| View previous topic :: View next topic |
| Author |
Message |
Exxenmann
How do I cheat?
![]() Reputation: 0
Joined: 01 Jan 2017
Posts: 5
|
 Posted: Thu Jan 05, 2017 2:02 pm Post subject: What am I doing wrong in aobscan/injection? |
 |
|
Hi thank you for reading this!
Im trying to make a trainer for forceofnature and want to stop subtracting stamina.
I found the code memory region and its fairly simple and never changing.
Original code before injection -> Screenshot #1.
(parts I try to replace marked - though the fstp is the bad boy - if I replace it with three nopīs it works like a charm  )
This is my Script:
| Code: |
[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(exit)
label(temp) //make a label that you can use for your aobscan
registersymbol(temp) //also register it as a symbol
aobscan(aob1,FF 76 20 E8 DF 6F DC 44 D9 5E 24 D9 46 24 D9 EE)//use aobscan to search for the code, more explanation later
newmem:
push [esi+20]
call mscorlib.ni.dll+210BD0
nop // original fstp dword ptr [esi+24]
nop
nop
fld dword ptr [esi+24]
fldz
exit:
jmp returnhere
aob1: //replace the static address with your aobscan, which is called aob1 in my case
temp: //store aob1 on the whatever label
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
temp: //replace the static address with the whatever label
db FF 76 20 E8 DF 6F DC 44 D9 5E 24 D9 46 24 D9 EE //restore the original byte pattern
unregistersymbol(temp)
|
After injection it looks like Screenshot #2.
When following the jump - my new mem region looks like Screenshot #3.
(the backjump also jumps to the right place)
But when playing after injection the game crashes exactly when using stamina (so propably my injection).
Also I wonder where the inc and dec opcodes come from after my first jump? (if I replace them with nopīs the game doesnt crash anymore but my Stamina gets subtracted  )
Does anybody see an obvious mistake?
Thank you a lot for your time!
Will share trainer to public when working.
| Description: |
|
| Filesize: |
38.35 KB |
| Viewed: |
5012 Time(s) |
|
| Description: |
|
| Filesize: |
142.61 KB |
| Viewed: |
5012 Time(s) |
|
| Description: |
| initial jump after injection |
|
| Filesize: |
41.58 KB |
| Viewed: |
5012 Time(s) |
|
|
|
| Back to top |
|
 |
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Thu Jan 05, 2017 2:47 pm Post subject: |
|
|
You should try to avoid including a CALL statement in your injection.
Specifically when doing an AOB Injection, as the bytes are very likely to change.
It sounds like the code you're changing is after the CALL anyway, so move your injection down there.
When using CE's template, there is an option for AOB Injection.
It will create the AOB and format all of the code for you. Use that instead.
Simply comment out the two lines you want to NOP.
| Code: | //fstp dword ptr [esi+24]
//fld dword ptr [esi+24] |
Now in this specific case, all you really would need is the following.
Assuming the AOB was unique enough...
| Code: | [ENABLE]
aobscan(aob1,D9 5E 24 D9 46 24 D9 EE)
aob1:
db 90 90 90 90 90 90
registersymbol(aob1)
[DISABLE]
aob1:
db D9 5E 24 D9 46 24
unregistersymbol(aob1) |
|
|
| Back to top |
|
|
Exxenmann
How do I cheat?
![]() Reputation: 0
Joined: 01 Jan 2017
Posts: 5
|
| Posted: Thu Jan 05, 2017 3:50 pm Post subject: |
|
|
Thank you a lot for your answer!
I really mean it - learning things like this for free on your time means A LOT to me!
I cant believe it...
It works and even more so it stops the screen from flashing white when using stamina.
(like before when I replaced "fstp dword ptr [esi+24]" with 3 nops manually)
Should you ever happen to be in a secret city in Germany theres always a cold beer waiting for you 
Theres still one or two things I dont understand but ill fiddle them out on my own.
EDIT: (my table is in a thread called
"[Trainer Request]Force of Nature Steam")
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
