Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Can't freeze the value!

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions
View previous topic :: View next topic  
Author Message
badboy_16
Newbie cheater
Reputation: 0

Joined: 05 Nov 2017
Posts: 14
Location: Behind the keyboard

PostPosted: Mon Feb 05, 2018 8:28 am    Post subject: Can't freeze the value! Reply with quote

What to do if you cant freeze the value.Value keeps changing in the background while im able to freeze the display value.This is the case with NFS Rivals in which im trying to freeze the car health.I tried whatever i know like noping,modyfying the code to set it to maximum but nothing works.If i set it to like Infinite value then it shows a health bar from top to bottom of the screen in the RHS.
And the other case is with the Hitman Absolution in which neither im able to change the original value nor display.
Aob's aren't gonna help here cuz they are used by me at least to find the address again and again quickly or to modify the code like byte manipulation.And thats what i know and i know im not a expert just yet.
Soo.. If someone please help me with that i'll b very thankful.
And also lemme know if aob's can really make a dent here in anyway...
Back to top
View user's profile Send private message
TheyCallMeTim13
Wiki Contributor
Reputation: 8

Joined: 24 Feb 2017
Posts: 272
Location: Right Here Buddy.

PostPosted: Mon Feb 05, 2018 8:38 am    Post subject: Reply with quote

If changing the value does nothing, how do you know you have the right value?
_________________
A: What manner of man are you that can summon up fire without flint or tinder?
T: I... am an enchanter.
Back to top
View user's profile Send private message
badboy_16
Newbie cheater
Reputation: 0

Joined: 05 Nov 2017
Posts: 14
Location: Behind the keyboard

PostPosted: Mon Feb 05, 2018 8:42 am    Post subject: Reply with quote

Cuz it locks the health bar
can it be a false value?
Back to top
View user's profile Send private message
TheyCallMeTim13
Wiki Contributor
Reputation: 8

Joined: 24 Feb 2017
Posts: 272
Location: Right Here Buddy.

PostPosted: Mon Feb 05, 2018 9:01 am    Post subject: Reply with quote

badboy_16 wrote:
Cuz it locks the health bar
can it be a false value?


Yes. The value could be stored if lots of ways, it can even be encrypted, and is only converted for the display. See if you can find what writes to it and where this value comes from, and it may go back a few.

And health on driving games tend to be a complicated mess of values for the different sections of the car.

_________________
A: What manner of man are you that can summon up fire without flint or tinder?
T: I... am an enchanter.
Back to top
View user's profile Send private message
badboy_16
Newbie cheater
Reputation: 0

Joined: 05 Nov 2017
Posts: 14
Location: Behind the keyboard

PostPosted: Mon Feb 05, 2018 1:12 pm    Post subject: Reply with quote

Thanks!!
will try again

Could you please help me with one more thing😀
the thing is that I want to make one hit kill script and I did make that and its working but problem is that when I turn it off,game crashes
I'll tell you how I did that
the game has shared code for health so I used aob script for finding my health and freeze it(wasn't so lucky with dissecting)
and then I modified the code which decreases the health of both to get one hit kill
it works but only problem is after disabling it
is my way of doing this right or wrong??
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater
Reputation: 23

Joined: 09 Aug 2013
Posts: 624

PostPosted: Mon Feb 05, 2018 2:11 pm    Post subject: Reply with quote

badboy_16 wrote:
but problem is that when I turn it off,game crashes
If it's a 64 bit game there's a common issue with allocating memory being farther away from the hook than will fit in a 5 byte jmp but CE doesn't generate the disable section to properly handle that case causing incorrect bytes to be there after disabling, generally a simple solution is to make sure the newmem alloc has a third argument telling it to allocate memory near the code you're hooking eg. instead of alloc(newmem,$1000) use alloc(newmem,$1000, INJECT) (where INJECT is whatever label/symbol was used for the aobscan).
Back to top
View user's profile Send private message
TheyCallMeTim13
Wiki Contributor
Reputation: 8

Joined: 24 Feb 2017
Posts: 272
Location: Right Here Buddy.

PostPosted: Mon Feb 05, 2018 2:24 pm    Post subject: Reply with quote

It sounds like the disable section isn't right, if you're using ASM in the disable section CE might be assembling a different number of bytes, I would pause/freeze the game and enable and disable it and watch to see if it is right. This is why most write the exact bytes when disabling.

As for OHKs I prefer to find a good spot to pull the a health address base, then in some health decrease/write instructions I just check the base address, and kill all that don't match. But some games will have even objects like tables or chairs running in the same code, and you will have to find a class pointer or ID value in the structure to determine if it's the right thing to kill. But most times just checking against the base I store else where is fine. I like to really test the instruction for the base, see what addresses it accesses in all conditions, even load screens, to see that I get the expected behavior, and I like to find places that even clear the value during loading and what not, so as to make it easy to check for.

_________________
A: What manner of man are you that can summon up fire without flint or tinder?
T: I... am an enchanter.
Back to top
View user's profile Send private message
badboy_16
Newbie cheater
Reputation: 0

Joined: 05 Nov 2017
Posts: 14
Location: Behind the keyboard

PostPosted: Tue Feb 06, 2018 1:21 pm    Post subject: Reply with quote

FreeER wrote:
generally a simple solution is to make sure the newmem alloc has a third argument telling it to allocate memory near the code you're hooking eg. instead of alloc(newmem,$1000) use alloc(newmem,$1000, INJECT) (where INJECT is whatever label/symbol was used for the aobscan).


But i have two different scripts-one is aob for my health and the other is for OHK
see below SS
Could you please make some time to teach me how to combine my both scripts??

@TheyCallMeTim13
I checked if the disable part is assigning the same bytes after disabling and yes it does
Quote:
As for OHKs I prefer to find a good spot to pull the a health address base, then in some health decrease/write instructions I just check the base address, and kill all that don't match. But some games will have even objects like tables or chairs running in the same code, and you will have to find a class pointer or ID value in the structure to determine if it's the right thing to kill. But most times just checking against the base I store else where is fine. I like to really test the instruction for the base, see what addresses it accesses in all conditions, even load screens, to see that I get the expected behavior, and I like to find places that even clear the value during loading and what not, so as to make it easy to check for.

In dissecting?
I tried with that and found the difference too but making script and disabling it again causes the crash:(

I think problem is with my code editing cuz its not as simple as that of a 'mov'



2.png
 Description:
this is for ohk
See how i edit the code
tell me if im doing something wrong somewhere
 Filesize:  169.19 KB
 Viewed:  589 Time(s)

2.png



1.png
 Description:
And this is simple aob for my health
 Filesize:  185.35 KB
 Viewed:  589 Time(s)

1.png


Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater
Reputation: 23

Joined: 09 Aug 2013
Posts: 624

PostPosted: Tue Feb 06, 2018 1:40 pm    Post subject: Reply with quote

the OHK script is already doing as I mentioned and the other isn't using alloc so it doesn't apply there (nor could it be crashing on disable since it doesn't do anything other than unregister a symbol, even if it was used in another AA script it wouldn't cause a crash here)

hm... all I can think of here is to try moving the dealloc to the bottom.

Code:
[DISABLE]
"BatmanAK.exe"+5341E73:
  sub [rsi], edi
  mov eax, [rsi]
  mov rbx, [rsp+40]

dealloc(newmem)


that way, in theory, the hook is replaced before the memory is deallocated which means the memory can't be deallocated and then the hook gets executed and jmps to the now invalid memory, before the hook is replaced with the original code. Not actually sure if CE follows the code order there but, as I said it's the only thing I can think of right now.
Back to top
View user's profile Send private message
TheyCallMeTim13
Wiki Contributor
Reputation: 8

Joined: 24 Feb 2017
Posts: 272
Location: Right Here Buddy.

PostPosted: Tue Feb 06, 2018 5:07 pm    Post subject: Reply with quote

I think the help file says some where that "dealloc" runs last, and it shouldn't do that. But I had crashes when testing with a thread in a hooked process, that were only solved be moving the "dealloc"s to the end of the scripts. But even there you can get crashes if the thread gets stuck in the deallocated memory, so if the instructions fire too quickly then this can cause crashes.
_________________
A: What manner of man are you that can summon up fire without flint or tinder?
T: I... am an enchanter.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 347

Joined: 09 May 2003
Posts: 20276
Location: The netherlands

PostPosted: Tue Feb 06, 2018 5:34 pm    Post subject: Reply with quote

try it without dealloc (just as a test to figure out if it's the restoring of the bytes, or the freeing of the memory)

(and dealloc acts as a suggestion for CE to free the memory, only if you've provided dealloc of all the alloc's in the enable script, CE will free it, else nope)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Back to top
View user's profile Send private message MSN Messenger
badboy_16
Newbie cheater
Reputation: 0

Joined: 05 Nov 2017
Posts: 14
Location: Behind the keyboard

PostPosted: Wed Feb 07, 2018 7:08 am    Post subject: Reply with quote

Thanks for replying and sorry for late response
Tried both moving dealloc to bottom and without dealloc
But nothing seems to work
Any other solutions??
Back to top
View user's profile Send private message
TheyCallMeTim13
Wiki Contributor
Reputation: 8

Joined: 24 Feb 2017
Posts: 272
Location: Right Here Buddy.

PostPosted: Wed Feb 07, 2018 7:22 am    Post subject: Reply with quote

Have you tried to pause/freeze the process before disabling, that or set a breakpoint before the injection point and disable and step through the code to see where it crashes at.
_________________
A: What manner of man are you that can summon up fire without flint or tinder?
T: I... am an enchanter.
Back to top
View user's profile Send private message
badboy_16
Newbie cheater
Reputation: 0

Joined: 05 Nov 2017
Posts: 14
Location: Behind the keyboard

PostPosted: Wed Feb 07, 2018 8:47 am    Post subject: Reply with quote

I got that working!!!!!!
Problem was that changing sub [rsi],edi to sub [rsi],25 also noping the mov eax,[rsi] but I was keeping this as it was
Thank you all for your precious time and information
You guys are the best
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites