Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Memory and Scripting Questions

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
framePTR
How do I cheat?
Reputation: 0

Joined: 16 Jun 2020
Posts: 2
PostPosted: Tue Jun 16, 2020 7:28 am    Post subject: Memory and Scripting Questions Reply with quote
Hi,

I have some question related to AOB Scan and Assembly and I'd really appreciate if someone could clear that up for me.

So here we go:

a)

When I browse the memory region I can see a lot of 0x00 Bytes

i. imgur . com/ufoxmxp.png

CE tells me that those are add [rax], al opcodes but that doesn't make much
sense to me not only from the interpretation point but also what would be the value.

Do these really have values? Does the CPU really operate those commands and if so why is it
not dangerous since rax is dereferenced? Why are those not just NOP 0x90 ?

b)

Also when I browse memory regions I often see lots of 0xCC Breakpoint Opcodes that are not set by me, why is that?

i . imgur . com/IyGrLWR.png
c)

Last not least I have a little issue with understanding the Script

So I'll describe what I think what each does and it would be helpful if someone could confirm that.

[ENABLE]

aobscanmodule(INJECT,gtutorial-x86_64.exe,00 00 00 00 00 0A D7) = Searches for that AOB and puts the Address of the starting point into INJECT?
alloc(newmem,$1000,"gtutorial-x86_64.exe"+24125B) = newmem an Address were new allocated lays (gtutorial-x86_64.exe"+24125B?) that space
says it's just ?? what is the difference between ?? and NOP? I thought CE looks for close 0x00 bytes that can be just replaced?

I also have a understanding issue between symbols and labels as from an assembly point labels are just human names that will be later replaced with the correct offset why
do I need symbols then?

label(code) (jump point?)
label(return) (jump point?)

newmem: (nothing here i guess that is were we could start writing our stuff does it mean that if i write nothing and no jump back or anything that it will just go to code: label ? )

code:
(replaced code that needs to run? as this is what we replaced?)
add [rax],al
add [rax],al
add [rdx],cl
jmp return (why jump if we are done? , we just constantly call registersymbol on inject?)

INJECT:(AOB lets us start here?)
jmp newmem(we jump to newmem?)
nop
return:
registersymbol(INJECT)

[DISABLE]

INJECT:
db 00 00 00 00 00 0A (restore original code)

unregistersymbol(INJECT) (i dont know why i need a symbol instead of just a label)
dealloc(newmem) (remove data?)
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites