Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Help with Reading and writing to XMM registers

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials -> Auto Assembler tutorials
View previous topic :: View next topic  
Author Message
scoobz1234
How do I cheat?
Reputation: 0

Joined: 17 May 2019
Posts: 4

PostPosted: Fri May 17, 2019 4:55 pm    Post subject: Help with Reading and writing to XMM registers Reply with quote

Hey everyone, I am still pretty new to writing scripts in CE, and I'm trying to write a teleport script for a game. The player position is stored in xmm13 and is in x,y,z,0 format where zero is not being used. my question/ issue i am having is reading from xmm13, storing that value for later use, and then loading that value and setting the player position to that value. here is what i have...

please be gentle...

Code:

[ENABLE]

aobscanmodule(teleport,SuperCoolGame,44 0F 29 AB 90 01 00 00 B2)
alloc(newmem,$1000,"SuperCoolGame"+1BBAA18)
alloc(location,128)

//::::::LABELS:::::://
label(code)
label(return)
label(location)
label(en_save) //enable save flag
label(en_load) //enable load flag
label(save)
label(load)

//::::::SYMBOLS:::::://
registersymbol(en_save)
registersymbol(en_load)
registersymbol(location)

//::::::CODE:::::://

en_save: //preset flag to 0
dd 0
en_load: //preset flag to 0
dd 0

location: //trying to use this to store and retrieve a specific location to teleport to...
dd (float)0.0
dd (float)0.0
dd (float)0.0
dd (float)0.0

newmem: //new mem, compare to check if player has pressed hotkeys...
cmp [en_save],1
je save
cmp [en_load],1
je load
jmp code

//::::::SAVE FUNCTION:::::://
save:
mov [en_save],0
movaps [location],xmm13
jmp code

//::::::LOAD FUNCTION:::::://
load:
mov [en_load],0
mov rax,location
movaps xmm13,[rax]
movaps [rbx+190],xmm13
jmp return

//::::::ORIGINAL CODE:::::://
code:
  movaps [rbx+00000190],xmm13
  jmp return

teleport:
  jmp newmem
  nop
  nop
  nop

return:
registersymbol(teleport)

[DISABLE]

teleport:
  db 44 0F 29 AB 90 01 00 00

unregistersymbol(teleport)
unregistersymbol(en_save)
unregistersymbol(en_load)
unregistersymbol(location)
dealloc(newmem)
dealloc(location)



Last edited by scoobz1234 on Fri May 17, 2019 8:31 pm; edited 1 time in total
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Fri May 17, 2019 7:34 pm    Post subject: Reply with quote

put en_save and en_load under newmem or location. (since you did not allocate any memory for them)
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
scoobz1234
How do I cheat?
Reputation: 0

Joined: 17 May 2019
Posts: 4

PostPosted: Fri May 17, 2019 7:49 pm    Post subject: Reply with quote

moved them to the allocated memory space under newmem, still instant crash

Code:
[ENABLE]

aobscanmodule(teleport,SuperCoolGame,44 0F 29 AB 90 01 00 00 B2)
alloc(newmem,$1000,"SuperCoolGame"+1BBAA18)
alloc(location,128)

//::::::LABELS:::::://
label(code)
label(return)
label(location)
label(en_save) //enable save flag
label(en_load) //enable load flag
label(save)
label(load)

//::::::SYMBOLS:::::://
registersymbol(en_save)
registersymbol(en_load)
registersymbol(location)

//::::::CODE:::::://

location: //trying to use this to store and retrieve a specific location to teleport to...
dd (float)0.0
dd (float)0.0
dd (float)0.0
dd (float)0.0

newmem: //new mem, compare to check if player has pressed hotkeys...

en_save: //preset flag to 0
dd 0
en_load: //preset flag to 0
dd 0

cmp [en_save],1
je save
cmp [en_load],1
je load
jmp code

//::::::SAVE FUNCTION:::::://
save:
mov [en_save],0
movaps [location],xmm13
jmp code

//::::::LOAD FUNCTION:::::://
load:
mov [en_load],0
mov rax,location
movaps xmm13,[rax]
movaps [rbx+190],xmm13
jmp return

//::::::ORIGINAL CODE:::::://
code:
  movaps [rbx+00000190],xmm13
  jmp return

teleport:
  jmp newmem
  nop
  nop
  nop

return:
registersymbol(teleport)

[DISABLE]

teleport:
  db 44 0F 29 AB 90 01 00 00

unregistersymbol(teleport)
unregistersymbol(en_save)
unregistersymbol(en_load)
unregistersymbol(location)
dealloc(newmem)
dealloc(location)
[/code]

Last edited by scoobz1234 on Fri May 17, 2019 8:30 pm; edited 1 time in total
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 137

Joined: 06 Jul 2014
Posts: 4250

PostPosted: Fri May 17, 2019 7:55 pm    Post subject: Reply with quote

What problem are you having?

small details:
Code:
load:
mov [en_load],0
mov rax,location
movaps xmm13,[rax]
movaps [rbx+190],xmm13
jmp return rax]

You're not backing up rax, which might cause problems if it's read from later on before being overwritten again.
You wouldn't need to use rax if you allocated location next to newmem. This allows for rip-relative addressing as you're trying to do in the save section. (this might happen fortuitously)
The last two instructions in load are unnecessary since you could let it fall through and have the same effect.
Code:
alloc(location,128,"????????.exe"+1BBAA18)
...
load:
mov [en_load],0
movaps xmm13,[location]
code:
...

????????.exe should probably be the name of the actual exe file. If you tried to censor this, do a better job of looking through your script- the aobscanmodule call isn't the only place that name appears.
en_save and en_load aren't allocated under anything. Put them at the end of location or something (not above x/y/z- that would screw with the alignment of movaps). If you put it at the beginning of newmem, make sure the injection point jumps to the code and not the data.
You should also put the teleport registersymbol with the others.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
scoobz1234
How do I cheat?
Reputation: 0

Joined: 17 May 2019
Posts: 4

PostPosted: Fri May 17, 2019 8:30 pm    Post subject: Reply with quote

ParkourPenguin


It was a sad...sad... attempt removing the name...haha..

so thing's i have done with your recommendations:

Moved registersymbol(teleport) up with other symbols..not sure how i missed that.
en_save and en_load were moved to directly below newmem:
dropped last two lines from load: I see what you mean by following through to the code: section and then running the same line...

with all these corrections, the game still crashes instantly once the script is enabled in the table. (prior to even pressing a hotkey)

Code:

[ENABLE]

aobscanmodule(teleport,SuperCoolGame,44 0F 29 AB 90 01 00 00 B2)
alloc(newmem,$1000,"SuperCoolGame"+1BBAA18)
alloc(location,128)

//::::::LABELS:::::://
label(code)
label(return)
label(location)
label(en_save) //enable save flag
label(en_load) //enable load flag
label(save)
label(load)

//::::::SYMBOLS:::::://
registersymbol(en_save)
registersymbol(en_load)
registersymbol(location)
registersymbol(teleport)

//::::::CODE:::::://

location: //trying to use this to store and retrieve a specific location to teleport to...
dd (float)0.0
dd (float)0.0
dd (float)0.0
dd (float)0.0

newmem: //new mem, compare to check if player has pressed hotkeys...

en_save: //preset flag to 0
dd 0
en_load: //preset flag to 0
dd 0

cmp [en_save],1
je save
cmp [en_load],1
je load
jmp code

//::::::SAVE FUNCTION:::::://
save:
mov [en_save],0
movaps [location],xmm13
jmp code

//::::::LOAD FUNCTION:::::://
load:
mov [en_load],0
mov rax,location
movaps xmm13,[rax]

//::::::ORIGINAL CODE:::::://
code:
  movaps [rbx+00000190],xmm13
  jmp return

teleport:
  jmp newmem
  nop
  nop
  nop

return:

[DISABLE]

teleport:
  db 44 0F 29 AB 90 01 00 00

unregistersymbol(teleport)
unregistersymbol(en_save)
unregistersymbol(en_load)
unregistersymbol(location)
dealloc(newmem)
dealloc(location)
[/code]
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 137

Joined: 06 Jul 2014
Posts: 4250

PostPosted: Sat May 18, 2019 7:50 am    Post subject: Reply with quote

ParkourPenguin wrote:
If you put it at the beginning of newmem, make sure the injection point jumps to the code and not the data.

Code:
newmem: //new mem, compare to check if player has pressed hotkeys...
en_save: //preset flag to 0
dd 0
en_load: //preset flag to 0
dd 0

cmp [en_save],1
...
teleport:
  jmp newmem

The injection point (i.e. the instruction at teleport) is jumping into data. Make it jump to the cmp instruction instead.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
scoobz1234
How do I cheat?
Reputation: 0

Joined: 17 May 2019
Posts: 4

PostPosted: Sat May 18, 2019 9:39 am    Post subject: Reply with quote

Okay, instant crash has since been rectified, the data in xmm13 is being saved to location, but the teleport function does not work, nothing happens.. also it looks like the data thats being saved to location is not correct.. I.E my Z in game says -361.5 and the location on the computer is -200 somthing..

[ENABLE]

aobscanmodule(teleport,SuperCoolGame,44 0F 29 AB 90 01 00 00 B2)
alloc(newmem,$1000,"SuperCoolGame"+1BBAA18)
alloc(location,128)
alloc(setup,256)

//::::::LABELS:::::://
label(code)
label(return)
label(location)
label(en_save)
label(en_load)
label(save)
label(load)

//::::::SYMBOLS:::::://
registersymbol(en_save)
registersymbol(en_load)
registersymbol(location)
registersymbol(teleport)

//::::::CODE:::::://
setup:
location:
dd (float)0.0
dd (float)0.0
dd (float)0.0
dd (float)0.0

en_save:
dd 0
en_load:
dd 0

newmem:
cmp [en_save],1
je save
cmp [en_load],1
je load
jmp code

//::::::SAVE FUNCTION:::::://
save:
mov [en_save],0
movups [location],xmm13
jmp code

//::::::LOAD FUNCTION:::::://
load:
mov [en_load],0
mov rax,location
movaps xmm13,[rax]
movaps [rbx+190],xmm13
jmp return

//::::::ORIGINAL CODE:::::://
code:
movaps [rbx+00000190],xmm13
jmp return

teleport:
jmp newmem
nop
nop
nop

return:

[DISABLE]

teleport:
db 44 0F 29 AB 90 01 00 00

unregistersymbol(teleport)
unregistersymbol(en_save)
unregistersymbol(en_load)
unregistersymbol(location)

dealloc(newmem)
dealloc(location)
dealloc(setup
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 137

Joined: 06 Jul 2014
Posts: 4250

PostPosted: Sat May 18, 2019 12:14 pm    Post subject: Reply with quote

Did you check to see if that instruction accesses other addresses? (Right click in disassembler -> find out what addresses this instruction accesses)
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials -> Auto Assembler tutorials All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites