|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
sgsgwv$6263 Advanced Cheater Reputation: 0
Joined: 05 Aug 2020 Posts: 75
|
Posted: Wed Aug 05, 2020 12:25 pm Post subject: Incorrect variable intialization |
|
|
I am new to cheat engine but I have learned many things from the forum.This forum is exactly like StackOverflow where you see all kinds of people from noobs to nerds, all kinds of questions are asked,but because imagination is infinite for everybody ,there can be no limit to what you like to do and it may happen that other people may not have thought about it.
Anyways, I have been trying to hack same old 'andreas . Having some problems while writing scripts,when the game crashes with a script created from a newbie (like me), you can't never know what caused the game to crash.
But here I guess this has got to do with a variable(flag,namely) that i created and intialized it to 0(4 bytes) but after the execution of the script it didn't initialize to 0 ,but that was also fine because my script has to do something exclusive after that variable will equate to 1(like cmp [flag],1).This "exclusive code" is about trying to multiply float values using the FPU. So, there is something wrong in my code below and I don't know what.
Code: | { Game : gta_sa.exe
Version:
Date : 2020-08-05
Author : atult
This script does blah blah blah
}
[ENABLE]
aobscanmodule(INJECT,gta_sa.exe,8B 01 8B 51 04 89 44 24 10) // should be unique
alloc(newmem,$1000)
alloc(multi,4)
alloc(flag,4)
label(code)
label(atul)
label(return)
registersymbol(multi)
registersymbol(flag)
flag:
dd 400
multi:
dd (float)1.1
atul:
mov [flag],0
fld [ecx]
fmul [multi]
fstp [ecx]
fld [ecx+04]
fmul [multi]
fstp [ecx+04]
fld [ecx+08]
fmul [multi]
fstp [ecx+08]
mov eax,[ecx]
mov edx,[ecx+04]
jmp return
newmem:
code:
cmp [flag],#1
je atul
mov eax,[ecx]
mov edx,[ecx+04]
jmp return
INJECT:
jmp newmem
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 8B 01 8B 51 04
dealloc(multi)
dealloc(flag)
unregistersymbol(flag)
unregistersymbol(multi)
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "gta_sa.exe"+13D580
"gta_sa.exe"+13D561: 83 C4 04 - add esp,04
"gta_sa.exe"+13D564: 3B C3 - cmp eax,ebx
"gta_sa.exe"+13D566: 74 7B - je gta_sa.exe+13D5E3
"gta_sa.exe"+13D568: 8B 88 6C 04 00 00 - mov ecx,[eax+0000046C]
"gta_sa.exe"+13D56E: F6 C5 01 - test ch,01
"gta_sa.exe"+13D571: 74 1B - je gta_sa.exe+13D58E
"gta_sa.exe"+13D573: 8B 88 8C 05 00 00 - mov ecx,[eax+0000058C]
"gta_sa.exe"+13D579: 3B CB - cmp ecx,ebx
"gta_sa.exe"+13D57B: 74 11 - je gta_sa.exe+13D58E
"gta_sa.exe"+13D57D: 83 C1 44 - add ecx,44
// ---------- INJECTING HERE ----------
"gta_sa.exe"+13D580: 8B 01 - mov eax,[ecx]
"gta_sa.exe"+13D582: 8B 51 04 - mov edx,[ecx+04]
// ---------- DONE INJECTING ----------
"gta_sa.exe"+13D585: 89 44 24 10 - mov [esp+10],eax
"gta_sa.exe"+13D589: 8B 41 08 - mov eax,[ecx+08]
"gta_sa.exe"+13D58C: EB 0F - jmp gta_sa.exe+13D59D
"gta_sa.exe"+13D58E: 83 C0 44 - add eax,44
"gta_sa.exe"+13D591: 8B 08 - mov ecx,[eax]
"gta_sa.exe"+13D593: 8B 50 04 - mov edx,[eax+04]
"gta_sa.exe"+13D596: 8B 40 08 - mov eax,[eax+08]
"gta_sa.exe"+13D599: 89 4C 24 10 - mov [esp+10],ecx
"gta_sa.exe"+13D59D: D9 44 24 10 - fld dword ptr [esp+10]
"gta_sa.exe"+13D5A1: 89 54 24 14 - mov [esp+14],edx
} |
|
|
Back to top |
|
|
Oxijen Expert Cheater Reputation: 0
Joined: 07 May 2020 Posts: 163 Location: On The Moon
|
Posted: Wed Aug 05, 2020 1:05 pm Post subject: |
|
|
I am not good at this stuff too, but try putting atul and multi and flag before INJECT not before newmem and code
_________________
I can see you Hitler
Especially When I am On the Moon!!
You are Right now in cheat engine forum |
|
Back to top |
|
|
Betcha Expert Cheater Reputation: 4
Joined: 13 Aug 2015 Posts: 232 Location: Somewhere In Space
|
Posted: Wed Aug 05, 2020 3:16 pm Post subject: Re: Incorrect variable intialization |
|
|
Not sure if this solves the issue, but at least shortened script.
Code: | [ENABLE]
aobscanmodule(INJECT,gta_sa.exe,8B 01 8B 51 04 89 44 24 10)
alloc(newmem,$1000)
label(multi)
label(flag)
newmem:
atul:
cmp [flag],1
jne short code
mov [flag],0
fld [ecx]
fmul [multi]
fstp [ecx]
fld [ecx+04]
fmul [multi]
fstp [ecx+04]
fld [ecx+08]
fmul [multi]
fstp [ecx+08]
code:
mov eax,[ecx]
mov edx,[ecx+04]
jmp return
flag:
dd 400 // 4 byte value? dd (int)400 otherwise its 400 in hex, but why 400 not dd 0
multi:
dd (float)1.1
INJECT:
jmp newmem
return:
registersymbol(INJECT)
registersymbol(multi)
registersymbol(flag)
[DISABLE]
INJECT:
db 8B 01 8B 51 04
unregistersymbol(flag)
unregistersymbol(multi)
unregistersymbol(INJECT)
dealloc(newmem) |
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4290
|
Posted: Wed Aug 05, 2020 6:09 pm Post subject: |
|
|
atul is a label, not an alloc.
Code: | ...
multi:
dd (float)1.1
atul:
... | The closest address above the label atul is the alloc multi, so the stuff after atul will located after multi in memory. This overflows the memory allocated to multi into the space after that (i.e. flag value). In other words, the first 1 or 2 instructions in atul overwrite the value defined by flag.
Put atul after newmem as you see Betcha do. You don't even need that label after that refactoring:
Code: | newmem:
cmp [flag],1
jne short code
... |
I would still make flag and multi their own allocs, or at least make sure they're aligned:
Code: | align 4 CC
flag:
dd 400
... |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
sgsgwv$6263 Advanced Cheater Reputation: 0
Joined: 05 Aug 2020 Posts: 75
|
Posted: Wed Aug 05, 2020 10:20 pm Post subject: |
|
|
yeah I forgot to allocate memory for atul,also I intialized flag to 0 but after the script got executed the value of flag value was 20569 in 4 bytes(I wonder why that happened, reckon the crash was just because of the overflow?
Also does the order of the label change the flow of execution in any way?
What do you mean when you use align?and why is that required?
Also,how to get a notification of replies to your post in the forum?
I am sorry , I m asking too much but please forgive me.
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4290
|
|
Back to top |
|
|
sgsgwv$6263 Advanced Cheater Reputation: 0
Joined: 05 Aug 2020 Posts: 75
|
Posted: Wed Aug 05, 2020 11:35 pm Post subject: |
|
|
Thanks a lot dude.
Edit:
So I was able to create the script ,this time the syntax was correct but the registersymbols did'nt seem to work.I mean memory was allocated for flag and multi but I was not able to access them by their label names(flag and multi) in cheat table.The script got executed(like in memory viewer or opcode viewer I was able to see the jump) but the script was not toggled and also the symbols were not registered.
This is what I wrote.
Code: |
{ Game : gta_sa.exe
Version:
Date : 2020-08-05
Author : atult
This script does blah blah blah
}
[ENABLE]
aobscanmodule(INJECT,gta_sa.exe,8B 01 8B 51 04 89 44 24 10) // should be unique
alloc(newmem,$1000)
alloc(atul,1024)
alloc(multi,4)
alloc(flag,4)
label(code)
label(atul)
label(return)
registersymbol(multi)
registersymbol(flag)
flag:
dd (int)0
multi:
dd (float)1.01
atul:
mov [flag],0
fld [ecx]
fmul [multi]
fstp [ecx]
fld [ecx+04]
fmul [multi]
fstp [ecx+04]
fld [ecx+08]
fmul [multi]
fstp [ecx+08]
mov eax,[ecx]
mov edx,[ecx+04]
jmp return
newmem:
code:
cmp [flag],1
je atul
mov eax,[ecx]
mov edx,[ecx+04]
jmp return
INJECT:
jmp newmem
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 8B 01 8B 51 04
dealloc(multi)
dealloc(flag)
dealloc(atul)
unregistersymbol(flag)
unregistersymbol(multi)
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "gta_sa.exe"+13D580
"gta_sa.exe"+13D561: 83 C4 04 - add esp,04
"gta_sa.exe"+13D564: 3B C3 - cmp eax,ebx
"gta_sa.exe"+13D566: 74 7B - je gta_sa.exe+13D5E3
"gta_sa.exe"+13D568: 8B 88 6C 04 00 00 - mov ecx,[eax+0000046C]
"gta_sa.exe"+13D56E: F6 C5 01 - test ch,01
"gta_sa.exe"+13D571: 74 1B - je gta_sa.exe+13D58E
"gta_sa.exe"+13D573: 8B 88 8C 05 00 00 - mov ecx,[eax+0000058C]
"gta_sa.exe"+13D579: 3B CB - cmp ecx,ebx
"gta_sa.exe"+13D57B: 74 11 - je gta_sa.exe+13D58E
"gta_sa.exe"+13D57D: 83 C1 44 - add ecx,44
// ---------- INJECTING HERE ----------
"gta_sa.exe"+13D580: 8B 01 - mov eax,[ecx]
"gta_sa.exe"+13D582: 8B 51 04 - mov edx,[ecx+04]
// ---------- DONE INJECTING ----------
"gta_sa.exe"+13D585: 89 44 24 10 - mov [esp+10],eax
"gta_sa.exe"+13D589: 8B 41 08 - mov eax,[ecx+08]
"gta_sa.exe"+13D58C: EB 0F - jmp gta_sa.exe+13D59D
"gta_sa.exe"+13D58E: 83 C0 44 - add eax,44
"gta_sa.exe"+13D591: 8B 08 - mov ecx,[eax]
"gta_sa.exe"+13D593: 8B 50 04 - mov edx,[eax+04]
"gta_sa.exe"+13D596: 8B 40 08 - mov eax,[eax+08]
"gta_sa.exe"+13D599: 89 4C 24 10 - mov [esp+10],ecx
"gta_sa.exe"+13D59D: D9 44 24 10 - fld dword ptr [esp+10]
"gta_sa.exe"+13D5A1: 89 54 24 14 - mov [esp+14],edx
}
|
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4290
|
Posted: Thu Aug 06, 2020 10:11 am Post subject: |
|
|
If you ever disabled the script without executing the disable section, the script will fail to activate because the AoB can't be found. Restart the game to fix this.
And get rid of the line "label(atul)" - you made it an alloc.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
sgsgwv$6263 Advanced Cheater Reputation: 0
Joined: 05 Aug 2020 Posts: 75
|
Posted: Thu Aug 06, 2020 10:39 am Post subject: |
|
|
I thought the disabled secion gets executed when the script is deactivated.
I start the game and check that everything in that code is natural(unmodified,no influence anywhere of the script) before activating the script.But when I press spacebar on the script
to activate it, the script does not get activated(means no cross sign) but in the memory viewer ,I see the jump instruction(indicating that the script has done some changes) but when I check the flag and multi (which I have registered in the script),they have ?? sign.
Although when I followed the jump instructions,I did find 2 addresses that do the work of multi and flag but they can't be accessed by multi and flag names.Mewning that the script did work partially(in the sense that it allocated memory for atul,multi,flag and it did the changes in the instruction that I intended it to do)but the multi and flag cannot be accessed by their names.How is that possible??
Edit: I m getting confused more and more now.So, if I allocate sufficient memory for newmem,I can use the label(as in function atul) and variables (multi and flag) directly after the
without using alloc for atul,multi and flag and use them like
Code: |
label(atul)
label(multi)
label(flag)
newmem:
atul:
//multiple line instructions
//mov whatever,wherever
//add whatever,5
multi:
dd 1.1
flag:
dd 0
|
Is that correct?
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4290
|
Posted: Thu Aug 06, 2020 6:18 pm Post subject: |
|
|
Parkour Pants wrote: | I thought the disabled secion gets executed when the script is deactivated. | It does. I guessed you made it not do that at some point, but it seems that's not the case.
It's probably something else you messed up- e.g. alloc(atul,1024) and label(atul) as I said in my last post.
Look at my previous explanation of labels and Betcha's post for an example. (in that example, there should be an align before the values as I previously explained)
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
sgsgwv$6263 Advanced Cheater Reputation: 0
Joined: 05 Aug 2020 Posts: 75
|
Posted: Fri Dec 01, 2023 10:56 pm Post subject: |
|
|
What happens if I give more code after return label. For eg:
Code: |
return:
add esi,4
registersymbol(something)
|
Will that overwrite the bytes after the injection point?
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|