| 
			
				|  | Cheat Engine The Official Site of Cheat Engine
 
 
 |  
 
	
		| View previous topic :: View next topic |  
		| Author | Message |  
		| NoMoreBSoD Advanced Cheater
 
 ![]() Reputation: 3 
 Joined: 03 Sep 2013
 Posts: 85
 
 
 | 
			
				|  Posted: Wed Nov 27, 2013 1:29 pm    Post subject: Assembly injections make the game crash with too many labels |   |  
				| 
 |  
				| Hello everyone !  I'm trying to create a table for Risk of Rain on Steam and my game crashes when I try to extract too many values (5) through a code injection but it works fine with just 2.  What am I doing wrong ?  I can't think of a workaround, except maybe to inject again the code I injected but I have no idea how to do that. 
 
 Here is the working script :
 
 
  	  | Code: |  	  | [ENABLE] //code from here to '[DISABLE]' will be used to enable the cheat
 alloc(newmem,2048)
 label(returnhere)
 label(originalcode)
 label(exit)
 label(Timer1)
 registersymbol(pTimer1)
 alloc(pTimer1,8)
 label(Timer2)
 registersymbol(pTimer2)
 alloc(pTimer2,8)
 
 pTimer1:
 dd 0
 
 newmem: //this is allocated memory, you have read,write,execute access
 //place your code here
 cmp [eax+20], 18bf4 // elapsed time formula 1
 je Timer1
 cmp [eax+20], 18c96 // elapsed time formula 2
 je Timer2
 
 Timer1:
 cmp [eax+48], 18bf5 // elapsed time formula 1 check 2
 jne originalcode
 mov [pTimer1], eax
 jmp originalcode
 
 Timer2:
 mov [pTimer2], eax
 jmp originalcode
 
 originalcode:
 fild qword ptr [ecx+eax]
 fild qword ptr [eax]
 
 exit:
 jmp returnhere
 
 "Risk of Rain.exe"+4529:
 jmp newmem
 returnhere:
 
 
 
 
 [DISABLE]
 //code from here till the end of the code will be used to disable the cheat
 dealloc(newmem)
 unregistersymbol(pTimer1)
 dealloc(pTimer1)
 unregistersymbol(pTimer2)
 dealloc(pTimer2)
 "Risk of Rain.exe"+4529:
 fild qword ptr [ecx+eax]
 fild qword ptr [eax]
 //Alt: db DF 2C 01 DF 28
 | 
 
 
 And here is the faulty one :
 
 
  	  | Code: |  	  | [ENABLE] //code from here to '[DISABLE]' will be used to enable the cheat
 alloc(newmem,4048)
 label(returnhere)
 label(originalcode)
 label(exit)
 label(Timer1)
 label(Timer2)
 label(Money)
 label(Health1)
 label(Health2)
 registersymbol(pTimer1)
 alloc(pTimer1,8)
 registersymbol(pTimer2)
 alloc(pTimer2,8)
 registersymbol(pMoney)
 alloc(pMoney,8)
 registersymbol(pHealth1)
 alloc(pHealth1,8)
 registersymbol(pHealth2)
 alloc(pHealth2,8)
 
 
 newmem: //this is allocated memory, you have read,write,execute access
 //place your code here
 cmp [eax+20], 18bf4 // elapsed time formula 1
 je Timer1
 cmp [eax+20], 18c96 // elapsed time formula 2
 je Timer2
 cmp [eax+20], 187d9 // Current Money
 je Money
 cmp [eax+20], 1879e // Max Health
 je Health1
 cmp [eax+20], 186bf // Max Health 2
 je Health2
 
 Timer1:
 cmp [eax+48], 18bf5
 jne originalcode
 mov [pTimer1], eax
 jmp originalcode
 
 Timer2:
 cmp [eax+48], 18c97
 jne originalcode
 mov [pTimer2], eax
 jmp originalcode
 
 Money:
 cmp [eax+48], 18c9e
 jne originalcode
 mov [pMoney], eax
 jmp originalcode
 
 Health1:
 cmp [eax+48], 186bf
 jne originalcode
 mov [Health1], eax
 jmp originalcode
 
 Health2:
 cmp [eax+48], 186cb
 jne originalcode
 mov [Health2], eax
 jmp originalcode
 
 originalcode:
 fild qword ptr [ecx+eax]
 fild qword ptr [eax]
 
 exit:
 jmp returnhere
 
 "Risk of Rain.exe"+4529:
 jmp newmem
 returnhere:
 
 
 
 
 [DISABLE]
 //code from here till the end of the code will be used to disable the cheat
 dealloc(newmem)
 unregistersymbol(pTimer1)
 dealloc(pTimer1)
 unregistersymbol(pTimer2)
 dealloc(pTimer2)
 unregistersymbol(pMoney)
 dealloc(pMoney)
 unregistersymbol(pHealth1)
 dealloc(pHealth1)
 unregistersymbol(pHealth2)
 dealloc(pHealth2)
 "Risk of Rain.exe"+4529:
 fild qword ptr [ecx+eax]
 fild qword ptr [eax]
 //Alt: db DF 2C 01 DF 28
 | 
 |  |  
		| Back to top |  |  
		|  |  
		| Gniarf Grandmaster Cheater Supreme
 
 ![]() Reputation: 43 
 Joined: 12 Mar 2012
 Posts: 1285
 
 
 | 
			
				|  Posted: Wed Nov 27, 2013 3:38 pm    Post subject: Re: Assembly injections make the game crash with too many la |   |  
				| 
 |  
				| Replace: by: 	  | Code: |  	  | mov [Health1], eax ...
 mov [Health2], eax
 | 
  	  | Code: |  	  | mov [pHealth1], eax ...
 mov [pHealth2], eax
 | 
 
 EDIT: apparently what I said below is bullshit, so ignore it.
 END OF EDIT
 
 BTW: when you do alloc(Whatever,8 ) windows gives you 4096 bytes so you're wasting "tons" of memory when you use one alloc per variable. I suggest something like;
  	  | Code: |  	  | alloc(MemoryBuffer,Anything below 4096) label(MyVariable)
 registersymbol(MyVariable)
 label(MyOtherVariable)
 registersymbol(MyOtherVariable)
 
 MemoryBuffer:
 //put your code here
 
 //then the variables
 MyVariable:
 dq 0
 
 MyOtherVariable:
 dq 0
 | 
 _________________
 
 DO NOT PM me if you want help on making/fixing/using a hack. 
 Last edited by Gniarf on Wed Nov 27, 2013 8:51 pm; edited 1 time in total
 |  |  
		| Back to top |  |  
		|  |  
		| Dark Byte Site Admin
 
  Reputation: 470 
 Joined: 09 May 2003
 Posts: 25806
 Location: The netherlands
 
 | 
			
				|  Posted: Wed Nov 27, 2013 3:53 pm    Post subject: |   |  
				| 
 |  
				| Allocs are grouped, so you don't need to do that when you do
 
  	  | Code: |  	  | alloc(bla,4)
 alloc(bla2,4)
 aloc(bla3,2048)
 alloc(bla4, 4)
 
 | 
 
 It will allocte 4096 bytes with
 Offset 0: bla
 Offset 4: bla2
 Offset 8: bla3
 Offset 2056: bla4
 _________________
 
 Do not ask me about online cheats. I don't know any and wont help finding them.
 Like my help? Join me on Patreon so i can keep helping
 |  |  
		| Back to top |  |  
		|  |  
		| Gniarf Grandmaster Cheater Supreme
 
 ![]() Reputation: 43 
 Joined: 12 Mar 2012
 Posts: 1285
 
 
 | 
			
				|  Posted: Wed Nov 27, 2013 4:23 pm    Post subject: |   |  
				| 
 |  
				| Ah, didn't know that, thanks Dark Byte. _________________
 
 DO NOT PM me if you want help on making/fixing/using a hack. |  |  
		| Back to top |  |  
		|  |  
		| NoMoreBSoD Advanced Cheater
 
 ![]() Reputation: 3 
 Joined: 03 Sep 2013
 Posts: 85
 
 
 | 
			
				|  Posted: Thu Nov 28, 2013 2:35 pm    Post subject: |   |  
				| 
 |  
				| Wow thank you Gniarf and Dark Byte, it's working perfectly now ! 
 So I know how to find an address, find a pointer, inject code & find a pointer or create a cheat, extract a pointer from the injection.  I guess I still have to master aobscans and that lua stuff.
 |  |  
		| Back to top |  |  
		|  |  
		| strideram Newbie cheater
 
 ![]() Reputation: 0 
 Joined: 03 Dec 2013
 Posts: 13
 
 
 | 
			
				|  Posted: Sat Dec 07, 2013 11:17 pm    Post subject: |   |  
				| 
 |  
				| I am just getting started with writing AA scripts. In my experience reading other people's code helps me learn a lot faster. To that effect I am going through the various threads in the forum and learn what I can. I understand that the OP has resolved his issue. I however wanted to clarify a couple of things. Please let me know if what I am doing (by posting to a thread thats been resolved) is bad form. 
 1. Why was the faulty script throwing an error?
 
 My understanding is, all the labels we create, they are an alias to an address in our code cave. In this case, `Health1` is an alias to some address in `newmem`. The bytes stored at `Health1` are originally the bytes representing the following instructions,
 
 
  	  | Code: |  	  | cmp [eax+48], 186bf jne originalcode
 mov [Health1], eax
 jmp originalcode
 | 
 
 The `mov` however overwrites the bytes with the bytes stored in `eax`. I am assuming this overwrite somehow led to game crashing.
 
 Is this thought process valid?
 
 2. I don't see `pHealth1` being read from anywhere in the script. Does it do something (automagically) behind the scenes, or is just a variable meant to hold the value `eax`? Maybe the OP meant to do something else with it in the future?
 |  |  
		| Back to top |  |  
		|  |  
		| justa_dude Grandmaster Cheater
 
  Reputation: 23 
 Joined: 29 Jun 2010
 Posts: 892
 
 
 | 
			
				|  Posted: Sun Dec 08, 2013 6:24 am    Post subject: |   |  
				| 
 |  
				|  	  | strideram wrote: |  	  | 1. Why was the faulty script throwing an error? | 
 I'd guess that the label was being overwritten with whatever happened to be in eax at the time, so eip was being set to something wonky.
 
 
  	  | strideram wrote: |  	  | 2. I don't see `pHealth1` being read from anywhere in the script. Does it do something (automagically) behind the scenes, or is just a variable meant to hold the value `eax`? Maybe the OP meant to do something else with it in the future? | 
 
 If I am reading the thread correctly, the change to get the script working involved changing the assignment to health to phealth (it is too easy, after all, to confuse health and phealth as names, especially since phealth doesn't point to &health).  Though, since the symbol phealth was registered, it is certainly possible that it is being adjusted "behind the scenes."  It would be possible to add it to the address list or modify it from within another script by name.
 |  |  
		| Back to top |  |  
		|  |  
		| NoMoreBSoD Advanced Cheater
 
 ![]() Reputation: 3 
 Joined: 03 Sep 2013
 Posts: 85
 
 
 | 
			
				|  Posted: Sun Dec 08, 2013 8:28 am    Post subject: |   |  
				| 
 |  
				|  	  | strideram wrote: |  	  | I am just getting started with writing AA scripts. In my experience reading other people's code helps me learn a lot faster. To that effect I am going through the various threads in the forum and learn what I can. I understand that the OP has resolved his issue. I however wanted to clarify a couple of things. Please let me know if what I am doing (by posting to a thread thats been resolved) is bad form. 
 1. Why was the faulty script throwing an error?
 
 My understanding is, all the labels we create, they are an alias to an address in our code cave. In this case, `Health1` is an alias to some address in `newmem`. The bytes stored at `Health1` are originally the bytes representing the following instructions,
 
 
  	  | Code: |  	  | cmp [eax+48], 186bf jne originalcode
 mov [Health1], eax
 jmp originalcode
 | 
 
 The `mov` however overwrites the bytes with the bytes stored in `eax`. I am assuming this overwrite somehow led to game crashing.
 
 Is this thought process valid?
 
 2. I don't see `pHealth1` being read from anywhere in the script. Does it do something (automagically) behind the scenes, or is just a variable meant to hold the value `eax`? Maybe the OP meant to do something else with it in the future?
 | 
 Hello Strideram !  I'm glad to see someone else learning AA just like me.
 
 1.    You made it quite clear where the problem was and why it crashed.  I usually wrote my injection with this mindset : "X" are labels (code caves) and "pX" are the variables that store the addresses I found and want to use, with p being the shortening of Pointer.
 To prevent this problem from happening again I'm naming labels as "lX", aobs scan addresses "aX" and temporary values "tX" (safer than messing with push/pop.)
 
 
 2.    Registering a symbol enables you to use it in the Cheat Engine Address table.  You can do it by adding a new address, set its type to pointer and using "pX" as the base address.  Don't forget to put in any offset if necessary.
 
 The 2 main advantages to using this method is that
 - if you find a code that accesses different values as you select them, you can access them through the table rather than having to search for them again and again.  The typical usage is selecting different units in a strategy game ;
 - you can set the value to whatever you like rather than a set amount determined by the script.
 
 
 Good luck in mastering Cheat Engine, it's a really useful tool and I've found that I'm buying games to test Cheat Engine rather than play them.
 |  |  
		| Back to top |  |  
		|  |  
		| strideram Newbie cheater
 
 ![]() Reputation: 0 
 Joined: 03 Dec 2013
 Posts: 13
 
 
 | 
			
				|  Posted: Sun Dec 08, 2013 10:30 am    Post subject: |   |  
				| 
 |  
				| @justa_dude, @NoMoreBSoD, thank your for your posts. Learnt something new today   |  |  
		| Back to top |  |  
		|  |  
		|  |  
  
	| 
 
 | You cannot post new topics in this forum You cannot reply to topics in this forum
 You cannot edit your posts in this forum
 You cannot delete your posts in this forum
 You cannot vote in polls in this forum
 You cannot attach files in this forum
 You can download files in this forum
 
 |  |