|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
zxar7 Newbie cheater Reputation: 0
Joined: 13 Jul 2014 Posts: 16
|
Posted: Sat Mar 21, 2020 11:22 am Post subject: Adding Counter to Memory |
|
|
I want to add the counter of specific address that accesse to other specific address to address in the memory in type 4 bytes.
just like in the picture I want to add the counter that I signaled to address in the memory that I could use it in another program. I thought about using AA script but I did not succssed.
In the end I want to save it because if it increasing I have dropped an item on the ground and I try to make a collector bot
Description: |
|
Filesize: |
10.99 KB |
Viewed: |
2510 Time(s) |
|
|
|
Back to top |
|
|
DanyDollaro Master Cheater Reputation: 3
Joined: 01 Aug 2019 Posts: 334
|
Posted: Sat Mar 21, 2020 2:45 pm Post subject: |
|
|
As you said, do it with an AA script.
and possibly post something more on the code, so I can only give you some hints on the code to inject.
Code: | ...
alloc(counter, 4)
code:
inc dword [counter]
mov edi, ebx
.... |
|
|
Back to top |
|
|
zxar7 Newbie cheater Reputation: 0
Joined: 13 Jul 2014 Posts: 16
|
Posted: Sat Mar 21, 2020 5:44 pm Post subject: |
|
|
DanyDollaro wrote: | As you said, do it with an AA script.
and possibly post something more on the code, so I can only give you some hints on the code to inject.
Code: | ...
alloc(counter, 4)
code:
inc dword [counter]
mov edi, ebx
.... |
|
how I would know what is the base address of the counter? I need a base address so I could use it on other program
|
|
Back to top |
|
|
DanyDollaro Master Cheater Reputation: 3
Joined: 01 Aug 2019 Posts: 334
|
Posted: Sun Mar 22, 2020 3:10 am Post subject: |
|
|
Code: | [ENABLE]
...
alloc(counter, 4)
registersymbol(counter)
code:
inc dword [counter]
mov edi, ebx
[DISABLE]
unregistersymbol(counter)
dealloc(counter)
.... |
If in any script you use the word "counter" it will be replaced with its address, you can also add it to the cheat table
|
|
Back to top |
|
|
zxar7 Newbie cheater Reputation: 0
Joined: 13 Jul 2014 Posts: 16
|
Posted: Sun Mar 22, 2020 5:55 am Post subject: |
|
|
DanyDollaro wrote: | Code: | [ENABLE]
...
alloc(counter, 4)
registersymbol(counter)
code:
inc dword [counter]
mov edi, ebx
[DISABLE]
unregistersymbol(counter)
dealloc(counter)
.... |
If in any script you use the word "counter" it will be replaced with its address, you can also add it to the cheat table |
I discovered that the parameter that changes is the esi registry. so I used a condition that if the esi equall to xxx so the counter will be 1, else it will be zero. but the game crash every time the condition is true.
this is the code:
Code: |
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000)
alloc(counter, 4)
label(code)
label(return)
registersymbol(counter)
label(increase)
label(original)
newmem:
code:
mov edi,ebx
repe movsd
mov eax,[esp+20]
jmp return
address:
jmp newmem
nop 3
return:
cmp esi, 185F2CDC
je increase
jne original
increase:
mov [counter], 1
original:
mov [counter], 0
[DISABLE]
|
can you help me and tell me what wrong with this code?[/code]
|
|
Back to top |
|
|
DanyDollaro Master Cheater Reputation: 3
Joined: 01 Aug 2019 Posts: 334
|
Posted: Sun Mar 22, 2020 5:47 pm Post subject: |
|
|
In the script you writed the function:
Code: | assert(address,bytes) |
is useless.
In these instructions the counter is not incrementing:
Code: | mov [counter], 1
...
mov [counter], 0 |
in 'mov [counter], 1' You are moving the value 1 on the counter, so if the counter has the value 1 it will not be increased but will simply be overwritten with another 1.
in 'mov [counter], 0' Same thing as I said before, you are not decrementing the counter, assuming that the counter has the value 100, this instruction does not decrease it but moves it to 0.
You should change them to:
Code: | inc [counter]
...
dec [counter] |
Are you sure about this instruction?:
it's not by chance:
Code: | cmp esi, [185F2CDC] |
check it out a bit .
Then there are other errors but for now try this script:
Code: | [ENABLE]
alloc(newmem,$1000)
alloc(counter, 4)
registersymbol(counter)
label(code)
label(return)
lable(comparison)
label(increase)
label(decrement)
newmem:
code:
mov edi,ebx
repe movsd
mov eax,[esp+20]
jmp comparsion
address: // In the code sketch you sent I don't see any reference to "address"
jmp newmem
nop 3
comparison:
cmp esi, 185F2CDC // if don't work change this line with: cmp esi, [185F2CDC]
je increase
jmp decrement // Probably what you want to do is not decrease it but don't make it vary, if so change it with: jmp return
increase:
inc [counter]
decrement:
dec [counter]
return:
|
I have not tested it but I think it is so.
Last edited by DanyDollaro on Mon Mar 23, 2020 9:16 am; edited 2 times in total |
|
Back to top |
|
|
zxar7 Newbie cheater Reputation: 0
Joined: 13 Jul 2014 Posts: 16
|
Posted: Mon Mar 23, 2020 4:50 am Post subject: |
|
|
DanyDollaro wrote: | In the script you created the function:
Code: | assert(address,bytes) |
is useless.
In these instructions the counter is not incrementing:
Code: | mov [counter], 1
...
mov [counter], 0 |
in 'mov [counter], 1' You are moving the value 1 on the counter, so if the counter has the value 1 it will not be increased but will simply be overwritten with another 1.
in 'mov [counter], 0' Same thing as I said before, you are not decrementing the counter, assuming that the counter has the value 100, this instruction does not decrease it but moves it to 0.
You should change them to:
Code: | inc [counter], 1
...
inc [counter], 0 |
Are you sure about this instruction?:
it's not by chance:
Code: | cmp esi, [185F2CDC] |
check it out a bit .
Then there are other errors but for now try this script:
Code: | [ENABLE]
alloc(newmem,$1000)
alloc(counter, 4)
registersymbol(counter)
label(code)
label(return)
lable(comparison)
label(increase)
label(decrement)
newmem:
code:
mov edi,ebx
repe movsd
mov eax,[esp+20]
jmp comparsion
address: // In the code sketch you sent I don't see any reference to "address"
jmp newmem
nop 3
comparison:
cmp esi, 185F2CDC // if don't work change this line with: cmp esi, [185F2CDC]
je increase
jmp decrement // Probably what you want to do is not decrease it but don't make it vary, if so change it with: jmp return
increase:
inc [counter]
decrement:
dec [counter]
return:
|
I have not tested it but I think it is so. |
I tried them both but not working, the game crash. I belive its because when
when the item on the ground its adds 1, so in a second the counter is 300000 so the game crash.
so I want to use the counter as boolean variable so if its 1 the item on the ground if its 0 its not. and I want to do it with multi condition so its will jump to increase only if esi == 185F2CDC AND counter's value is 0, and if esi != 185F2CDC AND counter's value == 1 its will jump to decrease.
I tried this code:
Code: | [ENABLE]
assert(address,bytes)
alloc(newmem,$1000)
alloc(counter,4)
label(code)
label(return)
registersymbol(counter)
label(comparison)
label(increase)
label(decrement)
newmem:
code:
mov edi,ebx
repe movsd
mov eax,[esp+20]
jmp return
address:
jmp newmem
nop 3
comparison:
cmp esi, 185F2CDC // if don't work change this line with: cmp esi, [185F2CDC]
jne return
cmp [counter], 0
je increase
cmp [counter], 1
jmp decrement // Probably what you want to do is not decrease it but don't make it vary, if so change it with: jmp return
increase:
mov [counter], 1
decrement:
mov [counter], 0
return:
[DISABLE]
unregistersymbol(counter)
dealloc(counter)
|
but the game keep crashing, and I use 'cmp esi, xxxxx' because the value in the esi registry is the address
|
|
Back to top |
|
|
panraven Grandmaster Cheater Reputation: 55
Joined: 01 Oct 2008 Posts: 942
|
Posted: Mon Mar 23, 2020 6:59 am Post subject: |
|
|
My attempt to modify your code, hope it help.
Please double check if there's typo before activate the code.
Code: |
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000)
alloc(counter,4)
label(code)
label(return)
registersymbol(counter)
label(comparison)
label(increase)
label(decrement)
/////// <CAVE CODE START>
newmem:
code:
////// COPY-ed Original Code START
mov edi,ebx
repe movsd
mov eax,[esp+20]
////// COPY-ed Original Code END
//////
////// Start do your modification
jmp comparison///// previous: jmp return
///// even the crash solved, this jump will not reach 'comparision'
///// you might need to keep DanyDollaro's jump to comparison
//// address: ----- this should be hack point in game code
//// jmp newmem ----- if it located here, then the following label
//// nop 3 ----- 'comparison' will be in game code, it then crash
//// ----- you game when it is reached.
//// ----- Instead it should followed by 'return'
//// ----- (means <return to game code from cave code>, right?)
//// ----- and other label should be in cave code (allocated newmem)
//// ----- so this part should be below other cave code label in this AA script
///// CONTINUE CAVE CODE
comparison:
cmp esi, 185F2CDC // if don't work change this line with: cmp esi, [185F2CDC]
jne @f ///// no match, jump to second test
cmp [counter], 0
je increase ///// match 1st condition
@@: ////// second test
cmp esi, 185F2CDC ///// test for second condition
je return ///// no match so return
cmp [counter], 1
je decrement ///// match second condition
jmp return ///// no match so return
increase:
mov [counter], 1
jmp return ///// jump return (in game code)
decrement:
mov [counter], 0
jmp return ///// jump return (in game code)
/////// <CAVE CODE END>
/////// <GAME CODE hack point START>
/////// place hack point in game code here
address:
jmp newmem
nop 3
return:
/////// <GAME CODE hack point END>
|
_________________
- Retarded. |
|
Back to top |
|
|
zxar7 Newbie cheater Reputation: 0
Joined: 13 Jul 2014 Posts: 16
|
Posted: Mon Mar 23, 2020 8:00 am Post subject: |
|
|
panraven wrote: | My attempt to modify your code, hope it help.
Please double check if there's typo before activate the code.
Code: |
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000)
alloc(counter,4)
label(code)
label(return)
registersymbol(counter)
label(comparison)
label(increase)
label(decrement)
/////// <CAVE CODE START>
newmem:
code:
////// COPY-ed Original Code START
mov edi,ebx
repe movsd
mov eax,[esp+20]
////// COPY-ed Original Code END
//////
////// Start do your modification
jmp comparison///// previous: jmp return
///// even the crash solved, this jump will not reach 'comparision'
///// you might need to keep DanyDollaro's jump to comparison
//// address: ----- this should be hack point in game code
//// jmp newmem ----- if it located here, then the following label
//// nop 3 ----- 'comparison' will be in game code, it then crash
//// ----- you game when it is reached.
//// ----- Instead it should followed by 'return'
//// ----- (means <return to game code from cave code>, right?)
//// ----- and other label should be in cave code (allocated newmem)
//// ----- so this part should be below other cave code label in this AA script
///// CONTINUE CAVE CODE
comparison:
cmp esi, 185F2CDC // if don't work change this line with: cmp esi, [185F2CDC]
jne @f ///// no match, jump to second test
cmp [counter], 0
je increase ///// match 1st condition
@@: ////// second test
cmp esi, 185F2CDC ///// test for second condition
je return ///// no match so return
cmp [counter], 1
je decrement ///// match second condition
jmp return ///// no match so return
increase:
mov [counter], 1
jmp return ///// jump return (in game code)
decrement:
mov [counter], 0
jmp return ///// jump return (in game code)
/////// <CAVE CODE END>
/////// <GAME CODE hack point START>
/////// place hack point in game code here
address:
jmp newmem
nop 3
return:
/////// <GAME CODE hack point END>
|
|
why you used only jmp in the increase and decrease section? I tried to use only jump but CE do not accept it
|
|
Back to top |
|
|
panraven Grandmaster Cheater Reputation: 55
Joined: 01 Oct 2008 Posts: 942
|
Posted: Mon Mar 23, 2020 8:19 am Post subject: |
|
|
zxar7 wrote: | panraven wrote: |
...
Code: |
...
je decrement ///// match second condition
jmp return ///// no match so return
increase:
mov [counter], 1
jmp return ///// jump return (in game code)
decrement:
mov [counter], 0
jmp return ///// jump return (in game code)
/////// <CAVE CODE END>
////// without the 'jmp return' problem may be arised.
////// there should follow some zero-bytes in code cave, which might
////// eventually meet the unallocated memory region and cause crash
/////// <GAME CODE hack point START>
/////// place hack point in game code here
address:
jmp newmem
nop 3
return:
/////// <GAME CODE hack point END>
...
|
|
why you used only jmp in the increase and decrease section? I tried to use only jump but CE do not accept it |
I'm not getting what you means...
what's the relevant code and error message if any?
_________________
- Retarded. |
|
Back to top |
|
|
zxar7 Newbie cheater Reputation: 0
Joined: 13 Jul 2014 Posts: 16
|
Posted: Mon Mar 23, 2020 8:47 am Post subject: |
|
|
panraven wrote: | zxar7 wrote: | panraven wrote: |
...
Code: |
...
je decrement ///// match second condition
jmp return ///// no match so return
increase:
mov [counter], 1
jmp return ///// jump return (in game code)
decrement:
mov [counter], 0
jmp return ///// jump return (in game code)
/////// <CAVE CODE END>
////// without the 'jmp return' problem may be arised.
////// there should follow some zero-bytes in code cave, which might
////// eventually meet the unallocated memory region and cause crash
/////// <GAME CODE hack point START>
/////// place hack point in game code here
address:
jmp newmem
nop 3
return:
/////// <GAME CODE hack point END>
...
|
|
why you used only jmp in the increase and decrease section? I tried to use only jump but CE do not accept it |
I'm not getting what you means...
what's the relevant code and error message if any? |
now the origianl code you wrote is working but the counter is not increasing.
I added two pic, before and after the AA.
here is full detail:
Code: | 01EB0000 - 8B FB - mov edi,ebx <<
01EB0002 - F3 A5 - repe movsd
01EB0004 - 8B 44 24 20 - mov eax,[esp+20]
EAX=0019E154
EBX=0019E600
ECX=00000112
EDX=012A381C
ESI=185F2CDC
EDI=0019E604
ESP=0019E144
EBP=181DE288
EIP=01EB0002
|
Description: |
|
Filesize: |
10.36 KB |
Viewed: |
2339 Time(s) |
|
Description: |
|
Filesize: |
9.53 KB |
Viewed: |
2339 Time(s) |
|
|
|
Back to top |
|
|
panraven Grandmaster Cheater Reputation: 55
Joined: 01 Oct 2008 Posts: 942
|
Posted: Mon Mar 23, 2020 9:14 am Post subject: |
|
|
It likely depend on what this line means, which is part of the condition to toggle your value at counter.
or does it really means what DanyDollaro suggested
or if the value 185F2CDC is correct, ie. it may cause crash if it is an unreadable address etc.
_________________
- Retarded. |
|
Back to top |
|
|
zxar7 Newbie cheater Reputation: 0
Joined: 13 Jul 2014 Posts: 16
|
Posted: Mon Mar 23, 2020 9:18 am Post subject: |
|
|
panraven wrote: | It likely depend on what this line means, which is part of the condition to toggle your value at counter.
or does it really means what DanyDollaro suggested
or if the value 185F2CDC is correct, ie. it may cause crash if it is an unreadable address etc. |
I always make sure to compare between those code
Code: |
01EB0000 - 8B FB - mov edi,ebx <<
01EB0002 - F3 A5 - repe movsd
01EB0004 - 8B 44 24 20 - mov eax,[esp+20]
EAX=0019E154
EBX=0019E600
ECX=00000112
EDX=012A381C
ESI=185F2CDC
EDI=0019E604
ESP=0019E144
EBP=181DE288
EIP=01EB0002
|
its always changing the ESI=xxxx but I am currect it on the code. I keep it the same value at this fourm so it could be easier to help me
I tried both of the methodes. when I do cmp esi, address the game not crashing, but when I do cmp esi, [address] its is crashing. and when I enable and disable the AA I see another adress that access to the original item's name address.
|
|
Back to top |
|
|
DanyDollaro Master Cheater Reputation: 3
Joined: 01 Aug 2019 Posts: 334
|
Posted: Mon Mar 23, 2020 9:32 am Post subject: |
|
|
I realized I was wrong to write some code that I have now corrected but the final script was completely correct, and in any case in my opinion if you found that code that acts on the items that are dropped on the ground you could find the entity list of those item.
And anyway reading this part of panraven's code:
panraven wrote: | Code: | //// address: ----- this should be hack point in game code
//// jmp newmem ----- if it located here, then the following label
//// nop 3 ----- 'comparison' will be in game code, it then crash
//// ----- you game when it is reached.
//// ----- Instead it should followed by 'return'
//// ----- (means <return to game code from cave code>, right?)
//// ----- and other label should be in cave code (allocated newmem) |
|
I would not be wrong but if 'address' would have been defined it would not have been compiled in the middle of the code for comparison but would have injected the code written in the label at its defined address.
|
|
Back to top |
|
|
panraven Grandmaster Cheater Reputation: 55
Joined: 01 Oct 2008 Posts: 942
|
Posted: Mon Mar 23, 2020 9:38 am Post subject: |
|
|
I see, so
1. cmp esi, 185F2CDC is the right code;
2. the problem is the test run after repe movsd, which might changed esi,edi after this code (confirmed) ;
3. place the condition check BEFORE the repe movsd should work anyway.
Try modify like this
Code: |
newmem:
call comparison //// do the test subroutine before original code
code:
mov edi,ebx
repe movsd
mov eax,[esp+20]
jmp return ////// we make comparison before original code, so return game code here
///// make it a subroutine now ///CONTINUE CAVE CODE
comparison:
cmp esi, 185F2CDC // if don't work change this line with: cmp esi, [185F2CDC]
jne @f ///// no match, jump to second test
cmp [counter], 0
je increase ///// match 1st condition
@@: ////// second test
cmp esi, 185F2CDC ///// test for second condition
je @f ///// @f this is a unnamed label refer to [b]next label[/b], which is the "@@" below, we's our intent to 'ret' from subroutine
cmp [counter], 1
je decrement ///// match second condition
@@:
ret ///// no match so ret (not return :)
increase:
mov [counter], 1
ret /////
decrement:
mov [counter], 0
ret /////
address:
jmp newmem
nop 3
return:
|
_________________
- Retarded. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|