View previous topic :: View next topic |
Author |
Message |
mohammedfenix1 Cheater Reputation: 0
Joined: 08 Feb 2015 Posts: 48
|
Posted: Fri Mar 20, 2015 6:14 am Post subject: Enable the script crashing the game |
|
|
if enable the script the game crashing put if i nop the opcode from the memory viewer without any script or any injection the game doesn't crashing
i think the problem with this "INJECT - jb WoolfeGame.exe+575C7 "
coz it jumping to the opcode that i nop it
hint:- i will give u my script like hint
Code: |
define(address,"WoolfeGame.exe"+575C7)
define(bytes,F3 0F 11 0F 48 8B 5C 24 40)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,"WoolfeGame.exe"+575C7)
label(code)
label(return)
newmem:
code:
movss [rdi],xmm1
mov rbx,[rsp+40]
jmp return
address:
jmp code
nop
nop
nop
nop
return:
[DISABLE]
address:
db bytes
// movss [rdi],xmm1
// mov rbx,[rsp+40]
dealloc(newmem) |
Description: |
|
Filesize: |
19.53 KB |
Viewed: |
9411 Time(s) |
|
|
|
Back to top |
|
|
hhhuut Grandmaster Cheater Reputation: 6
Joined: 08 Feb 2015 Posts: 607
|
Posted: Fri Mar 20, 2015 8:18 am Post subject: |
|
|
Of course it crashes... Look at the unconditional jump right before your inject instruction... Since you also take the following instruction (mov rbx,[rsp+40]) into your script, the jump executes code rubbish because it'll jump somewhere into your own jump instruction.
|
|
Back to top |
|
|
mohammedfenix1 Cheater Reputation: 0
Joined: 08 Feb 2015 Posts: 48
|
Posted: Fri Mar 20, 2015 8:26 am Post subject: |
|
|
i think there's no problem with (mov rbx,[rsp+40])
coz i thought the game will crashing if i take it so i didn't nop it by doing this
Code: | address:
jmp code
return: |
i tried this too
i thought the problem with the same instructions , maybe it's not the right instructions
so anyway i tried to do that
1- i open memory viewer and i found the instructions "mov rbx,[rsp+40]"
2-i downloaded trainer and active it and i'm watching my instructions
when i activated it , the instructions didn't nop !
but when i'm trying to nop my instructions , it give me affect !
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Fri Mar 20, 2015 12:09 pm Post subject: |
|
|
In your screenshot, you can see the green arrow points to instruction mov rbx,[rsp+40]
The JMP from your injection takes up 5 bytes while the first instruction you overwrite only takes up 4 bytes.
This means that when that green-arrow JMP occurs, it is going to jump to the 5th byte at the end of your JMP statement.
That is causing the computer to read that byte as the start of the next instruction to execute.
As you can imagine, it's going to throw off the whole execution and cause a crash.
Move your injection point up to the instruction: movss xmm1,[rsp+50]
You can simply replace that with: movss xmm1,[rdi]
|
|
Back to top |
|
|
mohammedfenix1 Cheater Reputation: 0
Joined: 08 Feb 2015 Posts: 48
|
Posted: Fri Mar 20, 2015 5:57 pm Post subject: |
|
|
hi Zanzer
that what i was need ! i try to disable the adding to the xmm1 from the beginning but i didn't know which opcode i should choose
now can u give my the way that i can add this value to xmm1
value = 3F800000 "<-- it is in hex like u can see
i need to change the value to this 3F800000 coz u when i enable the script the and i trying to pressing the button from the keyboard value inc instead of dec
and that what i want but ! when i let the button the value back to the same value before increasing
i tried this but it didn't work
Code: |
push eax
mov eax,3F800000
movd xmm1,eax
pop eax
|
and ur "Reputation" now +7
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Fri Mar 20, 2015 6:01 pm Post subject: |
|
|
I'm assuming you're talking about the same address?
Code: | mov [rdi],3F800000
movss xmm1,[rdi] |
By the way, you can specify a float value in a script:
Code: | mov [rdi],(float)1.0 |
|
|
Back to top |
|
|
mohammedfenix1 Cheater Reputation: 0
Joined: 08 Feb 2015 Posts: 48
|
Posted: Fri Mar 20, 2015 6:35 pm Post subject: |
|
|
yes that what i mean the same address
but that didn't work too
i mean this code
Code: | mov [rdi],3F800000
movss xmm1,[rdi] |
the problem back !
the value inc but In fact the value doesn't !
it just inc in the screen
|
|
Back to top |
|
|
|