|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
gibberishh Cheater Reputation: 1
Joined: 30 Aug 2021 Posts: 37
|
Posted: Mon Jan 17, 2022 10:07 pm Post subject: ReadMem label within ENABLE |
|
|
I'm trying to use ReadMem into a registered label. Works perfectly across Enable/Disable sections of code. But it doesn't work WITHIN the Enable code:
Code: | aobscanmodule(theaob,myproc.exe,8B 53 18 8B 35 ?? ?? ?? ??)
alloc(newmem,$100)
alloc(oriaob,9)
registersymbol(oriaob)
label(code)
label(return)
oriaob:
readmem(theaob,9)
newmem:
cmp dword ptr[ebx+18],00
jne code
mov [ebx+18],0A
code:
readmem(oriaob,9) // readmem doesn't work here, but it works in Disable
// mov edx,[ebx+18]
// mov esi,[myproc.exe+A2F2B8] // This part changes with version updates, so I want to use readmem instead
jmp return
theaob:
jmp newmem
nop 2
nop 2
return:
registersymbol(theaob)
[DISABLE]
theaob:
// db 8B 53 18 8B 35 B8 F2 E3 01
readmem(oriaob,9)
unregistersymbol(*)
dealloc(*) |
Do I have to use ReadMem with a hard address if I want to use it this way because the label isn't registered yet? Is there a better approach to this? Note that there are no syntax errors, I just get Invalid address for ReadMem when trying to execute the script.
Thanks!
_________________
It's not cheating. It's playing by my rules. |
|
Back to top |
|
|
LeFiXER Grandmaster Cheater Supreme Reputation: 20
Joined: 02 Sep 2011 Posts: 1054 Location: 0x90
|
Posted: Tue Jan 18, 2022 12:21 am Post subject: |
|
|
If you're just saving the AOB you can use define:
Code: |
define(originalaob, 8B 53 18 8B 35...) // Don't use wildcards with this though
|
It's a little unclear why you need to restore the bytes at the point of injection within the enable section. It's possible that your own program/game is the cause, or you've deliberately disguised the process name because it's an online game. If it's the latter then you should know that talk of hacking online games is forbidden here.
See faq
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Tue Jan 18, 2022 1:13 am Post subject: |
|
|
I guess readmem is evaluated before symbols get registered.
You should use reassemble when executing code. readmem is for backing up and restoring the original bytes.
Code: | reassemble(theaob)
reassemble(theaob+3) | In 32-bit targets, only control transfer instructions (e.g. call, jmp, jcc) can address memory relative to the instruction pointer, so it doesn't make a difference here.
If this were a 64-bit target, the second instruction would use rip-relative addressing. As such, simply copying the bytes from one location to another would change the behaviour of the instruction. You'd need to reassemble the instruction to get the same behaviour.
Depending on what the code around the injection point looks like, you could also simply choose a different injection point. e.g. one or two instructions before the read from the address you're interested in.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
gibberishh Cheater Reputation: 1
Joined: 30 Aug 2021 Posts: 37
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|