 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
unkn0wn1234
How do I cheat?
![]() Reputation: 0
Joined: 26 Nov 2020
Posts: 5
|
 Posted: Thu Dec 03, 2020 5:37 am Post subject: This Shouldn't Work? |
 |
|
So looking back at my old scripts, I always use code and write to the label code and they all work fine. But not to newmem, my question is how does it actually work isn't it just jumping to newmem and not doing anything?
| Code: | [ENABLE]
aobscanmodule(aob_Money,Blacklist_DX11_game.exe,8B 40 28 50 8B CE E8 84) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
mov [eax+28],#9999999
mov eax,[eax+28]
push eax
mov ecx,esi
jmp return
aob_Money:
jmp newmem
nop
return:
registersymbol(aob_Money)
[DISABLE]
aob_Money:
db 8B 40 28 50 8B CE
unregistersymbol(aob_Money)
dealloc(newmem)
{
// ORIGINAL CODE - aob_MoneyION POINT: "Blacklist_DX11_game.exe"+1626C21
"Blacklist_DX11_game.exe"+1626BFF: 8D 45 F4 - lea eax,[ebp-0C]
"Blacklist_DX11_game.exe"+1626C02: 64 A3 00 00 00 00 - mov fs:[00000000],eax
"Blacklist_DX11_game.exe"+1626C08: 8B F1 - mov esi,ecx
"Blacklist_DX11_game.exe"+1626C0A: E8 71 92 F9 FF - call Blacklist_DX11_game.exe+15BFE80
"Blacklist_DX11_game.exe"+1626C0F: 8B CE - mov ecx,esi
"Blacklist_DX11_game.exe"+1626C11: E8 FA 9B FF FF - call Blacklist_DX11_game.exe+1620810
"Blacklist_DX11_game.exe"+1626C16: E8 F5 27 E3 FF - call Blacklist_DX11_game.exe+1459410
"Blacklist_DX11_game.exe"+1626C1B: 33 FF - xor edi,edi
"Blacklist_DX11_game.exe"+1626C1D: 3B C7 - cmp eax,edi
"Blacklist_DX11_game.exe"+1626C1F: 74 0B - je Blacklist_DX11_game.exe+1626C2C
// ---------- aob_MoneyING HERE ----------
"Blacklist_DX11_game.exe"+1626C21: 8B 40 28 - mov eax,[eax+28]
"Blacklist_DX11_game.exe"+1626C24: 50 - push eax
"Blacklist_DX11_game.exe"+1626C25: 8B CE - mov ecx,esi
// ---------- DONE aob_MoneyING ----------
"Blacklist_DX11_game.exe"+1626C27: E8 84 FD F0 FF - call Blacklist_DX11_game.exe+15369B0
"Blacklist_DX11_game.exe"+1626C2C: E8 DF B5 B0 FE - call Blacklist_DX11_game.exe+132210
"Blacklist_DX11_game.exe"+1626C31: 8B 10 - mov edx,[eax]
"Blacklist_DX11_game.exe"+1626C33: 8B C8 - mov ecx,eax
"Blacklist_DX11_game.exe"+1626C35: 8B 82 34 01 00 00 - mov eax,[edx+00000134]
"Blacklist_DX11_game.exe"+1626C3B: FF D0 - call eax
"Blacklist_DX11_game.exe"+1626C3D: 50 - push eax
"Blacklist_DX11_game.exe"+1626C3E: E8 3D CC 17 FF - call Blacklist_DX11_game.exe+7A3880
"Blacklist_DX11_game.exe"+1626C43: 83 C4 04 - add esp,04
"Blacklist_DX11_game.exe"+1626C46: 3B C7 - cmp eax,edi |
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4706
|
| Posted: Thu Dec 03, 2020 11:01 am Post subject: |
|
|
allocs have an address associated with them:
| Code: | alloc(newmem,4096)
// say CE allocated newmem at 07A53000
newmem: // equivalent to "07a53000:" |
A label doesn't have an address associated with it when it is declared.
| Code: | label(code)
// this line alone does not associate the label "code" with any address |
Labels get associated with an address when they're defined relative to some other address:
| Code: | newmem:
// newmem was 07A53000
code: |
Here, the closest address specified above the label code was newmem, or 07A53000. There is no memory defined between newmem and code; therefore, the label code gets associated with the same address as newmem.
Another example:
| Code: | aobscanmodule(aob_Money, ...
// say aobscanmodule associates the label aob_Money with the address game.exe+1626C21
label(return)
aob_Money:
jmp newmem
nop
return: |
Here, there are instructions between the label return and the closest specified address above it (aob_Money). These instructions take up 6 bytes of memory, so the label return will be associated with the address 6 bytes after the closest address above it: game.exe+1626C27.
So when the game executes "jmp newmem", and at newmem there's this:
There's absolutely no difference between jumping to newmem and jumping to code.
Regardless, I find this to be a deficiency in the template since the label code is unused.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
unkn0wn1234
How do I cheat?
![]() Reputation: 0
Joined: 26 Nov 2020
Posts: 5
|
| Posted: Thu Dec 03, 2020 11:51 am Post subject: |
|
|
| ParkourPenguin wrote: | allocs have an address associated with them:
| Code: | alloc(newmem,4096)
// say CE allocated newmem at 07A53000
newmem: // equivalent to "07a53000:" |
A label doesn't have an address associated with it when it is declared.
| Code: | label(code)
// this line alone does not associate the label "code" with any address |
Labels get associated with an address when they're defined relative to some other address:
| Code: | newmem:
// newmem was 07A53000
code: |
Here, the closest address specified above the label code was newmem, or 07A53000. There is no memory defined between newmem and code; therefore, the label code gets associated with the same address as newmem.
Another example:
| Code: | aobscanmodule(aob_Money, ...
// say aobscanmodule associates the label aob_Money with the address game.exe+1626C21
label(return)
aob_Money:
jmp newmem
nop
return: |
Here, there are instructions between the label return and the closest specified address above it (aob_Money). These instructions take up 6 bytes of memory, so the label return will be associated with the address 6 bytes after the closest address above it: game.exe+1626C27.
So when the game executes "jmp newmem", and at newmem there's this:
There's absolutely no difference between jumping to newmem and jumping to code.
Regardless, I find this to be a deficiency in the template since the label code is unused. |
So it goes from newmem to to the code label and do it's thing?
|
|
| Back to top |
|
|
Reaper79
Advanced Cheater
 Reputation: 2
Joined: 21 Nov 2013
Posts: 68
Location: Germany
|
| Posted: Thu Dec 03, 2020 3:44 pm Post subject: |
|
|
if your scripts start direct below newmem and you jmp to newmem
everything is fine
but if you have some symbols / labels e.G.
| Code: |
newmem:
somepointer:
dq 0
myHealth:
dq 0
code:
|
maybe your script would crash....
i'm jumping to code...
| Code: | aob_Money:
jmp code
nop
return: |
|
|
| Back to top |
|
|
unkn0wn1234
How do I cheat?
![]() Reputation: 0
Joined: 26 Nov 2020
Posts: 5
|
| Posted: Fri Dec 04, 2020 12:40 pm Post subject: |
|
|
| Reaper79 wrote: | if your scripts start direct below newmem and you jmp to newmem
everything is fine
but if you have some symbols / labels e.G.
| Code: |
newmem:
somepointer:
dq 0
myHealth:
dq 0
code:
|
maybe your script would crash....
i'm jumping to code...
| Code: | aob_Money:
jmp code
nop
return: |
|
Thing is all my scripts are like this and they must work as some of them are pretty big. Tested the code I posted in SC Blacklist, works fine straight away write max money. Just confusing as to why it works naturally it has done for a while as this is how from what I can see all my scripts are just annoying to know understand why
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
