| View previous topic :: View next topic |
| Author |
Message |
Dark Byte Site Admin
Reputation: 474
Joined: 09 May 2003 Posts: 25956 Location: The netherlands
|
Posted: Wed Sep 09, 2015 4:57 pm Post subject: |
|
|
reassemble(address) can be useful too
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
 |
XaneXXXX Expert Cheater
Reputation: 0
Joined: 29 Nov 2012 Posts: 212
|
Posted: Wed Sep 09, 2015 7:40 pm Post subject: |
|
|
Thank you! I just tried this with another thing instead of time of day.
Exactly the same scenario, but game crashes as soon as i activate it.
Can you check what i have done wrong?
Thanks once again!
Update: So i kind of got it working, The only problem is that it shows address: 42A289B4.
When it should be: 142A289B4. so a (ONE) is missing. Any tips?
PS: the address that accesses the opcode is a static address, But i still want to try and get it from the opcode instead.
|
|
| Back to top |
|
 |
Zanzer I post too much
Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Wed Sep 09, 2015 9:05 pm Post subject: |
|
|
Several problems with the script.
You hardcoded "add rdi,0C" into the script, so there's no real need to do a READMEM.
If you wanted to use readmem, you would first need to add the code:
db 48 83 C7
These are the first 3 of 4 bytes needed to construct "add rdi,0C".
To finish the 4th byte, you would use
readmem(SPEED+4,1) // from the AOB, move 4 bytes to the right, and read a single byte
Another problem is the location of your "speed_ptr" label.
It must be below the final jump back to the game code.
|
|
| Back to top |
|
 |
XaneXXXX Expert Cheater
Reputation: 0
Joined: 29 Nov 2012 Posts: 212
|
Posted: Thu Sep 10, 2015 10:48 am Post subject: |
|
|
| Zanzer wrote: | Several problems with the script.
You hardcoded "add rdi,0C" into the script, so there's no real need to do a READMEM.
If you wanted to use readmem, you would first need to add the code:
db 48 83 C7
These are the first 3 of 4 bytes needed to construct "add rdi,0C".
To finish the 4th byte, you would use
readmem(SPEED+4,1) // from the AOB, move 4 bytes to the right, and read a single byte
Another problem is the location of your "speed_ptr" label.
It must be below the final jump back to the game code. |
Hmm alright, could you maybe right an example how you would have done it? This is pretty hard for me to understand haha.
|
|
| Back to top |
|
 |
Zanzer I post too much
Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Thu Sep 10, 2015 11:03 am Post subject: |
|
|
Not sure about an example, but here's the answer.
| Code: | [ENABLE]
aobscanmodule(SPEED,mgsvtpp.exe,F3 0F 11 77 0C 48)
alloc(newmem,$1000,SPEED)
label(code)
label(return)
label(speed_save)
label(speed_ptr)
newmem:
code:
speed_save:
readmem(SPEED,5) // copy the full 5 bytes from the original instruction
push rdi // backup the RDI register
// construct the add rdi,0C instruction
db 48 83 C7 // first 3 bytes of the 4-byte instruction
readmem(SPEED+4,1) // position the READMEM function 4 bytes to the
// right of the SPEED address and then copy
// only 1 byte to append to the previous 3 bytes
mov [speed_ptr],rdi // save the address within RDI
pop rdi // restore the RDI register
jmp return
speed_ptr:
dq 0
SPEED:
jmp code
return:
registersymbol(SPEED)
registersymbol(speed_save)
registersymbol(speed_ptr)
[DISABLE]
SPEED:
readmem(speed_save,5) // rewrite the original 5 bytes
unregistersymbol(SPEED)
unregistersymbol(speed_save)
unregistersymbol(speed_ptr)
dealloc(newmem) |
|
|
| Back to top |
|
 |
XaneXXXX Expert Cheater
Reputation: 0
Joined: 29 Nov 2012 Posts: 212
|
Posted: Thu Sep 10, 2015 11:49 am Post subject: |
|
|
I think that i finally understand it now! Thanks for all your help
|
|
| Back to top |
|
 |
|