Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Game crashes after code injection - wrong assembler code

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Marc71
How do I cheat?
Reputation: 0

Joined: 20 Mar 2017
Posts: 4

PostPosted: Fri Apr 06, 2018 7:35 am    Post subject: Game crashes after code injection - wrong assembler code Reply with quote

Hi all,

I am trying to cheat at the game "Dungeons 2", GoG-Version.
Found a table from at fearlessrevolution (made by zanzer, posted by STN), but this does not work with gog, at least not with all cheats so I am trying to adapt the code. Would post the direct url to the table, but fearless is down at the moment.

Now there's a injection to activate god mode and one-hit-kill, but activation crashes the game after a few seconds.

Original code:
Code:

F0F0DA0: D9 45 EC                 -  fld dword ptr [ebp-14]
2F0F0DA3: D9 5D EC                 -  fstp dword ptr [ebp-14]
2F0F0DA6: D9 45 EC                 -  fld dword ptr [ebp-14]
2F0F0DA9: 8B 45 E8                 -  mov eax,[ebp-18]
// ---------- INJECTING HERE ----------
2F0F0DAC: D9 58 5C                 -  fstp dword ptr [eax+5C]
2F0F0DAF: 8D 45 F8                 -  lea eax,[ebp-08]
// ---------- DONE INJECTING  ----------
2F0F0DB2: D9 EE                    -  fldz
2F0F0DB4: D9 5D E0                 -  fstp dword ptr [ebp-20]
2F0F0DB7: D9 EE                    -  fldz
2F0F0DB9: D9 5D DC                 -  fstp dword ptr [ebp-24]
2F0F0DBC: D9 47 60                 -  fld dword ptr [edi+60]
2F0F0DBF: D9 5D DC                 -  fstp dword ptr [ebp-24]
2F0F0DC2: D9 45 DC                 -  fld dword ptr [ebp-24]
2F0F0DC5: D9 5D DC                 -  fstp dword ptr [ebp-24]
2F0F0DC8: D9 45 DC                 -  fld dword ptr [ebp-24]
2F0F0DCB: D9 EE                    -  fldz


now his injection:
Code:

[ENABLE]
aobscan(health,D9 58 5C 8D 45 F8)
alloc(newmem,$1000)

label(code)
label(return)
label(godmode)
label(onehit)
label(godmode_on)
label(onehit_on)

newmem:
  push eax
  mov eax,[eax+50]
  cmp [eax+20],1
  pop eax
  je godmode
  jmp onehit

godmode:
  cmp byte ptr [godmode_on],1
  jne code
  fstp st(0)
  fldz
  jmp code

onehit:
  cmp byte ptr [onehit_on],1
  jne code
  fstp st(0)
  fld [eax+60]

code:
  fstp dword ptr [eax+5C]
  lea eax,[ebp-08]
  jmp return

godmode_on:
  db 0
onehit_on:
  db 0

health:
  jmp newmem
  nop
return:
registersymbol(health)
registersymbol(godmode_on)
registersymbol(onehit_on)

[DISABLE]
health:
  db D9 58 5C 8D 45 F8
unregistersymbol(health)
unregistersymbol(godmode_on)
unregistersymbol(onehit_on)
dealloc(newmem)


If I comment out the first lines after newmem:
Code:

  push eax
  mov eax,[eax+50]
  cmp [eax+20],1
  pop eax


the game does not crash. But of course, it does not cheat, too.

So I tried to analyze the commands, do not make much sense since [eax+50] is 0... next try was to distinguish between player-chars and enemies by my own code for newmem, because it seems [ecx+54] is 0 for enemies:

Code:

  push ecx
  mov ecx, [eax+54]
  cmp [ecx],0
  pop ecx
  jne godmode
  jmp onehit


But guess what, it crashes the game. Using ECX is not working better.

I'm quite confident that I'm not seeing something obvious, but don't have the slightest idea what's wrong... Question

best regards,
Marc
Back to top
View user's profile Send private message
TheyCallMeTim13
Wiki Contributor
Reputation: 13

Joined: 24 Feb 2017
Posts: 386
Location: Right Here Buddy.

PostPosted: Fri Apr 06, 2018 10:24 am    Post subject: Reply with quote

if "[eax+50]" is zero then that's your problem, "[eax+50]" needs to be an accessible address. You can add "test eax,eax" then "jz code" before the "cmp [eax+20],1" line, but this will only stop the crashing and not fix the script, you need to find out what "[eax+50]" needs to be then find that address (i.e.: an update may have changed the offsets).
_________________
A: What manner of man are you that can summon up fire without flint or tinder?
T: I... am an enchanter.
Back to top
View user's profile Send private message
Marc71
How do I cheat?
Reputation: 0

Joined: 20 Mar 2017
Posts: 4

PostPosted: Sat Apr 07, 2018 12:03 am    Post subject: Reply with quote

Great, crash is fixed. Lesson learned, many tanks! Smile

Now I'll have to adjust the offsets / find the correct distinction between friend and foe...
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites