Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Adding Counter to Memory
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
zxar7
Newbie cheater
Reputation: 0

Joined: 13 Jul 2014
Posts: 16

PostPosted: Sat Mar 21, 2020 11:22 am    Post subject: Adding Counter to Memory Reply with quote

I want to add the counter of specific address that accesse to other specific address to address in the memory in type 4 bytes.

just like in the picture I want to add the counter that I signaled to address in the memory that I could use it in another program. I thought about using AA script but I did not succssed.

In the end I want to save it because if it increasing I have dropped an item on the ground and I try to make a collector bot



111.PNG
 Description:
 Filesize:  10.99 KB
 Viewed:  2489 Time(s)

111.PNG


Back to top
View user's profile Send private message
DanyDollaro
Master Cheater
Reputation: 3

Joined: 01 Aug 2019
Posts: 334

PostPosted: Sat Mar 21, 2020 2:45 pm    Post subject: Reply with quote

As you said, do it with an AA script.
and possibly post something more on the code, so I can only give you some hints on the code to inject.

Code:
...
alloc(counter, 4)

code:
inc dword [counter]
mov edi, ebx
....
Back to top
View user's profile Send private message
zxar7
Newbie cheater
Reputation: 0

Joined: 13 Jul 2014
Posts: 16

PostPosted: Sat Mar 21, 2020 5:44 pm    Post subject: Reply with quote

DanyDollaro wrote:
As you said, do it with an AA script.
and possibly post something more on the code, so I can only give you some hints on the code to inject.

Code:
...
alloc(counter, 4)

code:
inc dword [counter]
mov edi, ebx
....


how I would know what is the base address of the counter? I need a base address so I could use it on other program
Back to top
View user's profile Send private message
DanyDollaro
Master Cheater
Reputation: 3

Joined: 01 Aug 2019
Posts: 334

PostPosted: Sun Mar 22, 2020 3:10 am    Post subject: Reply with quote

Code:
[ENABLE]
...
alloc(counter, 4)
registersymbol(counter)

code:
inc dword [counter]
mov edi, ebx

[DISABLE]
unregistersymbol(counter)
dealloc(counter)
....


If in any script you use the word "counter" it will be replaced with its address, you can also add it to the cheat table
Back to top
View user's profile Send private message
zxar7
Newbie cheater
Reputation: 0

Joined: 13 Jul 2014
Posts: 16

PostPosted: Sun Mar 22, 2020 5:55 am    Post subject: Reply with quote

DanyDollaro wrote:
Code:
[ENABLE]
...
alloc(counter, 4)
registersymbol(counter)

code:
inc dword [counter]
mov edi, ebx

[DISABLE]
unregistersymbol(counter)
dealloc(counter)
....


If in any script you use the word "counter" it will be replaced with its address, you can also add it to the cheat table


I discovered that the parameter that changes is the esi registry. so I used a condition that if the esi equall to xxx so the counter will be 1, else it will be zero. but the game crash every time the condition is true.

this is the code:



Code:

[ENABLE]

assert(address,bytes)
alloc(newmem,$1000)
alloc(counter, 4)

label(code)
label(return)
registersymbol(counter)
label(increase)
label(original)
newmem:

code:
  mov edi,ebx
  repe movsd
  mov eax,[esp+20]
  jmp return

address:
  jmp newmem
  nop 3
return:
  cmp esi, 185F2CDC
  je increase
  jne original
increase:
  mov [counter], 1

original:
  mov [counter], 0

[DISABLE]




can you help me and tell me what wrong with this code?[/code]
Back to top
View user's profile Send private message
DanyDollaro
Master Cheater
Reputation: 3

Joined: 01 Aug 2019
Posts: 334

PostPosted: Sun Mar 22, 2020 5:47 pm    Post subject: Reply with quote

In the script you writed the function:
Code:
assert(address,bytes)

is useless.

In these instructions the counter is not incrementing:
Code:
mov [counter], 1
...
mov [counter], 0


in 'mov [counter], 1' You are moving the value 1 on the counter, so if the counter has the value 1 it will not be increased but will simply be overwritten with another 1.

in 'mov [counter], 0' Same thing as I said before, you are not decrementing the counter, assuming that the counter has the value 100, this instruction does not decrease it but moves it to 0.

You should change them to:
Code:
inc [counter]
...
dec [counter]


Are you sure about this instruction?:
Code:
cmp esi, 185F2CDC

it's not by chance:
Code:
cmp esi, [185F2CDC]

check it out a bit Smile.

Then there are other errors but for now try this script:

Code:
[ENABLE]
alloc(newmem,$1000)
alloc(counter, 4)

registersymbol(counter)

label(code)
label(return)

lable(comparison)
label(increase)
label(decrement)

newmem:

code:
  mov edi,ebx
  repe movsd
  mov eax,[esp+20]
  jmp comparsion

address: // In the code sketch you sent I don't see any reference to "address"
  jmp newmem
  nop 3

comparison:
  cmp esi, 185F2CDC // if don't work change this line with: cmp esi, [185F2CDC]
  je increase
  jmp decrement // Probably what you want to do is not decrease it but don't make it vary, if so change it with: jmp return

increase:
  inc [counter]

decrement:
  dec [counter]

return:


I have not tested it but I think it is so.


Last edited by DanyDollaro on Mon Mar 23, 2020 9:16 am; edited 2 times in total
Back to top
View user's profile Send private message
zxar7
Newbie cheater
Reputation: 0

Joined: 13 Jul 2014
Posts: 16

PostPosted: Mon Mar 23, 2020 4:50 am    Post subject: Reply with quote

DanyDollaro wrote:
In the script you created the function:
Code:
assert(address,bytes)

is useless.

In these instructions the counter is not incrementing:
Code:
mov [counter], 1
...
mov [counter], 0


in 'mov [counter], 1' You are moving the value 1 on the counter, so if the counter has the value 1 it will not be increased but will simply be overwritten with another 1.

in 'mov [counter], 0' Same thing as I said before, you are not decrementing the counter, assuming that the counter has the value 100, this instruction does not decrease it but moves it to 0.

You should change them to:
Code:
inc [counter], 1
...
inc [counter], 0


Are you sure about this instruction?:
Code:
cmp esi, 185F2CDC

it's not by chance:
Code:
cmp esi, [185F2CDC]

check it out a bit Smile.

Then there are other errors but for now try this script:

Code:
[ENABLE]
alloc(newmem,$1000)
alloc(counter, 4)

registersymbol(counter)

label(code)
label(return)

lable(comparison)
label(increase)
label(decrement)

newmem:

code:
  mov edi,ebx
  repe movsd
  mov eax,[esp+20]
  jmp comparsion

address: // In the code sketch you sent I don't see any reference to "address"
  jmp newmem
  nop 3

comparison:
  cmp esi, 185F2CDC // if don't work change this line with: cmp esi, [185F2CDC]
  je increase
  jmp decrement // Probably what you want to do is not decrease it but don't make it vary, if so change it with: jmp return

increase:
  inc [counter]

decrement:
  dec [counter]

return:


I have not tested it but I think it is so.



I tried them both but not working, the game crash. I belive its because when
when the item on the ground its adds 1, so in a second the counter is 300000 so the game crash.
so I want to use the counter as boolean variable so if its 1 the item on the ground if its 0 its not. and I want to do it with multi condition so its will jump to increase only if esi == 185F2CDC AND counter's value is 0, and if esi != 185F2CDC AND counter's value == 1 its will jump to decrease.

I tried this code:

Code:
[ENABLE]

assert(address,bytes)
alloc(newmem,$1000)
alloc(counter,4)

label(code)
label(return)
registersymbol(counter)
label(comparison)
label(increase)
label(decrement)


newmem:

code:
  mov edi,ebx
  repe movsd
  mov eax,[esp+20]
  jmp return

address:
  jmp newmem
  nop 3

comparison:
  cmp esi, 185F2CDC // if don't work change this line with: cmp esi, [185F2CDC]
  jne return
  cmp [counter], 0
  je increase
  cmp [counter], 1
  jmp decrement // Probably what you want to do is not decrease it but don't make it vary, if so change it with: jmp return

increase:
  mov [counter], 1

decrement:
  mov [counter], 0

return:

[DISABLE]
unregistersymbol(counter)
dealloc(counter)


but the game keep crashing, and I use 'cmp esi, xxxxx' because the value in the esi registry is the address
Back to top
View user's profile Send private message
panraven
Grandmaster Cheater
Reputation: 54

Joined: 01 Oct 2008
Posts: 941

PostPosted: Mon Mar 23, 2020 6:59 am    Post subject: Reply with quote

My attempt to modify your code, hope it help.
Please double check if there's typo before activate the code.
Code:

[ENABLE]

assert(address,bytes)
alloc(newmem,$1000)
alloc(counter,4)

label(code)
label(return)
registersymbol(counter)
label(comparison)
label(increase)
label(decrement)

/////// <CAVE CODE START>

newmem:

code:
////// COPY-ed Original Code START
  mov edi,ebx
  repe movsd
  mov eax,[esp+20]
//////  COPY-ed Original Code END
//////
////// Start do your modification
  jmp comparison///// previous: jmp return   
                ///// even the crash solved, this jump will not reach 'comparision'
                ///// you might need to keep DanyDollaro's jump to comparison

//// address:      ----- this should be hack point in game code
////  jmp newmem   ----- if it located here, then the following label
////  nop 3        ----- 'comparison' will be in game code, it then crash
////               ----- you game when it is reached.
////               ----- Instead it should followed by 'return'
////               ----- (means <return to game code from cave code>, right?)
////               ----- and other label should be in cave code (allocated newmem)
////               ----- so this part should be below other cave code label in this AA script

///// CONTINUE CAVE CODE
comparison:
  cmp esi, 185F2CDC // if don't work change this line with: cmp esi, [185F2CDC]
  jne @f              ///// no match, jump to second test
  cmp [counter], 0
  je increase         ///// match 1st condition
@@:   ////// second test
  cmp esi, 185F2CDC   ///// test for second condition
  je  return          ///// no match so return
  cmp [counter], 1
  je  decrement       ///// match second condition
  jmp return          ///// no match so return

increase:
  mov [counter], 1
  jmp return          ///// jump return (in game code) 

decrement:
  mov [counter], 0
  jmp return          ///// jump return (in game code) 
/////// <CAVE CODE END>



/////// <GAME CODE hack point START>
/////// place hack point in game code here
address: 
  jmp newmem
  nop 3   

return:
/////// <GAME CODE hack point END>


_________________
- Retarded.
Back to top
View user's profile Send private message
zxar7
Newbie cheater
Reputation: 0

Joined: 13 Jul 2014
Posts: 16

PostPosted: Mon Mar 23, 2020 8:00 am    Post subject: Reply with quote

panraven wrote:
My attempt to modify your code, hope it help.
Please double check if there's typo before activate the code.
Code:

[ENABLE]

assert(address,bytes)
alloc(newmem,$1000)
alloc(counter,4)

label(code)
label(return)
registersymbol(counter)
label(comparison)
label(increase)
label(decrement)

/////// <CAVE CODE START>

newmem:

code:
////// COPY-ed Original Code START
  mov edi,ebx
  repe movsd
  mov eax,[esp+20]
//////  COPY-ed Original Code END
//////
////// Start do your modification
  jmp comparison///// previous: jmp return   
                ///// even the crash solved, this jump will not reach 'comparision'
                ///// you might need to keep DanyDollaro's jump to comparison

//// address:      ----- this should be hack point in game code
////  jmp newmem   ----- if it located here, then the following label
////  nop 3        ----- 'comparison' will be in game code, it then crash
////               ----- you game when it is reached.
////               ----- Instead it should followed by 'return'
////               ----- (means <return to game code from cave code>, right?)
////               ----- and other label should be in cave code (allocated newmem)
////               ----- so this part should be below other cave code label in this AA script

///// CONTINUE CAVE CODE
comparison:
  cmp esi, 185F2CDC // if don't work change this line with: cmp esi, [185F2CDC]
  jne @f              ///// no match, jump to second test
  cmp [counter], 0
  je increase         ///// match 1st condition
@@:   ////// second test
  cmp esi, 185F2CDC   ///// test for second condition
  je  return          ///// no match so return
  cmp [counter], 1
  je  decrement       ///// match second condition
  jmp return          ///// no match so return

increase:
  mov [counter], 1
  jmp return          ///// jump return (in game code) 

decrement:
  mov [counter], 0
  jmp return          ///// jump return (in game code) 
/////// <CAVE CODE END>



/////// <GAME CODE hack point START>
/////// place hack point in game code here
address: 
  jmp newmem
  nop 3   

return:
/////// <GAME CODE hack point END>



why you used only jmp in the increase and decrease section? I tried to use only jump but CE do not accept it
Back to top
View user's profile Send private message
panraven
Grandmaster Cheater
Reputation: 54

Joined: 01 Oct 2008
Posts: 941

PostPosted: Mon Mar 23, 2020 8:19 am    Post subject: Reply with quote

zxar7 wrote:
panraven wrote:

...
Code:

...
  je  decrement       ///// match second condition
  jmp return          ///// no match so return

increase:
  mov [counter], 1
  jmp return          ///// jump return (in game code)

decrement:
  mov [counter], 0
  jmp return          ///// jump return (in game code)
/////// <CAVE CODE END>

////// without the 'jmp return' problem may be arised.
////// there should follow some zero-bytes in code cave, which might
////// eventually meet the unallocated memory region and cause crash

/////// <GAME CODE hack point START>
/////// place hack point in game code here
address:
  jmp newmem
  nop 3   
return:
/////// <GAME CODE hack point END>
...


why you used only jmp in the increase and decrease section? I tried to use only jump but CE do not accept it


I'm not getting what you means...
what's the relevant code and error message if any?

_________________
- Retarded.
Back to top
View user's profile Send private message
zxar7
Newbie cheater
Reputation: 0

Joined: 13 Jul 2014
Posts: 16

PostPosted: Mon Mar 23, 2020 8:47 am    Post subject: Reply with quote

panraven wrote:
zxar7 wrote:
panraven wrote:

...
Code:

...
  je  decrement       ///// match second condition
  jmp return          ///// no match so return

increase:
  mov [counter], 1
  jmp return          ///// jump return (in game code)

decrement:
  mov [counter], 0
  jmp return          ///// jump return (in game code)
/////// <CAVE CODE END>

////// without the 'jmp return' problem may be arised.
////// there should follow some zero-bytes in code cave, which might
////// eventually meet the unallocated memory region and cause crash

/////// <GAME CODE hack point START>
/////// place hack point in game code here
address:
  jmp newmem
  nop 3   
return:
/////// <GAME CODE hack point END>
...


why you used only jmp in the increase and decrease section? I tried to use only jump but CE do not accept it


I'm not getting what you means...
what's the relevant code and error message if any?


now the origianl code you wrote is working but the counter is not increasing.

I added two pic, before and after the AA.


here is full detail:

Code:
01EB0000 - 8B FB  - mov edi,ebx <<
01EB0002 - F3 A5 - repe movsd
01EB0004 - 8B 44 24 20  - mov eax,[esp+20]

EAX=0019E154
EBX=0019E600
ECX=00000112
EDX=012A381C
ESI=185F2CDC
EDI=0019E604
ESP=0019E144
EBP=181DE288
EIP=01EB0002




122.PNG
 Description:
After
 Filesize:  10.36 KB
 Viewed:  2318 Time(s)

122.PNG



121.PNG
 Description:
Before
 Filesize:  9.53 KB
 Viewed:  2318 Time(s)

121.PNG


Back to top
View user's profile Send private message
panraven
Grandmaster Cheater
Reputation: 54

Joined: 01 Oct 2008
Posts: 941

PostPosted: Mon Mar 23, 2020 9:14 am    Post subject: Reply with quote

It likely depend on what this line means, which is part of the condition to toggle your value at counter.
Code:

cmp esi, 185F2CDC

or does it really means what DanyDollaro suggested
Code:

cmp esi,[185F2CDC]

or if the value 185F2CDC is correct, ie. it may cause crash if it is an unreadable address etc.

_________________
- Retarded.
Back to top
View user's profile Send private message
zxar7
Newbie cheater
Reputation: 0

Joined: 13 Jul 2014
Posts: 16

PostPosted: Mon Mar 23, 2020 9:18 am    Post subject: Reply with quote

panraven wrote:
It likely depend on what this line means, which is part of the condition to toggle your value at counter.
Code:

cmp esi, 185F2CDC

or does it really means what DanyDollaro suggested
Code:

cmp esi,[185F2CDC]

or if the value 185F2CDC is correct, ie. it may cause crash if it is an unreadable address etc.


I always make sure to compare between those code

Code:

01EB0000 - 8B FB  - mov edi,ebx <<
01EB0002 - F3 A5 - repe movsd
01EB0004 - 8B 44 24 20  - mov eax,[esp+20]

EAX=0019E154
EBX=0019E600
ECX=00000112
EDX=012A381C
ESI=185F2CDC
EDI=0019E604
ESP=0019E144
EBP=181DE288
EIP=01EB0002


its always changing the ESI=xxxx but I am currect it on the code. I keep it the same value at this fourm so it could be easier to help me Smile

I tried both of the methodes. when I do cmp esi, address the game not crashing, but when I do cmp esi, [address] its is crashing. and when I enable and disable the AA I see another adress that access to the original item's name address.
Back to top
View user's profile Send private message
DanyDollaro
Master Cheater
Reputation: 3

Joined: 01 Aug 2019
Posts: 334

PostPosted: Mon Mar 23, 2020 9:32 am    Post subject: Reply with quote

I realized I was wrong to write some code that I have now corrected but the final script was completely correct, and in any case in my opinion if you found that code that acts on the items that are dropped on the ground you could find the entity list of those item.

And anyway reading this part of panraven's code:
panraven wrote:
Code:
//// address:      ----- this should be hack point in game code
////  jmp newmem   ----- if it located here, then the following label
////  nop 3        ----- 'comparison' will be in game code, it then crash
////               ----- you game when it is reached.
////               ----- Instead it should followed by 'return'
////               ----- (means <return to game code from cave code>, right?)
////               ----- and other label should be in cave code (allocated newmem)


I would not be wrong but if 'address' would have been defined it would not have been compiled in the middle of the code for comparison but would have injected the code written in the label at its defined address.
Back to top
View user's profile Send private message
panraven
Grandmaster Cheater
Reputation: 54

Joined: 01 Oct 2008
Posts: 941

PostPosted: Mon Mar 23, 2020 9:38 am    Post subject: Reply with quote

I see, so

1. cmp esi, 185F2CDC is the right code;
2. the problem is the test run after repe movsd, which might changed esi,edi after this code (confirmed) ;
3. place the condition check BEFORE the repe movsd should work anyway.

Try modify like this
Code:

newmem:
  call  comparison   //// do the test subroutine before original code
code:

  mov edi,ebx
  repe movsd
  mov eax,[esp+20]

  jmp return    ////// we make comparison before original code, so return game code here


///// make it a subroutine now      ///CONTINUE CAVE CODE
comparison:
  cmp esi, 185F2CDC // if don't work change this line with: cmp esi, [185F2CDC]
  jne @f              ///// no match, jump to second test
  cmp [counter], 0
  je increase         ///// match 1st condition
@@:   ////// second test
  cmp esi, 185F2CDC   ///// test for second condition
  je  @f          ///// @f this is a unnamed label refer to [b]next label[/b], which is the "@@" below, we's our intent to 'ret' from subroutine
  cmp [counter], 1
  je  decrement       ///// match second condition
@@:
  ret          ///// no match so ret (not return :)

increase:
  mov [counter], 1
  ret          /////

decrement:
  mov [counter], 0
  ret          /////




address:
  jmp newmem
  nop 3   

return:

_________________
- Retarded.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites