 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
XaneXXXX
Expert Cheater
 Reputation: 0
Joined: 29 Nov 2012
Posts: 212
|
 Posted: Wed Oct 21, 2015 9:50 am Post subject: Globalalloc suddenly stopped working :S |
 |
|
so example:
| Code: | [ENABLE]
aobscanmodule(XP,eurotrucks2.exe,8B 91 34 18 00 00 48 8B D9) // should be unique
alloc(newmem,$100,"eurotrucks2.exe"+1538A6)
label(code)
label(return)
globalalloc(_xp,4)
newmem:
code:
mov [_xp],rcx
mov edx,[rcx+00001834]
jmp return
XP:
jmp code
nop
return:
registersymbol(XP)
[DISABLE]
XP:
db 8B 91 34 18 00 00
unregistersymbol(XP)
dealloc(newmem) |
But nothing happens when i activate the script. I have checked the AoB and they are 100% correct. I also tried with more games. same problem, the script just won't activate (no X in the box appear). I have upgraded from windows 7 to 10. In win 7 it worked fine. Any tips?
|
|
| Back to top |
|
 |
STN
I post too much
 Reputation: 43
Joined: 09 Nov 2005
Posts: 2676
|
| Posted: Wed Oct 21, 2015 10:22 am Post subject: |
|
|
I am not sure what globalalloc does in CE but why not use the simple alloc command ? It allocates memory in game's space (VirtualAllocEx i assume, not sure) that you can freely use.
GlobalAlloc would allocate memory within the trainer/CE process that the injected code wouldn't even know about or point to invalid pointers unless there is a different implementation used by CE that i don't know of ?
_________________
|
|
| Back to top |
|
|
XaneXXXX
Expert Cheater
Reputation: 0
Joined: 29 Nov 2012
Posts: 212
|
| Posted: Wed Oct 21, 2015 10:35 am Post subject: |
|
|
| STN wrote: | I am not sure what globalalloc does in CE but why not use the simple alloc command ? It allocates memory in game's space (VirtualAllocEx i assume, not sure) that you can freely use.
GlobalAlloc would allocate memory within the trainer/CE process that the injected code wouldn't even know about or point to invalid pointers unless there is a different implementation used by CE that i don't know of ? |
ALLOC(allocName, sizeInBytes) Allocates a certain amount of memory and registers the specified name.
GLOBALALLOC(name,size) Allocates a certain amount of memory and registers the specified name. Using GlobalAlloc in other scripts will then not allocate the memory again, but reuse the already existing memory. (Or allocate it anyhow if found it wasn't allocated yet)
Since it registers the specified name. I need to use globalalloc. A normal alloc would't allow me to read it as an address (i think). It has worked before. That's why I'm confused.. Thanks for your answer!
I learned this from Rydians (Injection copy Tutorial) Which you can find in the tut section. What i want to do is read the address that the opcode accesses.
|
|
| Back to top |
|
|
panraven
Grandmaster Cheater
![]() Reputation: 62
Joined: 01 Oct 2008
Posts: 958
|
| Posted: Wed Oct 21, 2015 10:52 am Post subject: |
|
|
globalalloc is same as alloc that allocate memory on the target process, not ce or trainer memory space. Only that as long as the target process is not closed, ce will find the same memory location for the same symbol and size requested for further execution of the command. One more deference, globalalloc cannot be deallocated, while consecutive alloc with same symbol will allocate new memory even previous memory not got deallocated (kind of memory leaked if not properly dealloc).
This the note on ce help:
| Code: | | GLOBALALLOC(name,size) : Will allocate a certain amount of memory and registers the specified name. Using GlobalAlloc in other scripts will then not allocate the memory again, but reuse the already existing memory. (Or allocate it anyhow if found it was not allocated yet) |
_________________
- Retarded. |
|
| Back to top |
|
|
XaneXXXX
Expert Cheater
Reputation: 0
Joined: 29 Nov 2012
Posts: 212
|
| Posted: Wed Oct 21, 2015 12:29 pm Post subject: |
|
|
Hmm well, that still doesn't explain how it suddenly stopped working. Can't even activate the script for any game using that function.
I mean even if my script has an error (which i doubt) since i have used that function many times. It should still ACTIVATE. the game might crash but it should still activate since the AoB is valid?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
| Posted: Wed Oct 21, 2015 2:45 pm Post subject: |
|
|
open the auto assembler window, paste in the script there and click execute. It'll tell you why it fails.
globalalloc could potentially fail if there is another userdefined symbol present with the same name of _XP , or if there is a previous globalalloc done with a size different than the one you've given
(also, to rule out parsing issues, use a more unique name, like BLA instead of _XP )
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
XaneXXXX
Expert Cheater
Reputation: 0
Joined: 29 Nov 2012
Posts: 212
|
| Posted: Wed Oct 21, 2015 3:04 pm Post subject: |
|
|
| Dark Byte wrote: | open the auto assembler window, paste in the script there and click execute. It'll tell you why it fails.
globalalloc could potentially fail if there is another userdefined symbol present with the same name of _XP , or if there is a previous globalalloc done with a size different than the one you've given
(also, to rule out parsing issues, use a more unique name, like BLA instead of _XP ) |
Thanks to rydian, i manage to fix it (kind of)
The problem was that i used the 64 bit exe of the game, In the 32 bit version the globalalloc works perfectly. On windows 7 it worked on 64 bit too tho.. :S
error "offset too big" when executing
How come it can't handle that offset?  it is: +1834
Or maybe it's the alloc in the top that is too big? after the exe. like:
alloc(newmem,2048,"eurotrucks2.exe"+1538A6)
Update: It does work when i remove the exe thing.
alloc(newmem,2048) instead of: alloc(newmem,2048,"eurotrucks2.exe"+1538A6) But now the game crashes instead. hm
With a normal alloc. the script works. But the the address says ?? when i add _whatever.
It should say mov _whatever,rcx instead it says mov [7FF67200100],rcx
Where does it get that from? CE doesn't seem to like windows 10 haha.
Any more tips darkbyte?
|
|
| Back to top |
|
|
Cake-san
Grandmaster Cheater
 Reputation: 8
Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung
|
| Posted: Wed Oct 21, 2015 6:19 pm Post subject: |
|
|
to me globalalloc is like alloc+registersymbol.
'error "offset too big" when executing.'
The only way I get to solve this problem is restart the game -_-
'It should say mov _whatever,rcx instead it says mov [7FF67200100],rcx '
It's normal I think because it's being allocate to an address and it's 64 bit beause you're not specified the size like this:movd _whatever,rcx.you can see _whatever symbol in memory view by enable-ing some view option.
I apologize if I'm wrong.
|
|
| Back to top |
|
|
XaneXXXX
Expert Cheater
Reputation: 0
Joined: 29 Nov 2012
Posts: 212
|
| Posted: Wed Oct 21, 2015 6:50 pm Post subject: |
|
|
| Cake-san wrote: | to me globalalloc is like alloc+registersymbol.
'error "offset too big" when executing.'
The only way I get to solve this problem is restart the game -_-
'It should say mov _whatever,rcx instead it says mov [7FF67200100],rcx '
It's normal I think because it's being allocate to an address and it's 64 bit beause you're not specified the size like this:movd _whatever,rcx.you can see _whatever symbol in memory view by enable-ing some view option.
I apologize if I'm wrong. |
Thanks for your answer, Saddly restarting the game doesn't work for me. I have done it a lot of times. But what annoys me the most. it worked fine for windows 7.. exactly the SAME script. But for Windows 10, the offset is suddenly too big :S
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4700
|
| Posted: Wed Oct 21, 2015 8:11 pm Post subject: |
|
|
| XaneXXXX wrote: | It should say mov _whatever,rcx instead it says mov [7FF67200100],rcx
Where does it get that from? CE doesn't seem to like windows 10 haha. |
It's the way CE has allocated memory. You first allocated 0x100 bytes to newmem, then allocated 4 bytes to _whatever. So, CE just put _whatever at 0x100 bytes after newmem. It's calculating that address by looking at the RIP register and adding some bytes to it (in this case 0xF9 since RIP is 7FF6206C0007 when that instruction is executed). If you went to 7FF6206C0100 in the memory viewer, you'd see that it's allocated properly.
But that aside, forgive me if I'm missing something obvious about x64 assembly (not that familiar with it), but if RCX is 8 bytes long, why are you only allocating 4 bytes to _whatever? CE allocates a bunch of memory at once (like 4kb I think), so I'm not surprised you haven't gotten an error yet if this is the case.
You stated that it works if you remove the exe thing and just used alloc(newmem,2048), but in the image you posted, it seems like it's working even when you had the exe thing in there. I'm confused, is it working or not?
Also, I'm pretty sure you don't need to put label(_whatever). It's fine to reference _whatever with just the alloc; CE will know the text "_whatever" represents the address of where it's allocated that memory. You should also remove line 12 (_whatever:) since if it changes _whatever to be newmem's address instead of where _whatever's memory was allocated, that mov would be writing to itself (very bad).
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Rydian
Grandmaster Cheater Supreme
 Reputation: 31
Joined: 17 Sep 2012
Posts: 1358
|
| Posted: Thu Oct 22, 2015 12:00 am Post subject: |
|
|
The idea is that only enough bytes are needed store the base address of the structure, and the label is because he's going to put references to that in the table.
For example, this is a script for a 32-bit MMO to grab some camera info.
| Code: | //Find the min zoom value. Code writes to it when you zoom.
//Hook into this code to grab the base address for the zoom stuff.
[ENABLE]
aobscanmodule(readminzoom,Client.exe,D9 46 10 D9 5D F8)
alloc(newmem,$1000)
label(code)
label(return)
globalalloc(_zoombase,4) //Allocate 4 bytes for the address.
newmem:
code:
mov [_zoombase],esi //Copy the base address into our memory.
fld dword ptr [esi+10]
fstp dword ptr [ebp-08]
jmp return
readminzoom:
jmp code
nop
return:
registersymbol(readminzoom)
[DISABLE]
readminzoom:
db D9 46 10 D9 5D F8
unregistersymbol(readminzoom)
dealloc(newmem) |
And then I have entries in the table with addresses like [_zoombase]+10 and [_zoombase]+14 and [_zoombase]+18, and after this script has executed those entries will be updated with the proper value (and as long as the script stays executed, they'll automatically update to the right address as the code handles it).
It basically uses the game code itself to provide always-working pointers (assuming the function isn't shared), when modding the game code isn't an issue.
Anyways I didn't really think it through that it was a 64-bit executable until a bit into the issue, I've always stuck to 32-bit ones for compatibility, so that might be the simple solution that was overlooked, eh?
_________________
|
|
| Back to top |
|
|
XaneXXXX
Expert Cheater
Reputation: 0
Joined: 29 Nov 2012
Posts: 212
|
| Posted: Thu Oct 22, 2015 3:24 am Post subject: |
|
|
| ParkourPenguin wrote: | | XaneXXXX wrote: | It should say mov _whatever,rcx instead it says mov [7FF67200100],rcx
Where does it get that from? CE doesn't seem to like windows 10 haha. |
It's the way CE has allocated memory. You first allocated 0x100 bytes to newmem, then allocated 4 bytes to _whatever. So, CE just put _whatever at 0x100 bytes after newmem. It's calculating that address by looking at the RIP register and adding some bytes to it (in this case 0xF9 since RIP is 7FF6206C0007 when that instruction is executed). If you went to 7FF6206C0100 in the memory viewer, you'd see that it's allocated properly.
But that aside, forgive me if I'm missing something obvious about x64 assembly (not that familiar with it), but if RCX is 8 bytes long, why are you only allocating 4 bytes to _whatever? CE allocates a bunch of memory at once (like 4kb I think), so I'm not surprised you haven't gotten an error yet if this is the case.
You stated that it works if you remove the exe thing and just used alloc(newmem,2048), but in the image you posted, it seems like it's working even when you had the exe thing in there. I'm confused, is it working or not?
Also, I'm pretty sure you don't need to put label(_whatever). It's fine to reference _whatever with just the alloc; CE will know the text "_whatever" represents the address of where it's allocated that memory. You should also remove line 12 (_whatever:) since if it changes _whatever to be newmem's address instead of where _whatever's memory was allocated, that mov would be writing to itself (very bad). |
In the picture, i used alloc and added a label for it manually (which should be the same a globalalloc). That way. the script does activate but it's showing the wrong address/no value at all when adding it to the table.
If i use the globalalloc function the script won't activate. So it doesn't work.
I also noticed that when i add the globalalloc thing, the script activates. The thing is when i try to move it, like mov [_whatever],rcx. That's when the script won't activate.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
| Posted: Thu Oct 22, 2015 3:29 am Post subject: |
|
|
64-bit instructions can only access memory that's 2GB before or 2GB after the current instruction.
To access other memory locations, you'll have to use registers
since globalalloc has no prefered address (yet, I'll add it) it can be allocated anywhere. From 000100000 to 7ffffffffffff0000
so, the chance that the distance is bigger than 2GB is pretty big
instead of
you'd have to do:
| Code: |
push rax
mov rax,_xp
mov [rax],rcx
pop rax
|
as for the whatever alloc, don't use label and alloc at the same time for the same name, and use registersymbol(whatever) so ce can find it
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
XaneXXXX
Expert Cheater
Reputation: 0
Joined: 29 Nov 2012
Posts: 212
|
| Posted: Thu Oct 22, 2015 4:42 am Post subject: |
|
|
| Dark Byte wrote: | 64-bit instructions can only access memory that's 2GB before or 2GB after the current instruction.
To access other memory locations, you'll have to use registers
since globalalloc has no prefered address (yet, I'll add it) it can be allocated anywhere. From 000100000 to 7ffffffffffff0000
so, the chance that the distance is bigger than 2GB is pretty big
instead of
you'd have to do:
| Code: |
push rax
mov rax,_xp
mov [rax],rcx
pop rax
|
as for the whatever alloc, don't use label and alloc at the same time for the same name, and use registersymbol(whatever) so ce can find it |
Finally something that works! I've been trying for a day now haha.
I still don't understand how it could work on windows 7 tho.
Could you explain the rax? I'm not very experienced with the push and pop functions. What i know: push = pushes something onto the stack.
pop = pop something off the stack?
Why push rax and not push rbx for example?
Cheers.
If the code what mov blabla,rax instead of rcx, you can't use push rax right?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
| Posted: Thu Oct 22, 2015 5:18 am Post subject: |
|
|
Push rax saves the value of rax. This is needed because rax will be changed (it gets the address)
Pop rax will restore it to the original address
As for why rax, because i like it (and sometimes results in smaller code)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
