 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
NoMoreBSoD
Advanced Cheater
![]() Reputation: 3
Joined: 03 Sep 2013
Posts: 85
|
 Posted: Wed Nov 27, 2013 1:29 pm Post subject: Assembly injections make the game crash with too many labels |
 |
|
Hello everyone ! I'm trying to create a table for Risk of Rain on Steam and my game crashes when I try to extract too many values (5) through a code injection but it works fine with just 2. What am I doing wrong ? I can't think of a workaround, except maybe to inject again the code I injected but I have no idea how to do that.
Here is the working script :
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
label(Timer1)
registersymbol(pTimer1)
alloc(pTimer1,8)
label(Timer2)
registersymbol(pTimer2)
alloc(pTimer2,8)
pTimer1:
dd 0
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp [eax+20], 18bf4 // elapsed time formula 1
je Timer1
cmp [eax+20], 18c96 // elapsed time formula 2
je Timer2
Timer1:
cmp [eax+48], 18bf5 // elapsed time formula 1 check 2
jne originalcode
mov [pTimer1], eax
jmp originalcode
Timer2:
mov [pTimer2], eax
jmp originalcode
originalcode:
fild qword ptr [ecx+eax]
fild qword ptr [eax]
exit:
jmp returnhere
"Risk of Rain.exe"+4529:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
unregistersymbol(pTimer1)
dealloc(pTimer1)
unregistersymbol(pTimer2)
dealloc(pTimer2)
"Risk of Rain.exe"+4529:
fild qword ptr [ecx+eax]
fild qword ptr [eax]
//Alt: db DF 2C 01 DF 28 |
And here is the faulty one :
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,4048)
label(returnhere)
label(originalcode)
label(exit)
label(Timer1)
label(Timer2)
label(Money)
label(Health1)
label(Health2)
registersymbol(pTimer1)
alloc(pTimer1,8)
registersymbol(pTimer2)
alloc(pTimer2,8)
registersymbol(pMoney)
alloc(pMoney,8)
registersymbol(pHealth1)
alloc(pHealth1,8)
registersymbol(pHealth2)
alloc(pHealth2,8)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp [eax+20], 18bf4 // elapsed time formula 1
je Timer1
cmp [eax+20], 18c96 // elapsed time formula 2
je Timer2
cmp [eax+20], 187d9 // Current Money
je Money
cmp [eax+20], 1879e // Max Health
je Health1
cmp [eax+20], 186bf // Max Health 2
je Health2
Timer1:
cmp [eax+48], 18bf5
jne originalcode
mov [pTimer1], eax
jmp originalcode
Timer2:
cmp [eax+48], 18c97
jne originalcode
mov [pTimer2], eax
jmp originalcode
Money:
cmp [eax+48], 18c9e
jne originalcode
mov [pMoney], eax
jmp originalcode
Health1:
cmp [eax+48], 186bf
jne originalcode
mov [Health1], eax
jmp originalcode
Health2:
cmp [eax+48], 186cb
jne originalcode
mov [Health2], eax
jmp originalcode
originalcode:
fild qword ptr [ecx+eax]
fild qword ptr [eax]
exit:
jmp returnhere
"Risk of Rain.exe"+4529:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
unregistersymbol(pTimer1)
dealloc(pTimer1)
unregistersymbol(pTimer2)
dealloc(pTimer2)
unregistersymbol(pMoney)
dealloc(pMoney)
unregistersymbol(pHealth1)
dealloc(pHealth1)
unregistersymbol(pHealth2)
dealloc(pHealth2)
"Risk of Rain.exe"+4529:
fild qword ptr [ecx+eax]
fild qword ptr [eax]
//Alt: db DF 2C 01 DF 28 |
|
|
| Back to top |
|
 |
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Wed Nov 27, 2013 3:38 pm Post subject: Re: Assembly injections make the game crash with too many la |
|
|
Replace: | Code: | mov [Health1], eax
...
mov [Health2], eax |
by: | Code: | mov [pHealth1], eax
...
mov [pHealth2], eax |
EDIT: apparently what I said below is bullshit, so ignore it.
END OF EDIT
BTW: when you do alloc(Whatever,8 ) windows gives you 4096 bytes so you're wasting "tons" of memory when you use one alloc per variable. I suggest something like; | Code: | alloc(MemoryBuffer,Anything below 4096)
label(MyVariable)
registersymbol(MyVariable)
label(MyOtherVariable)
registersymbol(MyOtherVariable)
MemoryBuffer:
//put your code here
//then the variables
MyVariable:
dq 0
MyOtherVariable:
dq 0 |
_________________
DO NOT PM me if you want help on making/fixing/using a hack.
Last edited by Gniarf on Wed Nov 27, 2013 8:51 pm; edited 1 time in total |
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25804
Location: The netherlands
|
| Posted: Wed Nov 27, 2013 3:53 pm Post subject: |
|
|
Allocs are grouped, so you don't need to do that
when you do
| Code: |
alloc(bla,4)
alloc(bla2,4)
aloc(bla3,2048)
alloc(bla4, 4)
|
It will allocte 4096 bytes with
Offset 0: bla
Offset 4: bla2
Offset 8: bla3
Offset 2056: bla4
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Wed Nov 27, 2013 4:23 pm Post subject: |
|
|
Ah, didn't know that, thanks Dark Byte.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
NoMoreBSoD
Advanced Cheater
![]() Reputation: 3
Joined: 03 Sep 2013
Posts: 85
|
| Posted: Thu Nov 28, 2013 2:35 pm Post subject: |
|
|
Wow thank you Gniarf and Dark Byte, it's working perfectly now !
So I know how to find an address, find a pointer, inject code & find a pointer or create a cheat, extract a pointer from the injection. I guess I still have to master aobscans and that lua stuff. |
|
| Back to top |
|
|
strideram
Newbie cheater
![]() Reputation: 0
Joined: 03 Dec 2013
Posts: 13
|
| Posted: Sat Dec 07, 2013 11:17 pm Post subject: |
|
|
I am just getting started with writing AA scripts. In my experience reading other people's code helps me learn a lot faster. To that effect I am going through the various threads in the forum and learn what I can. I understand that the OP has resolved his issue. I however wanted to clarify a couple of things. Please let me know if what I am doing (by posting to a thread thats been resolved) is bad form.
1. Why was the faulty script throwing an error?
My understanding is, all the labels we create, they are an alias to an address in our code cave. In this case, `Health1` is an alias to some address in `newmem`. The bytes stored at `Health1` are originally the bytes representing the following instructions,
| Code: | cmp [eax+48], 186bf
jne originalcode
mov [Health1], eax
jmp originalcode |
The `mov` however overwrites the bytes with the bytes stored in `eax`. I am assuming this overwrite somehow led to game crashing.
Is this thought process valid?
2. I don't see `pHealth1` being read from anywhere in the script. Does it do something (automagically) behind the scenes, or is just a variable meant to hold the value `eax`? Maybe the OP meant to do something else with it in the future? |
|
| Back to top |
|
|
justa_dude
Grandmaster Cheater
 Reputation: 23
Joined: 29 Jun 2010
Posts: 892
|
| Posted: Sun Dec 08, 2013 6:24 am Post subject: |
|
|
| strideram wrote: | | 1. Why was the faulty script throwing an error? |
I'd guess that the label was being overwritten with whatever happened to be in eax at the time, so eip was being set to something wonky.
| strideram wrote: | | 2. I don't see `pHealth1` being read from anywhere in the script. Does it do something (automagically) behind the scenes, or is just a variable meant to hold the value `eax`? Maybe the OP meant to do something else with it in the future? |
If I am reading the thread correctly, the change to get the script working involved changing the assignment to health to phealth (it is too easy, after all, to confuse health and phealth as names, especially since phealth doesn't point to &health). Though, since the symbol phealth was registered, it is certainly possible that it is being adjusted "behind the scenes." It would be possible to add it to the address list or modify it from within another script by name. |
|
| Back to top |
|
|
NoMoreBSoD
Advanced Cheater
![]() Reputation: 3
Joined: 03 Sep 2013
Posts: 85
|
| Posted: Sun Dec 08, 2013 8:28 am Post subject: |
|
|
| strideram wrote: | I am just getting started with writing AA scripts. In my experience reading other people's code helps me learn a lot faster. To that effect I am going through the various threads in the forum and learn what I can. I understand that the OP has resolved his issue. I however wanted to clarify a couple of things. Please let me know if what I am doing (by posting to a thread thats been resolved) is bad form.
1. Why was the faulty script throwing an error?
My understanding is, all the labels we create, they are an alias to an address in our code cave. In this case, `Health1` is an alias to some address in `newmem`. The bytes stored at `Health1` are originally the bytes representing the following instructions,
| Code: | cmp [eax+48], 186bf
jne originalcode
mov [Health1], eax
jmp originalcode |
The `mov` however overwrites the bytes with the bytes stored in `eax`. I am assuming this overwrite somehow led to game crashing.
Is this thought process valid?
2. I don't see `pHealth1` being read from anywhere in the script. Does it do something (automagically) behind the scenes, or is just a variable meant to hold the value `eax`? Maybe the OP meant to do something else with it in the future? |
Hello Strideram ! I'm glad to see someone else learning AA just like me.
1. You made it quite clear where the problem was and why it crashed. I usually wrote my injection with this mindset : "X" are labels (code caves) and "pX" are the variables that store the addresses I found and want to use, with p being the shortening of Pointer.
To prevent this problem from happening again I'm naming labels as "lX", aobs scan addresses "aX" and temporary values "tX" (safer than messing with push/pop.)
2. Registering a symbol enables you to use it in the Cheat Engine Address table. You can do it by adding a new address, set its type to pointer and using "pX" as the base address. Don't forget to put in any offset if necessary.
The 2 main advantages to using this method is that
- if you find a code that accesses different values as you select them, you can access them through the table rather than having to search for them again and again. The typical usage is selecting different units in a strategy game ;
- you can set the value to whatever you like rather than a set amount determined by the script.
Good luck in mastering Cheat Engine, it's a really useful tool and I've found that I'm buying games to test Cheat Engine rather than play them. |
|
| Back to top |
|
|
strideram
Newbie cheater
![]() Reputation: 0
Joined: 03 Dec 2013
Posts: 13
|
| Posted: Sun Dec 08, 2013 10:30 am Post subject: |
|
|
@justa_dude, @NoMoreBSoD, thank your for your posts. Learnt something new today  |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
