Cheat Engine

[XaneXXXX]

Hello! Trying to make a god mode script for starbound, but i think they some kind of protection. Here is my script:

[ENABLE]
alloc(newmem,100)
label(returnhere)
label(originalcode)
label(health)
label(exit)

newmem:
cmp [eax+1C],43070000
je health
jmp originalcode

health:
nop
nop
nop
jmp exit

originalcode:
fst dword ptr [eax+18]
leave
ret 0008
jmp exit

exit:
jmp returnhere

"starbound_opengl.exe"+4F1A8D:
jmp newmem
nop
nop
returnhere:

[DISABLE]
"starbound_opengl.exe"+4F1A8D:
fst dword ptr [eax+18]

----------------------------------------------------------
Now the problem is that when i enable the script, and get hit ingame i get this error then game crash: Access violation detected at 0x28f0c0 (Read of address 0xffffffff)

But if i nop the function manually, i get no error and i have unlimited health (except that monsters do too) That's why i have used the cmp function. i have tried the stealthedit plugin for cheat engine 6.3 but it is still giving me the same error. Or maybe there is something wrong with my script? I've used this method in many games before and never got this error.

I have also made unlimited stamina and unlimited money using scripts without any issues. Just health that are giving me this error.

Thanks!

[++METHOS]

Maybe try this:

[XaneXXXX]

[++METHOS]

1. Did the script work for you?
2. If you let CE build the script, why was dealloc(newmem) removed?

[XaneXXXX]

[++METHOS]

Do this to build the script and we can go from there:

In memory viewer, with the instruction highlighted, select 'tools' from the drop-down menu. Click on 'auto assemble'. In the auto assemble window, click on 'template' and select 'cheat table framework code'. Click on 'template' again, and select 'code injection'. Click on 'file' from the drop-down menu...select 'assign to current cheat table'.

You do not have to incorporate NOP's in to your table, just do this:

[XaneXXXX]

Alright, i found the health value > find out what writes to this address, get hit ingame. An address pops up > show in dissembler > what you told me to do. Here is the original non modified code:

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here

originalcode:
fst dword ptr [eax+18]
leave
ret 0008

exit:
jmp returnhere

"starbound_opengl.exe"+4F1A8D:
jmp newmem
nop
nop
returnhere:




[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"starbound_opengl.exe"+4F1A8D:
fst dword ptr [eax+18]
leave
ret 0008
//Alt: db D9 50 18 C9 C2 08 00

Also do you know what "leave
ret 0008" means? Thanks!

[++METHOS]

[XaneXXXX]

Your script does work, but the problem is that the monsters also have unlimited health.. That's why i used the cmp function with dissect data etc in my previous script.

No i haven't tried "what accesses this address". There are so many values that pops up, my guess is that it is the two last ones that are interested. Since they pop out once i get hit/heal myself. The other ones are always there.

[++METHOS]

As I said, if the script works you can incorporate your filter as I posted above (see my previous post).

Additionally, the reason we check for instructions that access, instead of just write, is because we may be able to use one of those instructions that are exclusive to hero player, so that you are guaranteed to have a proper filter. This should be done before even looking at data structures for dissection.

In the debugger window, once the instructions populate for 'what accesses', you can right-click on an empty space to see an option that will allow you to check if found opcodes also access other addresses. By doing this, you will be able to see if any of the instructions are exclusive to your hero player.

[XaneXXXX]

thanks man!! your latest script worked perfectly! Just what i wanted!

But still wondering. why do you have:

leave
ret 0008

In health label instead of: fst dword ptr [eax+18]

What does leave and ret 0008 do? Thanks!

[++METHOS]

It's part of the original code that needs to be executed, that isn't part of the instruction that you are manipulating...due to the amount of bytes and what you are NOP'ing, they needed to be included in the script. See assembly code references to learn more...there are many resources available for learning, but it isn't critical that you understand everything.

[XaneXXXX]

i see, thank you very much. Could you help me with "infinite items" also?

here is the original script:

[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem:

originalcode:
mov [ecx+14],ebx
pop ebx
pop ebp

exit:
jmp returnhere

"starbound_opengl.exe"+1E1067:
jmp newmem
returnhere:




[DISABLE]
dealloc(newmem)
"starbound_opengl.exe"+1E1067:
mov [ecx+14],ebx
pop ebx
pop ebp
//Alt: db 89 59 14 5B 5D

What i want to is just to NOP the funtion. there are 3 nops. But what confuses me is the:
pop ebx
pop ebp

also, how can you tell how many bytes the code is? from what i understand. If my own code is shorter than the original i need to add nop.s to make it the same size or am i wrong?

I've tried it myself but i get the same problem/error as before. The reason why I'm asking you to do it it just so that i can see what you're doing and figure out why. I won't use the script you make directly since i like writing them on my own. just trying to learn. thanks again!

[++METHOS]

If you let CE build the script for you, then this is all you need to do:

[XaneXXXX]

I was able to nop the funcion

How do i "set" a value instead of noping it? Never done that before. Thanks!