Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Script causing game to crash

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
D1g1Byt3
Cheater
Reputation: 0

Joined: 02 Dec 2015
Posts: 40

PostPosted: Mon Jun 19, 2017 12:07 pm    Post subject: Script causing game to crash Reply with quote

I was just making a simple script for the game Crea
Code:
http://store.steampowered.com/app/280520/Crea/

Steam specifically

For now all I was trying to do was store the base address in label to access later
and then add the health and stamina offsets to get the addresses. I really don't know how to explain it properly.

Anyways the problem I am having is this.
I tried adding what I think to be the base address to a label, when I enable the script it acts like its going to add the address, and when a value such as the health changes. The game just crashes. No warning or error or anything. I was wondering if there is something I am missing. I was able to debug just fine with no crash, but as soon as I enable the script and a value changes. It crashes.


Here is the script:
Code:

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

 
 
aobscanmodule(hpread,crea.exe,89 81 84 00 00 00 C6) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

globalalloc(_playerbase,4)

newmem:

code:
  mov [_playerbase],rcx
  mov [rcx+00000084],eax
  jmp return

hpread:
  jmp newmem
  nop
return:
registersymbol(hpread)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
hpread:
  db 89 81 84 00 00 00

unregistersymbol(hpread)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "crea.exe"+75C27A

"crea.exe"+75C252: C7 40 18 00 00 00 00     -  mov [rax+18],00000000
"crea.exe"+75C259: 48 8D 50 08              -  lea rdx,[rax+08]
"crea.exe"+75C25D: 48 8D 40 10              -  lea rax,[rax+10]
"crea.exe"+75C261: 0F 2F D8                 -  comiss xmm3,xmm0
"crea.exe"+75C264: 48 0F 46 D0              -  cmovbe rdx,rax
"crea.exe"+75C268: 48 8D 44 24 70           -  lea rax,[rsp+70]
"crea.exe"+75C26D: F3 0F 10 02              -  movss xmm0,[rdx]
"crea.exe"+75C271: 0F 2F C2                 -  comiss xmm0,xmm2
"crea.exe"+75C274: 48 0F 47 C2              -  cmova rax,rdx
"crea.exe"+75C278: 8B 00                    -  mov eax,[rax]
// ---------- INJECTING HERE ----------
"crea.exe"+75C27A: 89 81 84 00 00 00        -  mov [rcx+00000084],eax
// ---------- DONE INJECTING  ----------
"crea.exe"+75C280: C6 81 C0 00 00 00 01     -  mov byte ptr [rcx+000000C0],01
"crea.exe"+75C287: 48 81 C1 98 00 00 00     -  add rcx,00000098
"crea.exe"+75C28E: E8 9D AD FF FF           -  call crea.exe+757030
"crea.exe"+75C293: EB 3E                    -  jmp crea.exe+75C2D3
"crea.exe"+75C295: 0F 57 C9                 -  xorps xmm1,xmm1
"crea.exe"+75C298: C7 44 24 78 00 00 00 00  -  mov [rsp+78],00000000
"crea.exe"+75C2A0: 48 8D 81 8C 00 00 00     -  lea rax,[rcx+0000008C]
"crea.exe"+75C2A7: 48 8D 4C 24 68           -  lea rcx,[rsp+68]
"crea.exe"+75C2AC: 0F 2F 18                 -  comiss xmm3,[rax]
"crea.exe"+75C2AF: 48 0F 47 C8              -  cmova rcx,rax
}
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Wed Jun 21, 2017 1:31 pm    Post subject: Reply with quote

hey,

are you trying to say that you want CE to find the dynamic address and store it in _player base with the value?

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
D1g1Byt3
Cheater
Reputation: 0

Joined: 02 Dec 2015
Posts: 40

PostPosted: Wed Jun 21, 2017 1:48 pm    Post subject: Reply with quote

Yeah, I want to store the "Base Address" and add it with the offsets to things like HP, and stamina manually.
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Wed Jun 21, 2017 1:51 pm    Post subject: Reply with quote

okay just post the code here without your modification so I can read.

EDIT: lol, this is strange. usually people want the address and the value for health stamina or whatever but NOT the BASE address.
whatever you want ill help you with it.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
D1g1Byt3
Cheater
Reputation: 0

Joined: 02 Dec 2015
Posts: 40

PostPosted: Wed Jun 21, 2017 1:59 pm    Post subject: Reply with quote

OldCheatEngineUser wrote:
okay just post the code here without your modification so I can read.

Code:

// ORIGINAL CODE - INJECTION POINT: 7FF6F4220007

7FF6F421FFEF: 00 00              -  add [rax],al
7FF6F421FFF1: 00 00              -  add [rax],al
7FF6F421FFF3: 00 00              -  add [rax],al
7FF6F421FFF5: 00 00              -  add [rax],al
7FF6F421FFF7: 00 00              -  add [rax],al
7FF6F421FFF9: 00 00              -  add [rax],al
7FF6F421FFFB: 00 00              -  add [rax],al
7FF6F421FFFD: 00 00              -  add [rax],al
7FF6F421FFFF: 00 48 89           -  add [rax-77],cl
7FF6F4220002: 0D F9 FF FE FF     -  or eax,FFFEFFF9
// ---------- INJECTING HERE ----------
7FF6F4220007: 89 81 84 00 00 00  -  mov [rcx+00000084],eax
// ---------- DONE INJECTING  ----------
7FF6F422000D: E9 BE BA 76 00     -  jmp crea.exe+75BAD0
7FF6F4220012: 90                 -  nop
7FF6F4220013: 90                 -  nop
7FF6F4220014: 90                 -  nop
7FF6F4220015: 90                 -  nop
7FF6F4220016: 90                 -  nop
7FF6F4220017: 90                 -  nop
7FF6F4220018: 90                 -  nop
7FF6F4220019: 90                 -  nop
7FF6F422001A: 90                 -  nop
}


I want to be able to "Store" the base address with an injection copy, and then use it create like a pointer for the other offsets to get the addess for things like HP, and stamina. I don't know if I'm explaining it properly or not.
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Wed Jun 21, 2017 2:01 pm    Post subject: Reply with quote

seems you are hooking data not code
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
D1g1Byt3
Cheater
Reputation: 0

Joined: 02 Dec 2015
Posts: 40

PostPosted: Wed Jun 21, 2017 2:03 pm    Post subject: Reply with quote

OldCheatEngineUser wrote:
seems you are hooking data not code


what do you mean?
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Wed Jun 21, 2017 2:07 pm    Post subject: Reply with quote

in every software.
theres a .data section and .code section.
data section get changed whenever you restart the game.
code section is static, codes there will not change unless if there is an update.

PLUS: if its really data section then
7FF6F4220007: 89 81 84 00 00 00 - mov [rcx+00000084],eax
when you loss health or stamina this line of assembly instruction will be changed.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Wed Jun 21, 2017 2:33 pm    Post subject: Reply with quote

Looks like code to me.

Going back to the script in the first post, there's no guarantee newmem will be within a rel32 displacement of the injection point. This may cause CE to assemble a longer jump that takes up 14 bytes instead of the normal 5 bytes. If you want to always use the 5-byte version, pass a 3rd parameter to alloc specifying the region to allocate memory near.

You also may need to change the write to [_playerbase] to use a valid 64-bit addressing mode- under certain circumstances, that instruction won't assemble. One way would be to use another register to hold the destination (e.g. mov rdi,_playerbase / mov [rdi],rcx); back up the register if need be.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Wed Jun 21, 2017 4:02 pm    Post subject: Reply with quote

okay standing on the first post, its codes section. and second post might be the new allocated memory.

maybe all what he have to do is use LEA instruction.

Code:


[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

 
 
aobscanmodule(hpread,crea.exe,89 81 84 00 00 00 C6) // should be unique
alloc(newmem,$100)

label(code)
label(return)

alloc(playerbase,8)
registersymbol(playerbase)

newmem:
  push rbx
  lea rbx,[rcx] // [rcx] will load the current base address "as you said and want"
  mov [playerbase],rbx
  pop rbx

code:
  mov [rcx+00000084],eax
  jmp return

hpread:
  jmp newmem
  nop
return:
registersymbol(hpread)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
hpread:
  db 89 81 84 00 00 00

unregistersymbol(playerbase)
dealloc(playerbase)
unregistersymbol(hpread)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "crea.exe"+75C27A

"crea.exe"+75C252: C7 40 18 00 00 00 00     -  mov [rax+18],00000000
"crea.exe"+75C259: 48 8D 50 08              -  lea rdx,[rax+08]
"crea.exe"+75C25D: 48 8D 40 10              -  lea rax,[rax+10]
"crea.exe"+75C261: 0F 2F D8                 -  comiss xmm3,xmm0
"crea.exe"+75C264: 48 0F 46 D0              -  cmovbe rdx,rax
"crea.exe"+75C268: 48 8D 44 24 70           -  lea rax,[rsp+70]
"crea.exe"+75C26D: F3 0F 10 02              -  movss xmm0,[rdx]
"crea.exe"+75C271: 0F 2F C2                 -  comiss xmm0,xmm2
"crea.exe"+75C274: 48 0F 47 C2              -  cmova rax,rdx
"crea.exe"+75C278: 8B 00                    -  mov eax,[rax]
// ---------- INJECTING HERE ----------
"crea.exe"+75C27A: 89 81 84 00 00 00        -  mov [rcx+00000084],eax
// ---------- DONE INJECTING  ----------
"crea.exe"+75C280: C6 81 C0 00 00 00 01     -  mov byte ptr [rcx+000000C0],01
"crea.exe"+75C287: 48 81 C1 98 00 00 00     -  add rcx,00000098
"crea.exe"+75C28E: E8 9D AD FF FF           -  call crea.exe+757030
"crea.exe"+75C293: EB 3E                    -  jmp crea.exe+75C2D3
"crea.exe"+75C295: 0F 57 C9                 -  xorps xmm1,xmm1
"crea.exe"+75C298: C7 44 24 78 00 00 00 00  -  mov [rsp+78],00000000
"crea.exe"+75C2A0: 48 8D 81 8C 00 00 00     -  lea rax,[rcx+0000008C]
"crea.exe"+75C2A7: 48 8D 4C 24 68           -  lea rcx,[rsp+68]
"crea.exe"+75C2AC: 0F 2F 18                 -  comiss xmm3,[rax]
"crea.exe"+75C2AF: 48 0F 47 C8              -  cmova rcx,rax
}



EDIT: since its 64bit game, he need to allocate 8bytes to his address (playerbase). otherwise it will cause a technical error.
you can notice his second code post. addresses are long.
he actually need 6 bytes, but keep it 8 just in case.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites