Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


script crashed the game

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Insterluda_88
Newbie cheater
Reputation: 0

Joined: 10 Aug 2018
Posts: 16
Location: Dresden45
PostPosted: Mon Feb 17, 2020 10:59 am    Post subject: script crashed the game Reply with quote
Hi fellas,


anyone an idea why the code still crash?
the aob scan is based on this:
01 48 8B 0D ?? ?? ?? ?? 48 8B 9B 10 02 00 00

Since the game has updated I had to find the new aob.
The new one is the function that accesses my health,
I'm pretty sure its working with cash also?


Code:

// Game   : btdadventuretime.exe
// Version:
// Date   :
// Author :
[ENABLE]
aobscanmodule(aobCashGrabber,GameAssembly.dll,01 48 8B 0D 5D 87 79 01 48 8B 9B 10 02 00 00)

alloc(newmemCashGrabber,4096,aobCashGrabber)

label(aobCashGrabber_r)
label(aobCashGrabber_i)
registersymbol(aobCashGrabber_r)
registersymbol(aobCashGrabber_i)

label(lblCashGrabber)
label(lblCashGrabberSkip)
label(lblCashGrabberRet)

label(bEnableMinCash)
label(dMinCash)
registersymbol(bEnableMinCash)
registersymbol(dMinCash)

newmemCashGrabber:
bEnableMinCash:
dd 1
dMinCash:
dq (double)999999.0

lblCashGrabber:
readmem(aobCashGrabber+08,7)
push rax
push rcx
push rdx
push r10
cmp dword ptr [bEnableMinCash],1
jne short lblCashGrabberSkip
mov rax,[GameAssembly.dll+1ED25F8]
mov rax,[rax+000000B8]
mov rcx,[rax]
mov rax,[rbx+10]
mov rdx,[rax+20]
movsxd rax,[rbx+18]
mov rcx,[rcx+rax*8+20]
mov r10,[rcx+20]
xor rdx,r10
mov rax,[dMinCash]
cmp rdx,rax
jge short lblCashGrabberSkip
mov rdx,rax
xor rdx,r10
mov rax,[rbx+10]
mov [rax+20],rdx
lblCashGrabberSkip:
pop r10
pop rdx
pop rcx
pop rax
jmp lblCashGrabberRet
aobCashGrabber_i:
readmem(aobCashGrabber+08,7)

aobCashGrabber+08:
aobCashGrabber_r:
jmp lblCashGrabber
nop
nop
lblCashGrabberRet:

[DISABLE]
aobCashGrabber_r:
readmem(aobCashGrabber_i,7)

unregistersymbol(aobCashGrabber_r)
unregistersymbol(aobCashGrabber_i)

unregistersymbol(bEnableMinCash)
unregistersymbol(dMinCash)

dealloc(newmemCashGrabber)




The byte sausage itself is 8 bytes, representing the double.
The byte sausage is continually re-encrypted using a collection of 16 random XOR keys.


Best regards.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4697
PostPosted: Mon Feb 17, 2020 12:22 pm    Post subject: Reply with quote
The instruction you're reading from the injection point, "mov rbx,[rbx+0x210]", modifies a register you're accessing in your code. Is that intended?

I'd guess it's probably a bad access. Set a breakpoint and step through the code until it crashes.

This stuff shouldn't fix the problem but they're bad habits that if fixed can help you avoid future problems.
  • The first "readmem(aobCashGrabber+08,7)" should be "reassemble(aobCashGrabber+08)". The second (aobCashGrabber_i) is good.
  • dMinCash isn't aligned.
  • cmp shouldn't be used to compare floating point numbers. Use ucomisd and xmm registers instead.
  • Using reassemble and readmem loses most of its pertinence if that memory is a part of the AOB pattern being searched for. Just put down the instruction itself in the code injection and db the original bytes when disabled.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Insterluda_88
Newbie cheater
Reputation: 0

Joined: 10 Aug 2018
Posts: 16
Location: Dresden45
PostPosted: Mon Feb 17, 2020 12:54 pm    Post subject: Reply with quote
ParkourPenguin wrote:
The instruction you're reading from the injection point, "mov rbx,[rbx+0x210]", modifies a register you're accessing in your code. Is that intended?

I'd guess it's probably a bad access. Set a breakpoint and step through the code until it crashes.

This stuff shouldn't fix the problem but they're bad habits that if fixed can help you avoid future problems.
  • The first "readmem(aobCashGrabber+08,7)" should be "reassemble(aobCashGrabber+0Cool". The second (aobCashGrabber_i) is good.
  • dMinCash isn't aligned.
  • cmp shouldn't be used to compare floating point numbers. Use ucomisd and xmm registers instead.
  • Using reassemble and readmem loses most of its pertinence if that memory is a part of the AOB pattern being searched for. Just put down the instruction itself in the code injection and db the original bytes when disabled.


hi, still learning using cheatengine almost 2 years now.

Thanks for your advice.
I had no other choice just to pick up this function because its encrypted with 16 xor as keys.
it took me hours of hours to get to the point where I'm now.


Do you know maybe a better way against encrypted values?
I mean its an unity game.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites