Cheat Engine

nero1232 · Posted: Wed Mar 08, 2017 9:27 am Post subject: Cheat Engine Script

Hi all,

I have a script in cheat engine that allows me to infinite run, it changes some code. I want to investigate more commands near by but the game crashed so all I have left is the script. The script still works and allows me to infinite run but my questions is how can I get back to the area in memory that it edits?

In the script it says "injection point blahblah + 3b61ef" however when I go to that address the code is different, I am guessing because it dynamically changes at runtime. The script still works though so it is editing the right part. How do I find that part in memory again so I can investigate more around where the script edits?

Thanks

hhhuut · Posted: Wed Mar 08, 2017 9:32 am Post subject:

Best post the script here, it's way easier to tell you things when seeing the code.

++METHOS · Posted: Wed Mar 08, 2017 9:36 am Post subject:

Going to that location in memory does not happen to show a jump instruction, by chance? Very Happy

nero1232 · Posted: Wed Mar 08, 2017 9:36 am Post subject:

Hey here is the script:

[ENABLE]

aobscanmodule(infrun,Pa.exe,50 80 7C 24 30 00 74 06 0F B6 4F 7A) // should be unique
registersymbol(infrun)

infrun+06:
db 75 06 0F B6 4F 7A

[DISABLE]

infrun+06:
db 74 06 0F B6 4F 7A

unregistersymbol(infrun)

{
// ORIGINAL CODE - INJECTION POINT: "Pa.exe"+3B61EB
......

So the above is editing the right thing and it works. However if I go to Pa.exe+3B61EB that is not the instruction it is editing anymore.

So I want to find that point where the code is being edited again so I can do some more testing. At this point I feel like I have to go through all the searches and everything again just to find where I was, but surely there is a way to get to the address through this script?

++METHOS · Posted: Wed Mar 08, 2017 9:38 am Post subject:

Okay. Go here: 50 80 7C 24 30 00 74 06 0F B6 4F 7A

Search for that signature using CE. Change data type to array of byte and make sure that the checkbox below, that says 'writable' has a filled-in square. Keep in mind the +6.

nero1232 · Posted: Wed Mar 08, 2017 9:48 am Post subject:

Hey I did try that, just tried again and it doesn't find anything. The writable box is checked.

++METHOS · Posted: Wed Mar 08, 2017 9:50 am Post subject:

If CE cannot find that signature, then you would not be able to activate that script. Make sure the script is not activated when you perform your search.

nero1232 · Posted: Wed Mar 08, 2017 9:54 am Post subject:

++METHOS · Posted: Wed Mar 08, 2017 9:57 am Post subject:

Yes, but I stand by my previous statement.

nero1232 · Posted: Wed Mar 08, 2017 10:00 am Post subject:

++METHOS · Posted: Wed Mar 08, 2017 10:02 am Post subject:

Take a screenshot of Cheat Engine showing what you are doing.

hhhuut · Posted: Wed Mar 08, 2017 10:49 am Post subject:

Rightclick on the "Writable" checkbox and select "Preset: Scan all memory".

Then try again.

Zanzer · Posted: Wed Mar 08, 2017 5:14 pm Post subject:

Activate the script, then go to address: infrun+06

nero1232 · Posted: Wed Mar 08, 2017 5:18 pm Post subject:

++METHOS · Posted: Wed Mar 08, 2017 7:01 pm Post subject:

Sigh.