View previous topic :: View next topic |
Author |
Message |
Merhurijus Newbie cheater Reputation: 0
Joined: 09 Jun 2018 Posts: 17
|
Posted: Sat Nov 30, 2019 8:19 pm Post subject: Need help with compare (CMP) |
|
|
No idea what I'm doing wrong, but whenever I try this on any game (this time it was Undermine) game crashes, I'm lost, need help.
code:
img ur. com/a/ItOE9D8
dissect structure:
img ur. com/a/T1dj1y2 |
|
Back to top |
|
|
DanyDollaro Master Cheater Reputation: 3
Joined: 01 Aug 2019 Posts: 334
|
Posted: Sat Nov 30, 2019 8:51 pm Post subject: |
|
|
have you tried to do so?
Code: | newmem:
cmp [rbx+134],0
jne code
mov rcx, rbx // <--- this
jmp return
code:
mov [rbx+6C], eax
mov rcx, rbx
jmp return
infHealth:
jmp newmem
nop |
Or the problem can that the JMPs used for the transition between the injection point and newmem are larger than expected, but you should easily find the error if you debug the code (unless the game has a code injection protection) |
|
Back to top |
|
|
Merhurijus Newbie cheater Reputation: 0
Joined: 09 Jun 2018 Posts: 17
|
Posted: Sun Dec 01, 2019 10:37 am Post subject: |
|
|
yeah that seems to work, thank you, but I did this instead:
Code: | newmem:
cmp [rbx+74],(float)0.25
jne code
nop
nop
nop
mov rcx,rbx
jmp return |
edit: after game restart script can't be activated
Last edited by Merhurijus on Sun Dec 01, 2019 12:58 pm; edited 1 time in total |
|
Back to top |
|
|
Merhurijus Newbie cheater Reputation: 0
Joined: 09 Jun 2018 Posts: 17
|
Posted: Mon Dec 02, 2019 7:30 am Post subject: |
|
|
Error while scanning for AOB's : INJECT Error: Not all results found
any idea how to fix this one?
I feel like address itself shifted places or something, cause everything around there in memory view is ????????? |
|
Back to top |
|
|
DanyDollaro Master Cheater Reputation: 3
Joined: 01 Aug 2019 Posts: 334
|
Posted: Mon Dec 02, 2019 8:37 am Post subject: |
|
|
Code: | aobscan(infHealth, 89 43 6C 48 8B CB 48 8D)
alloc(newmem, &1000, infHealth) |
Or try to use a bigger AOB (Every time you publish a script, do it on this forum and don't delete the blue comments you find at the end of the script otherwise you make it more difficult to help you) |
|
Back to top |
|
|
Csimbi I post too much Reputation: 94
Joined: 14 Jul 2007 Posts: 3110
|
Posted: Mon Dec 02, 2019 3:20 pm Post subject: |
|
|
Where the heck did you get that number for alloc?
That's way too far for a jump like that.
Replace that number with infHealth and that should fix it. |
|
Back to top |
|
|
Merhurijus Newbie cheater Reputation: 0
Joined: 09 Jun 2018 Posts: 17
|
Posted: Sat Dec 07, 2019 12:35 pm Post subject: |
|
|
after restart still doesn't work and that alloc size is default on aob injection template
Error while scanning for AOB's: InfHealth Error: Not all results found
Code: | [ENABLE]
aobscan(infHealth,89 43 6C 48 8B CB 48 8D) // should be unique
alloc(newmem,$1000,infHealth) // 24196EA2EE3
label(code)
label(return)
newmem:
cmp [rbx+74],(float)0.25
jne code
nop
nop
nop
mov rcx,rbx
jmp return
code:
mov [rbx+6C],eax
mov rcx,rbx
jmp return
infHealth:
jmp newmem
nop
return:
registersymbol(infHealth)
[DISABLE]
infHealth:
db 89 43 6C 48 8B CB
unregistersymbol(infHealth)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 24196EA2EE3
24196EA2EB0: 48 8B CB - mov rcx,rbx
24196EA2EB3: 66 66 90 - nop
24196EA2EB6: 49 BB 20 DE E6 96 41 02 00 00 - mov r11,0000024196E6DE20
24196EA2EC0: 41 FF D3 - call r11
24196EA2EC3: 4C 8B C0 - mov r8,rax
24196EA2EC6: 48 8B 8D 48 FD FF FF - mov rcx,[rbp-000002B8]
24196EA2ECD: 33 D2 - xor edx,edx
24196EA2ECF: 48 8D AD 00 00 00 00 - lea rbp,[rbp+00000000]
24196EA2ED6: 49 BB 30 C8 03 80 41 02 00 00 - mov r11,000002418003C830
24196EA2EE0: 41 FF D3 - call r11
// ---------- INJECTING HERE ----------
24196EA2EE3: 89 43 6C - mov [rbx+6C],eax
24196EA2EE6: 48 8B CB - mov rcx,rbx
// ---------- DONE INJECTING ----------
24196EA2EE9: 48 8D 64 24 00 - lea rsp,[rsp+00]
24196EA2EEE: 49 BB 60 76 0D 80 41 02 00 00 - mov r11,00000241800D7660
24196EA2EF8: 41 FF D3 - call r11
24196EA2EFB: 48 8B C8 - mov rcx,rax
24196EA2EFE: 48 BA 60 75 87 AB 41 02 00 00 - mov rdx,00000241AB877560
24196EA2F08: 83 38 00 - cmp dword ptr [rax],00
24196EA2F0B: 66 66 90 - nop
24196EA2F0E: 49 BB 00 42 E7 83 41 02 00 00 - mov r11,0000024183E74200
24196EA2F18: 41 FF D3 - call r11
24196EA2F1B: 45 85 FF - test r15d,r15d
} |
|
|
Back to top |
|
|
DanyDollaro Master Cheater Reputation: 3
Joined: 01 Aug 2019 Posts: 334
|
Posted: Sun Dec 08, 2019 4:23 am Post subject: |
|
|
Have you searched the code again? does it exist at that time? did you notice if it's changed? have you tried using wildcards? |
|
Back to top |
|
|
Csimbi I post too much Reputation: 94
Joined: 14 Jul 2007 Posts: 3110
|
Posted: Sun Dec 08, 2019 5:08 am Post subject: |
|
|
Seems like the code did not exist when you scanned. |
|
Back to top |
|
|
Merhurijus Newbie cheater Reputation: 0
Joined: 09 Jun 2018 Posts: 17
|
Posted: Mon Dec 09, 2019 7:02 pm Post subject: |
|
|
it is unity based game, so maybe it works differently I heard something about mono features, is there any difference in doing it with mono instead of this method?
What is wildcard? |
|
Back to top |
|
|
Csimbi I post too much Reputation: 94
Joined: 14 Jul 2007 Posts: 3110
|
Posted: Tue Dec 10, 2019 5:56 am Post subject: |
|
|
Yeah, Unity-based games generate the executable code in runtime, only when it's needed.
So, the code won't exist until you will have used it at least once.
Wildcard
Last edited by Csimbi on Tue Dec 10, 2019 12:19 pm; edited 1 time in total |
|
Back to top |
|
|
Merhurijus Newbie cheater Reputation: 0
Joined: 09 Jun 2018 Posts: 17
|
Posted: Tue Dec 10, 2019 7:43 am Post subject: |
|
|
That helped... Thanks! |
|
Back to top |
|
|
|