|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Drivium Advanced Cheater Reputation: 0
Joined: 16 Apr 2013 Posts: 97
|
Posted: Tue Mar 24, 2020 9:10 pm Post subject: Help with AOB injection copy script |
|
|
So, using this tutorial https://youtu.be/GeDv8_474HI?t=524, I'm trying to do an injection copy. I allocated memory for r13 and rbx. I'm expecting r13+rbx to point to my value, but it's not. Is it clear where I'm going wrong? The dude in the video makes it seem to easy. lol Thanks in advance.
Code: | [ENABLE]
aobscan(INJECT,45 89 74 1D 00 29 C3 89 5C 24 20) // should be unique
alloc(newmem,$1000,1BE15105945)
label(code)
label(return)
globalalloc(base,4) //code I added
globalalloc(base1,4) //code I added
newmem:
code:
mov [base],r13 //code I added
mov [base1],rbx //code I added
mov [r13+rbx+00],r14d
jmp return
INJECT:
jmp newmem
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 45 89 74 1D 00
unregistersymbol(INJECT)
dealloc(newmem)
|
[/url]
Description: |
|
Filesize: |
190.67 KB |
Viewed: |
1871 Time(s) |
|
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Tue Mar 24, 2020 10:25 pm Post subject: |
|
|
base and base1 allocs should be 8 bytes each, not 4. r14 and rbx are 8-byte registers; however, rbx looks like it's holding a 32-bit value, so using the 32-bit ebx register instead might be "more correct," but that's pedantic. This is more idealistic than practical since unique globalallocs are 16-byte aligned.
The third argument to the newmem alloc should be INJECT (the template gets this wrong last I checked).
base and base1 aren't guaranteed to be close enough to newmem to directly address them like that in a 64-bit environment. Define and register the symbols in the newmem alloc, add a third parameter to the globalallocs and pass the argument INJECT, or access them indirectly through a register:
Code: | mov [r13+rbx+00],r14d
// value in r14 looks like it's not accessed again after the above instruction
mov r14,base
mov [r14],r13
mov r14,base1
mov [r14],rbx
... |
Remove that last offset 00 in the memory record. If you got the base and first offset correct by luck, you should think about what's going on a bit more. Hint: square brackets mean "read the value at this address." The CE tutorial has more examples of pointers.
Did you check if that instruction accesses more than just that address? Right click the instruction in the disassembler and select "Find out what addresses this instruction accesses".
If it does, it's probably getting the values from some other address. (I'm pretty certain this is the main problem)
The address in r13 (1BE4D8B0000) looks like the base of an emulated memory block. If you can find a good pointer to it (pointer scanner), you could just use that instead of code injection. Make sure the value's offset from the base (i.e. 4F5351A6) is consistent- I'd think it should be.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Drivium Advanced Cheater Reputation: 0
Joined: 16 Apr 2013 Posts: 97
|
Posted: Wed Mar 25, 2020 8:27 am Post subject: |
|
|
You are correct that this is an emulated game. I desperately want to learn this. I make a lot of cheat tables for the CEMU emulator, mostly using aob, but on so many occasions - they don't work for other people. People seem to make cheats for emulators that are more widely compatible, so it seems there's something they know that I don't. I need a reliable to way to make cheats and share them.
I'm not sure I'm following your recommendation. Do you have an example of the inject piece you mentioned?
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|