View previous topic :: View next topic |
Author |
Message |
Quittex How do I cheat? Reputation: 0
Joined: 13 Nov 2019 Posts: 3
|
Posted: Wed Nov 13, 2019 4:06 pm Post subject: Get pointer from what writes to this address (dynamic) |
|
|
Hello,
I am having some troubles as the game I am trying to modify doesn't have any static pointers for the address I am looking for.
I look for the value, find the value and select what writes to this address.
[Screenshot 1]
And by searching for the value I can get the corresponding address apply the offset and I have to correct address.
However all of this changes when the game is closed, though I was wondering, I am always able to return to this address(the offset is always the same) using an AoB scan. Is it possible I could find the correct address again?
[Screenshot 2]
Maybe I am looking in an entire wrong direction, I am fairly new to this, so any help is much appreciated.
Description: |
|
Filesize: |
2.02 KB |
Viewed: |
3758 Time(s) |
|
Description: |
|
Filesize: |
24.95 KB |
Viewed: |
3758 Time(s) |
|
|
|
Back to top |
|
|
DanyDollaro Master Cheater Reputation: 3
Joined: 01 Aug 2019 Posts: 334
|
Posted: Wed Nov 13, 2019 4:48 pm Post subject: |
|
|
Of course you can, knowing the code (the AOB) you can create a script that moves the value of "r11 + 0x144" in a registered area and from there add the zone registered to the Cheat Table.
Last edited by DanyDollaro on Wed Nov 13, 2019 5:34 pm; edited 2 times in total |
|
Back to top |
|
|
Quittex How do I cheat? Reputation: 0
Joined: 13 Nov 2019 Posts: 3
|
Posted: Wed Nov 13, 2019 5:26 pm Post subject: |
|
|
DanyDollaro wrote: | Of course you can, knowing the code (the AOB) you can create a script that moves the value of "r11 + 0x144" in a registered area and from there add the zone registered to the Cheat Table. |
Do you have an example? I haven't used the CE Lua scripting engine, also would it be possible to get to the address directly? As it always returns one address when looking for the pointer value. As I am hoping to do this later on without the use of CE and directly in C# after the AoB scan
|
|
Back to top |
|
|
DanyDollaro Master Cheater Reputation: 3
Joined: 01 Aug 2019 Posts: 334
|
Posted: Wed Nov 13, 2019 5:35 pm Post subject: |
|
|
It should be something like this:
Code: | [ENABLE]
aobscan(INJECT,49 B8 00 00 5B 64 78 01 00 00 4B C7 04 10 12 0E 00 00 41 C6 83 44 01 00 00 01 B8 01 00 00 00 48 81 C4 90 00 00 00)
alloc(newmem,$100)
alloc(Address, 8)
registersymbol(Address)
label(code)
label(return)
newmem:
code:
mov r8,178645B0000
mov qword ptr ds:[r8+r10],E12
//Get Address//
push 144
pop [Address]
add [Address], r11
mov byte ptr ds:[r11+144],1
mov eax,1
add rsp,90
jmp return
INJECT:
jmp newmem
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 49 B8 00 00 5B 64 78 01 00 00 4B C7 04 10 12 0E 00 00 41 C6 83 44 01 00 00 01 B8 01 00 00 00 48 81 C4 90 00 00 00
unregistersymbol(INJECT)
dealloc(newmem)
unregistersymbol(Address)
dealloc(Address, 8) |
But you have to consider allocating it to a nearby area (if possible) and replacing the quantity of Nop
EDIT: You don't have to use Lua, you can use this script in assembly as a reference
EDIT_2: To add the registered zone to the cheat table just click on "Add Address Manually" and write "Address" and so you have the pointer (It will be shown in decimal format, but you can change it), while if you want the value just write "[Address]"
|
|
Back to top |
|
|
Quittex How do I cheat? Reputation: 0
Joined: 13 Nov 2019 Posts: 3
|
Posted: Wed Nov 13, 2019 7:16 pm Post subject: |
|
|
DanyDollaro wrote: |
But you have to consider allocating it to a nearby area (if possible) and replacing the quantity of Nop
EDIT: You don't have to use Lua, you can use this script in assembly as a reference
EDIT_2: To add the registered zone to the cheat table just click on "Add Address Manually" and write "Address" and so you have the pointer (It will be shown in decimal format, but you can change it), while if you want the value just write "[Address]" |
This is much appreciated! Though I am very unfamiliar with ASM, I hope you could clear some of the questions that arises from this.
You start off by allocating new memory to a position and the size. The register symbol allows us to find the variable Address in the cheat table.
Then the part of code: confuses me, since the value of r8 changes, I would assume I'd have to change the value as well each time this changes? What is E12 doing in this case? As it doesn't exist in the registers and I can't find any reference to it.
Then for the Address we are moving our bytes to this newly created address? Maybe I am off here as I do not quite understand.
Thanks again
|
|
Back to top |
|
|
DanyDollaro Master Cheater Reputation: 3
Joined: 01 Aug 2019 Posts: 334
|
Posted: Wed Nov 13, 2019 7:36 pm Post subject: |
|
|
it works like this:
the original code is diverted to the allocated area, the allocated code save the "R11 + 144" value on another allocated memory region [should be registered] - (the address is updated every time the code is executed).
E12 is R12L, R12L is a 64-bit register, E12 is always the same register but accesses the first 32 bits, if it does not work replace it with R12D.
What you should do in C# is to use the WriteProcessMemory() (to divert the original code) and a VirtualAllocEx() function to recreate a code injection.
I don't understand why you're interested in registering R8, if you're looking for the value pointed to by "R11 + 144" what would you need to know the value of R8? if you refer to the fact that the AOB can change, if your scanner supports them you can replace them with wildcards
|
|
Back to top |
|
|
|