Cheat Engine

thirst for knowledge · Posted: Sat Nov 28, 2020 10:49 am Post subject: How to write a script correctly?

Hey. There is such a situation that there is not enough knowledge and experience, I ask for help. In general, the game is Dead State, I want to write a script so that the structure of the weapon parameters is used only by me, but the structure of the weapon is common. If I change the value in the structure (via a script) even by the identifier friend / foe, these values are propagated to the enemies. I'm trying to make the assignment of the effect I need to the weapon so that these changes would only affect the main character. I tried different methods (stack, registers) and nothing happens.

[ENABLE]

aobscanmodule (TestEff, ZRPG.exe, 0F BF 46 02 8B 0D FC 0D 46 01) // should be unique
alloc (newmem, $ 1000)

label (code)
label (Effect)
label (Test)
label (return)

newmem:

cmp [ebx + 214], 0 // your / someone else's identifier
jne code

movsx eax, word ptr [esi + 02] // Weapon effect in% probability // In [esi + 04] is the Weapon Effect from 1 - 22
push edi
mov edi, [ebx + 1fc]
cmp [edi + 140], FFFFFFFF // your / alien identifier
pop edi
jne Test

Test:
cmp edi, 1
jne Effect

Effect:

cmp [ebx + 00], # 900
jle code

mov eax, # 50

cmp byte [esi + 4], 0 // Weapon effect // How to assign an effect to a weapon that would only work for the player?
jne code
// mov [esp + 66], # 10
// mov [esp + 68], # 200

mov byte [esi + 4], # 10
mov byte [esi + 6], # 10

code:
// movsx eax, word ptr [esi + 02]
mov ecx, [ZRPG.cbScriptMsgListener_onMessageObjectReceived + 1C8]

jmp return

TestEff:
jmp newmem
nop 5
return:
registersymbol (TestEff)

[DISABLE]

TestEff:
db 0F BF 46 02 8B 0D FC 0D 46 01

unregistersymbol (TestEff)
dealloc (newmem)

// ORIGINAL CODE - INJECTION POINT: ZRPG.exe.text + 86192
ZRPG.exe.text+86173: 83 C4 0C - add esp,0C
ZRPG.exe.text+86176: EB 63 - jmp ZRPG.exe.text+861DB
ZRPG.exe.text+86178: 66 83 3E 00 - cmp word ptr [esi],00
ZRPG.exe.text+8617C: 74 5D - je ZRPG.exe.text+861DB
ZRPG.exe.text+8617E: 66 83 7E 02 00 - cmp word ptr [esi+02],00
ZRPG.exe.text+86183: 7E 56 - jle ZRPG.exe.text+861DB
ZRPG.exe.text+86185: 51 - push ecx
ZRPG.exe.text+86186: 8B CC - mov ecx,esp
ZRPG.exe.text+86188: 68 0C E3 01 01 - push ZRPG.exe.rdata+6760C
ZRPG.exe.text+8618D: E8 CE E7 38 00 - call ZRPG.fnStreamObject_copyFrom+7D50
// ---------- INJECTING HERE ----------
ZRPG.exe.text+86192: 0F BF 46 02 - movsx eax,word ptr [esi+02]
// ---------- DONE INJECTING ----------
ZRPG.exe.text+86196: 8B 0D FC 0D 46 01 - mov ecx,[ZRPG.cbScriptMsgListener_onMessageObjectReceived+1C8]
ZRPG.exe.text+8619C: 66 0F 6E C8 - movd xmm1,eax
ZRPG.exe.text+861A0: 0F 5B C9 - cvtdq2ps xmm1,xmm1
ZRPG.exe.text+861A3: E8 78 85 81 00 - call ZRPG.fnTeleportMarkerData_staticGetType+9D20
ZRPG.exe.text+861A8: 84 C0 - test al,al
ZRPG.exe.text+861AA: 74 2F - je ZRPG.exe.text+861DB
ZRPG.exe.text+861AC: 0F BF 06 - movsx eax,word ptr [esi]
ZRPG.exe.text+861AF: 50 - push eax
ZRPG.exe.text+861B0: 8D 4D E8 - lea ecx,[ebp-18]
ZRPG.exe.text+861B3: E8 58 02 00 00 - call ZRPG.exe.text+86410

ParkourPenguin · Posted: Sat Nov 28, 2020 11:46 am Post subject:

You don't give any information about what addresses should hold what values under what conditions, so I can't say if you got anything wrong there.

If [ebx+214] is not 0, then part of the original code doesn't get executed. Move "movsx eax, word ptr [esi + 02]" (the one after jne) above "jne code" to fix this.

thirst for knowledge · Posted: Mon Nov 30, 2020 5:33 am Post subject: How to write a script correctly?

ParkourPenguin If you can't help it, then maybe you can advise what you can add so that at the end of the script my register values are reset to zero or restored to their original values after the code is executed, for example, is it possible to use the command "хоr al, al"?