Cheat Engine

Trisolaris · Newbie cheater Reputation: 0 Joined: 10 Mar 2019 Posts: 20

Hello,
I have an instruction that writes a value which I'd like to transfer to another instruction, which sits far away from the first (source) instruction.

I'm trying to
1) Park the source value to my own allocated memory.
2) Copy the source value back to the source instruction, so that it keeps functioning.
3) Copy the source value to the target instruction to enable some new functionality

Source instruction at "inputinterface.dll"+2F365

ParkourPenguin · Posted: Wed Nov 02, 2022 4:51 pm Post subject:

Use registersymbol to make the symbol `myYawSource` accessible in the other script. The other script should be made a child as it can't be enabled if `myYawSource` doesn't exist. Use options like "hide children when disabled", "disabling this script disables children", maybe others.

globalalloc is another option (memory is leaked once, safer than deallocating shared memory)

If the other injection point is too far away, you may not be able to use RIP-relative addressing to access myYawSource directly. There is a MOV instruction that takes the RAX register and a value at a 64-bit memory offset (prefix/opcode REX.W + A1) that should let you use `mov rax,[myYawSource]` / `mov [rsp+48],rax`

Maybe also include a bool to verify myYawSource has been initialized if a zero value isn't good for [rsp+48]

Trisolaris · Newbie cheater Reputation: 0 Joined: 10 Mar 2019 Posts: 20

Awesome! I'll try that out ASAP.
Many thanks @ ParkourPenguin

What is the best way of finding my own allocated memory?
Currently, I either scan for the AoB containing my new code or
I enter the address displayed at the jump in the disassembler
manually, and find my own values further downstream.
Is there a way to search for myYawSource directly?

Dark Byte · Posted: Thu Nov 03, 2022 5:47 am Post subject:

ParkourPenguin · Posted: Thu Nov 03, 2022 5:29 pm Post subject:

You're overthinking this. Use registersymbol / unregistersymbol on `myYawSource` the same way you do for `MyGoPro`. Then you can simply use `myYawSource` in any other script.

Trisolaris · Newbie cheater Reputation: 0 Joined: 10 Mar 2019 Posts: 20

Thanks @Dark Byte & @ParkourPenguin!

Out of curiosity: will the registered symbol be visible to other scripts outside of CE? I recon that would be a great way to interact with my CE scripts. I could e.g. control variables by manipulating ["myCERegisteredSymbol" + offset] directly. As an alternative, I could AoB-scan for the code in newmem (I can add bytes further downstream to make the AoB unique if needed) and work with that.

ParkourPenguin · Posted: Sat Nov 05, 2022 1:57 pm Post subject:

You'd need some form of IPC (inter process communication) to communicate data between processes.

If you're trying to make your own program to do something, it's probably better to just do everything yourself and not rely on some janky hybrid setup with CE.

Doing everything in CE is also an option. CE's Lua API is good for most things- you can make your own GUI and stuff.

Trisolaris · Newbie cheater Reputation: 0 Joined: 10 Mar 2019 Posts: 20

Guys, it worked! Very Happy

My first code injection! Parent and child script work like a charm. Many thanks @ParkourPenguin and @Dark Byte, I learn so much from you guys!

Now I can check whether I can access my allocated memory from outside, but that's all nice to have. The important stuff is there Very Happy