| View previous topic :: View next topic |
| Author |
Message |
Frouk
Grandmaster Cheater
![]() Reputation: 5
Joined: 22 Jun 2021
Posts: 510
|
 Posted: Fri Aug 27, 2021 8:00 am Post subject: ASM issue |
 |
|
I have a unity game where you can pickup powerups (rogue-like) but i wanted to make custom count pickup but there's some issues:
| Code: | [ENABLE]
alloc(newmem,2048,PowerupInventory:AddPowerup+4c)
label(exit)
label(returnhere)
label(originalcode)
registerSymbol(newmem)
newmem: //this is allocated memory
//place your code here
add ecx,[newmem+40] //Adjust count
mov [rax],ecx
exit:
originalcode:
mov [rax],ecx
mov rax,0000002BF24060C10F00
PowerupInventory:AddPowerup+4c:
jmp newmem
nop 7
returnhere:
[DISABLE]
unregisterSymbol(newmem)
dealloc(newmem)
PowerupInventory:AddPowerup+4c:
mov [rax],ecx
mov rax,0000002BF24060C10F00
|
Some code may not be accurate(because i'm not home)
Everytime i launch game rax register is changing(mov rax,0000002BF24060C10F00)
So i can't restore opcode rax register |
|
| Back to top |
|
 |
LeFiXER
Grandmaster Cheater Supreme
![]() Reputation: 20
Joined: 02 Sep 2011
Posts: 1069
Location: 0x90
|
| Posted: Fri Aug 27, 2021 9:06 am Post subject: |
|
|
| In the script you provided you have executed mov [rax],ecx twice. Original code still executes after code located under the newmem label. |
|
| Back to top |
|
|
Frouk
Grandmaster Cheater
![]() Reputation: 5
Joined: 22 Jun 2021
Posts: 510
|
| Posted: Fri Aug 27, 2021 9:58 am Post subject: |
|
|
| LeFiXER wrote: | | In the script you provided you have executed mov [rax],ecx twice. Original code still executes after code located under the newmem label. |
How to solve mov rax,0000002BF24060C10F00? The address changes after restarting game |
|
| Back to top |
|
|
LeFiXER
Grandmaster Cheater Supreme
![]() Reputation: 20
Joined: 02 Sep 2011
Posts: 1069
Location: 0x90
|
| Posted: Fri Aug 27, 2021 10:18 am Post subject: |
|
|
| By address, you mean the long value (0000002BF24060C10F00)? Or do you mean the address where this instruction is located? |
|
| Back to top |
|
|
Frouk
Grandmaster Cheater
![]() Reputation: 5
Joined: 22 Jun 2021
Posts: 510
|
| Posted: Fri Aug 27, 2021 10:22 am Post subject: |
|
|
| LeFiXER wrote: | | By address, you mean the long value (0000002BF24060C10F00)? Or do you mean the address where this instruction is located? |
Yeah, and i've get information that long value is instance to ui events |
|
| Back to top |
|
|
LeFiXER
Grandmaster Cheater Supreme
![]() Reputation: 20
Joined: 02 Sep 2011
Posts: 1069
Location: 0x90
|
| Posted: Fri Aug 27, 2021 10:59 am Post subject: |
|
|
| I think you should dig further. I don't think that's the right place you want to be. |
|
| Back to top |
|
|
Frouk
Grandmaster Cheater
![]() Reputation: 5
Joined: 22 Jun 2021
Posts: 510
|
| Posted: Fri Aug 27, 2021 11:00 am Post subject: |
|
|
| LeFiXER wrote: | | By address, you mean the long value (0000002BF24060C10F00)? Or do you mean the address where this instruction is located? |
Anyway thx for help i already found how to fix it
Lua:
| Code: | local class = mono_findClass('Assembly-CSharp','UiEvents')
local id = mono_class_getStaticFieldAddress('Instance',class)
registerSymbol('UiEvents',id)
|
AA Script:
| Code: | [Enable]
registerSymbol(newmem)
alloc(newmem,2048,PowerupInventory:AddPowerup+4c)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
add ecx,[newmem+200]
originalcode:
mov [rax],ecx
mov rax,UiEvents
exit:
jmp returnhere
PowerupInventory:AddPowerup+4c:
jmp newmem
nop 7
returnhere:
[Disable]
unregisterSymbol(newmem)
dealloc(newmem)
PowerupInventory:AddPowerup+4c:
mov [rax],ecx
mov rax,UiEvents
//Alt: db 89 08 48 B8 F0 29 82 8A 3F 01 00 00
|
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4717
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
