 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
hayabusa-senpai
Newbie cheater
![]() Reputation: 0
Joined: 21 Sep 2021
Posts: 10
|
 Posted: Tue Sep 21, 2021 2:44 pm Post subject: Aob Script jmp to label - Code injected is invalid |
 |
|
The code seems to inject correctly label(van) but as soon as it's jumped to the code changes.
| Code: | [ENABLE]
aobscanmodule(INJECT,NINJA GAIDEN SIGMA2.exe,66 44 89 35 6F 61 93 00)
alloc(newmem,$1000,INJECT)
label(code)
label(return)
label(resetcounters)
//Encounters CHP4
label(EN1CHP4)
label(EN2CHP4)
label(EN3CHP4)
label(EN4CHP4)
label(EN5CHP4)
label(EN6CHP4)
//Encounter Spawn Limits CHP4
label(ESL1CHP4)
label(ESL2CHP4)
label(ESL3CHP4)
label(ESL4CHP4)
label(ESL5CHP4)
label(ESL6CHP4)
//If this number is reached, will stop spawning enemies
alloc(spawnlimit,4)
registersymbol(spawnlimit)
alloc(spawncounter,4)
registersymbol(spawncounter)
alloc(flyingdragoncounter,4)
registersymbol(flyingdragoncounter)
alloc(vancounter,4)
registersymbol(vancounter)
alloc(magecounter,4)
registersymbol(magecounter)
alloc(dogcounter,4)
registersymbol(dogcounter)
alloc(iscounter,4)
registersymbol(iscounter)
alloc(taccounter,4)
registersymbol(taccounter)
alloc(spawnset,1)
registersymbol(spawnset)
newmem:
//CHAPTER 4 START
//E1 AFTER GIGA BATTLE BY SAFE (BATS)
mov cx,9FF8
cmp cx,si
je ESL1CHP4
//E2 AFTER BATS
mov cx,0070
cmp cx,si
je ESL2CHP4
//E3 SUBWAY HOLE JUMP (SUBWAY TRACKS (GREY NINJAS)
mov cx,29C8
cmp cx,si
je ESL3CHP4
mov cx,3988
cmp cx,si
je ESL3CHP4
mov cx,72C0
cmp cx,si
je ESL3CHP4
//E4 SUBWAY TRACKS (IS ENCOUNTER)
mov cx,5320
cmp cx,si
je ESL4CHP4
mov cx,72C0
cmp cx,si
je ESL4CHP4
//E5 END OF SUBWAY TRACKS (BIG VANGELF BATTLE)
mov cx,8C38
cmp cx,si
je ESL5CHP4
mov cx,9BF8
cmp cx,si
je ESL5CHP4
mov cx,B590
cmp cx,si
je ESL5CHP4
mov cx,C550
cmp cx,si
je ESL5CHP4
//E6 FIRST SAVE
mov cx,F490
cmp cx,si
je ESL6CHP4
mov cx,1020
cmp cx,si
je ESL6CHP4
mov cx,2BB0
cmp cx,si
je ESL6CHP4
mov cx,F490
cmp cx,si
je ESL6CHP4
mov cx,3B70
cmp cx,si
je ESL6CHP4
mov cx,0450
cmp cx,si
je ESL6CHP4
mov cx,1FE0
cmp cx,si
je ESL6CHP4
jmp code
//CHAPTER 4 SPAWNS START
ESL1CHP4:
mov [spawnlimit],8
mov cx,[spawncounter]
cmp cx, [spawnlimit]
jae code
cmp [spawnset],-01
jle EN1CHP4
mov [van],8
mov [spawnset],-01
mov [spawncounter],01
EN1CHP4:
mov cx,[spawncounter]
cmp cx, [spawnlimit]
jae code
cmp [vancounter],-01
jna van
jmp resetcounters
ESL2CHP4:
mov [spawnlimit],8
mov cx,[spawncounter]
cmp cx, [spawnlimit]
jae code
cmp [spawnset],-01
jle EN2CHP4
mov [iscounter],6
mov [magecounter],2
mov [spawnset],-01
mov [spawncounter],01
EN2CHP4:
mov cx,[spawncounter]
cmp cx, [spawnlimit]
jae code
cmp [iscounter],-01
ja isninja
cmp [magecounter],-01
ja mage
jmp resetcounters
ESL3CHP4:
mov [spawnlimit],6
mov cx,[spawncounter]
cmp cx, [spawnlimit]
jae code
cmp [spawnset],-01
jle EN3CHP4
mov [vancounter],6
mov [spawnset],-01
mov [spawncounter],01
EN3CHP4:
mov cx,[spawncounter]
cmp cx, [spawnlimit]
ja code
cmp [vancounter],-01
ja van
jmp resetcounters
ESL4CHP4:
mov [spawnlimit],8
mov cx,[spawncounter]
cmp cx, [spawnlimit]
jae code
cmp [spawnset],-01
jle EN4CHP4
mov [vancounter],6
mov [magecounter],3
mov [spawnset],-01
mov [spawncounter],01
EN4CHP4:
mov cx,[spawncounter]
cmp cx, [spawnlimit]
jae code
cmp [vancounter],-01
ja van
cmp [magecounter],-01
ja mage
jmp resetcounters
ESL5CHP4:
mov [spawnlimit],0C
mov cx,[spawncounter]
cmp cx, [spawnlimit]
jae code
cmp [spawnset],-01
jle EN5CHP4
mov [vancounter],6
mov [iscounter],6
mov [spawnset],-01
mov [spawncounter],01
EN5CHP4:
mov cx,[spawncounter]
cmp cx, [spawnlimit]
jae code
cmp [vancounter],-01
ja van
cmp [iscounter],-01
ja isninja
jmp resetcounters
ESL6CHP4:
mov [spawnlimit],4
mov cx,[spawncounter]
cmp cx, [spawnlimit]
jae code
cmp [spawnset],-01
jle EN6CHP4
mov [vancounter],4
mov [spawnset],-01
mov [spawncounter],01
EN6CHP4:
mov cx,[spawncounter]
cmp cx, [spawnlimit]
jae code
cmp [vancounter],-01
ja van
jmp resetcounters
dog:
xor di,di
mov r14w,7F
dec dword [dogcounter]
inc dword [spawncounter]
mov ["NINJA GAIDEN SIGMA2.exe"+1F50708],r14w
jmp return
isninja:
xor di,di
mov r14w,9C
dec dword [iscounter]
inc dword [spawncounter]
mov ["NINJA GAIDEN SIGMA2.exe"+1F50708],r14w
jmp return
mage:
xor di,di
mov r14w,A1
dec dword [magecounter]
inc dword [spawncounter]
mov ["NINJA GAIDEN SIGMA2.exe"+1F50708],r14w
jmp return
tac:
xor di,di
mov r14w,38
dec dword [taccounter]
inc dword [spawncounter]
mov ["NINJA GAIDEN SIGMA2.exe"+1F50708],r14w
jmp return
van:
xor di,di
mov r14w,A7
dec dword [vancounter]
inc dword [spawncounter]
mov ["NINJA GAIDEN SIGMA2.exe"+1F50708],r14w
jmp return
resetcounters:
mov [magecounter],0
mov [iscounter],0
mov [taccounter],0
mov [dogcounter],0
mov [vancounter],0
mov ["NINJA GAIDEN SIGMA2.exe"+1F50708],r14w
jmp return
code:
mov [spawnset],0
xor di,di
mov ["NINJA GAIDEN SIGMA2.exe"+1F50708],r14w
jmp return
INJECT:
jmp newmem
nop 3
return:
registersymbol(INJECT)
aobscanmodule(INJECT2,NINJA GAIDEN SIGMA2.exe,FF C0 83 F8 07)
alloc(main,$1000,INJECT2)
label(ogcode)
label(return2)
label(increasespawn)
label(reset)
main:
//Player HP
cmp ["NINJA GAIDEN SIGMA2.exe"+319CBB4],0
je reset
mov bp,[spawncounter]
cmp bp, [spawnlimit]
jl increasespawn
//jmp ogcode
//cmp [spawncounter],-01
//jae increasespawn
jmp ogcode
reset:
mov [spawnlimit],0
mov [spawncounter],0
mov [spawnset],0
mov [magecounter],0
mov [iscounter],0
mov [taccounter],0
mov [dogcounter],0
mov [vancounter],0
jmp ogcode
increasespawn:
xor bp,bp
mov eax,2
inc eax
cmp eax,07
jmp return2
ogcode:
xor bp,bp
inc eax
cmp eax,07
jmp return2
INJECT2:
jmp main
return2:
registersymbol(INJECT2)
aobscanmodule(INJECT3,NINJA GAIDEN SIGMA2.exe,45 84 C0 74 51 44)
alloc(newmem3,$1000,INJECT3)
label(code3)
label(return3)
label(resetencounters)
newmem3:
//CHAPTER 4 RESETS START
mov bp,70C8
cmp bp,bx
je resetencounters
mov bp,D748
cmp bp,bx
je resetencounters
mov bp,35B8
cmp bp,bx
je resetencounters
mov bp,4188
cmp bp,bx
je resetencounters
mov bp,8868
cmp bp,bx
je resetencounters
mov bp,4D58
cmp bp,bx
je resetencounters
mov bp,4F50
cmp bp,bx
je resetencounters
mov bp,2BF0
cmp bp,bx
je resetencounters
mov bp,5928
cmp bp,bx
je resetencounters
mov bp,64F8
cmp bp,bx
je resetencounters
jmp code3
resetencounters:
mov [magecounter],0
mov [iscounter],0
mov [taccounter],0
mov [dogcounter],0
mov [vancounter],0
mov [spawnlimit],0
mov [spawncounter],0
mov [spawnset],0
code3:
xor bp,bp
test r8l,r8l
je "NINJA GAIDEN SIGMA2.exe"+1619537
jmp return3
INJECT3:
jmp newmem3
return3:
registersymbol(INJECT3)
[DISABLE]
INJECT:
db 66 44 89 35 6F 61 93 00
unregistersymbol(INJECT)
unregistersymbol(INJECT)
dealloc(newmem)
dealloc(dogcounter)
dealloc(iscounter)
dealloc(taccounter)
dealloc(magecounter)
dealloc(vancounter)
dealloc(spawnlimit)
dealloc(spawncounter)
unregistersymbol(iscounter)
unregistersymbol(setcounters)
unregistersymbol(taccounter)
unregistersymbol(magecounter)
unregistersymbol(vancounter)
unregistersymbol(spawnlimit)
unregistersymbol(spawncounter)
INJECT2:
db FF C0 83 F8 07
unregistersymbol(INJECT2)
dealloc(main)
INJECT3:
db 45 84 C0 74 51 44
dealloc(newmem3)
unregistersymbol(INJECT3)
|
It's only happening when it jumps to the label (van)
| Code: |
van:
xor di,di
mov r14w,A7
dec dword [vancounter]
inc dword [spawncounter]
mov ["NINJA GAIDEN SIGMA2.exe"+1F50708],r14w
jmp return
|
When im stepping through the code this is what's injected
| Code: |
or [rax],al
add [rax],al
add bh,bh
or eax,00000BAF { 2991 }
inc [spawncounter] { (1) }
jmp "NINJA GAIDEN SIGMA2.exe"+161A599
|
But if place a break point and disable/re-enable the script the code under label(van) correctly gets inserted until I step out and it jumps through it again and then the incorrect code appears :s
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 140
Joined: 06 Jul 2014
Posts: 4299
|
| Posted: Tue Sep 21, 2021 2:57 pm Post subject: |
|
|
| Code: | ESL1CHP4:
...
mov [van],8 |
[van] is not a place to be storing an integer.
Might be other things; I didn't look closely.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
hayabusa-senpai
Newbie cheater
![]() Reputation: 0
Joined: 21 Sep 2021
Posts: 10
|
| Posted: Tue Sep 21, 2021 2:59 pm Post subject: |
|
|
| ParkourPenguin wrote: | | Code: | ESL1CHP4:
...
mov [van],8 |
[van] is not a place to be storing an integer.
Might be other things; I didn't look closely. |
edit: Bless you good sir - that was the issue, OMG that fricken TYPO!!!
Hey,
Edit: Wait maybe im going crazy that line is definitely supposed to be [vancounter] instead, I hope that fixes it! -.-
Thanks for the reply - yeah I was just trying it out (edit: nvm just looked at that could, was supposed to be vancounter) it was messing up before then too. Odd - I just noticed before the opcde code that's called that im replacing, if I go to the address where my code is injected, the instructions in (van) is correctly injected but when the OPcode im replacing is called, that's when the instructions suddenly change for (van)
| Code: |
ja 7FF74C310452
jmp 7FF74C310468
xor di,di
mov r14w,007F
dec [dogcounter]
inc [spawncounter]
mov ["NINJA GAIDEN SIGMA2.exe"+1F50708],r14w
jmp "NINJA GAIDEN SIGMA2.exe"+161A599
xor di,di
mov r14w,009C
dec [iscounter]
inc [spawncounter]
mov ["NINJA GAIDEN SIGMA2.exe"+1F50708],r14w
jmp "NINJA GAIDEN SIGMA2.exe"+161A599
xor di,di
mov r14w,00A1
dec [magecounter]
inc [spawncounter]
mov ["NINJA GAIDEN SIGMA2.exe"+1F50708],r14w
jmp "NINJA GAIDEN SIGMA2.exe"+161A599
xor di,di
mov r14w,0038
dec [taccounter]
inc [spawncounter]
mov ["NINJA GAIDEN SIGMA2.exe"+1F50708],r14w
jmp "NINJA GAIDEN SIGMA2.exe"+161A599
or [rax],al
add [rax],al
add bh,bh
or eax,FFFFFC13
inc [spawncounter]
jmp "NINJA GAIDEN SIGMA2.exe"+161A599
|
That's what it looks like when injected
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
