 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
cheatslover
How do I cheat?
![]() Reputation: 0
Joined: 27 May 2022
Posts: 2
|
 Posted: Fri May 27, 2022 6:18 am Post subject: <Failure allocating memory near xxxxx> or crash |
 |
|
Hello to all! this is my very first post on the forum 
I literally just began my adventure with Cheat Engine so my knowledge is 0, but i could not find any cheat table to early access Songs of Conquest so i decided to try my luck.
I have watched couple of tutorials related to AOB scan and so on.
My first goal was to make a script that when i loot any gold or resource, its giving me max of it so for example i loot 4 wood and my wood goes to 9999.
I did the manual 4 byte scan i found where the wood is kept, i narrowed it down to 2 addresses. I found code that writes to these addresses and i used cheat engine tools to make an AOB injection script from template. Then i added one more line from me that increases picked up resource amount.
Then i made 5 more scripts that do other stuff like infinite movement, infinite essences and so on.
However all the scripts i made have one thing common they "usually" work. What i mean by that is that most of the time 7 out of 10 attempts they enable correctly, but sometimes instead of enable i get error <<Failure allocating memory near xxxxx>>. I searched internet for this problem and i did not find any conclusive solution. I found however similar topic where someone suggested to avoid put 3rd parameter to "alloc" instruction. So i tried to remove this parameter and it worked first 2 times. After those 2 times however it started crashing game and i wasnt able to successfully enable script anymore. For example when i try to pick gold or resource game just crashes. Maybe someone will be able to help me to make this script work stable and always.
| Code: |
[ENABLE]
aobscan(INJECT,48 63 51 14 03 55 E8 48 8B C8 83 38 00 48 8D 6D 00)
alloc(newmem,$1000,INJECT)
label(code)
label(return)
newmem:
code:
movsxd rdx,dword ptr [rcx+14]
add edx,[rbp-18]
add edx,10000 // this is the only line i added from me, it increases picked gold or resource amount to max
jmp return
INJECT:
jmp newmem
nop 2
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 48 63 51 14 03 55 E8
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 2539AD97A9D
2539AD97A73: 4C 89 45 E8 - mov [rbp-18],r8
2539AD97A77: 4D 85 FF - test r15,r15
2539AD97A7A: 0F 84 45 00 00 00 - je 2539AD97AC5
2539AD97A80: 49 8B CF - mov rcx,r15
2539AD97A83: 48 63 55 F0 - movsxd rdx,dword ptr [rbp-10]
2539AD97A87: 49 8B 07 - mov rax,[r15]
2539AD97A8A: 49 BA A8 28 6D F1 53 02 00 00 - mov r10,00000253F16D28A8
2539AD97A94: FF 50 D8 - call qword ptr [rax-28]
2539AD97A97: 48 8B C8 - mov rcx,rax
2539AD97A9A: 83 39 00 - cmp dword ptr [rcx],00
// ---------- INJECTING HERE ----------
2539AD97A9D: 48 63 51 14 - movsxd rdx,dword ptr [rcx+14]
// ---------- DONE INJECTING ----------
2539AD97AA1: 03 55 E8 - add edx,[rbp-18]
2539AD97AA4: 48 8B C8 - mov rcx,rax
2539AD97AA7: 83 38 00 - cmp dword ptr [rax],00
2539AD97AAA: 48 8D 6D 00 - lea rbp,[rbp+00]
2539AD97AAE: 49 BB D0 20 B5 1C 54 02 00 00 - mov r11,000002541CB520D0
2539AD97AB8: 41 FF D3 - call r11
2539AD97ABB: 4C 8B 7D F8 - mov r15,[rbp-08]
2539AD97ABF: 48 8D 65 00 - lea rsp,[rbp+00]
2539AD97AC3: 5D - pop rbp
2539AD97AC4: C3 - ret
}
|
so when i tried to remove third param i had this
| Code: |
alloc(newmem,$1000)
|
So what adjustments can be done to avoid Failure allocating memory in case of 3 params alloc and crash in case of 2 params alloc?
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25857
Location: The netherlands
|
| Posted: Fri May 27, 2022 9:29 am Post subject: |
|
|
just removing the 3th alloc parameter alone won't do. you will have to adjust the code to be aware of 14 byte jmps
change it to
| Code: |
[ENABLE]
aobscan(INJECT,48 63 51 14 03 55 E8 48 8B C8 83 38 00 48 8D 6D 00)
alloc(newmem,$1000,INJECT)
label(code)
label(return)
newmem:
code:
movsxd rdx,dword ptr [rcx+14]
add edx,[rbp-18]
add edx,10000 // this is the only line i added from me, it increases picked gold or resource amount to max
mov rcx,rax
cmp dword ptr [rax],00 //not sure this is needed. Looks like .net debug code
lea rbp,[rbp+00]
jmp return
INJECT:
jmp far newmem
nop 3
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 48 63 51 14 03 55 E8 48 8B C8 83 38 00 48 8D 6D 00
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 2539AD97A9D
2539AD97A73: 4C 89 45 E8 - mov [rbp-18],r8
2539AD97A77: 4D 85 FF - test r15,r15
2539AD97A7A: 0F 84 45 00 00 00 - je 2539AD97AC5
2539AD97A80: 49 8B CF - mov rcx,r15
2539AD97A83: 48 63 55 F0 - movsxd rdx,dword ptr [rbp-10]
2539AD97A87: 49 8B 07 - mov rax,[r15]
2539AD97A8A: 49 BA A8 28 6D F1 53 02 00 00 - mov r10,00000253F16D28A8
2539AD97A94: FF 50 D8 - call qword ptr [rax-28]
2539AD97A97: 48 8B C8 - mov rcx,rax
2539AD97A9A: 83 39 00 - cmp dword ptr [rcx],00
// ---------- INJECTING HERE ----------
2539AD97A9D: 48 63 51 14 - movsxd rdx,dword ptr [rcx+14]
// ---------- DONE INJECTING ----------
2539AD97AA1: 03 55 E8 - add edx,[rbp-18]
2539AD97AA4: 48 8B C8 - mov rcx,rax
2539AD97AA7: 83 38 00 - cmp dword ptr [rax],00
2539AD97AAA: 48 8D 6D 00 - lea rbp,[rbp+00]
2539AD97AAE: 49 BB D0 20 B5 1C 54 02 00 00 - mov r11,000002541CB520D0
2539AD97AB8: 41 FF D3 - call r11
2539AD97ABB: 4C 8B 7D F8 - mov r15,[rbp-08]
2539AD97ABF: 48 8D 65 00 - lea rsp,[rbp+00]
2539AD97AC3: 5D - pop rbp
2539AD97AC4: C3 - ret
}
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
cheatslover
How do I cheat?
![]() Reputation: 0
Joined: 27 May 2022
Posts: 2
|
| Posted: Fri May 27, 2022 12:07 pm Post subject: |
|
|
Oh i see, after consuming your reply, i looked for other helpful informations on this forum and i found other topic where you said following:
| Quote: |
Tip: If you're using templates to build your script, hold down CTRL and then use the template to generate the code. It will generate a script that uses 14 byte jmps so you don't have to bother with that (too much, you still need to make sure it's not the destination of a relative jmp)
|
I gave it quick try and code produced with this method by cheat engine is the same as you just prepared for me (except code from cheat engine is missing 3rd parameter in alloc instruction but i guess its really irrelevant if code is correctly written for this 14 bytes jump). Code you prepared is also working every time and does not crash! Big thank you for this help dear sir
Is it safe to assume that with this method (hold CTRL when making script from template) i can again re-do other scripts i made earlier and they will be working correctly every time? Or there are some nuances and it may require some manual intervention in some cases?
I guess what i am trying to ask is, as a total noob can i just use CTRL + click to produce 14byte jump scripts, add my changes and have it working or there is something i may need to do in some cases?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25857
Location: The netherlands
|
| Posted: Fri May 27, 2022 1:35 pm Post subject: |
|
|
yes, the ctrl+click 'should' produce valid scripts, but do watch out for some fringe cases like relative jump instructions in the original code that's being overwritten. Those may have to be rewritten
e.g.
| Code: |
2539AD97A7A: 0F 84 45 00 00 00 - je 2539AD97AC5
|
next version will reassembly this for you on the fly, but for now you'll have to recode this as:
| Code: |
je +2
jmp +e
jmp far 2539AD97AC5
|
or
| Code: |
jne +e
jmp far 2539AD97AC5
|
(not that you'd want to anyhow, as you'd normally just use the AA command reassemble for this scenario anyhow)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
