Cheat Engine

[Jordancyre]

So, I'm trying to make a simple relic multiplier code for Risk of Rain 2.

Typically, I narrow down an address that has a relic and find out what instructions write to it and then do an AOB injection for that instruction. This time however the instruction doesn't stick after restart. Come to find out there's actually two functions that use the same opcodes but have a different jump instruction at the end. Using the Mono dissector, I was able to find out the names of the functions and they are the same... but different.

Here are the functions and offsets with the instruction I am hoping to inject at.
`DMD<GiveItem>?1075834880:_RoR2_Inventory::GiveItem+15b`
`RoR2.Inventory:GiveItem+15b `

The byte string in question:

`89 11 3B C6 0F 85 29 00 00 00 49 8B 47 38 48 8B C8 48 8B D7 83 38 00 48 8D 6D 00 49 BB XX`

The byte string shows up twice with the exception of 'xx`. ` xx` keeps changing on restart and it's a `mov` instruction for referecing a different function that's related. Those bytes keep changing on reboot though.

I'm not too great with Mono so I've avoided using it, but it has helped me find instructions like this before. I've just never encountered a constantly changing byte string.

My question is, how can I write my code so that it finds the right instruction to inject into every time? The correct instruction is
`DMD<GiveItem>?1075834880:_RoR2_Inventory::GiveItem+15b` `mov [rcx],ecx`

Attached is the memory view for both (I couldn't have Mono features activated for two instances of CE attached to the same process)

Left is `DMD<GiveItem>?1075834880:_RoR2_Inventory::GiveItem+15b`
Right is `RoR2.Inventory:GiveItem+15b `

highlighted up until the `xx` Bytes change

[ParkourPenguin]

It would be nice if you could inject at the instruction above that (i.e. +158 ). That way, the `jne` won't be included as part of the injection. (disregard if some other instruction jumps directly to +15B)

I'm not great with mono, but I'd do this: