|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Ejay1984 Newbie cheater Reputation: 0
Joined: 16 Nov 2017 Posts: 24
|
Posted: Fri Apr 20, 2018 9:37 am Post subject: Can't Toggle AOB Script |
|
|
I've been making a few scripts for Ori and the Blind Forest (not the definitive edition) and one a few were AOB's and one was a full injection. But when I close the game and start up, I can't select the scripts. I doubt the game has been updated so I'm not sure why I can't toggle them.
One of the script is;
Code: | [ENABLE]
aobscan(Deathcount,89 48 14 8B 05 A4 4F BC 0F) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
mov [eax+14],ecx
mov [eax+14], #0
mov eax,[0FBC4FA4]
jmp return
Deathcount:
jmp newmem
nop
nop
nop
nop
return:
registersymbol(Deathcount)
[DISABLE]
Deathcount:
db 89 48 14 8B 05 A4 4F BC 0F
unregistersymbol(Deathcount)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 2381C6A3
""+2381C67E: 8B 05 B0 B5 E1 05 - mov eax,[05E1B5B0]
""+2381C684: 83 EC 08 - sub esp,08
""+2381C687: 6A 00 - push 00
""+2381C689: 50 - push eax
""+2381C68A: E8 81 B0 BE E2 - call 06407710
""+2381C68F: 83 C4 10 - add esp,10
""+2381C692: 85 C0 - test eax,eax
""+2381C694: 0F 84 62 00 00 00 - je 2381C6FC
""+2381C69A: 8B 05 B0 B5 E1 05 - mov eax,[05E1B5B0]
""+2381C6A0: 8B 4D 08 - mov ecx,[ebp+08]
// ---------- INJECTING HERE ----------
""+2381C6A3: 89 48 14 - mov [eax+14],ecx
""+2381C6A6: 8B 05 A4 4F BC 0F - mov eax,[0FBC4FA4]
// ---------- DONE INJECTING ----------
""+2381C6AC: 8B 0D B0 B5 E1 05 - mov ecx,[05E1B5B0]
""+2381C6B2: 8B 49 14 - mov ecx,[ecx+14]
""+2381C6B5: 83 EC 08 - sub esp,08
""+2381C6B8: 51 - push ecx
""+2381C6B9: 50 - push eax
""+2381C6BA: 39 00 - cmp [eax],eax
""+2381C6BC: E8 47 3C C3 E2 - call 06450308
""+2381C6C1: 83 C4 10 - add esp,10
""+2381C6C4: 8B 05 78 BC E1 05 - mov eax,[05E1BC78]
""+2381C6CA: 89 45 EC - mov [ebp-14],eax
|
The other, full injection is;
Code: | define(address,22C8F809)
define(bytes,D9 40 04 D9 5D F4)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
mov [eax+04],(float)15
fld dword ptr [eax+04]
fstp dword ptr [ebp-0C]
jmp return
address:
jmp newmem
nop
return:
[DISABLE]
address:
db bytes
// fld dword ptr [eax+04]
// fstp dword ptr [ebp-0C]
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 22C8F809
22C8F7E7: E8 FC 2B 6F E3 - call 063823E8
22C8F7EC: 83 C4 10 - add esp,10
22C8F7EF: 85 C0 - test eax,eax
22C8F7F1: 0F 84 60 00 00 00 - je 22C8F857
22C8F7F7: 8B 47 3C - mov eax,[edi+3C]
22C8F7FA: 8B 40 48 - mov eax,[eax+48]
22C8F7FD: 8B 40 10 - mov eax,[eax+10]
22C8F800: 8B C8 - mov ecx,eax
22C8F802: 39 09 - cmp [ecx],ecx
22C8F804: 05 BC 00 00 00 - add eax,000000BC
// ---------- INJECTING HERE ----------
22C8F809: D9 40 04 - fld dword ptr [eax+04]
22C8F80C: D9 5D F4 - fstp dword ptr [ebp-0C]
// ---------- DONE INJECTING ----------
22C8F80F: D9 45 F4 - fld dword ptr [ebp-0C]
22C8F812: D9 05 C8 C9 17 1E - fld dword ptr [1E17C9C8]
22C8F818: DF F1 - fcomip st(0),st(1)
22C8F81A: DD D8 - fstp st(0)
22C8F81C: 0F 82 35 00 00 00 - jb 22C8F857
22C8F822: D9 87 88 00 00 00 - fld dword ptr [edi+00000088]
22C8F828: D9 EE - fldz
22C8F82A: DF F1 - fcomip st(0),st(1)
22C8F82C: DD D8 - fstp st(0)
22C8F82E: 7A 27 - jp 22C8F857
} |
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4300
|
Posted: Fri Apr 20, 2018 10:25 am Post subject: |
|
|
The full injection fails because the code probably wasn't allocated at the same address. Use an aobscan instead.
The aobscan script is failing because an instruction in the aob pattern is directly addressing dynamically allocated memory. Replace those operand bytes with wildcards in the aob pattern and add more bytes until the pattern is unique. In the code injection, you could use reassemble and readmem to assemble the correct instruction and restore the original bytes, but it would be easier to inject at one instruction earlier (i.e. ""+2381C6A0).
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Ejay1984 Newbie cheater Reputation: 0
Joined: 16 Nov 2017 Posts: 24
|
Posted: Fri Apr 20, 2018 11:04 am Post subject: |
|
|
ParkourPenguin wrote: | The full injection fails because the code probably wasn't allocated at the same address. Use an aobscan instead.
The aobscan script is failing because an instruction in the aob pattern is directly addressing dynamically allocated memory. Replace those operand bytes with wildcards in the aob pattern and add more bytes until the pattern is unique. In the code injection, you could use reassemble and readmem to assemble the correct instruction and restore the original bytes, but it would be easier to inject at one instruction earlier (i.e. ""+2381C6A0). |
Sorry for sounding like a noob but how do I use reassemble and reabmem to assemble the correct instruction?
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4300
|
Posted: Fri Apr 20, 2018 2:19 pm Post subject: |
|
|
You shouldn't do that. As I said, it's easier to inject at the previous instruction. Highlight the instruction at ""+2381C6A0 in the disassembler and make the AOB Injection template from that.
If you want to ignore that advice, there are examples of reassemble and readmem on these forums you can find by searching for them.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Ejay1984 Newbie cheater Reputation: 0
Joined: 16 Nov 2017 Posts: 24
|
Posted: Fri Apr 20, 2018 11:56 pm Post subject: |
|
|
ParkourPenguin wrote: | You shouldn't do that. As I said, it's easier to inject at the previous instruction. Highlight the instruction at ""+2381C6A0 in the disassembler and make the AOB Injection template from that.
If you want to ignore that advice, there are examples of reassemble and readmem on these forums you can find by searching for them. |
Thanks a lot, I'll do that injection.
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|