Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Enable the script crashing the game

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
mohammedfenix1
Cheater
Reputation: 0

Joined: 08 Feb 2015
Posts: 48
PostPosted: Fri Mar 20, 2015 6:14 am    Post subject: Enable the script crashing the game Reply with quote
if enable the script the game crashing put if i nop the opcode from the memory viewer without any script or any injection the game doesn't crashing
i think the problem with this "INJECT - jb WoolfeGame.exe+575C7 "
coz it jumping to the opcode that i nop it

hint:- i will give u my script like hint
Code:

define(address,"WoolfeGame.exe"+575C7)
define(bytes,F3 0F 11 0F 48 8B 5C 24 40)

[ENABLE]

assert(address,bytes)
alloc(newmem,$1000,"WoolfeGame.exe"+575C7)

label(code)
label(return)

newmem:

code:
  movss [rdi],xmm1
  mov rbx,[rsp+40]
  jmp return

address:
  jmp code
  nop
  nop
  nop
  nop
return:

[DISABLE]

address:
  db bytes
  // movss [rdi],xmm1
  // mov rbx,[rsp+40]

dealloc(newmem)
Back to top
View user's profile Send private message
hhhuut
Grandmaster Cheater
Reputation: 6

Joined: 08 Feb 2015
Posts: 607
PostPosted: Fri Mar 20, 2015 8:18 am    Post subject: Reply with quote
Of course it crashes... Look at the unconditional jump right before your inject instruction... Since you also take the following instruction (mov rbx,[rsp+40]) into your script, the jump executes code rubbish because it'll jump somewhere into your own jump instruction.
Back to top
View user's profile Send private message
mohammedfenix1
Cheater
Reputation: 0

Joined: 08 Feb 2015
Posts: 48
PostPosted: Fri Mar 20, 2015 8:26 am    Post subject: Reply with quote
i think there's no problem with (mov rbx,[rsp+40])
coz i thought the game will crashing if i take it so i didn't nop it by doing this
Code:
address:
  jmp code
 
return:

i tried this too
i thought the problem with the same instructions , maybe it's not the right instructions
so anyway i tried to do that
1- i open memory viewer and i found the instructions "mov rbx,[rsp+40]"
2-i downloaded trainer and active it and i'm watching my instructions
when i activated it , the instructions didn't nop !
but when i'm trying to nop my instructions , it give me affect !
Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278
PostPosted: Fri Mar 20, 2015 12:09 pm    Post subject: This post has 1 review(s) Reply with quote
In your screenshot, you can see the green arrow points to instruction mov rbx,[rsp+40]
The JMP from your injection takes up 5 bytes while the first instruction you overwrite only takes up 4 bytes.
This means that when that green-arrow JMP occurs, it is going to jump to the 5th byte at the end of your JMP statement.
That is causing the computer to read that byte as the start of the next instruction to execute.
As you can imagine, it's going to throw off the whole execution and cause a crash.

Move your injection point up to the instruction: movss xmm1,[rsp+50]
You can simply replace that with: movss xmm1,[rdi]
Back to top
View user's profile Send private message
mohammedfenix1
Cheater
Reputation: 0

Joined: 08 Feb 2015
Posts: 48
PostPosted: Fri Mar 20, 2015 5:57 pm    Post subject: Reply with quote
hi Zanzer
that what i was need ! i try to disable the adding to the xmm1 from the beginning but i didn't know which opcode i should choose
now can u give my the way that i can add this value to xmm1
value = 3F800000 "<-- it is in hex like u can see
i need to change the value to this 3F800000 coz u when i enable the script the and i trying to pressing the button from the keyboard value inc instead of dec
and that what i want but ! when i let the button the value back to the same value before increasing
i tried this but it didn't work


Code:

push eax
mov eax,3F800000
movd xmm1,eax
pop eax

and ur "Reputation" now +7 Very Happy
Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278
PostPosted: Fri Mar 20, 2015 6:01 pm    Post subject: Reply with quote
I'm assuming you're talking about the same address?

Code:
mov [rdi],3F800000
movss xmm1,[rdi]


By the way, you can specify a float value in a script:

Code:
mov [rdi],(float)1.0
Back to top
View user's profile Send private message
mohammedfenix1
Cheater
Reputation: 0

Joined: 08 Feb 2015
Posts: 48
PostPosted: Fri Mar 20, 2015 6:35 pm    Post subject: Reply with quote
yes that what i mean the same address
but that didn't work too
i mean this code

Code:
mov [rdi],3F800000
movss xmm1,[rdi]


the problem back !
the value inc but In fact the value doesn't !
it just inc in the screen
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites