Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Change value outside AA

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
felps3
How do I cheat?
Reputation: 0

Joined: 15 Jul 2022
Posts: 1
PostPosted: Fri Jul 15, 2022 7:30 am    Post subject: Change value outside AA Reply with quote
Hi, how do i change a value inside an AA script from the Cheat Table.
I'm trying to change the strings 'Enemy' in this script for another without the need to disable the script, change and enable it again.

Code:
[ENABLE]
{$lua}

local aTimerInterval = 100
local function aTimer_tick(timer)

registerSymbol("pos_x", "[test.exe+0838F728]+FC")
registerSymbol("pos_y", "[test.exe+0838F728]+100")

end

aTimer = createTimer(test)
aTimer.Interval = aTimerInterval
aTimer.OnTimer = aTimer_tick

{$asm}
aobscanmodule(LockX,test.exe,89 90 AC 00 00 00 8B 4D FC 03)
aobscanmodule(LockY,test.exe,89 90 B0 00 00 00 C7 45 B8 00)
alloc(newmem_x,$1000)
alloc(newmem_y,$1000)

label(return_x) label(return_y)
label(notfound_x) label(notfound_y)

newmem_x:
cmp [eax+38],'Enemy'
jne notfound_x
push rbx
mov rbx,[pos_x]
mov [eax+358+AC],rbx
pop rbx
jmp return_x

notfound_x:
mov [eax+AC],edx
jmp return_x

newmem_y:

cmp [eax+38],'Enemy'
jne notfound_y
push rbx
mov rbx,[pos_y]
mov [eax+358+B0],rbx
pop rbx
jmp return_y

notfound_y:
mov [eax+B0],edx
jmp return_y

LockX:
  jmp newmem_x
  nop
return_x:
registersymbol(LockX)

LockY:
  jmp newmem_y
  nop
return_y:
registersymbol(LockY)

[DISABLE]

LockX:
  db 89 90 AC 00 00 00 8B 4D FC 03

LockY:
  db 89 90 B0 00 00 00 C7 45 B8 00

unregistersymbol(LockX) unregistersymbol(LockY)
dealloc(newmem_x) dealloc(newmem_y)

{$lua}
aTimer.destroy()
unregisterSymbol("pos_x")
unregisterSymbol("pos_y")
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 140

Joined: 06 Jul 2014
Posts: 4289
PostPosted: Fri Jul 15, 2022 12:20 pm    Post subject: Reply with quote
felps3 wrote:
Code:
cmp [eax+38],'Enemy'
This doesn't do what you think it does.
cmp can take up to a 32-bit immediate. The literal 'Enemy' gets interpreted as an integer and truncated to 32 bits: i.e. it basically just compares against the string 'Enem'.

If you want to do this correctly, you'll need to invoke an actual strcmp routine. Such a routine would take pointers to the two strings as input. Store the string you're comparing against (e.g. 'Enemy') in allocated memory. Changing the string becomes as easy as registering a symbol and adding a memory record to the address list.

That Lua timer at the top is bad. If the pointer path changes during runtime, then traverse it at runtime. Right now it only gets traversed when the script is enabled (may as well do `mov rbx,[[test.exe+0838F728]+FC]`)

You should be allocating memory near the injection point. e.g. `alloc(newmem_x,$1000,LockX)`
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites