Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


ReadMem label within ENABLE

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
gibberishh
Cheater
Reputation: 1

Joined: 30 Aug 2021
Posts: 37

PostPosted: Mon Jan 17, 2022 10:07 pm    Post subject: ReadMem label within ENABLE Reply with quote

I'm trying to use ReadMem into a registered label. Works perfectly across Enable/Disable sections of code. But it doesn't work WITHIN the Enable code:

Code:
aobscanmodule(theaob,myproc.exe,8B 53 18 8B 35 ?? ?? ?? ??)
alloc(newmem,$100)
alloc(oriaob,9)
registersymbol(oriaob)

label(code)
label(return)

oriaob:
  readmem(theaob,9)
newmem:
  cmp dword ptr[ebx+18],00
  jne code
  mov [ebx+18],0A
code:
  readmem(oriaob,9) // readmem doesn't work here, but it works in Disable
//  mov edx,[ebx+18]
//  mov esi,[myproc.exe+A2F2B8] // This part changes with version updates, so I want to use readmem instead
  jmp return

theaob:
  jmp newmem
  nop 2
  nop 2
return:
  registersymbol(theaob)

[DISABLE]
theaob:
//  db 8B 53 18 8B 35 B8 F2 E3 01
  readmem(oriaob,9)

unregistersymbol(*)
dealloc(*)


Do I have to use ReadMem with a hard address if I want to use it this way because the label isn't registered yet? Is there a better approach to this? Note that there are no syntax errors, I just get Invalid address for ReadMem when trying to execute the script.

Thanks!

_________________
It's not cheating. It's playing by my rules.
Back to top
View user's profile Send private message
LeFiXER
Grandmaster Cheater Supreme
Reputation: 20

Joined: 02 Sep 2011
Posts: 1054
Location: 0x90

PostPosted: Tue Jan 18, 2022 12:21 am    Post subject: Reply with quote

If you're just saving the AOB you can use define:
Code:

define(originalaob, 8B 53 18 8B 35...) // Don't use wildcards with this though


It's a little unclear why you need to restore the bytes at the point of injection within the enable section. It's possible that your own program/game is the cause, or you've deliberately disguised the process name because it's an online game. If it's the latter then you should know that talk of hacking online games is forbidden here.
See faq
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Tue Jan 18, 2022 1:13 am    Post subject: Reply with quote

I guess readmem is evaluated before symbols get registered.

You should use reassemble when executing code. readmem is for backing up and restoring the original bytes.
Code:
reassemble(theaob)
reassemble(theaob+3)
In 32-bit targets, only control transfer instructions (e.g. call, jmp, jcc) can address memory relative to the instruction pointer, so it doesn't make a difference here.
If this were a 64-bit target, the second instruction would use rip-relative addressing. As such, simply copying the bytes from one location to another would change the behaviour of the instruction. You'd need to reassemble the instruction to get the same behaviour.

Depending on what the code around the injection point looks like, you could also simply choose a different injection point. e.g. one or two instructions before the read from the address you're interested in.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
gibberishh
Cheater
Reputation: 1

Joined: 30 Aug 2021
Posts: 37

PostPosted: Tue Jan 18, 2022 1:43 am    Post subject: Reply with quote

ParkourPenguin wrote:
Depending on what the code around the injection point looks like, you could also simply choose a different injection point. e.g. one or two instructions before the read from the address you're interested in.

Thanks. I'll try reassemble. Unfortunately, I can't go back a few bytes because the code just before this is also a call to another address.

Code:
call myproc.exe+1801C3 // replacing this would cause same headache
mov edx,[ebx+18]  // these 3 bytes (and next 2) are replaced with a 5-byte jmp
mov esi,[myproc.exe+A2F2B8] // This address changes with version updates (almost weekly), so I want to use something dynamic instead


Update: Thanks a lot! reassemble() works like a charm. Very Happy

_________________
It's not cheating. It's playing by my rules.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites