Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Find values that I need but have trouble creating script

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Wombleinc
How do I cheat?
Reputation: 0

Joined: 03 Dec 2019
Posts: 8
PostPosted: Tue Dec 03, 2019 12:22 am    Post subject: Find values that I need but have trouble creating script Reply with quote
just to use Stardew Valley as an example.

This is the old script before 1.14
[ENABLE]

aobscan(unlimitedStamina,55 8B EC 56 50 8B F1 8B 8E EC) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:
ret

code:
push ebp
mov ebp,esp
push esi
push eax
jmp return

unlimitedStamina:
jmp newmem
return:
registersymbol(unlimitedStamina)

[DISABLE]

unlimitedStamina:
db 55 8B EC 56 50

unregistersymbol(unlimitedStamina)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: 1BDB0D20

""+1BDB0D09: C2 04 00 - ret 0004
""+1BDB0D0C: 00 00 - add [eax],al
""+1BDB0D0E: 00 00 - add [eax],al
""+1BDB0D10: 08 83 CA 1C 00 00 - or [ebx+00001CCA],al
""+1BDB0D16: 00 00 - add [eax],al
""+1BDB0D18: FC - cld
""+1BDB0D19: 82 CA 1C - or dl,1C
""+1BDB0D1C: 4C - dec esp
""+1BDB0D1D: 4D - dec ebp
""+1BDB0D1E: 7A 0F - jp 1BDB0D2F
// ---------- INJECTING HERE ----------
""+1BDB0D20: 55 - push ebp
""+1BDB0D21: 8B EC - mov ebp,esp
""+1BDB0D23: 56 - push esi
""+1BDB0D24: 50 - push eax
// ---------- DONE INJECTING ----------
""+1BDB0D25: 8B F1 - mov esi,ecx
""+1BDB0D27: 8B 8E EC 01 00 00 - mov ecx,[esi+000001EC]
""+1BDB0D2D: BA 58 CC 7A 0F - mov edx,0F7ACC58
""+1BDB0D32: E8 F1 58 0D F4 - call 0FE86628
""+1BDB0D37: 89 45 F8 - mov [ebp-08],eax
""+1BDB0D3A: DB 45 F8 - fild dword ptr [ebp-08]
""+1BDB0D3D: D9 5D F8 - fstp dword ptr [ebp-08]
""+1BDB0D40: D9 45 F8 - fld dword ptr [ebp-08]
""+1BDB0D43: 83 EC 04 - sub esp,04
""+1BDB0D46: D9 1C 24 - fstp dword ptr [esp]
}



This script is no longer working. My problem is I can find the value for stamina all day long. I also know how to find the value through Dissecting the data structures. What I don't quite understand yet is how the above script works.

Really the confusion is here:
code:
push ebp
mov ebp,esp
push esi
push eax
jmp return

unlimitedStamina:
jmp newmem
return:
registersymbol(unlimitedStamina)

[DISABLE]

unlimitedStamina:
db 55 8B EC 56 50

unregistersymbol(unlimitedStamina)
dealloc(newmem)

and I guess this part as well:

ORIGINAL CODE - INJECTION POINT: 1BDB0D20

Where do I start putting pieces together to learn how to build these things once I get the data i'm looking for?
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4724
PostPosted: Tue Dec 03, 2019 10:29 am    Post subject: Reply with quote
Whoever wrote that script doesn't understand what they're doing. It could be replaced with this:
Code:
[ENABLE]
aobscan(unlimitedStamina,55 8B EC 56 50 8B F1 8B 8E EC)
registersymbol(unlimitedStamina)

unlimitedStamina:
  ret

[DISABLE]
unlimitedStamina:
db 55 8B EC 56 50

unregistersymbol(unlimitedStamina)

The "original code - ..." part is just a comment- it's ignored and is just there to be read.
The code around the injection point is nice to have since you can use that to update the script if it's no longer working. Search for various sequences (or subsequences) of bytes around there, and maybe replace some with wildcards (e.g. the EC 01 00 00 in "mov ecx,[esi+1EC]"). Don't use the data above the injection point- that looks like pointers to somewhere else, not code.

Search for the AoB "55 8B EC 56 50 8B F1 8B 8E" (executable memory, not just writable), and for every result you get, go to that address in the disassembler and pick the one that looks closest to the code specified in the comment. Again, don't look at the data above the injection point- it's not actually code.

To do this completely on your own, you'll need to know how programs are written and translated into assembly. I'd guess an instruction in that function accesses something relating to stamina, and through experimentation, the author of that script realized stamina will never decrease if the containing function is never run (i.e. returns immediately).
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites