|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
podstanar Advanced Cheater Reputation: 4
Joined: 02 May 2012 Posts: 82 Location: Flatland
|
Posted: Fri Sep 24, 2021 5:04 am Post subject: [Help] What am i missing here? |
|
|
Alright, i have this script:
Code: |
{$STRICT}
define(godmode_patch1, Player:CharacterDamage)
define(godmode_patch2, Player:DealerDamage)
define(block_hook, AI:CharacterDamage)
define(ammo_patch, RangedWeapon:DecrementAmmo)
[ENABLE]
{$lua}
if syntaxcheck then return end
mono_initialize()
LaunchMonoDataCollector()
{$asm}
aobscanregion(block_patch, AI:CharacterDamage, AI:CharacterDamage+CC8, 23 C3 85 C0 0F 84)
aobscanregion(block_ret, AI:CharacterDamage, AI:CharacterDamage+CC8, D9 45 ? D9 5C ? ? 89 34 ? 8D 6D)
alloc(godmode_cave1, 64, godmode_patch1)
alloc(godmode_cave2, 64, godmode_patch2)
alloc(block_cave, 64, block_hook)
alloc(ammo_cave, 64, ammo_patch)
alloc(godmode, 4)
alloc(block, 4)
alloc(ammo, 4)
label(godmode)
label(block)
label(ammo)
label(return_godmode1)
label(return_godmode2)
label(return_block)
label(return_ammo)
registersymbol(block_patch)
registersymbol(block_ret)
registersymbol(godmode)
registersymbol(block)
registersymbol(ammo)
// --- injection ---
godmode_patch1:
jmp godmode_cave1
return_godmode1:
godmode_patch2:
jmp godmode_cave2
return_godmode2:
block_patch:
jmp block_cave
nop 5
return_block:
ammo_patch:
jmp ammo_cave
nop 5
return_ammo:
// --- caves ---
godmode_cave1:
cmp [godmode],1
je @f
readmem(godmode_patch1, 5)
jmp return_godmode1
@@:
xor eax,eax
ret
godmode_cave2:
cmp [godmode],1
je @f
readmem(godmode_patch2, 5)
jmp return_godmode2
@@:
xor eax,eax
ret
block_cave:
cmp [block],1
je @f
readmem(block_patch, 4)
je block_ret
@@:
xor eax,eax
jmp return_block
ammo_cave:
cmp [ammo],1
je @f
readmem(ammo_patch, 5)
jmp return_ammo
@@:
ret
// --- vars ---
godmode:
dd 0
block:
dd 0
ammo:
dd 0
[DISABLE]
godmode_patch1:
readmem(godmode_patch1, 5)
godmode_patch2:
readmem(godmode_patch2, 5)
block_patch:
readmem(block_patch, 10)
ammo_patch:
readmem(ammo_patch, 10)
dealloc(godmode_cave1)
dealloc(godmode_cave2)
dealloc(block_cave)
dealloc(ammo_cave)
dealloc(godmode)
dealloc(block)
dealloc(ammo)
unregistersymbol(block_patch)
unregistersymbol(block_ret)
unregistersymbol(godmode)
unregistersymbol(block)
unregistersymbol(ammo)
|
The problem here is, when trying to activate, it fails and throws not all instructions could be injected error, BUT actually patches the memory, like it successfully enabled??? Of course i can't disable it once this happens, because CE thinks it's disabled, so script's checkbox in not ticked.. What is going on here?
Also, aobscanregion() doesn't accept block_hook, it only accepts AI:CharacterDamage, is this normal behaviour?
_________________
Singularity is nearer. |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4300
|
Posted: Fri Sep 24, 2021 12:35 pm Post subject: |
|
|
Not sure why it's giving that error. Might have something to do with mono symbol lookups.
Try using Lua to force the symbol lookup to happen earlier:
Code: | {$STRICT}
{$lua}
local sl = createStringlist()
sl.add(('define(godmode_patch1,%08X)'):format(getAddress'Player:CharacterDamage'))
sl.add(('define(godmode_patch2,%08X)'):format(getAddress'Player:DealerDamage'))
sl.add(('define(block_hook,%08X)'):format(getAddress'AI:CharacterDamage'))
sl.add(('define(ammo_patch,%08X)'):format(getAddress'RangedWeapon:DecrementAmmo'))
local ret = sl.Text
sl.destroy()
return ret
{$asm}
[ENABLE]
...
|
Maybe the AA doesn't like readmem being placed after the address being read from was written to. Try switching the injection point code and your code caves so that your code caves come first. I don't think this is the problem as this worked in the past IIRC.
Increase allocated memory size for your code caves from 64 bytes to 256 bytes, or just use one big one (2048 is fine) and labels.
When you do manage to disable it, the script is going to crash the game. Your way of restoring the injection point:
Code: | godmode_patch1:
readmem(godmode_patch1, 5)
// etc | Does absolutely nothing. readmem reads the value at the address godmode_patch1. In the disable section readmem executes when the script is disabled. The bytes the script is writing to the injection point are the exact same bytes that were there already - i.e. the jump to your code cave. When your code cave's memory gets deallocated, this will crash the game.
If CE is smart enough to catch this, this might also be the reason why CE is saying "not all instructions could be injected", but I doubt it.
Also, in ENABLE, this is wrong:
Code: | block_cave:
cmp [block],1
je @f
readmem(block_patch, 4)
... | You shouldn't be using readmem to execute code. There are instructions whose machine code (byte representation) depend on the address the instruction is located at. If you simply copy the machine code of such instructions, you won't execute the same instruction if you place the machine code at a different address.
reassemble will disassemble an instruction at an address and assemble it again somewhere else. Use reassemble to execute code at the injection point in your code and readmem to backup and restore the injection point.
https://www.cheatengine.org/forum/viewtopic.php?p=5745567#5745567
https://www.cheatengine.org/forum/viewtopic.php?p=5769600#5769600
If you're backing up and restoring bytes often, I made this a little bit ago:
https://forum.cheatengine.org/viewtopic.php?p=5773240#5773240
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|