|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
gifty How do I cheat? Reputation: 0
Joined: 05 Aug 2019 Posts: 2
|
Posted: Mon Aug 05, 2019 11:40 am Post subject: Need some help with an assembly crash. |
|
|
So far using an basic gamemaker rpg to learn more about scripting and how to assembly, currently stuck on my first script when compare different stack areas.
Quote: | { Game : unamed
Version:
Date : 2019-08-05
Author : 15198
Notes:
MOVSD - Move scalar double-precision floating-point value.
Therefore it moves a 32 bits float value from xmm0 into the pointing value
}
[ENABLE]
aobscanmodule(INJECT,gamemakerproject.exe,F2 0F 11 07 5F 5E 5D 5B 83 C4 08 C3 8B 06) // should be unique
alloc(newmem,$1000)
alloc(newSpeed, 4)
alloc(newCooldown, 4)
label(playerSpeed)
label(playerCooldown)
label(originalcode)
label(code)
label(return)
newCooldown:
dq (float)0
newSpeed:
dq (double)999
newmem:
code:
//----player movespeed
push edx
mov edx, [ebp-894]
pushf
cmp edx,192E6
je playerSpeed
popf //<--- crash
pop edx //<--- crash
//-----global cooldown
push edx //<--- crash
mov edx, [ebp-2CDDA060] //<--- crash
pushf //<--- crash
cmp edx,1878E //<--- crash
//je playerCooldown
//popf
//pop edx
//-----skill #1 cooldown
//push edx
//mov edx, [ebp-2CDE2A40]
//pushf
//cmp edx,1878F
//je playerCooldown
jmp originalcode
playerCooldown:
movsd xmm0, [newCooldown]
jmp originalcode
playerSpeed:
movsd xmm0, [newSpeed]
jmp originalcode
originalcode:
popf
pop edx
movsd [edi],xmm0
pop edi
jmp return
INJECT:
jmp newmem
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db F2 0F 11 07 5F
unregistersymbol(INJECT)
dealloc(newmem)
dealloc(newSpeed)
dealloc(newCooldown){
}
|
So far the movement speed works 100% like I would expect it to however trying to get the cooldown and comparing right now is causing a instant crash and can't figure out why.
Is it the way I'm dealing with trying to compare or perhaps I found a bad pointer to search for? |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4289
|
Posted: Mon Aug 05, 2019 12:14 pm Post subject: |
|
|
gifty wrote: | So far using an basic gamemaker rpg to learn more about scripting and how to assembly |
If that engine works by interpreting bytecode, that's a horrific way of learning assembly. Use a compiled language like C/C++ or at least a JIT-compiled language.
- Doubles take up 8 bytes (64 bits), not 4.
- newSpeed / newCooldown allocs need 8 bytes.
- newSpeed initial value needs to be (double)0 and not (float)0. The dq (declare quadword) is fine.
- Are you absolutely certain you need to save eflags? Don't do it just because you can. Actually look at the injection point and see what's necessary.
- Use mov edx,[esp] instead of pop edx / push edx.
- The above point is useless anyway since you're writing something else to edx right after it.
- mov edx, [ebp-2CDDA060] looks like a ridiculous instruction regardless of whether or not ebp is being used as a stack frame pointer.
- If you do need to back up eflags, you don't need to restore them just to back them up again a few instructions down. (same for edx)
Using {$try} / {$except} might help.
https://forum.cheatengine.org/viewtopic.php?p=5742699#5742699 _________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
gifty How do I cheat? Reputation: 0
Joined: 05 Aug 2019 Posts: 2
|
Posted: Mon Aug 05, 2019 1:33 pm Post subject: |
|
|
ParkourPenguin wrote: | gifty wrote: | So far using an basic gamemaker rpg to learn more about scripting and how to assembly |
If that engine works by interpreting bytecode, that's a horrific way of learning assembly. Use a compiled language like C/C++ or at least a JIT-compiled language.
- Doubles take up 8 bytes (64 bits), not 4.
- newSpeed / newCooldown allocs need 8 bytes.
- newSpeed initial value needs to be (double)0 and not (float)0. The dq (declare quadword) is fine.
- Are you absolutely certain you need to save eflags? Don't do it just because you can. Actually look at the injection point and see what's necessary.
- Use mov edx,[esp] instead of pop edx / push edx.
- The above point is useless anyway since you're writing something else to edx right after it.
- mov edx, [ebp-2CDDA060] looks like a ridiculous instruction regardless of whether or not ebp is being used as a stack frame pointer.
- If you do need to back up eflags, you don't need to restore them just to back them up again a few instructions down. (same for edx)
Using {$try} / {$except} might help.
/viewtopic.php?p=5742699#5742699 |
Thanks for the help. So didn't actually need the flag thought it was a good safety net in-case it was needed.
Also didn't know the try/except but still can't get the global cooldown so passing it now for in terms of handling player X,Y,Z and hopefully get a basic no-clip going with it. (Looking into handling key presses from /forum/viewtopic.php?t=603212&sid=afa2bd4ed884037e42e888d04336d497 using
Code: | push 56 // VK_V
call user32.GetAsyncKeyState
test ax,ax
jne DoStuff | )
Also any main reason to use *mov edx,[esp]* over the *pop edx / push edx*? |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4289
|
Posted: Mon Aug 05, 2019 3:20 pm Post subject: |
|
|
"pop edx / push edx" replaces edx with whatever is at the top of the stack (hence its equivalency to "mov edx,[esp]"); however, since you're writing to edx right after that, it does effectively nothing. _________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|