Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How to allocate memory correctly

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
LewcowVaal
Advanced Cheater
Reputation: 0

Joined: 30 Dec 2017
Posts: 53

PostPosted: Mon Jan 15, 2018 5:00 am    Post subject: How to allocate memory correctly Reply with quote

Hello,
basing on the example by Tim here (http://forum.cheatengine.org/viewtopic.php?t=606551) i made a script like this:
Code:

[ENABLE]

aobscan(househpmov,89 4A 30 48 8B 4D 10 8B 49 3C) // should be unique
alloc(newmem,$1000,7FFC226A47E0)

label(originalcode)
label(return)
label(enemycode)
label(allycode)

newmem:
  pushfq
  push rsi
  mov rsi,[rdx+18]
  test rsi,rsi
  jz originalcode
  mov rsi,[rsi+148]
  test rsi,rsi
  jz originalcode
  mov rsi,[rsi+210]
  cmp rsi,2
  je allycode
  cmp rsi,3
  je enemycode
  jmp originalcode

enemycode:
  pop rsi
  popfq
  mov [rdx+30],0
  mov rcx,[rbp+10]
  jmp return

allycode:
  pop rsi
  popfq
  mov [rdx+30],#5000
  mov rcx,[rbp+10]
  jmp return

originalcode:
  mov [rdx+30],ecx
  mov rcx,[rbp+10]
  jmp return

househpmov:
  jmp newmem
  nop
  nop
return:
registersymbol(househpmov)

[DISABLE]

househpmov:
  db 89 4A 30 48 8B 4D 10

unregistersymbol(househpmov)
dealloc(newmem)


The script works, but after couple times i reload the game and Enable the script, when i try to disable it again it crashes (when the instruction is called)

It seems that the problem is related to the new allocated memory (address 7FFC226A47E0), because if i create a new script and let CE assign another free address for the script, it works flawlessly until i restart the game.

So, how can i fix this?
Is there a better way to manage the allocated memory?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 372

Joined: 09 May 2003
Posts: 21962
Location: The netherlands

PostPosted: Mon Jan 15, 2018 7:40 am    Post subject: This post has 1 review(s) Reply with quote

alloc(newmem,$1000,househpmov)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
LewcowVaal
Advanced Cheater
Reputation: 0

Joined: 30 Dec 2017
Posts: 53

PostPosted: Mon Jan 15, 2018 9:10 am    Post subject: Reply with quote

Dark Byte wrote:
alloc(newmem,$1000,househpmov)


So, by doing this, the new memory will be allocated to the address of the AOB result, is it crash-proof?

Also, may i ask you if i can remove the 2 labels enemycode and allycode?
Whats the difference between declaring them and not doing so?



I frequently use a globalalloc to move bases for my addresses. Where is that memory allocated? Would it work if i do alloc + label?

Thank you very much @Dark Byte Smile
Back to top
View user's profile Send private message
sbryzl
Expert Cheater
Reputation: 5

Joined: 25 Jul 2016
Posts: 163

PostPosted: Mon Jan 15, 2018 10:42 am    Post subject: This post has 1 review(s) Reply with quote

LewcowVaal wrote:
Dark Byte wrote:
alloc(newmem,$1000,househpmov)


So, by doing this, the new memory will be allocated to the address of the AOB result, is it crash-proof?

Also, may i ask you if i can remove the 2 labels enemycode and allycode?
Whats the difference between declaring them and not doing so?



I frequently use a globalalloc to move bases for my addresses. Where is that memory allocated? Would it work if i do alloc + label?

Thank you very much @Dark Byte Smile

Nothing is ever crashproof but the way DarkByte showed you works best. The crash is likely due to stack handling. You need to reset the stack under original code.

originalcode:
pop rsi
popfq
mov [rdx+30],ecx
mov rcx,[rbp+10]
jmp return

It's not necessary to declare labels unless using them somewhere else in which case you need to register them also.

globalalloc works the same as alloc except for 2 things.
1 You can't dealloc a global allocation.
2 Multiple global allocations of the same name will not spawn more memory allocations. They will all use the same one.
Back to top
View user's profile Send private message
LewcowVaal
Advanced Cheater
Reputation: 0

Joined: 30 Dec 2017
Posts: 53

PostPosted: Mon Jan 15, 2018 11:20 am    Post subject: Reply with quote

sbryzl wrote:
LewcowVaal wrote:
Dark Byte wrote:
alloc(newmem,$1000,househpmov)


So, by doing this, the new memory will be allocated to the address of the AOB result, is it crash-proof?

Also, may i ask you if i can remove the 2 labels enemycode and allycode?
Whats the difference between declaring them and not doing so?



I frequently use a globalalloc to move bases for my addresses. Where is that memory allocated? Would it work if i do alloc + label?

Thank you very much @Dark Byte Smile

Nothing is ever crashproof but the way DarkByte showed you works best. The crash is likely due to stack handling. You need to reset the stack under original code.

originalcode:
pop rsi
popfq
mov [rdx+30],ecx
mov rcx,[rbp+10]
jmp return

It's not necessary to declare labels unless using them somewhere else in which case you need to register them also.

globalalloc works the same as alloc except for 2 things.
1 You can't dealloc a global allocation.
2 Multiple global allocations of the same name will not spawn more memory allocations. They will all use the same one.


Oh man, i forgot to pop the stack. Thanks

But anyway i do have other scripts with no stack involved, and they crash too, i realized the problem was the allocated memory.

I'll try now allocating it like Dark Byte said.


EDIT: I tried now just popping the stack and it crashes anyway, i'll fix the allocation
Back to top
View user's profile Send private message
LewcowVaal
Advanced Cheater
Reputation: 0

Joined: 30 Dec 2017
Posts: 53

PostPosted: Tue Jan 16, 2018 9:03 am    Post subject: Reply with quote

Now it is not crashing anymore, but i have one more questions:

How can i compare a register that has this value:



I did something like

Code:
cmp rsi, 02D8418A000001B0


But obviously not working...

Probably because i'm trying to compare a 64bit register


Last edited by LewcowVaal on Tue Jan 16, 2018 9:31 am; edited 2 times in total
Back to top
View user's profile Send private message
TheyCallMeTim13
Wiki Contributor
Reputation: 24

Joined: 24 Feb 2017
Posts: 733
Location: 'Merica

PostPosted: Tue Jan 16, 2018 9:38 am    Post subject: Reply with quote

As far as I know CMP only works on at most 32 bits for an immutable. So you will have to break it up into 32 bit chunks, or put it in an address or registry.

Code:
CMP r/m64, imm32
CMP r64, r/m64


http://www.felixcloutier.com/x86/CMP.html

_________________
Back to top
View user's profile Send private message
LewcowVaal
Advanced Cheater
Reputation: 0

Joined: 30 Dec 2017
Posts: 53

PostPosted: Tue Jan 16, 2018 9:56 am    Post subject: Reply with quote

TheyCallMeTim13 wrote:
As far as I know CMP only works on at most 32 bits for an immutable. So you will have to break it up into 32 bit chunks, or put it in an address or registry.

Code:
CMP r/m64, imm32
CMP r64, r/m64


http://www.felixcloutier.com/x86/CMP.html



Hello Tim! Smile

I was wondering if moving my value in another register and compare it would work, like:

Code:

push rax
mov rax,02D8418A000001B0
cmp rax,rsi
Back to top
View user's profile Send private message
TheyCallMeTim13
Wiki Contributor
Reputation: 24

Joined: 24 Feb 2017
Posts: 733
Location: 'Merica

PostPosted: Tue Jan 16, 2018 10:03 am    Post subject: Reply with quote

Yes, that or and address, just don't forget to balance the stack. And you may need to PUSH and POP the flags registry, I always do when setting the flags.

Code:

pushfq // push 64 bit flags (RFLAGS I think)
push rax
mov rax,02D8418A000001B0
cmp rax,rsi
pop rax
je someLabel
...
popfq // pop 64 bit flags
jmp return



Code:

pushfq
mov [someSymbolOrAddress],02D8418A000001B0
cmp rsi,[someSymbolOrAddress]
je someLabel
...
popfq
jmp return


Code:

pushfq
cmp rsi,[someSymbolOrAddress]
je someLabel
...
popfq
jmp return
someSymbolOrAddress:
 dq 02D8418A000001B0

_________________


Last edited by TheyCallMeTim13 on Tue Jan 16, 2018 10:09 am; edited 1 time in total
Back to top
View user's profile Send private message
LewcowVaal
Advanced Cheater
Reputation: 0

Joined: 30 Dec 2017
Posts: 53

PostPosted: Tue Jan 16, 2018 10:09 am    Post subject: Reply with quote

TheyCallMeTim13 wrote:
Yes, that or and address, just don't forget to balance the stack. And you may need to PUSH and POP the flags registry, I always do when setting the flags.

Code:

pushfq // push 64 bit flags (RFLAGS I think)
push rax
mov rax,02D8418A000001B0
cmp rax,rsi
pop rax
je someLabel
jne someOtherLabel
...
popfq // pop 64 bit flags
jmp return



Code:

pushfq
mov [someSymbolOrAddress],02D8418A000001B0
cmp rsi,[someSymbolOrAddress]
je someLabel
jne someOtherLabel
...
popfq
jmp return


Code:

pushfq
cmp rsi,[someSymbolOrAddress]
je someLabel
jne someOtherLabel
...
popfq
jmp return
someSymbolOrAddress:
 dq 02D8418A000001B0


Yes of course, this case was just an oversight by my side.
Didn't write the pop because i still need rax after.
Also the script is becoming pretty complex so i might do some mistakes
Back to top
View user's profile Send private message
TheyCallMeTim13
Wiki Contributor
Reputation: 24

Joined: 24 Feb 2017
Posts: 733
Location: 'Merica

PostPosted: Tue Jan 16, 2018 10:11 am    Post subject: Reply with quote

No worries, the day I'm not making mistakes, I'll assume it's because I died.
_________________
Back to top
View user's profile Send private message
LewcowVaal
Advanced Cheater
Reputation: 0

Joined: 30 Dec 2017
Posts: 53

PostPosted: Tue Jan 16, 2018 11:47 am    Post subject: Reply with quote

TheyCallMeTim13 wrote:
No worries, the day I'm not making mistakes, I'll assume it's because I died.


Ahahahahahhhahahahahahhhahahahahahahaha i guess that goes for me too lol

I take this opportunity to ask you (and all the others) a suggestion:
Code:


globalalloc(_unlimitedunithpcontrol,4)

_unlimitedunithpcontrol:
db 00

newmem:
  pushfq
  push rsi       
  push rax
  mov rsi,[rdx+18]
  test rsi,rsi
  jz originalcode
  mov rsi,[rsi+148]   
  test rsi,rsi       
  jz originalcode 
  mov rsi,[rsi+228]
  mov rax,1
  cmp rsi,rax
  je allycode
  mov rax,0
  cmp rsi,rax
  je enemycode
  mov rax,0000000000000100   
  cmp rsi,rax
  je allystructurecode
  mov rax,0000000000000101   
  cmp rsi,rax
  je allystructurecode
  mov rax,0100000000000101   
  cmp rsi,rax
  je allystructurecode
  mov rax,0000000001000101   
  cmp rsi,rax
  je allystructurecode
  mov rax,0400000000010101   
  cmp rsi,rax
  je allystructurecode
  mov rax,0300000000000101   
  cmp rsi,rax
  je allystructurecode
  jmp originalcode

...

...

allycode:
  cmp [_unlimitedunithpcontrol],1
  jne originalcode
  pop rsi
  pop rax
  popfq
  mov [rdx+30],#5000
  mov rcx,[rbp+10]
  jmp return

originalcode:
  pop rsi
  pop rax
  popfq
  mov [rdx+30],ecx
  mov rcx,[rbp+10]
  jmp return



As you can see i global allocated some memory to "control" the enabling status of my codes.

In my table i do have these kinda scripts:



It works. But, i mean, this is intricated to write (also i feel i'm using unnecessary memory)

Is there a better way to achieve something like this?
Back to top
View user's profile Send private message
TheyCallMeTim13
Wiki Contributor
Reputation: 24

Joined: 24 Feb 2017
Posts: 733
Location: 'Merica

PostPosted: Wed Jan 17, 2018 3:57 am    Post subject: This post has 1 review(s) Reply with quote

Not really, the only thing I can say is use byte flags. And you can just pack them in the already allocated memory, you will just need to register them.

Code:
label(_unlimitedunithpcontrol)
registerSymbol(_unlimitedunithpcontrol)
...
newmem:
  pushfq
  push rsi       
  push rax
  mov rsi,[rdx+18]
  test rsi,rsi
  jz originalcode
  mov rsi,[rsi+148]   
  test rsi,rsi       
  jz originalcode 
  mov rsi,[rsi+228]
  mov rax,1
  cmp rsi,rax
  je allycode
  mov rax,0
  cmp rsi,rax
  je enemycode
  mov rax,0000000000000100   
  cmp rsi,rax
  je allystructurecode
  mov rax,0000000000000101   
  cmp rsi,rax
  je allystructurecode
  mov rax,0100000000000101   
  cmp rsi,rax
  je allystructurecode
  mov rax,0000000001000101   
  cmp rsi,rax
  je allystructurecode
  mov rax,0400000000010101   
  cmp rsi,rax
  je allystructurecode
  mov rax,0300000000000101   
  cmp rsi,rax
  je allystructurecode
  jmp originalcode

...

allycode:
  cmp byte ptr [_unlimitedunithpcontrol],1 //cmp just a byte
  jne originalcode
  pop rsi
  pop rax
  popfq
  mov [rdx+30],#5000
  mov rcx,[rbp+10]
  jmp return

originalcode:
  pop rsi
  pop rax
  popfq
  mov [rdx+30],ecx
  mov rcx,[rbp+10]
  jmp return

_unlimitedunithpcontrol:
  db 00

...
[Disable]
...

unregisterSymbol(_unlimitedunithpcontrol)

_________________
Back to top
View user's profile Send private message
LewcowVaal
Advanced Cheater
Reputation: 0

Joined: 30 Dec 2017
Posts: 53

PostPosted: Wed Jan 17, 2018 10:48 am    Post subject: Reply with quote

TheyCallMeTim13 wrote:
Not really, the only thing I can say is use byte flags. And you can just pack them in the already allocated memory, you will just need to register them.

Code:
label(_unlimitedunithpcontrol)
registerSymbol(_unlimitedunithpcontrol)
...
newmem:
  pushfq
  push rsi       
  push rax
  mov rsi,[rdx+18]
  test rsi,rsi
  jz originalcode
  mov rsi,[rsi+148]   
  test rsi,rsi       
  jz originalcode 
  mov rsi,[rsi+228]
  mov rax,1
  cmp rsi,rax
  je allycode
  mov rax,0
  cmp rsi,rax
  je enemycode
  mov rax,0000000000000100   
  cmp rsi,rax
  je allystructurecode
  mov rax,0000000000000101   
  cmp rsi,rax
  je allystructurecode
  mov rax,0100000000000101   
  cmp rsi,rax
  je allystructurecode
  mov rax,0000000001000101   
  cmp rsi,rax
  je allystructurecode
  mov rax,0400000000010101   
  cmp rsi,rax
  je allystructurecode
  mov rax,0300000000000101   
  cmp rsi,rax
  je allystructurecode
  jmp originalcode

...

allycode:
  cmp byte ptr [_unlimitedunithpcontrol],1 //cmp just a byte
  jne originalcode
  pop rsi
  pop rax
  popfq
  mov [rdx+30],#5000
  mov rcx,[rbp+10]
  jmp return

originalcode:
  pop rsi
  pop rax
  popfq
  mov [rdx+30],ecx
  mov rcx,[rbp+10]
  jmp return

_unlimitedunithpcontrol:
  db 00

...
[Disable]
...

unregisterSymbol(_unlimitedunithpcontrol)


That's good Tim, i'll give it a try, thank you Twisted Evil
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites