 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Darcon2k
Cheater
![]() Reputation: 0
Joined: 13 Feb 2015
Posts: 48
|
 Posted: Wed Apr 08, 2015 1:08 pm Post subject: Need help with Injection script |
 |
|
Hello. I'm trying to write assembly script that register symbol "MobHP" and compare data with base address to receive correct address. Game is 64-bit.
First memory region:
| Code: | 8B 00 - mov eax,[rax]
89 83 68010000 - mov [rbx+00000168],eax <<<< Injection here.
49 8B 0E - mov rcx,[r14]
|
Base address is "BaseAddr", base offset is D0.
Here is my script:
| Code: | alloc(newmem,$1000)
alloc(MobHP,8)
registersymbol(MobHP)
label(code)
label(store)
label(return)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
code:
cmp [[BaseAddr]+D0],esi
jne store
move [esi+D0],ecx <<<< CE doesn't like this line
jmp return
store:
move [MobHP],esi
move [esi+D0],rbx
jmp return
Game.exe+xx:
jmp code
nop
return: |
I need compare to base address, because this opcode share my own HP and npc effect. Please tell me what's wrong with my opcode because it seems I can't even add it. Please help me to fix this script.
|
|
| Back to top |
|
 |
justa_dude
Grandmaster Cheater
 Reputation: 23
Joined: 29 Jun 2010
Posts: 891
|
| Posted: Wed Apr 08, 2015 3:00 pm Post subject: |
|
|
Hrm.... is move the same as mov? I've never tried it before.
_________________
A nagy kapu mellett, mindig van egy kis kapu.
----------------------
Come on... |
|
| Back to top |
|
|
hhhuut
Grandmaster Cheater
 Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Wed Apr 08, 2015 3:12 pm Post subject: |
|
|
move ist not a valid opcode! You have to write "mov" instead ... That's why CE doesn't like some lines of the script.
And I think your first "code"-line is also wrong (depends on what you really want to do):
The way you wrote that compare, it now reads the value from BaseAddr, adds the offset "D0" to the value of BaseAddr and reads the value from the resulting address.
If you just want to add D0 to the base address and read the value from that address you have to write "cmp [BaseAddr+d0],esi".
And what about the original code where you inject your script? When the script is activated, the code "mov [rbx+00000168],eax" won't be executed any more. Is that planned?
|
|
| Back to top |
|
|
Darcon2k
Cheater
![]() Reputation: 0
Joined: 13 Feb 2015
Posts: 48
|
| Posted: Wed Apr 08, 2015 4:01 pm Post subject: |
|
|
hhhuut
Sorry. I'm very bad at assembly.
Code shouldn't stop being executed.
I'm trying to port script from 32-bit version to 64-bit version.
Here is the memory region of the script I'm trying to port:
| Code: | game.exe+20342C - 8B 08 - mov ecx,[eax]
game.exe+20342E - 8B 55 FC - mov edx,[ebp-04]
>> game.exe+203431 - 89 8E FC000000 - mov [esi+000000FC],ecx <<
game.exe+203437 - 8B 02 - mov eax,[edx]
game.exe+203439 - 50 - push eax
|
Here is old 32-bit working script:
| Code: | registersymbol(ctrgt)
alloc(newmem,$1000)
alloc(MyScript,8)
registersymbol(MyScript)
label(code)
label(store)
label(return)
newmem:
code:
cmp [[BaseAddr]+74],esi
jne store
mov [esi+FC],ecx
jmp return
store:
mov [MyScript],esi
mov [esi+FC],ecx
jmp return
ctrgt:
jmp code
nop
return:
|
I want to write similar script but for instructions from the first post
|
|
| Back to top |
|
|
hhhuut
Grandmaster Cheater
Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Wed Apr 08, 2015 4:10 pm Post subject: |
|
|
| Code: | alloc(newmem,$1000)
alloc(MobHP,8)
registersymbol(MobHP)
label(originalcode)
label(store)
label(return)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp [[BaseAddr]+D0],esi
jne store
mov [esi+D0],ecx
jmp originalcode
store:
mov [MobHP],esi
mov [esi+D0],rbx //<-- Are you sure this is rbx? Four lines above it's ecx instead ... Planned?
originalcode:
mov [rbx+00000168],eax //this code is always executed now (as it should be)
jmp return
Game.exe+xx: //<-- you have to change this of course
jmp code
nop
return: |
This should work I think ...
|
|
| Back to top |
|
|
Darcon2k
Cheater
![]() Reputation: 0
Joined: 13 Feb 2015
Posts: 48
|
| Posted: Wed Apr 08, 2015 5:01 pm Post subject: |
|
|
I'm not sure what to use here. rbx or ecx...
Does exc work in 64-bit games?
I assume there should be rbx because original opcode in 64 bit version:
mov [rbx+00000168]
and original opcode in 32-bit version ecx
|
|
| Back to top |
|
|
hhhuut
Grandmaster Cheater
Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Wed Apr 08, 2015 5:05 pm Post subject: |
|
|
Yeah, but you used two different registers for one address.
In your "newmem"-codeblock you have
"mov [esi+D0],ecx"
and in the other codeblock ("store") you wrote
"mov [esi+D0],rbx"
I don't know which one is correct ...
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
