| View previous topic :: View next topic |
| Author |
Message |
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
 Posted: Fri Feb 17, 2012 4:01 pm Post subject: working code after level restart don't work anymore |
 |
|
i made an auto assemble code that:
checks if the code writes to my address, if no runs original code, if yes checks the value that the code is about to store in my address if value = 1 then jump to my code if anything else just run original code.
now this code works if i load the level and then activate the code, before loading next level disable the code and then re enable it after the next level successfully loads.
this code doesn't work for next level if i don't deactivate it before the end of first level ... i hope you understood
PS: to check if the code writes to my address i had to find the pointer of my address
while loading level2 or any level the pointer points nowhere (P->????????) and sometimes point to an address which value = ??
when the address points to P->??? or value = ?? the code won't even activate
my guess is that the code sops working because of that
Now how can i make the code activable when the address points to P->??? or value = ??
also how do i make it work in level2 without having to deactivate it before the end of level1
is there a method to activate the code only when the pointer gives a valid address and a valid value and then auto deactivate it when pointer points to an invalid address/value and then auto reactivate it when the pointer gives a valid address and a valid value.
in other words i want to activate this code no matter if the address or value is valid or not and i want it to work all the time even after level1 level2 and 3 ...
_________________
... Fresco |
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
| Posted: Fri Feb 17, 2012 4:41 pm Post subject: |
|
|
| Quote: |
this code doesn't work for next level if i don't deactivate it before the end of first level
|
Do you mean that the game crashes or that it won't have any more effect after that ?
If crash, then add checks if a pointer is NULL or not
e.g
| Code: |
mov eax,[base+1234]
cmp eax,0
je invalid
mov eax,[eax+20]
cmp eax,0
je invalid
mov eax,[eax+48]
cmp eax,0
je invalid
//eax now contains the address of what you want
//do stuff
invalid:
//return home
|
Alternatively, try an exception handler
I have an example of such a situation here:
http://forum.cheatengine.org/viewtopic.php?t=488611
If no crash bu just won't have any effect anymore (weird) then check if the base address contains a "xxx.dll" notation instead of "xxx.exe" , perhaps the game unloads and reloads the dll on mapchange. Perhaps you can find an address that contains that dll's address somewhere in the static memory of the game and use that as base pointer instead
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
| Posted: Sat Feb 18, 2012 6:47 am Post subject: |
|
|
The game does not crash, it just won't have any effect anymore.
The base address of my pointer is a "game.exe"
i guess I'll just have to try an exception handler.
I'll report back if the operation was successful.
_________________
... Fresco |
|
| Back to top |
|
|
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
| Posted: Sat Feb 18, 2012 2:54 pm Post subject: |
|
|
i have read (and tried to apply it to my game) the mass effect code but i didn't understand how does it work because it wasn't all explained... and frankly i don't like just to copy/paste a code, replace few things, and that's it ... i want to understand it.
so would you be so kind to post a reply of an analog code generalized, with step by step explanation.
all i need is to check if the pointer points to a valid address and value, if yes do mycode, if not do originalcode
ps: i don't get why you used some nop's before / after some code ...
_________________
... Fresco |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
| Posted: Sun Feb 19, 2012 12:22 pm Post subject: |
|
|
From your explanation an exception handler won't have any affect at all as it's not crashing. (The exception handler prevents the crash)
No idea really, does the game completely restart on map change ? (Does the processid change ?)
There is an online game I heard of that does this
| Quote: | | i don't get why you used some nop's before / after some code ... |
That is because the 5 byte jump isn't big enough to encompass all the bytes that have been affected by the jump
e.g instruction1 is 3 bytes, instruction2 is 12 bytes. Placing a jmp xxxx at instruction1 will affect instruction2 as well, so a block of 15 bytes is affected
The jmp is 5 bytes, so the jump back should be 10 bytes after that. Which is what the nops are for. I could of course do as jump back : Jumpstart+15, but nop's make a simple "returnHere" possible
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
| Posted: Sun Feb 19, 2012 1:12 pm Post subject: |
|
|
Now I get why use nop's ... and makes sense why Intel included this instruction in the cpu's instruction set.
while working on my code i forgot to say that i solved the main problem of this thread.
| Code: | // that was my pointer
lea eax,[[[[game.exe+address]+offset1inhex]+offset2inhex]+offset3inhex]
// i figured that it was wrong because CE calculates the pointer address just when you enable the code ... and if the pointer changes CE will not recalculate the address |
so i replaced the code with that:
| Code: |
mov eax,"game.exe"+address // this would be the address of the first pointer
mov eax,[eax]
add eax,offset1inhex
mov eax,[eax]
add eax,offset2inhex
mov eax,[eax]
add eax,offset3inhex
// this way the pointer gets calculated every time the code accesses/executes it |
so problem solved ... I should be saying sorry for not posting the code it would have been more simple.
but now i have a real problem that requires an exception handler.
let me clarify.
my pointer holds a feature that is present only in some levels ... for example in the main menu pointer points to ???? because the feature is not present ; in the first and second level is valid because level 1 and 2 have that feature ... but when it comes to level 3 my pointer points nowhere ???? because the feature is not present in that level.
now my game crashes when loading from level 2 to 3 ... or main menu to level 3 ... it does not crash in the main menu because my code (that contains the instruction to read an invalid pointer) is not being accessed or executed ... but when comes to level 3 my code is being executed, therefore the game crashes because the cpu encountered an invalid instruction (read an invalid address and comare it)
| Quote: | i have read (and tried to apply it to my game) the mass effect code but i didn't understand how does it work because it wasn't all explained... and frankly i don't like just to copy/paste a code, replace few things, and that's it ... i want to understand it.
so would you be so kind to post a reply of an analog code generalized, with step by step explanation.
all i need is to check if the pointer points to a valid address and value, if yes do mycode, if not do originalcode. |
_________________
... Fresco |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
| Posted: Sun Feb 19, 2012 1:47 pm Post subject: |
|
|
Are you sure this is the same kind of pointer used in the game ?
If so, you could do a check if the pointer is NULL or not
| Code: |
mov eax,"game.exe"+address // this would be the address of the first pointer
mov eax,[eax]
cmp eax,0
je invalid
add eax,offset1inhex
mov eax,[eax]
cmp eax,0
je invalid
add eax,offset2inhex
mov eax,[eax]
cmp eax,0
je invalid
add eax,offset3inhex
|
If it's not and it's actually pointing to invalid memory instead of properly cleaned then an exception handler is needed yes
You could just copy/paste the masseffect exceeption handler, the code is quite generic. Just replace the code between try and except
But I'll try to explain:
Check the explenation for an breakpoint here: http://forum.cheatengine.org/viewtopic.php?p=5330381#5330381
The exception that reading an invalid address causes goes through the same path (except instead of a debug interrupt it's a pagefault interrupt)
If not handled in the interrupt it sends the message to the exception handler of the process if there is one.
If you use vectored exception handling, there is one.
On the exception your exception handler gets called.
Your first job is to figure out if the exception came from your code, or from another part of the game.
to do that you check the parameters windows gave it. ( http://msdn.microsoft.com/en-us/library/windows/desktop/ms681419%28v=vs.85%29.aspx )
At entry point of your exception handler ESP+4 contains the address of an "EXCEPTION_POINTERS" structure ( http://msdn.microsoft.com/en-us/library/windows/desktop/ms679331%28v=vs.85%29.aspx )
| Quote: |
typedef struct _EXCEPTION_POINTERS {
PEXCEPTION_RECORD ExceptionRecord;
PCONTEXT ContextRecord;
} EXCEPTION_POINTERS, *PEXCEPTION_POINTERS;
|
The ContextRecord contains the EIP value which you will need to check if the origin was from your code or something else
So, you first need to get the ContextRecord Pointer which is 4 bytes after the start of the EXCEPTION_POINTERS structure. You also have to dereference that to get the address of the ContextRecord start
EIP is stored 0xb8 bytes from the start of that structure
If it belongs to your code you must tell windows that the exception has been handled and that it should stop looking for other exception handlers or terminating the process
You do that by returning -1 (ffffffff)
(And if it isn't caused by you, return 0 so the game can handle it instead)
fyi: function results are always returned in EAX, so make EAX ffffffff or 0
that's how the handler works
-
Now to make windows go to your function on exception you need to call AddVectoredExceptionHandler (http://msdn.microsoft.com/en-us/library/windows/desktop/ms679274%28v=vs.85%29.aspx )
In ce it's adress is RtlAddVectoredExceptionHandler
| Quote: |
PVOID WINAPI AddVectoredExceptionHandler(
__in ULONG FirstHandler,
__in PVECTORED_EXCEPTION_HANDLER VectoredHandler
);
|
As you can see it requires 2 parameters, if it's the first handler and the address to your function (you want it to be the first handler)
As usual, function calling in windows is:
push param2
push param1
call function
so:
push addressofexceptionhandler
push 1 //so it becomes the first one
call RtlAddVectoredExceptionHandler
when successful eax contains the result (not 0)
---
Note that exceptions can be slow, so if executed in a place that's executed for almost everything else it will slow down if the address is invalid
And disabling it isn't worth the effort.. (you can disable it, but requires a lot more steps than just setting it up)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
| Posted: Mon Feb 20, 2012 5:05 am Post subject: |
|
|
question:
| Quote: | so:
push addressofexceptionhandler
push 1 //so it becomes the first one
call RtlAddVectoredExceptionHandler |
why do you push 0 in mass effect code ?
_________________
... Fresco |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
| Posted: Mon Feb 20, 2012 5:48 am Post subject: |
|
|
Because there I didn't really mind if it was the first or last. As long as it got handled. (The crash was due to an unhandled exception, not due to the exception handler of the game causing a error dialog with debug info to pop up)
But generally, I recommend just using the 1 so you get it first before the game's exception handler doesn't handle the unexpected exception properly and starts showing debug messages saying that it has to close due to an unexpected exception
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
| Posted: Mon Feb 20, 2012 7:20 am Post subject: |
|
|
another question:
| Code: | initializedammoexceptionhandler:
//-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
newmem:
pushfd
push eax
cmp [initializedammoexceptionhandler],0
jne initialized
push ammoexceptionhandler
push 1
call RtlAddVectoredExceptionHandler
mov [initializedammoexceptionhandler],eax |
here
cmp [initializedammoexceptionhandler],0
the first time you run this code what value is "[initializedammoexceptionhandler]" ?// i suppose is not zero ... but nothing set it to not zero
and then when it comes to "mov [initializedammoexceptionhandler],eax"
eax equal to "not zero" if ponter is valid ... if invalid is equal to zero?
_________________
... Fresco |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
| Posted: Mon Feb 20, 2012 8:08 am Post subject: |
|
|
Allocated memory like that is always initialized to 0
Yes, if initialization has failed for whatever reason, then the function returns 0
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
| Posted: Mon Feb 20, 2012 10:47 am Post subject: |
|
|
another question:
| Code: | mov [eax],exception
mov eax,FFFFFFFF
ret 4 |
| Code: | exception:
//the pointer doesn't seem to be valid 100% of the time(e.g holstered, but then you usually won't fire)
//inc [nrcounter] //debug counter
mov eax,[lastsuccess]
cmp eax,edi
jne short notammo
pop eax
popfd
jmp exit |
mov eax,FFFFFFFF <- i get that this one is to tell that our pointer i points to a valid address
but before that what does it mean to move "mov [eax],exception" what's the address of exception ? and why moove it into the value of eax ?
_________________
... Fresco |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
| Posted: Mon Feb 20, 2012 10:55 am Post subject: |
|
|
at the time that "mov [eax],exception" is executed, EAX contains the address of context.EIP
Changing this to the address of "exception" will cause the "exception" code to be executed on return instead of executing the same instruction that caused the exception
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
| Posted: Mon Feb 20, 2012 10:57 am Post subject: |
|
|
but why don't use a call ?
and yet another question
what does it mean to
_________________
... Fresco |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
| Posted: Mon Feb 20, 2012 11:09 am Post subject: |
|
|
because the state you're in in the exception handler is completly different from the state before the exception happened. (the stack might even be different)
you MUST exit by setting EAX to 0 or ffffffff and continue based on the contents of the context record you've set (just the changed eip)
| Code: |
cmp [eax],try
jb short nothandled
cmp [eax],try_exit
jae short nothandled
|
This checks if the instruction pointer ([EAX]=EIP) was between try and try_exit
If not, this exception was not caused by my code and the routine should return 0 instead of ffffffff so the exception handler of the game can handle it instead
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
