Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


<Failure allocating memory near xxxxx> or crash

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
cheatslover
How do I cheat?
Reputation: 0

Joined: 27 May 2022
Posts: 2
PostPosted: Fri May 27, 2022 6:18 am    Post subject: <Failure allocating memory near xxxxx> or crash Reply with quote
Hello to all! this is my very first post on the forum Smile

I literally just began my adventure with Cheat Engine so my knowledge is 0, but i could not find any cheat table to early access Songs of Conquest so i decided to try my luck.

I have watched couple of tutorials related to AOB scan and so on.

My first goal was to make a script that when i loot any gold or resource, its giving me max of it so for example i loot 4 wood and my wood goes to 9999.
I did the manual 4 byte scan i found where the wood is kept, i narrowed it down to 2 addresses. I found code that writes to these addresses and i used cheat engine tools to make an AOB injection script from template. Then i added one more line from me that increases picked up resource amount.

Then i made 5 more scripts that do other stuff like infinite movement, infinite essences and so on.

However all the scripts i made have one thing common they "usually" work. What i mean by that is that most of the time 7 out of 10 attempts they enable correctly, but sometimes instead of enable i get error <<Failure allocating memory near xxxxx>>. I searched internet for this problem and i did not find any conclusive solution. I found however similar topic where someone suggested to avoid put 3rd parameter to "alloc" instruction. So i tried to remove this parameter and it worked first 2 times. After those 2 times however it started crashing game and i wasnt able to successfully enable script anymore. For example when i try to pick gold or resource game just crashes. Maybe someone will be able to help me to make this script work stable and always.

Code:

[ENABLE]

aobscan(INJECT,48 63 51 14 03 55 E8 48 8B C8 83 38 00 48 8D 6D 00)
alloc(newmem,$1000,INJECT)

label(code)
label(return)

newmem:

code:
  movsxd  rdx,dword ptr [rcx+14]
  add edx,[rbp-18]
  add edx,10000 // this is the only line i added from me, it increases picked gold or resource amount to max
  jmp return

INJECT:
  jmp newmem
  nop 2
return:
registersymbol(INJECT)

[DISABLE]

INJECT:
  db 48 63 51 14 03 55 E8

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: 2539AD97A9D

2539AD97A73: 4C 89 45 E8                    - mov [rbp-18],r8
2539AD97A77: 4D 85 FF                       - test r15,r15
2539AD97A7A: 0F 84 45 00 00 00              - je 2539AD97AC5
2539AD97A80: 49 8B CF                       - mov rcx,r15
2539AD97A83: 48 63 55 F0                    - movsxd  rdx,dword ptr [rbp-10]
2539AD97A87: 49 8B 07                       - mov rax,[r15]
2539AD97A8A: 49 BA A8 28 6D F1 53 02 00 00  - mov r10,00000253F16D28A8
2539AD97A94: FF 50 D8                       - call qword ptr [rax-28]
2539AD97A97: 48 8B C8                       - mov rcx,rax
2539AD97A9A: 83 39 00                       - cmp dword ptr [rcx],00
// ---------- INJECTING HERE ----------
2539AD97A9D: 48 63 51 14                    - movsxd  rdx,dword ptr [rcx+14]
// ---------- DONE INJECTING  ----------
2539AD97AA1: 03 55 E8                       - add edx,[rbp-18]
2539AD97AA4: 48 8B C8                       - mov rcx,rax
2539AD97AA7: 83 38 00                       - cmp dword ptr [rax],00
2539AD97AAA: 48 8D 6D 00                    - lea rbp,[rbp+00]
2539AD97AAE: 49 BB D0 20 B5 1C 54 02 00 00  - mov r11,000002541CB520D0
2539AD97AB8: 41 FF D3                       - call r11
2539AD97ABB: 4C 8B 7D F8                    - mov r15,[rbp-08]
2539AD97ABF: 48 8D 65 00                    - lea rsp,[rbp+00]
2539AD97AC3: 5D                             - pop rbp
2539AD97AC4: C3                             - ret
}


so when i tried to remove third param i had this

Code:

alloc(newmem,$1000)


So what adjustments can be done to avoid Failure allocating memory in case of 3 params alloc and crash in case of 2 params alloc?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 471

Joined: 09 May 2003
Posts: 25857
Location: The netherlands
PostPosted: Fri May 27, 2022 9:29 am    Post subject: Reply with quote
just removing the 3th alloc parameter alone won't do. you will have to adjust the code to be aware of 14 byte jmps

change it to
Code:

[ENABLE]

aobscan(INJECT,48 63 51 14 03 55 E8 48 8B C8 83 38 00 48 8D 6D 00)
alloc(newmem,$1000,INJECT)

label(code)
label(return)

newmem:

code:
  movsxd  rdx,dword ptr [rcx+14]
  add edx,[rbp-18]
  add edx,10000 // this is the only line i added from me, it increases picked gold or resource amount to max
  mov rcx,rax
  cmp dword ptr [rax],00 //not sure this is needed. Looks like .net debug code
  lea rbp,[rbp+00]
  jmp return

INJECT:
  jmp far newmem
  nop 3
return:
registersymbol(INJECT)

[DISABLE]

INJECT:
  db 48 63 51 14 03 55 E8 48 8B C8 83 38 00 48 8D 6D 00

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: 2539AD97A9D

2539AD97A73: 4C 89 45 E8                    - mov [rbp-18],r8
2539AD97A77: 4D 85 FF                       - test r15,r15
2539AD97A7A: 0F 84 45 00 00 00              - je 2539AD97AC5
2539AD97A80: 49 8B CF                       - mov rcx,r15
2539AD97A83: 48 63 55 F0                    - movsxd  rdx,dword ptr [rbp-10]
2539AD97A87: 49 8B 07                       - mov rax,[r15]
2539AD97A8A: 49 BA A8 28 6D F1 53 02 00 00  - mov r10,00000253F16D28A8
2539AD97A94: FF 50 D8                       - call qword ptr [rax-28]
2539AD97A97: 48 8B C8                       - mov rcx,rax
2539AD97A9A: 83 39 00                       - cmp dword ptr [rcx],00
// ---------- INJECTING HERE ----------
2539AD97A9D: 48 63 51 14                    - movsxd  rdx,dword ptr [rcx+14]
// ---------- DONE INJECTING  ----------
2539AD97AA1: 03 55 E8                       - add edx,[rbp-18]
2539AD97AA4: 48 8B C8                       - mov rcx,rax
2539AD97AA7: 83 38 00                       - cmp dword ptr [rax],00
2539AD97AAA: 48 8D 6D 00                    - lea rbp,[rbp+00]
2539AD97AAE: 49 BB D0 20 B5 1C 54 02 00 00  - mov r11,000002541CB520D0
2539AD97AB8: 41 FF D3                       - call r11
2539AD97ABB: 4C 8B 7D F8                    - mov r15,[rbp-08]
2539AD97ABF: 48 8D 65 00                    - lea rsp,[rbp+00]
2539AD97AC3: 5D                             - pop rbp
2539AD97AC4: C3                             - ret
}

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
cheatslover
How do I cheat?
Reputation: 0

Joined: 27 May 2022
Posts: 2
PostPosted: Fri May 27, 2022 12:07 pm    Post subject: Reply with quote
Oh i see, after consuming your reply, i looked for other helpful informations on this forum and i found other topic where you said following:

Quote:

Tip: If you're using templates to build your script, hold down CTRL and then use the template to generate the code. It will generate a script that uses 14 byte jmps so you don't have to bother with that (too much, you still need to make sure it's not the destination of a relative jmp)


I gave it quick try and code produced with this method by cheat engine is the same as you just prepared for me (except code from cheat engine is missing 3rd parameter in alloc instruction but i guess its really irrelevant if code is correctly written for this 14 bytes jump). Code you prepared is also working every time and does not crash! Big thank you for this help dear sir Smile

Is it safe to assume that with this method (hold CTRL when making script from template) i can again re-do other scripts i made earlier and they will be working correctly every time? Or there are some nuances and it may require some manual intervention in some cases?

I guess what i am trying to ask is, as a total noob can i just use CTRL + click to produce 14byte jump scripts, add my changes and have it working or there is something i may need to do in some cases?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 471

Joined: 09 May 2003
Posts: 25857
Location: The netherlands
PostPosted: Fri May 27, 2022 1:35 pm    Post subject: Reply with quote
yes, the ctrl+click 'should' produce valid scripts, but do watch out for some fringe cases like relative jump instructions in the original code that's being overwritten. Those may have to be rewritten

e.g.
Code:

2539AD97A7A: 0F 84 45 00 00 00              - je 2539AD97AC5

next version will reassembly this for you on the fly, but for now you'll have to recode this as:
Code:

je +2
jmp +e
jmp far 2539AD97AC5

or
Code:

jne +e
jmp far 2539AD97AC5

(not that you'd want to anyhow, as you'd normally just use the AA command reassemble for this scenario anyhow)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites