View previous topic :: View next topic |
Author |
Message |
gamerp Newbie cheater Reputation: 0
Joined: 20 Mar 2024 Posts: 10
|
Posted: Wed Mar 20, 2024 8:24 am Post subject: Using a register as a pointer? |
|
|
Hello all,
I'm new to writing scripts for CE so hope I'm posting in the right place.
So recently I've read up on how to do AOB scans. Looking at the memory viewer I can see it seems to be moving a value from rcx+00000214 here.
1. Is it possible to register the address as a symbol? I've tried googling about this but can't seem to find anything about it (or at least some code I can follow).
2. Since this pointer address seems to be 8 values in hex, does that mean 8 bytes is enough? Or should it be 16 because it's 64bit?
[See screen 1]
3. At some point I tried to perform an AOB scan (with no injection script enabled) but it doesn't find anything even though I can see the signature bytes in the memory viewer.
I then try to restart both the game and CE but it's still not found. If I then enable the aobscanmodule script itself despite the 0 results, the script still works using the same signature.
Why is this?
[See screen 2]
Description: |
|
Filesize: |
138.13 KB |
Viewed: |
674 Time(s) |
|
Description: |
|
Filesize: |
71.25 KB |
Viewed: |
674 Time(s) |
|
|
|
Back to top |
|
|
LeFiXER Grandmaster Cheater Supreme Reputation: 20
Joined: 02 Sep 2011 Posts: 1055 Location: 0x90
|
Posted: Wed Mar 20, 2024 9:58 am Post subject: |
|
|
Each byte consists of 2 characters. So 4-bytes = 32-bit and 8-bytes = 64-bit. You can register a symbol to use the pointer:
Code: |
aobscan(unique_symbol_here,module,aob)
alloc(newmem,$1000,unique_symbol_here)
label(code)
label(pointer)
label(my_symbol)
newmem:
test rcx,rcx
jz code
mov [my_symbole],rcx
my_symbol:
dq 0 // declare quadword (8-bytes) since the register is a 64-bit register
code:
// original instructions
...
|
Note: you should name your scripts something other than INJECT, when it comes to creating multiple scripts that use the same symbol name conflicts arise and problems begin to manifest. In addition to that you should place the changes to code under newmem so that when it comes to updating you will know the changes you made more easily, or when asking for help, people can differentiate between the original instructions and what you have added.
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4307
|
Posted: Wed Mar 20, 2024 2:43 pm Post subject: |
|
|
1: search "injection copy"
2: 1 byte = 8 bits. (8 bytes = 64 bits)
3: the memory you're searching for probably isn't writable. Right click that "Writable / Executable / Copy on Write" area under "Memory Scan Options" in the main window and select "Preset: scan all memory"
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
gamerp Newbie cheater Reputation: 0
Joined: 20 Mar 2024 Posts: 10
|
Posted: Wed Mar 20, 2024 2:57 pm Post subject: |
|
|
@parkour
I saw one of your other posts but I end up with a very detailed posts with broken screenshots so I can't see what's being done ^^;
I can't link but it's titled "Guides: Pointer Scanner + Injection Copies + AOB To Data"?
@fixer
Thanks for the reply.
I'm not quite following the code but yes, I know "inject" is just a default template. I'm guessing the code does the following?
Code: | test rcx,rcx // test if there's a value
je code // jump to code if none
mov [my_symbol], rcx // move address in rcx to my_symbol |
@All
When I try the moving the address into my own variable, I end up with a different value than what my pointer scan is showing. So I decided to experiment by directly inserting the correct address:
Code: | mov [moneyptr], 15939DDFB38 |
But even then when the script is triggered, the address comes out as the wrong value 7FF64E7A1000... Can anyone explain what I'm doing wrong?
Description: |
|
Filesize: |
78.85 KB |
Viewed: |
647 Time(s) |
|
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4307
|
Posted: Wed Mar 20, 2024 3:30 pm Post subject: |
|
|
All registers have values. `test rcx,rcx` / `je ...` checks if `rcx` is 0. In the context of copying addresses, this does nothing since the game would crash if the address was 0.
`moneyptr` is memory you allocated. You're storing the address of something else in that memory. A value that stores the address of some other value is a pointer. Click the "pointer" checkbox, put "moneyptr" (no quotes) as the base address, and use "328" as the only offset.
Also, the game must run the code for your code injection to do anything. The value of moneyptr will be 0 until the game runs that code.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
gamerp Newbie cheater Reputation: 0
Joined: 20 Mar 2024 Posts: 10
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4307
|
Posted: Wed Mar 20, 2024 7:38 pm Post subject: |
|
|
The base address is the one on the bottom; the field with arrows on the side of it is the offset. Don't use "+00000328" for the offset either; just use "328" (no quotes)
PS: Don't put `dealloc(moneyptr,8)`; just do what CE does and only put the symbol
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
gamerp Newbie cheater Reputation: 0
Joined: 20 Mar 2024 Posts: 10
|
Posted: Wed Mar 20, 2024 8:08 pm Post subject: |
|
|
Doh, of course! Been using pointers so much before doing this code injection as well :facepalm:
Thanks, ParkourPenguin! Pointing correctly now!
|
|
Back to top |
|
|
|