 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Ruler555
How do I cheat?
![]() Reputation: 0
Joined: 21 Apr 2016
Posts: 3
|
 Posted: Tue Feb 04, 2020 11:03 am Post subject: My AOB injection deletes lines under it |
 |
|
Hello.
I had CE make AOB injection using the templates, then just added a single line there. When run though it leads to game crashing.
When I checked memory view to see what's going on, turned out when script is activated and jump is created several lines under it are deleted/changed.
My knowledge is severely lacking and google has failed me.
Here's the script:
| Code: | [ENABLE]
aobscan(CharInject,4C 8B F9 48 8B FA 49 8B F0 85 F6 0F 84) // should be unique
alloc(newmem,$1000,1DA7EFC1534)
label(code)
label(return)
registersymbol(CBase)
alloc(CBase,4)
newmem:
mov [CBase],rcx
code:
mov r15,rcx
mov rdi,rdx
jmp return
CharInject:
jmp newmem
nop
return:
registersymbol(CharInject)
[DISABLE]
CharInject:
db 4C 8B F9 48 8B FA
unregistersymbol(CharInject)
dealloc(newmem)
dealloc(CBase)
unregistersymbol(CBase)
{
// ORIGINAL CODE - INJECTION POINT: 1DA7EFC1534
1DA7EFC1513: 7E DA - jle 1DA7EFC14EF
1DA7EFC1515: 01 00 - add [rax],eax
1DA7EFC1517: 00 80 0F FC 7E DA - add [rax-258103F1],al
1DA7EFC151D: 01 00 - add [rax],eax
1DA7EFC151F: 00 55 48 - add [rbp+48],dl
1DA7EFC1522: 8B EC - mov ebp,esp
1DA7EFC1524: 48 83 EC 40 - sub rsp,40
1DA7EFC1528: 48 89 75 E8 - mov [rbp-18],rsi
1DA7EFC152C: 48 89 7D F0 - mov [rbp-10],rdi
1DA7EFC1530: 4C 89 7D F8 - mov [rbp-08],r15
// ---------- INJECTING HERE ----------
1DA7EFC1534: 4C 8B F9 - mov r15,rcx
1DA7EFC1537: 48 8B FA - mov rdi,rdx
// ---------- DONE INJECTING ----------
1DA7EFC153A: 49 8B F0 - mov rsi,r8
1DA7EFC153D: 85 F6 - test esi,esi
1DA7EFC153F: 0F 84 ED 00 00 00 - je 1DA7EFC1632
1DA7EFC1545: 48 8B F7 - mov rsi,rdi
1DA7EFC1548: 83 FF 06 - cmp edi,06
1DA7EFC154B: 0F 83 79 00 00 00 - jae 1DA7EFC15CA
1DA7EFC1551: 48 8B C6 - mov rax,rsi
1DA7EFC1554: 48 C1 E0 03 - shl rax,03
1DA7EFC1558: 8B C8 - mov ecx,eax
1DA7EFC155A: 48 B8 30 19 FC 7E DA 01 00 00 - mov rax,000001DA7EFC1930
} |
I tried different injection point, but same thing.
Help
While on the subject, how does the script decide how many lines it needs to re/move? |
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25811
Location: The netherlands
|
| Posted: Tue Feb 04, 2020 12:03 pm Post subject: |
|
|
instead of
| Code: |
alloc(newmem,$1000,1DA7EFC1534
|
do
| Code: |
alloc(newmem,$1000,CharInject)
|
or always assume the jmp is 14 bytes
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Ruler555
How do I cheat?
![]() Reputation: 0
Joined: 21 Apr 2016
Posts: 3
|
| Posted: Tue Feb 04, 2020 12:55 pm Post subject: |
|
|
Thanks a lot.
Should I do this with every AOB injection I make? |
|
| Back to top |
|
|
DanyDollaro
Master Cheater
![]() Reputation: 3
Joined: 01 Aug 2019
Posts: 334
|
| Posted: Tue Feb 04, 2020 1:47 pm Post subject: |
|
|
You don't have to do it with everyone, by making this change:
| Code: | | alloc(newmem,$1000,CharInject) |
you made sure that the allocated memory is close to the injection point, while if it had been far away to move the execution flow from the injection point to the allocated area, a JMP instruction would have been needed which would have taken up more bytes than expected, corrupting the machine code (that's why the instructions were "deleted", actually they were corrupted) |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
