Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Assembly injections make the game crash with too many labels

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
NoMoreBSoD
Advanced Cheater
Reputation: 3

Joined: 03 Sep 2013
Posts: 85

PostPosted: Wed Nov 27, 2013 1:29 pm    Post subject: Assembly injections make the game crash with too many labels Reply with quote

Hello everyone ! I'm trying to create a table for Risk of Rain on Steam and my game crashes when I try to extract too many values (5) through a code injection but it works fine with just 2. What am I doing wrong ? I can't think of a workaround, except maybe to inject again the code I injected but I have no idea how to do that.


Here is the working script :

Code:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
label(Timer1)
registersymbol(pTimer1)
alloc(pTimer1,8)
label(Timer2)
registersymbol(pTimer2)
alloc(pTimer2,8)

pTimer1:
dd 0

newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp [eax+20], 18bf4 // elapsed time formula 1
je Timer1
cmp [eax+20], 18c96 // elapsed time formula 2
je Timer2

Timer1:
cmp [eax+48], 18bf5 // elapsed time formula 1 check 2
jne originalcode
mov [pTimer1], eax
jmp originalcode

Timer2:
mov [pTimer2], eax
jmp originalcode

originalcode:
fild qword ptr [ecx+eax]
fild qword ptr [eax]

exit:
jmp returnhere

"Risk of Rain.exe"+4529:
jmp newmem
returnhere:


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
unregistersymbol(pTimer1)
dealloc(pTimer1)
unregistersymbol(pTimer2)
dealloc(pTimer2)
"Risk of Rain.exe"+4529:
fild qword ptr [ecx+eax]
fild qword ptr [eax]
//Alt: db DF 2C 01 DF 28



And here is the faulty one :

Code:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,4048)
label(returnhere)
label(originalcode)
label(exit)
label(Timer1)
label(Timer2)
label(Money)
label(Health1)
label(Health2)
registersymbol(pTimer1)
alloc(pTimer1,8)
registersymbol(pTimer2)
alloc(pTimer2,8)
registersymbol(pMoney)
alloc(pMoney,8)
registersymbol(pHealth1)
alloc(pHealth1,8)
registersymbol(pHealth2)
alloc(pHealth2,8)


newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp [eax+20], 18bf4 // elapsed time formula 1
je Timer1
cmp [eax+20], 18c96 // elapsed time formula 2
je Timer2
cmp [eax+20], 187d9 // Current Money
je Money
cmp [eax+20], 1879e // Max Health
je Health1
cmp [eax+20], 186bf // Max Health 2
je Health2

Timer1:
cmp [eax+48], 18bf5
jne originalcode
mov [pTimer1], eax
jmp originalcode

Timer2:
cmp [eax+48], 18c97
jne originalcode
mov [pTimer2], eax
jmp originalcode

Money:
cmp [eax+48], 18c9e
jne originalcode
mov [pMoney], eax
jmp originalcode

Health1:
cmp [eax+48], 186bf
jne originalcode
mov [Health1], eax
jmp originalcode

Health2:
cmp [eax+48], 186cb
jne originalcode
mov [Health2], eax
jmp originalcode

originalcode:
fild qword ptr [ecx+eax]
fild qword ptr [eax]

exit:
jmp returnhere

"Risk of Rain.exe"+4529:
jmp newmem
returnhere:


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
unregistersymbol(pTimer1)
dealloc(pTimer1)
unregistersymbol(pTimer2)
dealloc(pTimer2)
unregistersymbol(pMoney)
dealloc(pMoney)
unregistersymbol(pHealth1)
dealloc(pHealth1)
unregistersymbol(pHealth2)
dealloc(pHealth2)
"Risk of Rain.exe"+4529:
fild qword ptr [ecx+eax]
fild qword ptr [eax]
//Alt: db DF 2C 01 DF 28
Back to top
View user's profile Send private message
Gniarf
Grandmaster Cheater Supreme
Reputation: 43

Joined: 12 Mar 2012
Posts: 1285

PostPosted: Wed Nov 27, 2013 3:38 pm    Post subject: Re: Assembly injections make the game crash with too many la Reply with quote

Replace:
Code:
mov [Health1], eax
...
mov [Health2], eax
by:
Code:
mov [pHealth1], eax
...
mov [pHealth2], eax


EDIT: apparently what I said below is bullshit, so ignore it.
END OF EDIT

BTW: when you do alloc(Whatever,8 ) windows gives you 4096 bytes so you're wasting "tons" of memory when you use one alloc per variable. I suggest something like;
Code:
alloc(MemoryBuffer,Anything below 4096)
label(MyVariable)
registersymbol(MyVariable)
label(MyOtherVariable)
registersymbol(MyOtherVariable)

MemoryBuffer:
//put your code here

//then the variables
MyVariable:
dq 0

MyOtherVariable:
dq 0

_________________
DO NOT PM me if you want help on making/fixing/using a hack.


Last edited by Gniarf on Wed Nov 27, 2013 8:51 pm; edited 1 time in total
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25806
Location: The netherlands

PostPosted: Wed Nov 27, 2013 3:53 pm    Post subject: Reply with quote

Allocs are grouped, so you don't need to do that
when you do
Code:

alloc(bla,4)
alloc(bla2,4)
aloc(bla3,2048)
alloc(bla4, 4)


It will allocte 4096 bytes with
Offset 0: bla
Offset 4: bla2
Offset 8: bla3
Offset 2056: bla4

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Gniarf
Grandmaster Cheater Supreme
Reputation: 43

Joined: 12 Mar 2012
Posts: 1285

PostPosted: Wed Nov 27, 2013 4:23 pm    Post subject: Reply with quote

Ah, didn't know that, thanks Dark Byte.
_________________
DO NOT PM me if you want help on making/fixing/using a hack.
Back to top
View user's profile Send private message
NoMoreBSoD
Advanced Cheater
Reputation: 3

Joined: 03 Sep 2013
Posts: 85

PostPosted: Thu Nov 28, 2013 2:35 pm    Post subject: Reply with quote

Wow thank you Gniarf and Dark Byte, it's working perfectly now !

So I know how to find an address, find a pointer, inject code & find a pointer or create a cheat, extract a pointer from the injection. I guess I still have to master aobscans and that lua stuff.
Back to top
View user's profile Send private message
strideram
Newbie cheater
Reputation: 0

Joined: 03 Dec 2013
Posts: 13

PostPosted: Sat Dec 07, 2013 11:17 pm    Post subject: Reply with quote

I am just getting started with writing AA scripts. In my experience reading other people's code helps me learn a lot faster. To that effect I am going through the various threads in the forum and learn what I can. I understand that the OP has resolved his issue. I however wanted to clarify a couple of things. Please let me know if what I am doing (by posting to a thread thats been resolved) is bad form.

1. Why was the faulty script throwing an error?

My understanding is, all the labels we create, they are an alias to an address in our code cave. In this case, `Health1` is an alias to some address in `newmem`. The bytes stored at `Health1` are originally the bytes representing the following instructions,

Code:
cmp [eax+48], 186bf
jne originalcode
mov [Health1], eax
jmp originalcode


The `mov` however overwrites the bytes with the bytes stored in `eax`. I am assuming this overwrite somehow led to game crashing.

Is this thought process valid?

2. I don't see `pHealth1` being read from anywhere in the script. Does it do something (automagically) behind the scenes, or is just a variable meant to hold the value `eax`? Maybe the OP meant to do something else with it in the future?
Back to top
View user's profile Send private message
justa_dude
Grandmaster Cheater
Reputation: 23

Joined: 29 Jun 2010
Posts: 892

PostPosted: Sun Dec 08, 2013 6:24 am    Post subject: Reply with quote

strideram wrote:
1. Why was the faulty script throwing an error?

I'd guess that the label was being overwritten with whatever happened to be in eax at the time, so eip was being set to something wonky.

strideram wrote:
2. I don't see `pHealth1` being read from anywhere in the script. Does it do something (automagically) behind the scenes, or is just a variable meant to hold the value `eax`? Maybe the OP meant to do something else with it in the future?


If I am reading the thread correctly, the change to get the script working involved changing the assignment to health to phealth (it is too easy, after all, to confuse health and phealth as names, especially since phealth doesn't point to &health). Though, since the symbol phealth was registered, it is certainly possible that it is being adjusted "behind the scenes." It would be possible to add it to the address list or modify it from within another script by name.
Back to top
View user's profile Send private message
NoMoreBSoD
Advanced Cheater
Reputation: 3

Joined: 03 Sep 2013
Posts: 85

PostPosted: Sun Dec 08, 2013 8:28 am    Post subject: Reply with quote

strideram wrote:
I am just getting started with writing AA scripts. In my experience reading other people's code helps me learn a lot faster. To that effect I am going through the various threads in the forum and learn what I can. I understand that the OP has resolved his issue. I however wanted to clarify a couple of things. Please let me know if what I am doing (by posting to a thread thats been resolved) is bad form.

1. Why was the faulty script throwing an error?

My understanding is, all the labels we create, they are an alias to an address in our code cave. In this case, `Health1` is an alias to some address in `newmem`. The bytes stored at `Health1` are originally the bytes representing the following instructions,

Code:
cmp [eax+48], 186bf
jne originalcode
mov [Health1], eax
jmp originalcode


The `mov` however overwrites the bytes with the bytes stored in `eax`. I am assuming this overwrite somehow led to game crashing.

Is this thought process valid?

2. I don't see `pHealth1` being read from anywhere in the script. Does it do something (automagically) behind the scenes, or is just a variable meant to hold the value `eax`? Maybe the OP meant to do something else with it in the future?

Hello Strideram ! I'm glad to see someone else learning AA just like me.

1. You made it quite clear where the problem was and why it crashed. I usually wrote my injection with this mindset : "X" are labels (code caves) and "pX" are the variables that store the addresses I found and want to use, with p being the shortening of Pointer.
To prevent this problem from happening again I'm naming labels as "lX", aobs scan addresses "aX" and temporary values "tX" (safer than messing with push/pop.)


2. Registering a symbol enables you to use it in the Cheat Engine Address table. You can do it by adding a new address, set its type to pointer and using "pX" as the base address. Don't forget to put in any offset if necessary.

The 2 main advantages to using this method is that
- if you find a code that accesses different values as you select them, you can access them through the table rather than having to search for them again and again. The typical usage is selecting different units in a strategy game ;
- you can set the value to whatever you like rather than a set amount determined by the script.


Good luck in mastering Cheat Engine, it's a really useful tool and I've found that I'm buying games to test Cheat Engine rather than play them.
Back to top
View user's profile Send private message
strideram
Newbie cheater
Reputation: 0

Joined: 03 Dec 2013
Posts: 13

PostPosted: Sun Dec 08, 2013 10:30 am    Post subject: Reply with quote

@justa_dude, @NoMoreBSoD, thank your for your posts. Learnt something new today Smile
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites