View previous topic :: View next topic |
Author |
Message |
jaehui48 Newbie cheater Reputation: 0
Joined: 13 Mar 2017 Posts: 10
|
Posted: Mon Mar 13, 2017 12:29 am Post subject: How to make code injection can be even usable at next time? |
|
|
first, sorry my bad english
i hope to know how to use code injection at next time
i made a one script but it's not work when i shutdown game and
re launch the game.
how to make it stable?
i'm already try it
1.
pointer scan address (stable)
find access address => auto assembly and code injection with [ENABLE] and [DISABLE]
it's work perfectly but not work when i shutdown a game and restart the game.
2.
pointer scan address (stable)
find access address => auto assembly and AOB injection with [ENABLE] and [DISABLE]
it's work perfectly but not work when i shutdown a game and restart the game.
my game is Slime Rancher 0.5.0b
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Mon Mar 13, 2017 12:54 am Post subject: |
|
|
Did you try the AOB Injection template when creating your script?
|
|
Back to top |
|
|
STN I post too much Reputation: 42
Joined: 09 Nov 2005 Posts: 2672
|
Posted: Mon Mar 13, 2017 12:55 am Post subject: |
|
|
If its using dynamic code locations like in mono/unity games then you need to use aobscan.
_________________
|
|
Back to top |
|
|
jaehui48 Newbie cheater Reputation: 0
Joined: 13 Mar 2017 Posts: 10
|
Posted: Mon Mar 13, 2017 1:19 am Post subject: |
|
|
++METHOS wrote: | Did you try the AOB Injection template when creating your script? |
yes i already try it
{ Game : SlimeRancher.exe
Version:
Date : 2017-03-13
Author : ??????
This script does blah blah blah
}
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscan(INJECT,3B C1 0F 8C 64 00 00 00 48 8B 47) // should be unique
alloc(newmem,$1000,43D268E1)
label(code)
label(return)
newmem:
code:
cmp eax,eax
jl 43D2694D
jmp return
INJECT:
jmp code
nop
nop
nop
return:
registersymbol(INJECT)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT:
db 3B C1 0F 8C 64 00 00 00
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 43D268E1
43D268C2: 8B EC - mov ebp,esp
43D268C4: 56 - push rsi
43D268C5: 57 - push rdi
43D268C6: 48 8B F9 - mov rdi,rcx
43D268C9: 48 8B F2 - mov rsi,rdx
43D268CC: 48 8B 47 48 - mov rax,[rdi+48]
43D268D0: 48 8B C8 - mov rcx,rax
43D268D3: 83 39 00 - cmp dword ptr [rcx],00
43D268D6: 48 63 80 0C 01 00 00 - movsxd rax,dword ptr [rax+0000010C]
43D268DD: 48 63 4E 20 - movsxd rcx,dword ptr [rsi+20]
// ---------- INJECTING HERE ----------
43D268E1: 3B C1 - cmp eax,ecx
43D268E3: 0F 8C 64 00 00 00 - jl 43D2694D
// ---------- DONE INJECTING ----------
43D268E9: 48 8B 47 48 - mov rax,[rdi+48]
43D268ED: 48 63 56 20 - movsxd rdx,dword ptr [rsi+20]
43D268F1: 48 8B C8 - mov rcx,rax
43D268F4: 45 33 C0 - xor r8d,r8d
43D268F7: 48 83 EC 20 - sub rsp,20
43D268FB: 83 38 00 - cmp dword ptr [rax],00
43D268FE: 49 BB D2 69 D2 43 00 00 00 00 - mov r11,0000000043D269D2
43D26908: 41 FF D3 - call r11d
43D2690B: 48 83 C4 20 - add rsp,20
43D2690F: 48 8B CF - mov rcx,rdi
}
|
|
Back to top |
|
|
sbryzl Master Cheater Reputation: 6
Joined: 25 Jul 2016 Posts: 252
|
Posted: Mon Mar 13, 2017 1:40 am Post subject: |
|
|
You should try using 43D268DD instead.
The reason is the jl 43D2694D is not reliable code. It could change each time the game starts depending on how it works. I always try to avoid jumps even moreso jump longs whenever possible and allow the game to do it's thing with those.
43D268DD looks good. You can still have access to the value in rcx there too if you wanted it.
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Mon Mar 13, 2017 1:41 am Post subject: |
|
|
...this may be your problem.
When you start a new game, are you able to activate the script?
If you can activate the script, but it crashes, try this:
Code: | code:
cmp eax,eax
db 0F 8C 64 00 00 00
jmp return |
|
|
Back to top |
|
|
jaehui48 Newbie cheater Reputation: 0
Joined: 13 Mar 2017 Posts: 10
|
Posted: Mon Mar 13, 2017 4:29 am Post subject: |
|
|
++METHOS wrote: |
...this may be your problem.
When you start a new game, are you able to activate the script?
If you can activate the script, but it crashes, try this:
Code: | code:
cmp eax,eax
db 0F 8C 64 00 00 00
jmp return |
|
thanks i try this
and it's work!
please can you explain this code for me?
i'm noob
Last edited by jaehui48 on Mon Mar 13, 2017 4:35 am; edited 1 time in total |
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Mon Mar 13, 2017 4:32 am Post subject: |
|
|
Then use readmem.
|
|
Back to top |
|
|
jaehui48 Newbie cheater Reputation: 0
Joined: 13 Mar 2017 Posts: 10
|
Posted: Mon Mar 13, 2017 4:36 am Post subject: |
|
|
++METHOS wrote: | Then use readmem. |
nvm i was wrote wrong code.
now it's work perfectly !!
really thanks
can you explain this code for me?
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Mon Mar 13, 2017 4:40 am Post subject: |
|
|
See here for readmem.
Regarding the above code:
Code: | // ---------- INJECTING HERE ----------
43D268E1: 3B C1 - cmp eax,ecx
43D268E3: 0F 8C 64 00 00 00 - jl 43D2694D
// ---------- DONE INJECTING ---------- |
I just wrote out the bytes, instead of using the address. Since the address (43D2694D) is likely to change each time you run the game, but the jump distance is not, the bytes for the instruction should stay the same (0F 8C 64 00 00 00).
|
|
Back to top |
|
|
jaehui48 Newbie cheater Reputation: 0
Joined: 13 Mar 2017 Posts: 10
|
Posted: Mon Mar 13, 2017 4:48 am Post subject: |
|
|
sbryzl wrote: | You should try using 43D268DD instead.
The reason is the jl 43D2694D is not reliable code. It could change each time the game starts depending on how it works. I always try to avoid jumps even moreso jump longs whenever possible and allow the game to do it's thing with those.
43D268DD looks good. You can still have access to the value in rcx there too if you wanted it. |
can you advise to me for change that value to ????
i'm really noob and i don't have a good idea for changing another code without cmp eax,eax or jl 43D2694D => nop
if you advise to me the better code, it'll be really good to me!
|
|
Back to top |
|
|
sbryzl Master Cheater Reputation: 6
Joined: 25 Jul 2016 Posts: 252
|
Posted: Mon Mar 13, 2017 12:13 pm Post subject: |
|
|
jaehui48 wrote: | sbryzl wrote: | You should try using 43D268DD instead.
The reason is the jl 43D2694D is not reliable code. It could change each time the game starts depending on how it works. I always try to avoid jumps even moreso jump longs whenever possible and allow the game to do it's thing with those.
43D268DD looks good. You can still have access to the value in rcx there too if you wanted it. |
can you advise to me for change that value to ????
i'm really noob and i don't have a good idea for changing another code without cmp eax,eax or jl 43D2694D => nop
if you advise to me the better code, it'll be really good to me! |
Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscan(INJECT,48 63 4E 20 3B C1 0F ? ? ? ? ? 48 8B 47 48) // should be unique
alloc(newmem,$1000,43D268E1)
label(code)
label(return)
newmem:
code:
movsxd rcx,dword ptr [rsi+20]
cmp eax,ecx
jmp return
INJECT:
jmp code
nop
return:
registersymbol(INJECT)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT:
db 48 63 4E 20 3B C1
unregistersymbol(INJECT)
dealloc(newmem)
|
It would be better to use the aob template since I am prone to mistake but it should look something like this. Notice the wildcards in the aob where the jump location is. If the game tries to use the address for the aob then you can do something like this and test the aob with the wildcards in Cheat Engine's aob scan to make sure it's unique.
|
|
Back to top |
|
|
|