Cheat Engine

[theuntitledgoose]

So, an address is a byte, 0 or 1, and it changes based on some inner logic, however I found I can just put a nop operator and it just freezes it as is. I've found a pointer going to the value but I seem to be unable to use code injection to modify the addresses opcode. Any help?

[code]
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

define(addr,[[[[[[["mono-2.0-bdwgc.dll"+007270F8]+90]+6D0]+88]+8]+58]+28]+109)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here
nop
jmp exit

originalcode:
mov [r13+00000109],r12l

exit:
jmp returnhere

[addr]:
jmp newmem
nop 2
returnhere:


[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
addr:
mov [r13+00000109],r12l
//Alt: db 45 88 A5 09 01 00 00
[/code]

Can't turn on the script and tweaking it tells me the address specifier is not valid.

[ParkourPenguin]

[theuntitledgoose]

I'm not trying to modify the value but the code. What I was trying to do was inject nop instructions on script activation. However whenever I used the dll module name in address, it was erroring for me.

Edit: Just a quick edit, is me putting the long pointer address is that going to the value or the actual address? Does putting one more square bracket around the whole thing matter?

[ParkourPenguin]

That section of code I quoted was you trying to modify the value. You shouldn't need any pointer path here. A pointer path might be useful if the instruction also accesses other addresses (step 9 of the CE tutorial), but since you haven't mentioned anything like that, I doubt that's the case.

Again, look at the AOB injection template. Don't modify stuff if you don't know what it does.

Also again, you should really look at step 7 of the CE tutorial. If it's too difficult, there are plenty of videos that will walk you through the tutorial.

[theuntitledgoose]

Thanks. AOB Scan did the trick. However since it scans for the array of bytes, it's quite slow. Now that's not really and issue, it's only 5 seconds give or take, however isn't there a way to only scan 1 module? aobScanModule? I tried it with my game, Lethal Company.exe, but it seems to not be working. Is the space an issue? It's saying error while scanning, not all results found?

What I have: aobScanModule(INJECT,Lethal Company.exe,45 88 A5 09 01 00 00)

Quick edit, why would AOB scan work and the code injection not? As far as I see, before I had the pointer and just had the address hardcoded it was replacing the code just fine, but after I added the long pointer it didn't work.

[ParkourPenguin]

A code injection changes code. It doesn't change values. I have no idea what you think that "long pointer" script is doing, but it's not changing any code. You're just writing instructions to the address of the value. Basically, you're changing the value to junk.

Let's say the address `074E2180` is the address of the 0 or 1 value. When you find out what instructions access that address, say some instruction like `movzx eax,byte ptr[esi+04]` comes up. This instruction is located at some other address- e.g. `00471C53`. If you want to replace that instruction with nops, you have to write the nops to the address of the instruction- i.e. `00471C53`. Writing nops to the address of the value, `074E2180`, is useless.

That game was made in Unity, so I doubt the code was statically compiled in the main module. It's probably JIT compiled at runtime to some dynamically allocated address. If it were possible to use aobscanmodule, CE would've used it when you made the template.

You can probably use CE's mono features to find it faster or a {$lua} block to scan through only executable memory.
Using CE's mono features would look like the "full injection" template, except the address would be replaced with the mono symbol instead.