 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Greenhouse
Cheater
 Reputation: 0
Joined: 20 Aug 2016
Posts: 44
|
 Posted: Sat Apr 08, 2017 5:29 pm Post subject: Mono Script |
 |
|
I want to edit a function with Mono Dissect but the problem is that one line always changes. It is possible to make it so it will just edit the line I want?
This is how the function is:
| Code: |
dec ecx
mov [eax+78],ecx
mov edx,1258AA98
|
And I want to nop the first one but the last line is always changing and I can't make an script because it will just crash the game.
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25294
Location: The netherlands
|
| Posted: Sat Apr 08, 2017 5:49 pm Post subject: |
|
|
| Code: |
[enable]
addresswiththatdec:
nop
nop
[enable]
addresswiththatdec:
dec ecx
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Greenhouse
Cheater
Reputation: 0
Joined: 20 Aug 2016
Posts: 44
|
| Posted: Sat Apr 08, 2017 5:56 pm Post subject: |
|
|
| If you nop the other lines it just doesn't do anything.
|
|
| Back to top |
|
|
panraven
Grandmaster Cheater
![]() Reputation: 55
Joined: 01 Oct 2008
Posts: 942
|
| Posted: Sat Apr 08, 2017 6:05 pm Post subject: |
|
|
Since it is mono game, if the code is in a managed function,
it is possible to limit the aobscan within a small memory region with CE mono feature's help.
Within a narrower memory region, it is more likely to use a relax aob pattern (shorter, use more wildcard) to locate the hack point of interest.
Example as following:
Make sure there is no debug break point set.
Then try check the function where the code locate, and replace the name with following ClassName:FunctionName.
| Code: |
usemono() // using mono feature
[ENABLE]
aobscanregion(aob, ClassName:FunctionName+000 , ClassName:FunctionName+500 ,49 89 48 ?? ba)
aob:
db 90 // nop
[DISABLE]
aobscanregion(aob, ClassName:FunctionName+000 , ClassName:FunctionName+500 ,90 89 48 ?? ba)
aob:
db 49 // dec ecx
{
// ---------- INJECTING HERE ----------
00720012: 49 - dec ecx
00720013: 89 48 78 - mov [eax+78],ecx
00720016: BA 98 AA 58 12 - mov edx,1258AA98
// ---------- DONE INJECTING ----------
}
|
It may not work.
Try make an aob inject/code injection template on the hack point, and paste here.
This will provide more information for others to help.
To make a template:
1. select the address of the instruction want to inject;
2. (in mono case) make sure mono feature is enabled, ie. MAIN-MENU/MONO/ACTIVATE MONO FEATURE
3. open template window: MemoryVIEW MENU:TOOL/AUTOASSEMBLE, a form open,
4. from the form menu: TEMPLATE/CODE INJECTION or AOB INJECTION.
_________________
- Retarded. |
|
| Back to top |
|
|
Greenhouse
Cheater
Reputation: 0
Joined: 20 Aug 2016
Posts: 44
|
| Posted: Sat Apr 08, 2017 6:17 pm Post subject: |
|
|
It doesn't work.
This is a normal AOB Scan but as I said it works when you do it the first time, but when you restart the game, the line: mov edx,13393E88, changes the address. And the next time you enable the script it will crash the game.
| Code: | [ENABLE]
aobscan(TEST,49 89 48 78 BA 88 3E 39 13) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
dec ecx
mov [eax+78],ecx
mov edx,13393E88
jmp return
TEST:
jmp newmem
nop
nop
nop
nop
return:
registersymbol(TEST)
[DISABLE]
TEST:
db 49 89 48 78 BA 88 3E 39 13
unregistersymbol(TEST)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 283CBA79
Player:CheckForAndDoShift+5ac
""+283CBA70: 8B 45 08 - mov eax,[ebp+08]
""+283CBA73: 8B 40 10 - mov eax,[eax+10]
""+283CBA76: 8B 48 78 - mov ecx,[eax+78]
// ---------- INJECTING HERE ----------
""+283CBA79: 49 - dec ecx
""+283CBA7A: 89 48 78 - mov [eax+78],ecx
""+283CBA7D: BA 88 3E 39 13 - mov edx,13393E88
// ---------- DONE INJECTING ----------
""+283CBA82: E8 29 43 A8 DD - call 05E4FDB0
""+283CBA87: 8B C8 - mov ecx,eax
""+283CBA89: 39 09 - cmp [ecx],ecx
} |
|
|
| Back to top |
|
|
panraven
Grandmaster Cheater
![]() Reputation: 55
Joined: 01 Oct 2008
Posts: 942
|
| Posted: Sat Apr 08, 2017 6:26 pm Post subject: |
 |
|
The offset is just more than +500, modified the function name and offset range,
| Code: |
usemono() // using mono feature
[ENABLE]
aobscanregion(aob, Player:CheckForAndDoShift+500 , Player:CheckForAndDoShift+680 ,49 89 48 ?? ba)
aob:
db 90 // nop
[DISABLE]
aobscanregion(aob, Player:CheckForAndDoShift+500 , Player:CheckForAndDoShift+680 ,90 89 48 ?? ba)
aob:
db 49 // dec ecx
|
The "...mov edx,13393E88..." part, 13393e88 or whatever it changed can be ignore if above offset range is narrow enough .
_________________
- Retarded. |
|
| Back to top |
|
|
Greenhouse
Cheater
Reputation: 0
Joined: 20 Aug 2016
Posts: 44
|
| Posted: Sat Apr 08, 2017 6:31 pm Post subject: |
|
|
| Ok. Now it does work. Thank you so much Panraven.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
