|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
MarcRené Newbie cheater Reputation: 0
Joined: 20 Mar 2017 Posts: 15
|
Posted: Fri Apr 06, 2018 7:35 am Post subject: Game crashes after code injection - wrong assembler code |
|
|
Hi all,
I am trying to cheat at the game "Dungeons 2", GoG-Version.
Found a table from at fearlessrevolution (made by zanzer, posted by STN), but this does not work with gog, at least not with all cheats so I am trying to adapt the code. Would post the direct url to the table, but fearless is down at the moment.
Now there's a injection to activate god mode and one-hit-kill, but activation crashes the game after a few seconds.
Original code:
Code: |
F0F0DA0: D9 45 EC - fld dword ptr [ebp-14]
2F0F0DA3: D9 5D EC - fstp dword ptr [ebp-14]
2F0F0DA6: D9 45 EC - fld dword ptr [ebp-14]
2F0F0DA9: 8B 45 E8 - mov eax,[ebp-18]
// ---------- INJECTING HERE ----------
2F0F0DAC: D9 58 5C - fstp dword ptr [eax+5C]
2F0F0DAF: 8D 45 F8 - lea eax,[ebp-08]
// ---------- DONE INJECTING ----------
2F0F0DB2: D9 EE - fldz
2F0F0DB4: D9 5D E0 - fstp dword ptr [ebp-20]
2F0F0DB7: D9 EE - fldz
2F0F0DB9: D9 5D DC - fstp dword ptr [ebp-24]
2F0F0DBC: D9 47 60 - fld dword ptr [edi+60]
2F0F0DBF: D9 5D DC - fstp dword ptr [ebp-24]
2F0F0DC2: D9 45 DC - fld dword ptr [ebp-24]
2F0F0DC5: D9 5D DC - fstp dword ptr [ebp-24]
2F0F0DC8: D9 45 DC - fld dword ptr [ebp-24]
2F0F0DCB: D9 EE - fldz
|
now his injection:
Code: |
[ENABLE]
aobscan(health,D9 58 5C 8D 45 F8)
alloc(newmem,$1000)
label(code)
label(return)
label(godmode)
label(onehit)
label(godmode_on)
label(onehit_on)
newmem:
push eax
mov eax,[eax+50]
cmp [eax+20],1
pop eax
je godmode
jmp onehit
godmode:
cmp byte ptr [godmode_on],1
jne code
fstp st(0)
fldz
jmp code
onehit:
cmp byte ptr [onehit_on],1
jne code
fstp st(0)
fld [eax+60]
code:
fstp dword ptr [eax+5C]
lea eax,[ebp-08]
jmp return
godmode_on:
db 0
onehit_on:
db 0
health:
jmp newmem
nop
return:
registersymbol(health)
registersymbol(godmode_on)
registersymbol(onehit_on)
[DISABLE]
health:
db D9 58 5C 8D 45 F8
unregistersymbol(health)
unregistersymbol(godmode_on)
unregistersymbol(onehit_on)
dealloc(newmem)
|
If I comment out the first lines after newmem:
Code: |
push eax
mov eax,[eax+50]
cmp [eax+20],1
pop eax
|
the game does not crash. But of course, it does not cheat, too.
So I tried to analyze the commands, do not make much sense since [eax+50] is 0... next try was to distinguish between player-chars and enemies by my own code for newmem, because it seems [ecx+54] is 0 for enemies:
Code: |
push ecx
mov ecx, [eax+54]
cmp [ecx],0
pop ecx
jne godmode
jmp onehit
|
But guess what, it crashes the game. Using ECX is not working better.
I'm quite confident that I'm not seeing something obvious, but don't have the slightest idea what's wrong...
best regards,
Marc
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Fri Apr 06, 2018 10:24 am Post subject: |
|
|
if "[eax+50]" is zero then that's your problem, "[eax+50]" needs to be an accessible address. You can add "test eax,eax" then "jz code" before the "cmp [eax+20],1" line, but this will only stop the crashing and not fix the script, you need to find out what "[eax+50]" needs to be then find that address (i.e.: an update may have changed the offsets).
_________________
|
|
Back to top |
|
|
MarcRené Newbie cheater Reputation: 0
Joined: 20 Mar 2017 Posts: 15
|
Posted: Sat Apr 07, 2018 12:03 am Post subject: |
|
|
Great, crash is fixed. Lesson learned, many tanks!
Now I'll have to adjust the offsets / find the correct distinction between friend and foe...
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|