 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
M-Z
Advanced Cheater
![]() Reputation: 1
Joined: 08 Nov 2014
Posts: 77
Location: Poland
|
 Posted: Wed Dec 07, 2022 12:55 pm Post subject: ALLOC fail |
 |
|
What could be the reason for AutoAssembly Alloc instruction to fail?
I try to inject into:
| Code: | eu4.exe+C2AFC1:
// - 44 3B C6 - 1.34.5.6
jmp newmem12
returnhere: |
I have a proper allocation of memory at start of a script
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
assert(eu4.exe+C2AE4B,48 8D 0D 7A317801)
alloc(newmem12,512,eu4.exe+C2AFC1)
|
Yet executing script produces =>Attachment
| Description: |
|
| Filesize: |
184.55 KB |
| Viewed: |
857 Time(s) |
|
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 140
Joined: 06 Jul 2014
Posts: 4297
|
| Posted: Wed Dec 07, 2022 1:16 pm Post subject: |
|
|
Maybe the script was disabled in a weird way where the original code wasn't rewritten but the memory was deallocated. (restart the game)
Maybe "newmem12" is a user symbol defined outside the script and the jmp is using that previous definition. (delete old user defined symbols manually, restarting CE might do it automatically)
Maybe you're deallocating memory in the enable section. (post the full script, not just what you think is the problem)
Try running the line `alloc(newmem12,512,eu4.exe+C2AFC1)` in a new auto assembler window. Just that line and nothing else. CE will tell you where it allocated memory- see if it worked or not.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
M-Z
Advanced Cheater
![]() Reputation: 1
Joined: 08 Nov 2014
Posts: 77
Location: Poland
|
| Posted: Wed Dec 07, 2022 1:29 pm Post subject: |
|
|
Running script:
alloc(newmem12,512,eu4.exe+C2AFC1)
produced memory address, which has zeros in it (add [rax],al).
Restart of both - eu4.exe and CE - didn't help.
I think I ran at this problem before - and it had something to do with DBVM (I'm runniing Win7).
Full script:
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
//assert(eu4.exe+C2AE4B,48 8D 0D 7A317801)
alloc(newmem12,512,eu4.exe+C2AFC1)
alloc(newmem49,512,eu4.exe+C2AE4B)
label(returnhere)
label(dontDiscover)
label(exit1)
newmem12:
push rax
push rbx
mov rax,rbx
mov rax,[rax+28]
mov bl,[rax+229]
test bl,08
jne exit1 // Wasteland - discover
mov bl,[rax+228]
test bl,10
jne exit1 // Sea - Discover
dontDiscover:
pop rbx
pop rax
//jmp eu4.exe+BE81C0 // 1.32.2
//jmp eu4.exe+0000000000BF41E0 // 1.33.3
jmp eu4.exe+C2B011 // 1.33.3
exit1:
pop rbx
pop rax
jmp returnhere
//eu4.exe+BE8170: // 1.32.2
//eu4.exe+BF4190:
// - 44 3B C6 - 1.33.3
eu4.exe+C2AFC1:
// - 44 3B C6 - 1.34.5.6
jmp newmem12
returnhere:
//eu4.exe+BE7E16: 1.32.2
//eu4.exe+BF3E4B: 1.33.3
eu4.exe+C2AE4B: // 1.34.5.6
jmp newmem49
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
returnSeaNormalExploration:
newmem49:
push rbx
// rbp-f0 => ProvincePTR? / r15
mov rbx,r15 // ProvincePTR
mov rbx,[rbx+28]
mov al,[rbx+228]
pop rbx
shr al,3
not al
and al,1
//je eu4.exe+0000000000BE7E2C // if LAND 1.32.2
//je eu4.exe+0000000000BF3E5F // if LAND 1.33.3 - go like without EL DORADO
je eu4.exe+C2AE5F // if LAND 1.34.5.6 - go like without EL DORADO
lea rcx,[eu4.exe+23ADFCC] { (16777473) }
call eu4.exe+FBE90
test al,al
jne eu4.exe+C2B20E
jmp returnSeaNormalExploration
eu4.exe+C2AFC4:
// - 7D 4B - 1.34.5.6
jmp eu4.exe+C2B011
/*eu4.exe+BF3FC8:
// - 7D 4B - 1.33.3
jmp eu4.exe+BF4015*/
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem12)
dealloc(newmem49)
/*eu4.exe+BF4190:
// - 44 3B C6 - 1.33.3
cmp r8d,esi
jnl eu4.exe+BF41E0*/
eu4.exe+C2AFC1:
// - 44 3B C6 - 1.34.5.6
cmp r8d,esi
// - 7D 4B -
jnl eu4.exe+C2B011
/*eu4.exe+BF3E4B:
// - 48 8D 0D 6AD08201 - 1.33.3
//E8 995E50FF
//84 C0
//0F85 BD030000
lea rcx,[eu4.exe+2420EBC] { (256) }
call eu4.exe+F9CF0
test al,al
jne eu4.exe+BF421C*/
eu4.exe+C2AE4B:
// - 48 8D 0D 7A317801 - 1.34.5.6
// - E8 39104DFF -
// - 84 C0 -
// - 0F85 AF030000 -
lea rcx,[eu4.exe+23ADFCC] { (16777473) }
call eu4.exe+FBE90
test al,al
jne eu4.exe+C2B20E
/*eu4.exe+BF3FC8:
// - 7D 4B - 1.33.3
jnl eu4.exe+BF4015*/
eu4.exe+C2AFC4:
// - 7D 4B - 1.34.5.6
jnl eu4.exe+C2B011
|
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 140
Joined: 06 Jul 2014
Posts: 4297
|
| Posted: Wed Dec 07, 2022 3:28 pm Post subject: |
|
|
| M-Z wrote: | Running script:
alloc(newmem12,512,eu4.exe+C2AFC1)
produced memory address, which has zeros in it |
The alloc works fine.
Maybe you're hitting a corner case bug that involves CE trying but failing to use the same windows alloc for both the newmem12 and newmem49 allocs.
Try combining both the newmem allocs under the same alloc. The injection points are close enough to each other that either third argument to alloc should be fine to use.
Alternatively, you could try to entirely split up both injections into their own scripts.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25291
Location: The netherlands
|
| Posted: Wed Dec 07, 2022 5:49 pm Post subject: |
|
|
disable kernelmode query memoryregions and read/write process memory in settings
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
M-Z
Advanced Cheater
![]() Reputation: 1
Joined: 08 Nov 2014
Posts: 77
Location: Poland
|
| Posted: Thu Dec 08, 2022 7:01 am Post subject: |
|
|
Now I'm on Win10 and it seems both options are disabled and injection still does not work.
(I'm unable to upload attachments so: option "Query memory region routines" and "Read/Write Process Memory (Will cause slower scans) - both are disabled).
I remember having such problems before. It was connected with DBVM and "remembering" states of executable between runs. I dealt with that by running program with a batch:
| Code: | copy eu4.exe eu4a.exe
del eu4.exe
move eu4a.exe eu4.exe
start eu4.exe |
It's odd because (as you can see by reading it) this is conversion of script that worked perfectly well in 1.33.3 version.
------ EDIT -------
Now it seems to be working. First I split the script into two - it worked. Then original started to work (but then stopped again).
Only difference between those two scenarios is that "lower" memory is being allocated:
eu4.exe+C2AE4B - E9 B0513BFF - jmp 13F4A0000
instead of 18xxxxxxx.
Every time it was 18xxxxxx it didn't work.
Perhaps multiple ALLOCs in AA scripts should be looked into... 
------ EDIT2 ------
I'm an IDIOT:
eu4.exe+C2AFC1:
// - 44 3B C6 - 1.34.5.6
jmp newmem12
eu4.exe+C2AFC4:
// - 7D 4B - 1.34.5.6
jmp eu4.exe+C2B011
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
