Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Cheat turns off after game reload even with AOB scan

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Vgtrd
How do I cheat?
Reputation: 0

Joined: 09 Aug 2023
Posts: 2
PostPosted: Wed Aug 09, 2023 3:19 am    Post subject: Cheat turns off after game reload even with AOB scan Reply with quote
Hello!

I'm just starting with CE but I quickly switched form being terrified to fascinated. Got a bit stuck though.

My current goal is to add mana regen to Divine Divinity that clicks together with hp regen. Firstly, I did a simple code injection and it works ok, but gets turned off after each game reload (i.e. loading a save file).
From the info I found on the web, I learnt that I should use AOB scan, understanding that EACH time the game encounters the given AOB fingerprint, it would add the corresponding extra code.
And it works too, but has the exact same issue as a regular code injection.

In both cases, after each reload, I have to manually DISABLE -> ENABLE the cheat to activate it again (click the red cross or hotkey double tap), which is rather inconvenient.

Furthermore, I checked other, similar cheats (e.g. invincibility) using AOB scan, and even though their structure is almost identical, they keep working after a reload.
This is where I get confused and would very much appreciate some feedback that would help me understand what I am missing.

Code:
[ENABLE]
 
aobscanmodule(INJECT,div.exe,8B 7A 04 03 FE)
alloc(newmem,$1000)

label(code)
label(return)

newmem: //increasing mana by 10
  add [[[[["div.exe"+00258D50]+C]+0]+2C]+8],A

code: //original code
  mov edi,[edx+04]
  add edi,esi
  jmp return

INJECT:
  jmp newmem

return:
  registersymbol(INJECT)

[DISABLE]

INJECT:
  db 8B 7A 04 03 FE

unregistersymbol(INJECT)
dealloc(newmem)

{

// ORIGINAL CODE - INJECTION POINT: INJECT

div.exe+144894: 8B 90 B4 04 00 00  - mov edx,[eax+000004B4]
div.exe+14489A: 8B 02              - mov eax,[edx]
div.exe+14489C: 8B 10              - mov edx,[eax]
div.exe+14489E: A1 50 8D 65 00     - mov eax,[div.exe+258D50]
div.exe+1448A3: 8B 40 0C           - mov eax,[eax+0C]
div.exe+1448A6: 8B 04 90           - mov eax,[eax+edx*4]
div.exe+1448A9: 8B 50 2C           - mov edx,[eax+2C]
div.exe+1448AC: 56                 - push esi
div.exe+1448AD: 8B B1 80 00 00 00  - mov esi,[ecx+00000080]
div.exe+1448B3: 57                 - push edi
// ---------- INJECTING HERE ----------
INJECT: 8B 7A 04           - mov edi,[edx+04]
// ---------- DONE INJECTING  ----------
div.exe+1448B7: 03 FE              - add edi,esi
div.exe+1448B9: 8B C2              - mov eax,edx
div.exe+1448BB: 3B 7A 0C           - cmp edi,[edx+0C]
div.exe+1448BE: 77 10              - ja div.exe+1448D0
div.exe+1448C0: 01 70 04           - add [eax+04],esi
div.exe+1448C3: A1 44 8C 65 00     - mov eax,[div.exe+258C44]
div.exe+1448C8: 8B 10              - mov edx,[eax]
div.exe+1448CA: 5F                 - pop edi
div.exe+1448CB: 89 51 78           - mov [ecx+78],edx
div.exe+1448CE: 5E                 - pop esi
}
Back to top
View user's profile Send private message
LeFiXER
Grandmaster Cheater Supreme
Reputation: 20

Joined: 02 Sep 2011
Posts: 1069
Location: 0x90
PostPosted: Wed Aug 09, 2023 4:52 am    Post subject: Reply with quote
That's not how AOB scan works, AOB scan just finds a location within the game's code. You will want to use an AOB from within a function that is accessed at the correct time, in your particular case, the code responsible for HP regeneration. When you inject at this location, your script will be executed every time the instruction used at the injection point is used by the game.

I don't have the game, but assuming that the mana is in the same struct as the player and based on the script you have provided. Perhaps this will work:
Code:

[ENABLE]
 
aobscanmodule(INJECT,div.exe,8B 7A 04 03 FE)
alloc(newmem,$1000)

label(code)
label(return)

newmem: //increasing mana by 10
  //add [[[[["div.exe"+00258D50]+C]+0]+2C]+8],A
  add [edx+8],A

code: //original code
  mov edi,[edx+04]
  add edi,esi
  jmp return

INJECT:
  jmp newmem

return:
  registersymbol(INJECT)

[DISABLE]

INJECT:
  db 8B 7A 04 03 FE

unregistersymbol(INJECT)
dealloc(newmem)

{

// ORIGINAL CODE - INJECTION POINT: INJECT

div.exe+144894: 8B 90 B4 04 00 00  - mov edx,[eax+000004B4]
div.exe+14489A: 8B 02              - mov eax,[edx]
div.exe+14489C: 8B 10              - mov edx,[eax]
div.exe+14489E: A1 50 8D 65 00     - mov eax,[div.exe+258D50]
div.exe+1448A3: 8B 40 0C           - mov eax,[eax+0C]
div.exe+1448A6: 8B 04 90           - mov eax,[eax+edx*4]
div.exe+1448A9: 8B 50 2C           - mov edx,[eax+2C]
div.exe+1448AC: 56                 - push esi
div.exe+1448AD: 8B B1 80 00 00 00  - mov esi,[ecx+00000080]
div.exe+1448B3: 57                 - push edi
// ---------- INJECTING HERE ----------
INJECT: 8B 7A 04           - mov edi,[edx+04]
// ---------- DONE INJECTING  ----------
div.exe+1448B7: 03 FE              - add edi,esi
div.exe+1448B9: 8B C2              - mov eax,edx
div.exe+1448BB: 3B 7A 0C           - cmp edi,[edx+0C]
div.exe+1448BE: 77 10              - ja div.exe+1448D0
div.exe+1448C0: 01 70 04           - add [eax+04],esi
div.exe+1448C3: A1 44 8C 65 00     - mov eax,[div.exe+258C44]
div.exe+1448C8: 8B 10              - mov edx,[eax]
div.exe+1448CA: 5F                 - pop edi
div.exe+1448CB: 89 51 78           - mov [ecx+78],edx
div.exe+1448CE: 5E                 - pop esi
}


If EDI holds the pointer to the player struct, the mana is held within the player struct, and the offsets match then this should work.
Back to top
View user's profile Send private message
Vgtrd
How do I cheat?
Reputation: 0

Joined: 09 Aug 2023
Posts: 2
PostPosted: Wed Aug 09, 2023 9:14 am    Post subject: Reply with quote
Oooooh I see!
Thank you so much for both the info and the script (it works great)!
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4724
PostPosted: Wed Aug 09, 2023 10:24 am    Post subject: Reply with quote
Vgtrd wrote:
Code:
add [[[[["div.exe"+00258D50]+C]+0]+2C]+8],A
You shouldn't do this. The stuff in the outermost square brackets, `[[[["div.exe"+00258D50]+C]+0]+2C]+8`, gets evaluated to an address when the instruction is assembled. The pointer path will not be traversed at runtime. i.e. it's basically the same thing as using a hardcoded address: `add [16A9E578],A`.
If the pointed-to address is initialized once and no node in the pointer path ever changes, this isn't a problem. More often than not, that isn't the case, and your code injection will eventually either stop working or crash the game.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites