it couldn't be activated
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Mon Jan 01, 2018 8:07 pm Post subject: |
|
|
So first off if only NOPing the instruction this would work
Code: | [ENABLE]
aobscan(Timer, D9 5F 2C 83 EC 0C)
registersymbol(Timer)
Timer:
db 90 90 90 90 90 90
[DISABLE]
Timer:
db D9 5F 2C 83 EC 0C
unregistersymbol(Timer) |
But with that "fstp dword ptr [edi+2C]" this is throwing off the stack and I am surprised the game didn't crash on you. And the "sub esp,0C" instruction moves the stack which by NOPing it, is throwing off the stack even more.
So I would try some thing like this.
Code: | [ENABLE]
aobscan(Timer,D9 5F 2C 83 EC 0C) // should be unique
alloc(falseTime, 4)
falseTime:
dd 0
Timer:
fstp dword ptr [falseTime]
registersymbol(Timer)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
Timer:
fstp dword ptr [edi+2C] // I would replace this with original bytes, just don't know what they are.
unregistersymbol(Timer)
dealloc(falseTime) |
_________________
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1587
|
Posted: Mon Jan 01, 2018 9:06 pm Post subject: |
|
|
alternatively:
Code: | fstp st(0)
sub esp,0C |
also extend the searching byte pattern.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Mon Jan 01, 2018 9:28 pm Post subject: |
|
|
To avoid allocating memory to write to you can just use fstp st(0) which stores the value on the top of the fpu stack and then pops the top of the fpu stack, and is only 2 bytes so can always be used without allocating memory. It's also the exact same code for both float and doubles which is always nice
eg Code: | [ENABLE]
aobscan(Timer,D9 5F 2C 83 EC 0C)
Timer:
fstp st(0) // 2 bytes
db 90 // extra byte from original code
registersymbol(Timer)
[DISABLE]
Timer:
db D9 5F 2C
unregistersymbol(Timer) |
I think that theoretically the fpu stack could be full and that'd cause a value to be lost, though I've never had an issue, if you're worried about it in some cases you could also potentially use fstp [esp-70] but it does take 4 bytes (70 should be much larger than anything that might be on top of the stack, 10 (16 decimal) would probably be fairly safe as well since the largest thing that should be pushed is an 8 byte x64 register or double value, but why not go the "max" ~7F?). Since it's a 4 byte instruction it may require the code to be hooked (jump to some other (probably allocated) memory with the code and a jump back)... such as here where the instruction you actually want to replace is only 3 bytes. In which case it may be simpler to do as TheyCallMeTim13 showed.
I suppose you could also do an aobscan(freemem,00 00 00 00 00 00 00 00) and use fullaccess(freemem,8 ), yeah floats are only 4 but might as well use 8 so the same code works for doubles as well, I've never actually tried that method however...might not be worth the additional scan time.
|
|
Back to top |
|
|
Crimson Viper Newbie cheater Reputation: 0
Joined: 15 May 2011 Posts: 18 Location: Norway
|
Posted: Tue Jan 02, 2018 11:22 am Post subject: |
|
|
Thank you for all answers, i'll try this out and hope this will work.
|
|
Back to top |
|
|
|