Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Company of Heroes 2 Question about the script
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
thirst for knowledge
Newbie cheater
Reputation: 0

Joined: 15 Jan 2014
Posts: 23
Location: Russia

PostPosted: Tue Jan 09, 2018 1:50 pm    Post subject: Company of Heroes 2 Question about the script Reply with quote

Hi guys. Help to understand the script, creating a filter "your-enemy" the game gives an error, how to correctly write a script? What am I doing wrong ?
newmem:

code:
push ebx
lea ebx,[esi]
cmp [ebx+1b8],0
pop ebx
jne @f

mov [esp+30],0 //<<Here is the value I need, which I need to change to 0
movss xmm0,[eax+04]
jmp return

@@:
movss xmm0,[eax+04]
jmp return

address:
jmp newmem
return:

[DISABLE]

address:
db bytes
// movss xmm0,[eax+04]

dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "RelicCoH2.exe"+F75762

"RelicCoH2.exe"+F75741: F3 0F 58 40 1C - addss xmm0,[eax+1C]
"RelicCoH2.exe"+F75746: F3 0F 11 40 1C - movss [eax+1C],xmm0
"RelicCoH2.exe"+F7574B: C2 04 00 - ret 0004
"RelicCoH2.exe"+F7574E: CC - int 3
"RelicCoH2.exe"+F7574F: CC - int 3
"RelicCoH2.exe"+F75750: 8B C1 - mov eax,ecx
"RelicCoH2.exe"+F75752: 8B 4C 24 04 - mov ecx,[esp+04]
"RelicCoH2.exe"+F75756: F3 0F 10 00 - movss xmm0,[eax]
"RelicCoH2.exe"+F7575A: F3 0F 5C 01 - subss xmm0,[ecx]
"RelicCoH2.exe"+F7575E: F3 0F 11 00 - movss [eax],xmm0
// ---------- INJECTING HERE ----------
"RelicCoH2.exe"+F75762: F3 0F 10 40 04 - movss xmm0,[eax+04]
// ---------- DONE INJECTING ----------
"RelicCoH2.exe"+F75767: F3 0F 5C 41 04 - subss xmm0,[ecx+04]
"RelicCoH2.exe"+F7576C: F3 0F 11 40 04 - movss [eax+04],xmm0
"RelicCoH2.exe"+F75771: F3 0F 10 40 08 - movss xmm0,[eax+08]
"RelicCoH2.exe"+F75776: F3 0F 5C 41 08 - subss xmm0,[ecx+08]
"RelicCoH2.exe"+F7577B: F3 0F 11 40 08 - movss [eax+08],xmm0
"RelicCoH2.exe"+F75780: F3 0F 10 40 0C - movss xmm0,[eax+0C]
"RelicCoH2.exe"+F75785: F3 0F 5C 41 0C - subss xmm0,[ecx+0C]
"RelicCoH2.exe"+F7578A: F3 0F 11 40 0C - movss [eax+0C],xmm0
"RelicCoH2.exe"+F7578F: F3 0F 10 40 10 - movss xmm0,[eax+10]
"RelicCoH2.exe"+F75794: F3 0F 5C 41 10 - subss xmm0,[ecx+10]
}
Back to top
View user's profile Send private message
TheyCallMeTim13
Wiki Contributor
Reputation: 13

Joined: 24 Feb 2017
Posts: 386
Location: Right Here Buddy.

PostPosted: Tue Jan 09, 2018 4:31 pm    Post subject: Reply with quote

Code looks mostly OK.
But the "lea ebx,[esi]" would be the same as "mov ebx,esi", is this your intention?

LEA

And you my need to push and pop the flags registry, because of the compare.

_________________
A: What manner of man are you that can summon up fire without flint or tinder?
T: I... am an enchanter.
Back to top
View user's profile Send private message
thirst for knowledge
Newbie cheater
Reputation: 0

Joined: 15 Jan 2014
Posts: 23
Location: Russia

PostPosted: Wed Jan 10, 2018 4:33 am    Post subject: Reply with quote

TheyCallMeTim13 wrote:
Code looks mostly OK.
But the "lea ebx,[esi]" would be the same as "mov ebx,esi", is this your intention?

LEA

And you my need to push and pop the flags registry, because of the compare.

Yes, this is my intention, to push and pop the flags registry, how to do it ?
I get an error when I take the esi register for comparison. How can I fix it?
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 9

Joined: 01 Feb 2016
Posts: 867

PostPosted: Wed Jan 10, 2018 5:20 am    Post subject: Reply with quote

Code:
pushfd // pushes all eflags (32-bit) registers

Code:
popfd // pops all  eflags (32-bit) registers

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
patched cheat engine tutorials
Memory Hacker
Back to top
View user's profile Send private message Visit poster's website
TheyCallMeTim13
Wiki Contributor
Reputation: 13

Joined: 24 Feb 2017
Posts: 386
Location: Right Here Buddy.

PostPosted: Wed Jan 10, 2018 5:41 am    Post subject: Reply with quote

But why use "Load Effective Address" and push and pop the registry when it will be the same value as "ESI", may I ask?

EDIT:
Code:
newmem:
   code:
      pushfd
      cmp [esi+1b8],0
      jne @f
         mov [esp+30],0 //<<Here is the value I need, which I need to change to 0
      @@:
      movss xmm0,[eax+04]

      popfd
      jmp return


address:
   jmp newmem
   return:


[DISABLE]
address:
   db bytes
   // movss xmm0,[eax+04]

dealloc(newmem)

_________________
A: What manner of man are you that can summon up fire without flint or tinder?
T: I... am an enchanter.
Back to top
View user's profile Send private message
thirst for knowledge
Newbie cheater
Reputation: 0

Joined: 15 Jan 2014
Posts: 23
Location: Russia

PostPosted: Wed Jan 10, 2018 6:22 am    Post subject: Reply with quote

TheyCallMeTim13 wrote:
But why use "Load Effective Address" and push and pop the registry when it will be the same value as "ESI", may I ask?

EDIT:
Code:
newmem:
   code:
      pushfd
      cmp [esi+1b8],0
      jne @f
         mov [esp+30],0 //<<Here is the value I need, which I need to change to 0
      @@:
      movss xmm0,[eax+04]

      popfd
      jmp return


address:
   jmp newmem
   return:


[DISABLE]
address:
   db bytes
   // movss xmm0,[eax+04]

dealloc(newmem)



Sorry, I'm still poorly versed in assembler so I make mistakes. Your option also does not work and gives an error. I expect that if the instruction works with a lot of addresses then you need to write down an additional comparison filter. At the breakpoint breakpoint, you can see that EBX=1

cmp [eax+140],"default" << Can I use this option?
Back to top
View user's profile Send private message
TheyCallMeTim13
Wiki Contributor
Reputation: 13

Joined: 24 Feb 2017
Posts: 386
Location: Right Here Buddy.

PostPosted: Wed Jan 10, 2018 7:02 am    Post subject: Reply with quote

thirst for knowledge wrote:

...
Sorry, I'm still poorly versed in assembler so I make mistakes. Your option also does not work and gives an error. I expect that if the instruction works with a lot of addresses then you need to write down an additional comparison filter. At the breakpoint breakpoint, you can see that EBX=1

cmp [eax+140],"default" << Can I use this option?


If you want to compare "[eax+140]" to the string "default" then just brack it up in 4 byte increments (on 32 bit, or 8 byte increments on 64 bit).

So on 32 bit:
Code:
cmp [eax+140],'defa'
jne @f
cmp [eax+144],'ult'0
jne @f

_________________
A: What manner of man are you that can summon up fire without flint or tinder?
T: I... am an enchanter.
Back to top
View user's profile Send private message
thirst for knowledge
Newbie cheater
Reputation: 0

Joined: 15 Jan 2014
Posts: 23
Location: Russia

PostPosted: Wed Jan 10, 2018 7:16 am    Post subject: TheyCallMeTim13 Reply with quote

with this option the game does not yet produce an error

cmp [eax+140],"default"
jne @f

cmp ebx,1
jne @f
mov [esp+30],(float)0

@@:

subss xmm0,[ecx]
movss [eax],xmm0
jmp return


But still I want to understand why there is an error when I use the register Esi ? And why there is an error with Pushfd and Popfd ?
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 9

Joined: 01 Feb 2016
Posts: 867

PostPosted: Wed Jan 10, 2018 7:24 am    Post subject: Reply with quote

debug your code to catch the error.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
patched cheat engine tutorials
Memory Hacker
Back to top
View user's profile Send private message Visit poster's website
TheyCallMeTim13
Wiki Contributor
Reputation: 13

Joined: 24 Feb 2017
Posts: 386
Location: Right Here Buddy.

PostPosted: Wed Jan 10, 2018 7:33 am    Post subject: Reply with quote

Well the push and pop of the flags, is because you may be in between a compare that sets the flags and a comparative jump that checks the flags.

But the rest you will just have to debug the code to find out.
You can set conditional break points to help.

_________________
A: What manner of man are you that can summon up fire without flint or tinder?
T: I... am an enchanter.
Back to top
View user's profile Send private message
thirst for knowledge
Newbie cheater
Reputation: 0

Joined: 15 Jan 2014
Posts: 23
Location: Russia

PostPosted: Wed Jan 10, 2018 7:34 am    Post subject: OldCheatEngineUser Reply with quote

How do I debug the code if I get an error right after the script is activated. The instruction works on access.
How do I write a value on the stack if it does not work on instructions that work for writing?
Here is an example-
//
fstp dword ptr [eax]
cmp ebp,08
jmp return

"mov [esp+30],(float)0" << How can I write down here that he would be handled by the instruction?
If I put access instructions on the dynamic address on the stack, can I get that from this?
Back to top
View user's profile Send private message
TheyCallMeTim13
Wiki Contributor
Reputation: 13

Joined: 24 Feb 2017
Posts: 386
Location: Right Here Buddy.

PostPosted: Wed Jan 10, 2018 7:46 am    Post subject: Reply with quote

Quote:

How do I debug the code if I get an error right after the script is activated.

Set a break point be for the injection point then inject and step though the code.

And the rest sounds like you are trying to write to the value before it is written to, and thus gets over-written.

And if this is a One hit Kill cheat then you may need to set the value just above zero.

_________________
A: What manner of man are you that can summon up fire without flint or tinder?
T: I... am an enchanter.
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 9

Joined: 01 Feb 2016
Posts: 867

PostPosted: Wed Jan 10, 2018 7:48 am    Post subject: Reply with quote

thirst for knowledge wrote:
How do I debug the code if I get an error right after the script is activated.

place a break-point on the instruction before you activate the script.

thirst for knowledge wrote:
The instruction works on access.

there is limitation for complex games, where different code segments may access the address for multiple reasons.
i would recommend to debug the original code before activating the script (just couple instructions) and see how things behave (conditions, flags) then build your code in a way that dont corrupt the original function.

otherwise go for the simplest way, hook the instruction that write to your address.

one more thing, try to explain your code and whats this and that so others can help or at least have a clue about whats going on.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
patched cheat engine tutorials
Memory Hacker
Back to top
View user's profile Send private message Visit poster's website
thirst for knowledge
Newbie cheater
Reputation: 0

Joined: 15 Jan 2014
Posts: 23
Location: Russia

PostPosted: Wed Jan 10, 2018 8:17 am    Post subject: TheyCallMeTim13 and OldCheatEngineUser Reply with quote

This instruction works not only with game resources but also with the architecture of the game as a whole. In the stack of this introduction is the price of troops and resources. The problem is I tried to debug the code, but it's going to endless loop right after the breccount activation. To make it so that the instruction worked for me I think it can not be done, only if I go out on it with other instructions


Screen.png
 Description:
 Filesize:  206.36 KB
 Viewed:  1402 Time(s)

Screen.png


Back to top
View user's profile Send private message
Csimbi
Grandmaster Cheater Supreme
Reputation: 67

Joined: 14 Jul 2007
Posts: 1976

PostPosted: Thu Jan 11, 2018 12:22 pm    Post subject: Reply with quote

Instead of debugging, I suggest you run a trace.
You can check everything, even if it crashes.
Good luck!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites