Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


The value didn't change

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions
View previous topic :: View next topic  
Author Message
xxMrPHDxx
How do I cheat?
Reputation: 0

Joined: 14 Jan 2018
Posts: 2

PostPosted: Sun Jan 14, 2018 8:08 am    Post subject: The value didn't change Reply with quote

Hey, I was trying to change a value from a game using another thread. The thread is working and no error up until now but the value won't change.

This is my auto assembly script:-

[ENABLE]
alloc(RegenArmor,2048)
registersymbol(RegenArmor)
createThread(RegenArmor)

label(check)
label(wait)
label(end)
registersymbol(end)
label(maxArmor)
registersymbol(maxArmor)
label(count)
registersymbol(count)

RegenArmor:
sub rsp,20
jmp wait

check:
mov rax,[[ArmorAddress]]
cmp rax,[maxArmor]
jge wait
add rax,(float)100 // HERE IS NOT WORKING
inc [count]
cmp [count],#100
jl wait
mov [count],#0

wait:
cmp [end],0
je check

// Free memory and kill thread
push 0 //dwExitCode = 0
call GetCurrentThread
push eax //hThread = GetCurrentThread()
push 0 //return address = NULL

push 8000 //dwFreeType = MEM_RELEASE
push 0 //dwSize = 0
push RegenArmor //dwAddress = mythread
push TerminateThread //return address = TerminateThread
jmp VirtualFree

end:
dd 0

maxArmor:
dd (float)100

count:
dd 0

[DISABLE]
end:
dd 1

unregistersymbol(end)
unregistersymbol(end)
unregistersymbol(RegenArmor)

What did I do wrong?

_________________
-xxMrPHDxx-
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Sun Jan 14, 2018 11:04 am    Post subject: Reply with quote

Code:
sub rsp,20
If you're not going to set up a stack frame, make that 28. As it is, the stack isn't aligned on a 16-byte boundary, which violates x64 calling conventions and induces undefined behaviour (i.e. this could cause the process to crash).
Code:
mov rax,[[ArmorAddress]]
[ArmorAddress] is evaluated when the code is assembled. If it isn't populated or is otherwise invalid (e.g. 0), it will crash. If it changes while the game is running, that change will only be updated when the script is assembled again.
Also, I'm surprised it even assembles, assuming this is in a 64-bit environment.
Code:
cmp rax,[maxArmor]
jge wait
add rax,(float)100 // HERE IS NOT WORKING
You should be using x87 or SSE to do operations on floating point numbers. Look into fadd / faddp, fcomi / fcomip, addss, comiss, etc.
Code:
inc [count]
cmp [count],#100
jl wait
mov [count],#0

wait:
cmp [end],0
je check
Unless you're accessing [count] somewhere else, it serves no purpose.
Code:
[ENABLE]
registersymbol(RegenArmor)
registersymbol(end)
registersymbol(maxArmor)
registersymbol(count)
...
[DISABLE]
unregistersymbol(end)
unregistersymbol(end)
unregistersymbol(RegenArmor)
...
There are sometimes reasons to leave a symbol registered when the script is disabled, but you should take a second look at this.
Code:
push 0 //dwExitCode = 0
call GetCurrentThread
push eax //hThread = GetCurrentThread()
push 0 //return address = NULL

push 8000 //dwFreeType = MEM_RELEASE
push 0 //dwSize = 0
push RegenArmor //dwAddress = mythread
push TerminateThread //return address = TerminateThread
jmp VirtualFree
I would suggest you learn about at 64-bit calling conventions.

PS: if this is in a 32-bit environment, don't use 64-bit registers or calling conventions (e.g. sub rsp is unnecessary).

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
xxMrPHDxx
How do I cheat?
Reputation: 0

Joined: 14 Jan 2018
Posts: 2

PostPosted: Sun Jan 14, 2018 12:59 pm    Post subject: Reply with quote

Hey, thanks for the reply

This is my new assembly code

Code:
[ENABLE]
alloc(RegenArmor,2048)
registersymbol(RegenArmor)

label(check)
label(wait)
label(end)
registersymbol(end)
label(incr)
registersymbol(incr)
label(test)
registersymbol(test)

RegenArmor:
jmp wait

check:
mov eax,[[ArmorAddress]]
mov [test],eax
cmp eax,(float)100
jge wait
mov eax,[incr]

wait:
cmp [end],0
je check

// Free memory
push 0
call GetCurrentThread
push eax
push 0

push 8000
push 0
push RegenArmor
push TerminateThread
jmp VirtualFree
// END Free memory

end:
dd 0

incr:
dd (float)100

test:
dq 0
 
[DISABLE]
end:
dd 1

unregistersymbol(end)
dealloc(RegenArmor)
unregistersymbol(RegenArmor)


I don't get the part

Code:
mov eax,[[ArmorAddress]]


Shouldn't I be using

Code:
lea eax,[[ArmorAddress]]


instead?

Anyway, that [count] part just for me to check if the thread is running or not.
How can't I get the mov below to be working? Question

Code:
mov eax,[incr]

_________________
-xxMrPHDxx-
Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252

PostPosted: Tue Jan 16, 2018 12:35 pm    Post subject: Reply with quote

Code:
mov eax,[[ArmorAddress]]
mov [test],eax
cmp eax,(float)100
jge wait
mov eax,[incr]


will not assemble correctly in Cheat Engine. There are a few possibilities you might want to use but it depends what is stored at ArmorAddress.

1. ArmorAddress is the actual armor address
lea eax,[ArmorAddress]
cmp [eax],(float)100
jge wait
mov [eax],(float)100
2. ArmorAddress contains a pointer to the armor address
mov eax,[ArmorAddress]
cmp [eax],(float)100
jge wait
mov [eax],(float)100
3. ArmorAddress contains a pointer to a pointer to the armor address
mov eax,[ArmorAddress]
mov eax,[eax]
cmp [eax],(float)100
jge wait
mov [eax],(float)100
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Tue Jan 16, 2018 1:07 pm    Post subject: This post has 1 review(s) Reply with quote

sbryzl wrote:
Code:
mov eax,[[ArmorAddress]]
...

will not assemble correctly in Cheat Engine.

Yes it will. If the expression inside the square brackets does not match a valid addressing mode, CE can sometimes parse the expression and turn it into a valid addressing mode. One way it can do that is by evaluating the expression inside any nested square brackets and reading the value at that address.

So, [[ArmorAddress]] would turn into [ValueAtArmorAddress]. This would always work in a 32-bit environment, but it'll only work in a 64-bit environment if either RIP-relative addressing can be used or the instruction takes a moffs64 operand.


This is an example. Note that even though the value at [foo+200] is defined before it is accessed, CE evaluates the expression in the square brackets before it assembles any (pseudo)instruction. The first time this is assembled, it would read 0 at foo+200, but the second time, it would read the correct value.
Code:
globalalloc(foo,2048)

foo+300:
  dd 5

foo+200:
  dd foo+300

foo:
  mov eax,[[foo+200]]   // assembled as "mov eax,[foo+300]" after 2nd execution
  // eax now contains 5
  ret

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252

PostPosted: Tue Jan 16, 2018 1:36 pm    Post subject: Reply with quote

ParkourPenguin wrote:

Code:
globalalloc(foo,2048)

foo+300:
  dd 5

foo+200:
  dd foo+300

foo:
  mov eax,[[foo+200]]   // assembled as "mov eax,[foo+300]" after 2nd execution
  // eax now contains 5
  ret


I tested this and it looks like it requires a globalalloc for it to work. I tried it with just regular alloc and the script refuses to enable.

Upon further testing I've found it won't assemble unless the variable has already been registered or if it's used within a global allocation.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites