Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Incorrect variable intialization

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials -> Auto Assembler tutorials
View previous topic :: View next topic  
Author Message
sgsgwv$6263
Advanced Cheater
Reputation: 0

Joined: 05 Aug 2020
Posts: 75

PostPosted: Wed Aug 05, 2020 12:25 pm    Post subject: Incorrect variable intialization Reply with quote

I am new to cheat engine but I have learned many things from the forum.This forum is exactly like StackOverflow where you see all kinds of people from noobs to nerds, all kinds of questions are asked,but because imagination is infinite for everybody ,there can be no limit to what you like to do and it may happen that other people may not have thought about it.

Anyways, I have been trying to hack same old 'andreas . Having some problems while writing scripts,when the game crashes with a script created from a newbie (like me), you can't never know what caused the game to crash.
But here I guess this has got to do with a variable(flag,namely) that i created and intialized it to 0(4 bytes) but after the execution of the script it didn't initialize to 0 ,but that was also fine because my script has to do something exclusive after that variable will equate to 1(like cmp [flag],1).This "exclusive code" is about trying to multiply float values using the FPU. So, there is something wrong in my code below and I don't know what.
Code:
{ Game   : gta_sa.exe
  Version:
  Date   : 2020-08-05
  Author : atult

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(INJECT,gta_sa.exe,8B 01 8B 51 04 89 44 24 10) // should be unique
alloc(newmem,$1000)
alloc(multi,4)
alloc(flag,4)
label(code)
label(atul)
label(return)
registersymbol(multi)
registersymbol(flag)
flag:
dd 400
multi:
dd (float)1.1

atul:
mov [flag],0
fld [ecx]
fmul [multi]
fstp [ecx]
fld [ecx+04]
fmul [multi]
fstp [ecx+04]
fld [ecx+08]
fmul [multi]
fstp [ecx+08]
mov eax,[ecx]
  mov edx,[ecx+04]
  jmp return

newmem:

code:
cmp [flag],#1
je atul
  mov eax,[ecx]
  mov edx,[ecx+04]
  jmp return

INJECT:
  jmp newmem
return:
registersymbol(INJECT)

[DISABLE]

INJECT:
  db 8B 01 8B 51 04
dealloc(multi)
dealloc(flag)
unregistersymbol(flag)
unregistersymbol(multi)
unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "gta_sa.exe"+13D580

"gta_sa.exe"+13D561: 83 C4 04           -  add esp,04
"gta_sa.exe"+13D564: 3B C3              -  cmp eax,ebx
"gta_sa.exe"+13D566: 74 7B              -  je gta_sa.exe+13D5E3
"gta_sa.exe"+13D568: 8B 88 6C 04 00 00  -  mov ecx,[eax+0000046C]
"gta_sa.exe"+13D56E: F6 C5 01           -  test ch,01
"gta_sa.exe"+13D571: 74 1B              -  je gta_sa.exe+13D58E
"gta_sa.exe"+13D573: 8B 88 8C 05 00 00  -  mov ecx,[eax+0000058C]
"gta_sa.exe"+13D579: 3B CB              -  cmp ecx,ebx
"gta_sa.exe"+13D57B: 74 11              -  je gta_sa.exe+13D58E
"gta_sa.exe"+13D57D: 83 C1 44           -  add ecx,44
// ---------- INJECTING HERE ----------
"gta_sa.exe"+13D580: 8B 01              -  mov eax,[ecx]
"gta_sa.exe"+13D582: 8B 51 04           -  mov edx,[ecx+04]
// ---------- DONE INJECTING  ----------
"gta_sa.exe"+13D585: 89 44 24 10        -  mov [esp+10],eax
"gta_sa.exe"+13D589: 8B 41 08           -  mov eax,[ecx+08]
"gta_sa.exe"+13D58C: EB 0F              -  jmp gta_sa.exe+13D59D
"gta_sa.exe"+13D58E: 83 C0 44           -  add eax,44
"gta_sa.exe"+13D591: 8B 08              -  mov ecx,[eax]
"gta_sa.exe"+13D593: 8B 50 04           -  mov edx,[eax+04]
"gta_sa.exe"+13D596: 8B 40 08           -  mov eax,[eax+08]
"gta_sa.exe"+13D599: 89 4C 24 10        -  mov [esp+10],ecx
"gta_sa.exe"+13D59D: D9 44 24 10        -  fld dword ptr [esp+10]
"gta_sa.exe"+13D5A1: 89 54 24 14        -  mov [esp+14],edx
}
Back to top
View user's profile Send private message
Oxijen
Expert Cheater
Reputation: 0

Joined: 07 May 2020
Posts: 163
Location: On The Moon

PostPosted: Wed Aug 05, 2020 1:05 pm    Post subject: Reply with quote

I am not good at this stuff too, but try putting atul and multi and flag before INJECT not before newmem and code
_________________
I can see you Hitler
Especially When I am On the Moon!!
You are Right now in cheat engine forum Wink
Back to top
View user's profile Send private message
Betcha
Expert Cheater
Reputation: 4

Joined: 13 Aug 2015
Posts: 232
Location: Somewhere In Space

PostPosted: Wed Aug 05, 2020 3:16 pm    Post subject: Re: Incorrect variable intialization Reply with quote

Not sure if this solves the issue, but at least shortened script.

Code:
[ENABLE]
aobscanmodule(INJECT,gta_sa.exe,8B 01 8B 51 04 89 44 24 10)
alloc(newmem,$1000)
label(multi)
label(flag)
newmem:

atul:
  cmp [flag],1
  jne short code
  mov [flag],0
  fld [ecx]
  fmul [multi]
  fstp [ecx]
  fld [ecx+04]
  fmul [multi]
  fstp [ecx+04]
  fld [ecx+08]
  fmul [multi]
  fstp [ecx+08]

code:
  mov eax,[ecx]
  mov edx,[ecx+04]
  jmp return

flag:
  dd 400 // 4 byte value? dd (int)400 otherwise its 400 in hex, but why 400 not dd 0
multi:
  dd (float)1.1

INJECT:
  jmp newmem
return:
registersymbol(INJECT)
registersymbol(multi)
registersymbol(flag)

[DISABLE]
INJECT:
  db 8B 01 8B 51 04
unregistersymbol(flag)
unregistersymbol(multi)
unregistersymbol(INJECT)
dealloc(newmem)
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Wed Aug 05, 2020 6:09 pm    Post subject: Reply with quote

atul is a label, not an alloc.
Code:
...
multi:
dd (float)1.1

atul:
...
The closest address above the label atul is the alloc multi, so the stuff after atul will located after multi in memory. This overflows the memory allocated to multi into the space after that (i.e. flag value). In other words, the first 1 or 2 instructions in atul overwrite the value defined by flag.

Put atul after newmem as you see Betcha do. You don't even need that label after that refactoring:
Code:
newmem:
  cmp [flag],1
  jne short code
  ...

I would still make flag and multi their own allocs, or at least make sure they're aligned:
Code:
align 4 CC
flag:
  dd 400
...

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
sgsgwv$6263
Advanced Cheater
Reputation: 0

Joined: 05 Aug 2020
Posts: 75

PostPosted: Wed Aug 05, 2020 10:20 pm    Post subject: Reply with quote

yeah I forgot to allocate memory for atul,also I intialized flag to 0 but after the script got executed the value of flag value was 20569 in 4 bytes(I wonder why that happened, reckon the crash was just because of the overflow?

Also does the order of the label change the flow of execution in any way?

What do you mean when you use align?and why is that required?

Also,how to get a notification of replies to your post in the forum?

I am sorry , I m asking too much but please forgive me.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Wed Aug 05, 2020 11:21 pm    Post subject: This post has 1 review(s) Reply with quote

Writing code (i.e. "mov [flag],0") will write bytes into memory the same way writing values (i.e. "dd 0") does. It's as if you wrote this:
Code:
flag:
  dd 400
multi:
  dd (float)1.1
  dd (int)20569
Since multi only takes up 4 bytes and flag is allocated just after multi, the second dd under multi overwrites the flag.

Labels don't really matter- they represent addresses in memory. Where the label is defined is the address it represents. e.g.:
Code:
multi:
dd (float)1.1

atul:
The label atul represents the address 4 bytes after multi. In this case, it's the same address as flag.
The order of allocs do matter. e.g. if you swapped the flag and multi allocs, the script would still be wrong, but it wouldn't overwrite the flag value.
The "flow of execution" is determined by the instructions (code) you write.

align just aligns values- i.e. puts them at an address some multiple of their size. It's not important if everything has its own alloc like in your original script, but in Betcha's refactoring, they might not be aligned. It's not terribly important (everything would still work); it's just that the cpu has to do more work to access unaligned values.

In the bottom left corner of these forums there should be a link that says "Watch this topic for replies". There should be a setting you can edit in your profile to do this by default (link to profile in top middle).

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
sgsgwv$6263
Advanced Cheater
Reputation: 0

Joined: 05 Aug 2020
Posts: 75

PostPosted: Wed Aug 05, 2020 11:35 pm    Post subject: Reply with quote

Thanks a lot dude.

Edit:

So I was able to create the script ,this time the syntax was correct but the registersymbols did'nt seem to work.I mean memory was allocated for flag and multi but I was not able to access them by their label names(flag and multi) in cheat table.The script got executed(like in memory viewer or opcode viewer I was able to see the jump) but the script was not toggled and also the symbols were not registered.

This is what I wrote.

Code:

{ Game   : gta_sa.exe
  Version:
  Date   : 2020-08-05
  Author : atult

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(INJECT,gta_sa.exe,8B 01 8B 51 04 89 44 24 10) // should be unique
alloc(newmem,$1000)
alloc(atul,1024)
alloc(multi,4)
alloc(flag,4)
label(code)
label(atul)
label(return)
registersymbol(multi)
registersymbol(flag)
flag:
dd (int)0
multi:
dd (float)1.01

atul:
mov [flag],0
fld [ecx]
fmul [multi]
fstp [ecx]
fld [ecx+04]
fmul [multi]
fstp [ecx+04]
fld [ecx+08]
fmul [multi]
fstp [ecx+08]
mov eax,[ecx]
  mov edx,[ecx+04]
  jmp return

newmem:

code:
cmp [flag],1
je atul
  mov eax,[ecx]
  mov edx,[ecx+04]
  jmp return

INJECT:
  jmp newmem
return:
registersymbol(INJECT)

[DISABLE]

INJECT:
  db 8B 01 8B 51 04
dealloc(multi)
dealloc(flag)
dealloc(atul)
unregistersymbol(flag)
unregistersymbol(multi)
unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "gta_sa.exe"+13D580

"gta_sa.exe"+13D561: 83 C4 04           -  add esp,04
"gta_sa.exe"+13D564: 3B C3              -  cmp eax,ebx
"gta_sa.exe"+13D566: 74 7B              -  je gta_sa.exe+13D5E3
"gta_sa.exe"+13D568: 8B 88 6C 04 00 00  -  mov ecx,[eax+0000046C]
"gta_sa.exe"+13D56E: F6 C5 01           -  test ch,01
"gta_sa.exe"+13D571: 74 1B              -  je gta_sa.exe+13D58E
"gta_sa.exe"+13D573: 8B 88 8C 05 00 00  -  mov ecx,[eax+0000058C]
"gta_sa.exe"+13D579: 3B CB              -  cmp ecx,ebx
"gta_sa.exe"+13D57B: 74 11              -  je gta_sa.exe+13D58E
"gta_sa.exe"+13D57D: 83 C1 44           -  add ecx,44
// ---------- INJECTING HERE ----------
"gta_sa.exe"+13D580: 8B 01              -  mov eax,[ecx]
"gta_sa.exe"+13D582: 8B 51 04           -  mov edx,[ecx+04]
// ---------- DONE INJECTING  ----------
"gta_sa.exe"+13D585: 89 44 24 10        -  mov [esp+10],eax
"gta_sa.exe"+13D589: 8B 41 08           -  mov eax,[ecx+08]
"gta_sa.exe"+13D58C: EB 0F              -  jmp gta_sa.exe+13D59D
"gta_sa.exe"+13D58E: 83 C0 44           -  add eax,44
"gta_sa.exe"+13D591: 8B 08              -  mov ecx,[eax]
"gta_sa.exe"+13D593: 8B 50 04           -  mov edx,[eax+04]
"gta_sa.exe"+13D596: 8B 40 08           -  mov eax,[eax+08]
"gta_sa.exe"+13D599: 89 4C 24 10        -  mov [esp+10],ecx
"gta_sa.exe"+13D59D: D9 44 24 10        -  fld dword ptr [esp+10]
"gta_sa.exe"+13D5A1: 89 54 24 14        -  mov [esp+14],edx
}
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Thu Aug 06, 2020 10:11 am    Post subject: Reply with quote

If you ever disabled the script without executing the disable section, the script will fail to activate because the AoB can't be found. Restart the game to fix this.

And get rid of the line "label(atul)" - you made it an alloc.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
sgsgwv$6263
Advanced Cheater
Reputation: 0

Joined: 05 Aug 2020
Posts: 75

PostPosted: Thu Aug 06, 2020 10:39 am    Post subject: Reply with quote

I thought the disabled secion gets executed when the script is deactivated.

I start the game and check that everything in that code is natural(unmodified,no influence anywhere of the script) before activating the script.But when I press spacebar on the script
to activate it, the script does not get activated(means no cross sign) but in the memory viewer ,I see the jump instruction(indicating that the script has done some changes) but when I check the flag and multi (which I have registered in the script),they have ?? sign.
Although when I followed the jump instructions,I did find 2 addresses that do the work of multi and flag but they can't be accessed by multi and flag names.Mewning that the script did work partially(in the sense that it allocated memory for atul,multi,flag and it did the changes in the instruction that I intended it to do)but the multi and flag cannot be accessed by their names.How is that possible??

Edit: I m getting confused more and more now.So, if I allocate sufficient memory for newmem,I can use the label(as in function atul) and variables (multi and flag) directly after the
Code:
newmem:

without using alloc for atul,multi and flag and use them like
Code:

label(atul)
label(multi)
label(flag)

newmem:

atul:
//multiple line instructions
//mov whatever,wherever
//add whatever,5
multi:
dd 1.1

flag:
dd 0




Is that correct?
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Thu Aug 06, 2020 6:18 pm    Post subject: Reply with quote

Parkour Pants wrote:
I thought the disabled secion gets executed when the script is deactivated.
It does. I guessed you made it not do that at some point, but it seems that's not the case.

It's probably something else you messed up- e.g. alloc(atul,1024) and label(atul) as I said in my last post.

Look at my previous explanation of labels and Betcha's post for an example. (in that example, there should be an align before the values as I previously explained)

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
sgsgwv$6263
Advanced Cheater
Reputation: 0

Joined: 05 Aug 2020
Posts: 75

PostPosted: Fri Dec 01, 2023 10:56 pm    Post subject: Reply with quote

What happens if I give more code after return label. For eg:
Code:

return:
add esi,4
registersymbol(something)

Will that overwrite the bytes after the injection point?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials -> Auto Assembler tutorials All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites