Cheat Engine :: View topic - Unable to get address by this op code what i am doing wrong

Cheat Engine
The Official Site of Cheat Engine

FAQ

Memberlist

Usergroups

Profile

Unable to get address by this op code what i am doing wrong

Cheat Engine Forum Index -> Cheat Engine

View previous topic :: View next topic

Author

Message

Meiyoh
Master Cheater

Reputation: 1

Joined: 14 Mar 2015
Posts: 400

Posted: Wed Oct 05, 2022 5:08 am Post subject: Unable to get address by this op code what i am doing wrong

Quote:

{ Game : Cemu.exe
Version:
Date : 2022-10-05
Author :

This script does blah blah blah
}

[ENABLE]

aobscan(WPNFinderFunction,41 0F 38 F0 44 05 04 89 C2 89 44 24 34 89 54 24 10 8B 94 24 B8 02 00 00 41 FF A4 57 00 00 00 20 90 90 83 AC 24 B0 02 00 00 05 8B 54 24 10 89 D0 BA 00 00 00 00 41 0F 38 F1 54 05 00 89 44 24 30 89 54 24 34 B8 00 00 00 00) // should be unique
alloc(newmem,$1000,WPNFinderFunction)

label(code)
label(return)
globalalloc(_WPNFind2,2068)

newmem:

code:

//mov [_WPNFind],rbx
movbe eax,[r13+rax+04]
push rdx
lea rdx,[r13+rax+04]
mov [_WPNFind2],rdx
pop rdx
jmp return

WPNFinderFunction:
jmp newmem
nop 2
return:
registersymbol(WPNFinderFunction)

[DISABLE]

WPNFinderFunction:
db 41 0F 38 F0 44 05 04

unregistersymbol(WPNFinderFunction)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: 1E49D2F4B82

1E49D2F4B59: 89 DA - mov edx,ebx
1E49D2F4B5B: 89 5C 24 34 - mov [rsp+34],ebx
1E49D2F4B5F: 89 54 24 10 - mov [rsp+10],edx
1E49D2F4B63: 8B 94 24 B8 02 00 00 - mov edx,[rsp+000002B8]
1E49D2F4B6A: 41 FF A4 57 00 00 00 20 - jmp qword ptr [r15+rdx*2+20000000]
1E49D2F4B72: 90 - nop
1E49D2F4B73: 90 - nop
1E49D2F4B74: 83 AC 24 B0 02 00 00 04 - sub dword ptr [rsp+000002B0],04
1E49D2F4B7C: 8B 54 24 10 - mov edx,[rsp+10]
1E49D2F4B80: 89 D0 - mov eax,edx
// ---------- INJECTING HERE ----------
1E49D2F4B82: 41 0F 38 F0 44 05 04 - movbe eax,[r13+rax+04]
// ---------- DONE INJECTING ----------
1E49D2F4B89: 89 C2 - mov edx,eax
1E49D2F4B8B: 89 44 24 34 - mov [rsp+34],eax
1E49D2F4B8F: 89 54 24 10 - mov [rsp+10],edx
1E49D2F4B93: 8B 94 24 B8 02 00 00 - mov edx,[rsp+000002B8]
1E49D2F4B9A: 41 FF A4 57 00 00 00 20 - jmp qword ptr [r15+rdx*2+20000000]
1E49D2F4BA2: 90 - nop
1E49D2F4BA3: 90 - nop
1E49D2F4BA4: 83 AC 24 B0 02 00 00 05 - sub dword ptr [rsp+000002B0],05
1E49D2F4BAC: 8B 54 24 10 - mov edx,[rsp+10]
1E49D2F4BB0: 89 D0 - mov eax,edx
}

I dont get a pointer to the address accessed by this function.
Can someone post a correct way?

EDIT:

Code:

[ENABLE]

aobscan(WPNFinderFunction,41 0F 38 F0 44 05 04 89 C2 89 44 24 34 89 54 24 10 8B 94 24 B8 02 00 00 41 FF A4 57 00 00 00 20 90 90 83 AC 24 B0 02 00 00 05 8B 54 24 10 89 D0 BA 00 00 00 00 41 0F 38 F1 54 05 00 89 44 24 30 89 54 24 34 B8 00 00 00 00) // should be unique
alloc(newmem,$1000,WPNFinderFunction)

label(code)
label(return)
globalalloc(_WPNFind2,2068)

newmem:

code:
push rbx
lea rbx,[r13+rax+04]
movbe [_WPNFind2],rbx
pop rbx
//mov [_WPNFind],rbx
movbe eax,[r13+rax+04]
//push rdx
//lea rdx,[r13+rax+04]

//pop rdx
jmp return

WPNFinderFunction:
jmp newmem
nop 2
return:
registersymbol(WPNFinderFunction)

[DISABLE]

WPNFinderFunction:
db 41 0F 38 F0 44 05 04

unregistersymbol(WPNFinderFunction)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: 1E49D2F4B82

1E49D2F4B59: 89 DA - mov edx,ebx
1E49D2F4B5B: 89 5C 24 34 - mov [rsp+34],ebx
1E49D2F4B5F: 89 54 24 10 - mov [rsp+10],edx
1E49D2F4B63: 8B 94 24 B8 02 00 00 - mov edx,[rsp+000002B8]
1E49D2F4B6A: 41 FF A4 57 00 00 00 20 - jmp qword ptr [r15+rdx*2+20000000]
1E49D2F4B72: 90 - nop
1E49D2F4B73: 90 - nop
1E49D2F4B74: 83 AC 24 B0 02 00 00 04 - sub dword ptr [rsp+000002B0],04
1E49D2F4B7C: 8B 54 24 10 - mov edx,[rsp+10]
1E49D2F4B80: 89 D0 - mov eax,edx
// ---------- INJECTING HERE ----------
1E49D2F4B82: 41 0F 38 F0 44 05 04 - movbe eax,[r13+rax+04]
// ---------- DONE INJECTING ----------
1E49D2F4B89: 89 C2 - mov edx,eax
1E49D2F4B8B: 89 44 24 34 - mov [rsp+34],eax
1E49D2F4B8F: 89 54 24 10 - mov [rsp+10],edx
1E49D2F4B93: 8B 94 24 B8 02 00 00 - mov edx,[rsp+000002B8]
1E49D2F4B9A: 41 FF A4 57 00 00 00 20 - jmp qword ptr [r15+rdx*2+20000000]
1E49D2F4BA2: 90 - nop
1E49D2F4BA3: 90 - nop
1E49D2F4BA4: 83 AC 24 B0 02 00 00 05 - sub dword ptr [rsp+000002B0],05
1E49D2F4BAC: 8B 54 24 10 - mov edx,[rsp+10]
1E49D2F4BB0: 89 D0 - mov eax,edx
}

I made it work however the address is in REVERSED order so bytes are reversed . How to make them correct order ?

the pointer address is "64719B39AE010000"
as you can see it is reversed
_________________

I am the forgotten one the dead one.

Last edited by Meiyoh on Wed Oct 05, 2022 5:34 am; edited 1 time in total

Dark Byte
Site Admin

Reputation: 458

Joined: 09 May 2003
Posts: 25295
Location: The netherlands

Posted: Wed Oct 05, 2022 5:32 am Post subject:

because you destroy rax before storing it in _WPNFind2 _________________ Do not ask me about online cheats. I don't know any and wont help finding them. Like my help? Join me on Patreon so i can keep helping

Meiyoh
Master Cheater

Reputation: 1

Joined: 14 Mar 2015
Posts: 400

Posted: Wed Oct 05, 2022 5:34 am Post subject:

i updated post _________________ I am the forgotten one the dead one.

Dark Byte
Site Admin

Reputation: 458

Joined: 09 May 2003
Posts: 25295
Location: The netherlands

Posted: Wed Oct 05, 2022 5:41 am Post subject:

use mov instead of movbe _________________ Do not ask me about online cheats. I don't know any and wont help finding them. Like my help? Join me on Patreon so i can keep helping

Meiyoh
Master Cheater

Reputation: 1

Joined: 14 Mar 2015
Posts: 400

Posted: Wed Oct 05, 2022 6:09 am Post subject:

what the should have guessed BE stands for big endian Stupid me THANKS A LOT buddy! _________________ I am the forgotten one the dead one.

Display posts from previous:

	Cheat Engine Forum Index -> Cheat Engine	All times are GMT - 6 Hours
Page 1 of 1

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum