Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Simple AoB script won't execute ("Offset too big")

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Nessin
Advanced Cheater
Reputation: 1

Joined: 29 Oct 2015
Posts: 69
PostPosted: Fri Apr 07, 2017 12:33 pm    Post subject: Simple AoB script won't execute ("Offset too big") Reply with quote
edit: Solution is at the bottom

Hello, it's been a while since I did anything with cheat engine, but I just can't figure out why the following (basically just the template) AoB script refuses to execute when I add

Code:
mov [_pointer1],rbx


See line 13


Code:
[ENABLE]

aobscanmodule(INJECT,FlackDrop.exe,48 8B 83 E0 13 00 00) // should be unique
alloc(newmem,$1000,"FlackDrop.exe"+32CC3D9)

label(code)
label(return)
globalalloc(_pointer1,4)

newmem:

code:
  mov [_pointer1],rbx      { REMOVING THIS LINE WILL MAKE THE SCRIPT EXECUTE SUCCESSFULLY.  What is wrong with it? }
  mov rax,[rbx+000013E0]
  jmp return

INJECT:
  jmp code
  nop
  nop
return:
registersymbol(INJECT)

[DISABLE]

INJECT:
  db 48 8B 83 E0 13 00 00

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "FlackDrop.exe"+32CC3D9
"FlackDrop.exe"+32CC3D4: 48 85 ED                 -  test rbp,rbp
"FlackDrop.exe"+32CC3D7: 74 1C                    -  je FlackDrop.exe+32CC3F5
// ---------- INJECTING HERE ----------
"FlackDrop.exe"+32CC3D9: 48 8B 83 E0 13 00 00     -  mov rax,[rbx+000013E0]
// ---------- DONE INJECTING  ----------
"FlackDrop.exe"+32CC3E0: 48 8D 8B E0 13 00 00     -  lea rcx,[rbx+000013E0]
}



Anyone know what's wrong with line 13? I thought it would just store the address rbx inside _pointer1. But the script refuses to execute when that line is there Shocked



EDIT: Found a solution ^^

Replace
Code:
mov [_pointer1],rbx


with

Code:
push rax
mov rax,_pointer1
mov [rax],rbx
pop rax


(Explanation : http://forum.cheatengine.org/viewtopic.php?p=5623926#5623926
_________________


Last edited by Nessin on Fri Apr 07, 2017 1:12 pm; edited 6 times in total
Back to top
View user's profile Send private message
M-Z
Advanced Cheater
Reputation: 1

Joined: 08 Nov 2014
Posts: 77
Location: Poland
PostPosted: Fri Apr 07, 2017 12:38 pm    Post subject: Reply with quote
Perhaps it's because you alloc only 4 bytes for 64-bit value.
Although it seems too intelligent of the assembler to spot this...
Back to top
View user's profile Send private message Send e-mail
Nessin
Advanced Cheater
Reputation: 1

Joined: 29 Oct 2015
Posts: 69
PostPosted: Fri Apr 07, 2017 12:46 pm    Post subject: Reply with quote
Oh right rbx is 64 bits Embarassed

Sadly it still won't execute when I change it to allocate 8 bytes for _pointer1

Code:
globalalloc(_pointer1,8)

_________________
Back to top
View user's profile Send private message
M-Z
Advanced Cheater
Reputation: 1

Joined: 08 Nov 2014
Posts: 77
Location: Poland
PostPosted: Fri Apr 07, 2017 12:51 pm    Post subject: Reply with quote
It refuses to execute or it refuses to "save" itself when pressing OK in AA window?
Back to top
View user's profile Send private message Send e-mail
Nessin
Advanced Cheater
Reputation: 1

Joined: 29 Oct 2015
Posts: 69
PostPosted: Fri Apr 07, 2017 12:54 pm    Post subject: Reply with quote
Refuses to execute- like checking the checkbox

After trying to manually run the script (by making a new assembly script and copying the old script inside and pressing the 'Execute' button instead of 'Save') I get the following error:

Offset too big

Shocked
_________________
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25791
Location: The netherlands
PostPosted: Fri Apr 07, 2017 1:03 pm    Post subject: Reply with quote
_pointer1 is allocated too far away

try
globalalloc(_pointer1,8,"FlackDrop.exe"+32CC3D9 )

or
alloc(_pointer1,8,"FlackDrop.exe"+32CC3D9)
registersymbol(_pointer)

or in the code and do something like
push rax
mov rax,_pointer1
mov [rax],rbx
pop rax
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Nessin
Advanced Cheater
Reputation: 1

Joined: 29 Oct 2015
Posts: 69
PostPosted: Fri Apr 07, 2017 1:07 pm    Post subject: Reply with quote
Dark Byte wrote:
_pointer1 is allocated too far away

try
globalalloc(_pointer1,8,"FlackDrop.exe"+32CC3D9 )

or
alloc(_pointer1,8,"FlackDrop.exe"+32CC3D9)
registersymbol(_pointer)

or in the code and do something like
push rax
mov rax,_pointer1
mov [rax],rbx
pop rax



Thanks I just finished reading your other post here http://forum.cheatengine.org/viewtopic.php?p=5623926#5623926

That solved my problem Rolling Eyes
_________________
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites