 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
squerol26
How do I cheat?
![]() Reputation: 0
Joined: 15 Apr 2017
Posts: 4
|
 Posted: Mon Apr 10, 2023 2:42 pm Post subject: Disabling script does not revert original value of address. |
 |
|
Hello.
I have encountered some problem - disabling script doesn't revert value of address back to previous, default one (which should be 0):
| Code: |
[ENABLE]
aobscanmodule(INJECT,Script.dll,8A 40 0C C3 CC) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
mov [eax+0C],1
mov al,[eax+0C]
ret
int 3
jmp return
INJECT:
jmp newmem
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 8A 40 0C C3 CC
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: Script.Entity::IsCheatGodEnabled+E
Script.Entity::SortEntites+D9: CC - int 3
Script.Entity::SortEntites+DA: CC - int 3
Script.Entity::SortEntites+DB: CC - int 3
Script.Entity::SortEntites+DC: CC - int 3
Script.Entity::SortEntites+DD: CC - int 3
Script.Entity::SortEntites+DE: CC - int 3
Script.Entity::SortEntites+DF: CC - int 3
Script.Entity::IsCheatGodEnabled: FF 15 E8 1A 1B 1B - call dword ptr [Script.dll+31AE8]
Script.Entity::IsCheatGodEnabled+6: 8B C8 - mov ecx,eax
Script.Entity::IsCheatGodEnabled+8: FF 15 F4 18 1B 1B - call dword ptr [Script.dll+318F4]
// ---------- INJECTING HERE ----------
Script.Entity::IsCheatGodEnabled+E: 8A 40 0C - mov al,[eax+0C]
// ---------- DONE INJECTING ----------
Script.Entity::IsCheatGodEnabled+11: C3 - ret
Script.Entity::IsCheatGodEnabled+12: CC - int 3
Script.Entity::IsCheatGodEnabled+13: CC - int 3
Script.Entity::IsCheatGodEnabled+14: CC - int 3
Script.Entity::IsCheatGodEnabled+15: CC - int 3
Script.Entity::IsCheatGodEnabled+16: CC - int 3
Script.Entity::IsCheatGodEnabled+17: CC - int 3
Script.Entity::IsCheatGodEnabled+18: CC - int 3
Script.Entity::IsCheatGodEnabled+19: CC - int 3
Script.Entity::IsCheatGodEnabled+1A: CC - int 3
}
|
When I enable that script it sets wanted adress value to 1 (value type "Byte") - which is intended.
But when I disable it, it doesn't revert back value to default one which should be 0.
Is there any way to make it actually happen?
Wanted to do the same with different adresses but they don't revert back too. Another example:
| Code: |
[ENABLE]
aobscanmodule(INJECT,Game.dll,D8 4E 20 DE C1) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
mov [esi+20],(float)1500.0
fmul dword ptr [esi+20]
faddp
jmp return
INJECT:
jmp newmem
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db D8 4E 20 DE C1
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: Game.gCCharacterMovement_PS::GetCurrentMaxSpeedOfDir+31C
Game.gCCharacterMovement_PS::GetCurrentMaxSpeedOfDir+2F8: D9 86 60 01 00 00 - fld dword ptr [esi+00000160]
Game.gCCharacterMovement_PS::GetCurrentMaxSpeedOfDir+2FE: D9 5C 24 18 - fstp dword ptr [esp+18]
Game.gCCharacterMovement_PS::GetCurrentMaxSpeedOfDir+302: D9 46 24 - fld dword ptr [esi+24]
Game.gCCharacterMovement_PS::GetCurrentMaxSpeedOfDir+305: D9 5C 24 1C - fstp dword ptr [esp+1C]
Game.gCCharacterMovement_PS::GetCurrentMaxSpeedOfDir+309: D9 44 24 18 - fld dword ptr [esp+18]
Game.gCCharacterMovement_PS::GetCurrentMaxSpeedOfDir+30D: D9 C0 - fld st(0)
Game.gCCharacterMovement_PS::GetCurrentMaxSpeedOfDir+30F: D8 4C 24 10 - fmul dword ptr [esp+10]
Game.gCCharacterMovement_PS::GetCurrentMaxSpeedOfDir+313: D8 4E 28 - fmul dword ptr [esi+28]
Game.gCCharacterMovement_PS::GetCurrentMaxSpeedOfDir+316: D9 C1 - fld st(1)
Game.gCCharacterMovement_PS::GetCurrentMaxSpeedOfDir+318: D8 4C 24 08 - fmul dword ptr [esp+08]
// ---------- INJECTING HERE ----------
Game.gCCharacterMovement_PS::GetCurrentMaxSpeedOfDir+31C: D8 4E 20 - fmul dword ptr [esi+20]
// ---------- DONE INJECTING ----------
Game.gCCharacterMovement_PS::GetCurrentMaxSpeedOfDir+31F: DE C1 - faddp
Game.gCCharacterMovement_PS::GetCurrentMaxSpeedOfDir+321: D9 C1 - fld st(1)
Game.gCCharacterMovement_PS::GetCurrentMaxSpeedOfDir+323: D8 4C 24 0C - fmul dword ptr [esp+0C]
Game.gCCharacterMovement_PS::GetCurrentMaxSpeedOfDir+327: D9 44 24 1C - fld dword ptr [esp+1C]
Game.gCCharacterMovement_PS::GetCurrentMaxSpeedOfDir+32B: D9 C0 - fld st(0)
Game.gCCharacterMovement_PS::GetCurrentMaxSpeedOfDir+32D: DE CA - fmulp st(2),st(0)
Game.gCCharacterMovement_PS::GetCurrentMaxSpeedOfDir+32F: D9 CA - fxch st(2)
Game.gCCharacterMovement_PS::GetCurrentMaxSpeedOfDir+331: DE C1 - faddp
Game.gCCharacterMovement_PS::GetCurrentMaxSpeedOfDir+333: D9 44 24 14 - fld dword ptr [esp+14]
Game.gCCharacterMovement_PS::GetCurrentMaxSpeedOfDir+337: DE CB - fmulp st(3),st(0)
}
|
The reason why I'm asking about that is because I don't want to bother with unreliable (at least made with my poor expierience) pointers - and mentioned "revert to default value" behaviour is part of pseudo-gameplay mechanic idea (boost speed and toggle i-frames for x milisecond after keypress)
...or maybe "myvar+0C" pointer with that script would be actually reliable? So far it points to correct address but I have no idea if it still will in long run:
| Code: |
[ENABLE]
aobscanmodule(INJECT,Script.dll,8A 40 0C C3 CC) // should be unique
alloc(newmem,$1000)
alloc(myvar,4)
registersymbol(myvar)
label(code)
label(return)
newmem:
code:
mov [eax+0C],0
mov [myvar],eax
ret
int 3
jmp return
INJECT:
jmp newmem
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 8A 40 0C C3 CC
unregistersymbol(INJECT)
dealloc(newmem)
|
Thank You for any suggestions. Cheers.
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 140
Joined: 06 Jul 2014
Posts: 4289
|
| Posted: Mon Apr 10, 2023 3:37 pm Post subject: |
|
|
Make a script that just copies the address. Search "injection copy" for more information.
| Code: | [ENABLE]
aobscanmodule(INJECT,Script.dll,8A 40 0C C3 CC)
alloc(newmem,$1000)
alloc(myvar,4)
newmem:
mov [myvar],eax
mov al,[eax+0C]
ret
INJECT:
jmp newmem
registersymbol(INJECT)
registersymbol(myvar)
[DISABLE]
INJECT:
db 8A 40 0C C3 CC
unregistersymbol(*)
dealloc(*)
{
// ORIGINAL CODE - INJECTION POINT: Script.Entity::IsCheatGodEnabled+E
Script.Entity::SortEntites+DD: CC - int 3
Script.Entity::SortEntites+DE: CC - int 3
Script.Entity::SortEntites+DF: CC - int 3
Script.Entity::IsCheatGodEnabled: FF 15 E8 1A 1B 1B - call dword ptr [Script.dll+31AE8]
Script.Entity::IsCheatGodEnabled+6: 8B C8 - mov ecx,eax
Script.Entity::IsCheatGodEnabled+8: FF 15 F4 18 1B 1B - call dword ptr [Script.dll+318F4]
// ---------- INJECTING HERE ----------
Script.Entity::IsCheatGodEnabled+E: 8A 40 0C - mov al,[eax+0C]
// ---------- DONE INJECTING ----------
Script.Entity::IsCheatGodEnabled+11: C3 - ret
Script.Entity::IsCheatGodEnabled+12: CC - int 3
Script.Entity::IsCheatGodEnabled+13: CC - int 3
Script.Entity::IsCheatGodEnabled+14: CC - int 3
} |
(due to the `ret` instruction, a lot of the boilerplate code is unnecessary)
Enable the script. Add a record to the table: pointer, base address "myvar", 1 offset "C", and type "byte". Click and drag that record onto the script. Right click the script and select "Group config -> Hide children when deactivated".
Use the value record to enable / disable the cheat as needed.
You can also right click the value record and experiment with dropdown selection options. e.g. "0:Disabled" / "1:Enabled"
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Last edited by ParkourPenguin on Tue Apr 18, 2023 10:05 am; edited 1 time in total |
|
| Back to top |
|
|
squerol26
How do I cheat?
![]() Reputation: 0
Joined: 15 Apr 2017
Posts: 4
|
| Posted: Tue Apr 18, 2023 3:59 am Post subject: |
|
|
| Thank You.
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 140
Joined: 06 Jul 2014
Posts: 4289
|
| Posted: Tue Apr 18, 2023 10:05 am Post subject: |
|
|
Correction: the memory record should be a pointer. Base address "myvar" and 1 offset "C"
If the memory record was just the address "myvar", that wouldn't make sense since "myvar" holds the address eax.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
squerol26
How do I cheat?
![]() Reputation: 0
Joined: 15 Apr 2017
Posts: 4
|
| Posted: Tue Apr 18, 2023 10:13 am Post subject: |
|
|
| ParkourPenguin wrote: | Correction: the memory record should be a pointer. Base address "myvar" and 1 offset "C"
If the memory record was just the address "myvar", that wouldn't make sense since "myvar" holds the address eax. |
I've already forgot about error or didn't even noticed it in Your reply because I've used Your sugestion as ''memory refresh of what I was doing until I had a long break from using cheat engine'' instead ''copy-paste do everything 1:1''.
It helped, and for some other things I had to compare structures (to separate player from everything else) as additions.
Thanks and cheers.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
