 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
andrei1058
How do I cheat?
![]() Reputation: 0
Joined: 01 Jul 2020
Posts: 6
|
 Posted: Sat Jul 04, 2020 9:44 am Post subject: Game's crashing when using cmp |
 |
|
Hello. I've done AOB injection and, if I rewrite base with injection copy everytime an address accesses it , the game doesn't crash, but if I try to add only the good one ( using cmp ), then it crashes. Why that happens and what I can do to prevent it ?
Here's my code
| Code: |
[ENABLE]
aobscanmodule(INJECT,wwzRetailEgs.exe,8B 42 08 C7 01 01 00 00 00) // should be unique
alloc(newmem,$1000,"wwzRetailEgs.exe"+5CFCA8)
alloc(base,8)
label(code)
label(return)
registersymbol(base)
newmem:
cmp [rdx+60],#304 //or cmp [r11+1D10],'Curr'
jne code
mov [base],rdx
code:
mov eax,[rdx+08]
mov [rcx],00000001
jmp return
INJECT:
jmp newmem
nop 4
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 8B 42 08 C7 01 01 00 00 00
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "wwzRetailEgs.exe"+5CFCA8
"wwzRetailEgs.exe"+5CFC7F: CC - int 3
"wwzRetailEgs.exe"+5CFC80: 48 63 02 - movsxd rax,dword ptr [rdx]
"wwzRetailEgs.exe"+5CFC83: 83 F8 07 - cmp eax,07
"wwzRetailEgs.exe"+5CFC86: 0F 87 89 00 00 00 - ja wwzRetailEgs.exe+5CFD15
"wwzRetailEgs.exe"+5CFC8C: 4C 8D 0D 6D 03 A3 FF - lea r9,[wwzRetailEgs.exe]
"wwzRetailEgs.exe"+5CFC93: 45 8B 84 81 18 FD 5C 00 - mov r8d,[r9+rax*4+005CFD18]
"wwzRetailEgs.exe"+5CFC9B: 4D 03 C1 - add r8,r9
"wwzRetailEgs.exe"+5CFC9E: 41 FF E0 - jmp r8
"wwzRetailEgs.exe"+5CFCA1: C7 01 00 00 00 00 - mov [rcx],00000000
"wwzRetailEgs.exe"+5CFCA7: C3 - ret
// ---------- INJECTING HERE ----------
"wwzRetailEgs.exe"+5CFCA8: 8B 42 08 - mov eax,[rdx+08]
"wwzRetailEgs.exe"+5CFCAB: C7 01 01 00 00 00 - mov [rcx],00000001
// ---------- DONE INJECTING ----------
"wwzRetailEgs.exe"+5CFCB1: 89 41 08 - mov [rcx+08],eax
"wwzRetailEgs.exe"+5CFCB4: C3 - ret
"wwzRetailEgs.exe"+5CFCB5: 0F B6 42 08 - movzx eax,byte ptr [rdx+08]
"wwzRetailEgs.exe"+5CFCB9: 88 41 08 - mov [rcx+08],al
"wwzRetailEgs.exe"+5CFCBC: C7 01 02 00 00 00 - mov [rcx],00000002
"wwzRetailEgs.exe"+5CFCC2: C3 - ret
"wwzRetailEgs.exe"+5CFCC3: F3 0F 10 42 08 - movss xmm0,[rdx+08]
"wwzRetailEgs.exe"+5CFCC8: F3 0F 11 41 08 - movss [rcx+08],xmm0
"wwzRetailEgs.exe"+5CFCCD: C7 01 03 00 00 00 - mov [rcx],00000003
"wwzRetailEgs.exe"+5CFCD3: C3 - ret
}
|
Thanks! |
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4722
|
| Posted: Sat Jul 04, 2020 10:07 am Post subject: |
|
|
I don't see anything major that would cause a crash.
Perhaps there's some other script interfering? Every symbol you're registering shouldn't be in use by any other script. i.e. if some other script is using INJECT and you activate both at the same time, something is going to go wrong eventually.
Maybe the aob pattern isn't unique?
Try starting the game, pausing it (advanced options window), activating that script (only that script), set a breakpoint on the jmp it makes at exe+5CFCA8, unpause it, let the breakpoint trigger, and step through your code injection to see what's causing the crash.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25840
Location: The netherlands
|
| Posted: Sat Jul 04, 2020 12:05 pm Post subject: |
|
|
perhaps it's shared code and some objects do not get to 0x60 bytes long. And one of them points to near the end of allocated memory
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
andrei1058
How do I cheat?
![]() Reputation: 0
Joined: 01 Jul 2020
Posts: 6
|
| Posted: Sat Jul 04, 2020 12:41 pm Post subject: |
|
|
| ParkourPenguin wrote: | I don't see anything major that would cause a crash.
Perhaps there's some other script interfering? Every symbol you're registering shouldn't be in use by any other script. i.e. if some other script is using INJECT and you activate both at the same time, something is going to go wrong eventually.
Maybe the aob pattern isn't unique?
Try starting the game, pausing it (advanced options window), activating that script (only that script), set a breakpoint on the jmp it makes at exe+5CFCA8, unpause it, let the breakpoint trigger, and step through your code injection to see what's causing the crash. |
I've tried that, set a hardware breakpoint at that jmp, I've let it trigger, and then my game froze ( that's always happening before crashing ), then I went back to CE, and saw 4 buttons, and I've only focused on 2: "Run" and a "Step into" ( I think those were important ). Tried to google how to use it properly, but couldn't find an answer, so I have no idea what I must do next. I tried to press on them, see what they do and nothing seems to tell me what's wrong
| Dark Byte wrote: | | perhaps it's shared code and some objects do not get to 0x60 bytes long. And one of them points to near the end of allocated memory |
The instruction is used by 700+ addresses, so from what I've learned until now is safe to call that it is shared code. I'm pretty sure there is a way to fix this, so can you please point me into the right direction ? |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
