Cheat Engine

danpuz · Newbie cheater Reputation: 0 Joined: 29 Mar 2015 Posts: 18

I am trying to cmp [eax + 0000095C] with #50000
But the game crashes when the script run.
Here's the script:

STN · Posted: Sun Sep 27, 2015 5:08 am Post subject:

Recreate the original code

mov eax,[ecx+00000964]

Write your injection under newmem: or code:(new ce template), makes it easier to jump to original code.

If recreating code still crashes game, post the full code around "HeavyWeapon.exe"+1B734:

danpuz · Newbie cheater Reputation: 0 Joined: 29 Mar 2015 Posts: 18

What do you mean by "makes it easier to jump to original code"
I didn't put instruction to jump to the original code in my script

Zanzer · Posted: Sun Sep 27, 2015 8:25 am Post subject:

The original code is using register ECX. Your code is using EAX.
Are you sure this is what you want?

Also, why are you skipping over the original code at all?
The game is setting the EAX register to use it later.
If you skip over it now, it will be some random value when it's later used.

According to your custom instruction, EAX will contain a pointer address.
So whatever value the game expects, it will be some huge value instead.

danpuz · Newbie cheater Reputation: 0 Joined: 29 Mar 2015 Posts: 18

The original code is mov eax,[ecx+00000964]
And I want to skip it if [Eax+0000095C] larger than #50000

STN · Posted: Sun Sep 27, 2015 10:13 am Post subject:

danpuz · Newbie cheater Reputation: 0 Joined: 29 Mar 2015 Posts: 18

The game has a life that have the value of 2.
when you die, you lose one life and you get the Message "get ready".
but when you die and don't have any life you get the Message "game over"
and lose the game.

the code mov eax,[ecx+00000964] triggers the "game over" message.

when i use this script:

vng21092 · Posted: Sun Sep 27, 2015 12:40 pm Post subject:

panraven · Posted: Sun Sep 27, 2015 1:01 pm Post subject:

I happened has this game installed, this the aob injection ce template code at the position, STN said the full code, probably means this.
Also include a sample code about [..+95c], which is not near +1b734.

danpuz · Newbie cheater Reputation: 0 Joined: 29 Mar 2015 Posts: 18

vng21092 its Not working

Perhaps the error message will help find the problem:

Exception: Access Violation (code 0xc0000005) at address 05210000 in thread 1A08
Module: Exception: Access Violation (code 0xc0000005) at address 05210000 in thread 1A08

Logical Address: 130E32C:00000000

0012FCA8 05210000 0000:00000000
Params: 0056B1A0 0044BED5 0056B1A0 004AF708

StackWalk failed (error 299)

EAX:0000012C EBX:00000000 ECX:0056B1A0 EDX:775771B4 ESI:0519BF20 EDI:00000026
EIP:05210000 ESP:0012FC84 EBP:0012FCA8
CS:001B SS:0023 DS:0023 ES:0023 FS:003B GS:0000
Flags:00010202

Windows Ver: NT 6.1 Service Pack 1 Build 7601
DDraw Ver: 6.1.7600.16385
DSound Ver: 6.1.7600.16385

Product: HeavyWeapon
Version: 1.0
Time Loaded: 00:00:31
Fullscreen: No
Primary ThreadId: 1A08
Times Played: 276

panraven · Posted: Sun Sep 27, 2015 1:19 pm Post subject:

change

danpuz · Newbie cheater Reputation: 0 Joined: 29 Mar 2015 Posts: 18

omg IT WORKED .
Very Happy

i don't know how but it worked.

If you can explain to me why it works that way, I'd love to know

panraven · Posted: Sun Sep 27, 2015 2:06 pm Post subject:

I guess you think EAX is some CONSTANT that not change across different code part, and expect that the expression [eax+95c] your used in this code part (part A) is the same as what you encounter in some other code part (part B), but they are not the same.
Probably in part B, eax is used as some base of a struct, which is the same as ecx in part A (the part you modify here). So, you 'copy' that expression into part A. But eax in part A now is a total different thing, so the crash.

STN · Posted: Sun Sep 27, 2015 2:16 pm Post subject:

Because this

danpuz · Newbie cheater Reputation: 0 Joined: 29 Mar 2015 Posts: 18

so how did you know that dword ptr is the right register?