|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
sandsmaster Newbie cheater Reputation: 1
Joined: 21 Jan 2021 Posts: 24
|
Posted: Sat May 08, 2021 2:58 am Post subject: Dealing with duplicate calls |
|
|
Hello there to everyone again.
This time I come to ask about a game, that has duplicate calls, but I need to modify one of them. I'm going for the unit count in Warpips.
So, I'm trying to do an AOB scan, but the call I need, seems to be identical to 6 other calls, hence the call can't be identified. I tried the whole call with AOB, so I'm certain
Here's the AOB btw:
Code: | 55 48 8B EC 48 83 EC 30 48 89 75 F0 48 89 7D F8 48 8B F9 48 8B F2 49 BB ?? ?? ?? ?? ?? ?? ?? ?? 41 FF D3 48 8B F0 85 C0 7C 21 48 8B 47 18 48 63 CE 39 48 18 0F 86 ?? ?? ?? ?? 48 6B C9 18 48 03 C1 48 83 C0 20 48 63 40 10 EB 28 B9 ?? ?? ?? ?? 48 8D 64 24 00 90 49 BB ?? ?? ?? ?? ?? ?? ?? ?? 41 FF D3 48 8B C8 49 BB ?? ?? ?? ?? ?? ?? ?? ?? 41 FF D3 48 8B 75 F0 48 8B 7D F8 48 8D 65 00 5D C3 |
So in the picture, I though I can backtrace to the call above for the AOB. AOB works.
The problem is, I can't find a way to pass in the value, because the game makes a lot of calculations to get there. You can see more in the picture.
Legend:
Red - A call, that calculates the number of units. Stores in RCX
Orange - The instruction of interest. Changes units on click.
Green - The first instruction of the brake and trace
Blue - The call of interest. Contains the instruction of interest
The call in Red is bigger than 1000 instructions, hence I don't think it's worth reversing it, to find how my unit's value is passed to it.
So I was wondering if there is any easier way to get to that instruction, like doing an AOB in the parent call and then, through another breakpoint, going a few steps, to the instruction I need and then do an injection. I assume I can step over, though.
Or maybe I can use the stack to find my value too, but I'm not certain how to do that. If you can send over some good tuts about that, I'd be grateful.
I'm open for ideas, so feel free to share.
Thanks in advance.
Description: |
The call structure looks like this |
|
Filesize: |
364.48 KB |
Viewed: |
1556 Time(s) |
|
_________________
I don't post too much. yet. |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4291
|
Posted: Sat May 08, 2021 2:12 pm Post subject: |
|
|
If you can uniquely identify the code around the green instruction (caller) with an aob pattern, use Lua to read the memory address it's calling, return the address of the real injection point as a definition, and assert the bytes in that region are what you expect them to be. e.g.:
Code: | [ENABLE]
{$lua}
if syntaxcheck then return 'define(injectionPoint,0)' end
local aobres = assert(AOBScan('12 34 ?? AB CD', '+X-C-W'))
assert(aobres.Count == 1)
local callee = readQword(getAddress(aobres[0]) + 0x2c) -- offset from start of aob pattern to immediate in "mov r11,X"
aobres.destroy()
return ('define(injectionPoint,%08X)'):format(callee)
{$asm}
assert(injectionPoint,56 78 ?? 90 EF)
registersymbol(injectionPoint)
// offset from start of callee to real injection point
injectionPoint+4B:
jmp newmem
nop
// etc...
| Edit: added syntax check bypass (it's been a little while since I've written Lua)
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Last edited by ParkourPenguin on Sun May 09, 2021 11:04 am; edited 1 time in total |
|
Back to top |
|
|
sandsmaster Newbie cheater Reputation: 1
Joined: 21 Jan 2021 Posts: 24
|
Posted: Sun May 09, 2021 10:24 am Post subject: |
|
|
Thanks man. You're golden, when it comes to game hax. I haven't tried that yet, but I happen to have a lot of these lately and you came up with a solution for all of these, so I have to thank you a lot. You're the best moderator I know of. +rep
_________________
I don't post too much. yet. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|