|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
felps3 How do I cheat? Reputation: 0
Joined: 15 Jul 2022 Posts: 1
|
Posted: Fri Jul 15, 2022 7:30 am Post subject: Change value outside AA |
|
|
Hi, how do i change a value inside an AA script from the Cheat Table.
I'm trying to change the strings 'Enemy' in this script for another without the need to disable the script, change and enable it again.
Code: | [ENABLE]
{$lua}
local aTimerInterval = 100
local function aTimer_tick(timer)
registerSymbol("pos_x", "[test.exe+0838F728]+FC")
registerSymbol("pos_y", "[test.exe+0838F728]+100")
end
aTimer = createTimer(test)
aTimer.Interval = aTimerInterval
aTimer.OnTimer = aTimer_tick
{$asm}
aobscanmodule(LockX,test.exe,89 90 AC 00 00 00 8B 4D FC 03)
aobscanmodule(LockY,test.exe,89 90 B0 00 00 00 C7 45 B8 00)
alloc(newmem_x,$1000)
alloc(newmem_y,$1000)
label(return_x) label(return_y)
label(notfound_x) label(notfound_y)
newmem_x:
cmp [eax+38],'Enemy'
jne notfound_x
push rbx
mov rbx,[pos_x]
mov [eax+358+AC],rbx
pop rbx
jmp return_x
notfound_x:
mov [eax+AC],edx
jmp return_x
newmem_y:
cmp [eax+38],'Enemy'
jne notfound_y
push rbx
mov rbx,[pos_y]
mov [eax+358+B0],rbx
pop rbx
jmp return_y
notfound_y:
mov [eax+B0],edx
jmp return_y
LockX:
jmp newmem_x
nop
return_x:
registersymbol(LockX)
LockY:
jmp newmem_y
nop
return_y:
registersymbol(LockY)
[DISABLE]
LockX:
db 89 90 AC 00 00 00 8B 4D FC 03
LockY:
db 89 90 B0 00 00 00 C7 45 B8 00
unregistersymbol(LockX) unregistersymbol(LockY)
dealloc(newmem_x) dealloc(newmem_y)
{$lua}
aTimer.destroy()
unregisterSymbol("pos_x")
unregisterSymbol("pos_y") |
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4299
|
Posted: Fri Jul 15, 2022 12:20 pm Post subject: |
|
|
felps3 wrote: | Code: | cmp [eax+38],'Enemy' |
| This doesn't do what you think it does.
cmp can take up to a 32-bit immediate. The literal 'Enemy' gets interpreted as an integer and truncated to 32 bits: i.e. it basically just compares against the string 'Enem'.
If you want to do this correctly, you'll need to invoke an actual strcmp routine. Such a routine would take pointers to the two strings as input. Store the string you're comparing against (e.g. 'Enemy') in allocated memory. Changing the string becomes as easy as registering a symbol and adding a memory record to the address list.
That Lua timer at the top is bad. If the pointer path changes during runtime, then traverse it at runtime. Right now it only gets traversed when the script is enabled (may as well do `mov rbx,[[test.exe+0838F728]+FC]`)
You should be allocating memory near the injection point. e.g. `alloc(newmem_x,$1000,LockX)`
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|