Cheat Engine

[throwawayaccount]

Hey hey people, I have been trying to update a Cheat Engine table that somebody else made. It uses AoB scans, the script itself shows the injection point. I went to that injection point and saw that the bytes were now different because of the program being updated. I tried updating the script with the new bytes but activating the script with the new bytes causes the game to crash. I have read other posts on this forum regarding updating outdated scripts but they all ended up only showing me how to find the injection point which I already had found.

The crash that happens after updating the bytes gave "Code Error" that says FATAL ERROR in action number 1 of Draw Event
second index out of bounds request 0,9 maximum size is 1

I have no idea what that means.

[ParkourPenguin]

Bad code in the updated script is causing the game to crash.

We can give more useful help if you provide the original and updated scripts.

[throwawayaccount]

The original script:

[ENABLE]

aobscanmodule(_AobAmmo,game.exe,08 00 00 EB 04 F2 0F 10 07 66 0F 57 C9)
alloc(newmem,$100)

label(code)
label(return)
label(Ammo)

newmem:

code:
fld qword ptr [Ammo]
fstp qword ptr [edi]
movsd xmm0,[edi]
xorpd xmm1,xmm1
jmp return

Ammo:
dq (double)999

_AobAmmo+05:
jmp newmem
nop
nop
nop
return:
registersymbol(_AobAmmo)
registersymbol(Ammo)

[DISABLE]

_AobAmmo+05:
db F2 0F 10 07 66 0F 57 C9

unregistersymbol(_AobAmmo)
unregistersymbol(Ammo)
dealloc(newmem)

After I tried to update it with the new bytes:

[ENABLE]

aobscanmodule(_AobAmmo,game.exe,00 00 00 EB 0C F2 0F 10 07 F2 0F 5C C8)
alloc(newmem,$100)

label(code)
label(return)
label(Ammo)

newmem:

code:
fld qword ptr [Ammo]
fstp qword ptr [edi]
movsd xmm0,[edi]
xorpd xmm1,xmm1
jmp return

Ammo:
dq (double)999

_AobAmmo+05:
jmp newmem
nop
nop
nop
return:
registersymbol(_AobAmmo)
registersymbol(Ammo)

[DISABLE]

_AobAmmo+05:
db F2 0F 10 07 F2 0F 5C C8

unregistersymbol(_AobAmmo)
unregistersymbol(Ammo)
dealloc(newmem)

(Changed the program name to "game.")

[ParkourPenguin]

The original code in the old script was:

[throwawayaccount]

I tired your suggestion and the game still crashes. But I feel like this nudged me in the right direction. I played around with the code section and got it to activate while still having the game up and running. But the intended effect was not there. The intended effect was infinite ammo.
found out that there were two sections like this and I had given the wrong one.

The bytes were supposed to be for aobscanmodule:
02 00 00 EB 39 F2 0F 10 07 F2 0F 10 0E
The bytes were supposed to be for "db":
F2 0F 10 07 F2 0F 10 0E

The code section now looks like this:
fld qword ptr [esi]
fstp qword ptr [esp+20]
movsd xmm0,[edi]
movsd xmm1,[esi]
jmp return

At first, I thought the bytes moved around or something because they looked the same, until I scrolled a little bit below the one I was working with. The one I was working with was the correct one and apparently I had sent the one below instead for the reply above. Now I don't know what to do since it doesn't work as intended but there aren't any other issues with it.
I could try the same thing with the other hacks in the table and see if they work. What do you think? Oh and I tried to do this with the supposedly wrong section but I couldn't find anything that had "fld qword ptr" near the section except the one that was in the supposedly correct one and using that crashes the game. The reason I was looking for "fld qword ptr" was because every other hack and the original code for this hack had it. Not having the "fld qword ptr" thing in the code crashes the game as well.

[ParkourPenguin]

[throwawayaccount]

Loading the Ammo didn't work.

There is a blue section at the end of the script that came with the table that shows where the injection point is. But that is the old one. Should I send the old or new ones? I didn't see anything generate so...

[ParkourPenguin]

The new one.

If you highlight an instruction in the disassembler, open an AA window, and click on "Template -> AOB Injection", part of the code that template generates should be a comment at the bottom.

[throwawayaccount]

{
// ORIGINAL CODE - INJECTION POINT: "game.exe"+3B09

"game.exe"+3ADE: E8 6D A9 C7 01 - call game.exe+1C7E450
"game.exe"+3AE3: DD 5C 24 18 - fstp qword ptr [esp+18]
"game.exe"+3AE7: F2 0F 10 44 24 18 - movsd xmm0,[esp+18]
"game.exe"+3AED: F2 0F 10 0E - movsd xmm1,[esi]
"game.exe"+3AF1: EB 47 - jmp game.exe+3B3A
"game.exe"+3AF3: 89 7C 24 08 - mov [esp+08],edi
"game.exe"+3AF7: 89 74 24 04 - mov [esp+04],esi
"game.exe"+3AFB: C7 04 24 16 37 9E 02 - mov [esp],game.exe+1F03716
"game.exe"+3B02: E8 D9 02 00 00 - call game.exe+3DE0
"game.exe"+3B07: EB 39 - jmp game.exe+3B42
// ---------- INJECTING HERE ----------
"game.exe"+3B09: F2 0F 10 07 - movsd xmm0,[edi]
"game.exe"+3B0D: F2 0F 10 0E - movsd xmm1,[esi]
// ---------- DONE INJECTING ----------
"game.exe"+3B11: EB 27 - jmp game.exe+3B3A
"game.exe"+3B13: DF 2E - fild qword ptr [esi]
"gameexe"+3B15: DD 5C 24 20 - fstp qword ptr [esp+20]
"game.exe"+3B19: F2 0F 10 44 24 20 - movsd xmm0,[esp+20]
"game.exe"+3B1F: EB 04 - jmp game.exe+3B25
"game.exe"+3B21: F2 0F 2A 06 - cvtsi2sd xmm0,[esi]
"game.exe"+3B25: F2 0F 5C 07 - subsd xmm0,[edi]
"game.exe"+3B29: F2 0F 11 06 - movsd [esi],xmm0
"game.exe"+3B2D: C7 46 0C 00 00 00 00 - mov [esi+0C],00000000
"game.exe"+3B34: EB 0C - jmp game.exe+3B42
}

I tried replacing those with code that does nothing but I'm assuming it creates more 90's than it should since the game seemed to crash when I did that.

[ParkourPenguin]

Did you try copying the ammo into [edi] like the original script was doing?
i.e.:

[throwawayaccount]

Yup, loaded the Ammo into the code just like that but it crashes the game when I do it that way. Sometimes it doesn't but breaks the visual elements on screen like the notifications at top and xp bar at the bottom instead.

[ParkourPenguin]

You probably don't have the right injection point. Ideally that instruction would only be accessing your ammo, which doesn't seem to be the case here.

Find your ammo by scanning for it, check what instructions access that address, and pick an instruction that accesses only that address (right click in disassembler -> "find out what addresses this instruction accesses").

[throwawayaccount]

I can't find anything like that. After I click "Find out what accesses this address" 5 instructions pops up that goes up in count very fast and never stops, I'm ignoring those. Then whenever I shoot and lose ammo in-game, two instructions pops up. One of them leads to the most recent one we've been working on and the second leads to the first one in this entire topic. Going to the disassambler and right clicking them then clicking "Find out what addresses this instruction accesses" goes to a page that has a lot of addresses. Can not even count how many. This happens with both instructions.
But I also found that 4 more instructions pops up whenever I reload. I've checked what those instructions access too but no luck there, 2 of them goes to a page that has nothing and the other two, goes to a page that has too many addresses in it. Searching through the addresses, can't find the address that I had found from scanning and finding my ammo as a value. The address works, I can change the value and the ammo in-game changes accordingly but it isn't in any of the address lists that those instructions accesses. I'm also pretty sure it isn't a display value either.
There are different floors in the game and whenever I switch to a different floor when the page for finding the instructions is open, everything stops counting up, including the ones that would change whenever I shoot. But then, switching to a different floor also kills the address. It just stays the same and never influences my ammo. This game is also known to have some kind of anti-cheat (in singleplayer...) so that might just be the reason.
I'm honestly losing faith the more I try and the more I learn because something else pops up.
Edit: Scratch that, I just found the address that I was looking for in one of the instructions' accessed addresses. I never really thought of shooting and losing ammo while it was looking for instructions' accessed addresses. Now I did and found the address. But there are still other addresses in the list. I also tried to run the code while I was at it. Didn't crash until I took a shot. Crashed without any errors this time.

[ParkourPenguin]

I don't think there's going to be any easy solution to this. The easiest thing you can do is downgrade the game to a version where the table does work, or ask whoever made the table to try to update it to the newest version. If the way the handling of important values such as ammo was substantially changed, the person who made the table might not be able to update it.

You can try to do this yourself, but you might not find it worth the effort. Step 9 of the CE tutorial might be helpful, but only if those instructions access the address of the new ammo when the level is changed. If not, you'd need to inject in some caller up the call stack that doesn't change between levels. How to do this, where to inject, and what code to put in such an injection are all topics likely far beyond what some random person on the internet can walk you through.

Perhaps you could try the pointer scanner as a workaround? (or find pointers manually if you're up for it)

[throwawayaccount]

I tried pointer scanning before downloading the table and it had similar results. Just randomness in general.
The pointermap I would find, wouldn't point to the same ammo, twice. After rescanning, without fail, every pointer was gone from the list.
If I remember correctly, you would pointer scan with the correct address, restart the game, find the correct address again which is now different, and repeat the progress until you get a reliable amount of pointers and test a few to see if they work. You can then use those pointers instead of looking for the address every time you launch the game.
I guess the current version of the game really thought of these methods of hacking the game and made it practically impossible to use them. The only way I see to hack the is modding the game.