Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Unexpected Behaviour when Combining Scripts that Work Apart

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
satandidnowrong
Newbie cheater
Reputation: 0

Joined: 02 Mar 2024
Posts: 11
PostPosted: Wed Mar 06, 2024 9:21 pm    Post subject: Unexpected Behaviour when Combining Scripts that Work Apart Reply with quote
For four iterations of this same script with different aobs much farther a part than a five byte jmp (no overlapping aobs), running the same newmem individually from their own aobs, when put together, function for some times one attribute spend, and most of the time immediately crashes. Following, at the end, is the combined script that afa my knowledge goes, should work. What silliness am i missing? Why do they work independent and not together?

Many loves. Thanks for being here.

Code:

[ENABLE]

aobscanmodule(statPointCostStrAOB,xxx,6A FF 6A 04 56 E8 96)
alloc(newmem,$1000)

newmem:
  push 01
code:
//  push -01
  push 04
  push esi
  jmp return

statPointCostStrAOB:
  jmp newmem
return:
registersymbol(statPointCostStrAOB)

[DISABLE]

statPointCostStrAOB:
  db 6A FF 6A 04 56

unregistersymbol(statPointCostStrAOB)
dealloc(newmem)


Code:

[ENABLE]

aobscanmodule(statPointCostStrAOB,xxx,6A FF 6A 04 56 E8 96)
aobscanmodule(statPointCostNrgAOB,xxx,6A FF 6A 04 56 E8 30)
aobscanmodule(statPointCostDexAOB,xxx,6A FF 6A 04 56 E8 EA)
aobscanmodule(statPointCostVitAOB,xxx,6A FF 6A 04 56 E8 83)

alloc(newmem,$1000)

newmem:
  push 01
code:
//  push -01
  push 04
  push esi
  jmp return

statPointCostStrAOB:
  jmp newmem
statPointCostNrgAOB:
  jmp newmem
statPointCostDexAOB:
  jmp newmem
statPointCostVitAOB:
  jmp newmem
return:
registersymbol(statPointCostStrAOB)
registersymbol(statPointCostNrgAOB)
registersymbol(statPointCostDexAOB)
registersymbol(statPointCostVitAOB)

[DISABLE]

statPointCostStrAOB:
  db 6A FF 6A 04 56

statPointCostNrgAOB:
  db 6A FF 6A 04 56

statPointCostDexAOB:
  db 6A FF 6A 04 56

statPointCostVitAOB:
  db 6A FF 6A 04 56

unregistersymbol(*)
dealloc(*)


I am NOT talking about d3 >:{

I just noticed the disable bytes are same for all of them. This is not a mis take though I am going to investigate brb.
I just double checked the aobs and they are different and I knew the aobs and enable/disable were functioning as expected (in their placement and deplacement). This is the first thing I check when I write a script.
_________________
Proudly at opencheattables
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 140

Joined: 06 Jul 2014
Posts: 4309
PostPosted: Thu Mar 07, 2024 1:37 am    Post subject: Reply with quote
Each injection point needs its own return label, and because the code injection modifies the stack in an unbalanced way, you can't just call the code injection and `ret` to return. In general, each code injection would need its own memory.
Code:
newmem:
injectStr:
  push 01
  push 04
  push esi
  jmp returnStr
injectNrg:
  push 01
  push 04
  push esi
  jmp returnNrg
...

statPointCostStrAOB:
  jmp newmem
returnStr:

statPointCostNrgAOB:
  jmp newmem
returnNrg:
...
(technically you could call it and do bad things to the stack to get the `ret` instruction to work, but that's troublesome)

In this specific case, there's an easier way of doing this. It seems like you're simply changing `push -1` to `push 1`. There's no need to inject any code: just change the value being pushed at the injection point itself.
Code:
[ENABLE]
aobscanmodule(statPointCostStrAOB,xxx,6A FF 6A 04 56 E8 96)
aobscanmodule(statPointCostNrgAOB,xxx,6A FF 6A 04 56 E8 30)
aobscanmodule(statPointCostDexAOB,xxx,6A FF 6A 04 56 E8 EA)
aobscanmodule(statPointCostVitAOB,xxx,6A FF 6A 04 56 E8 83)

// changes `push -1` (6A FF) to `push 1` (6A 01)
statPointCostStrAOB+1:
  db 01
statPointCostNrgAOB+1:
  db 01
statPointCostDexAOB+1:
  db 01
statPointCostVitAOB+1:
  db 01

registersymbol(statPointCostStrAOB)
registersymbol(statPointCostNrgAOB)
registersymbol(statPointCostDexAOB)
registersymbol(statPointCostVitAOB)

[DISABLE]

statPointCostStrAOB+1:
  db FF
statPointCostNrgAOB+1:
  db FF
statPointCostDexAOB+1:
  db FF
statPointCostVitAOB+1:
  db FF

unregistersymbol(*)

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
satandidnowrong
Newbie cheater
Reputation: 0

Joined: 02 Mar 2024
Posts: 11
PostPosted: Thu Mar 07, 2024 11:02 am    Post subject: Reply with quote
The intent is to allow the user to set their options, if they want 0 or -1
The symbol has been taken out for simplicity and readability and curt.
Your simplified code functions well, thank you, and a symbol can easily be added for superfluous customization.

I want to under stand -why- my code did not work.
I recall sending multiple aobs to the same function before. It is just like any other function. When they return, they go to where they came from.
The stack is handled by the rest of the code as I do not skip any function, only overwrite value.
The code i provided makes logical sense to me and to be better I need to know how it is wrong lest I place my foot into the same pit fall.

Thank you for your response, if this is the end know I am grateful and will apply this practice and be better and more knowledgeable.
The code is very simple and as I am writing it I am grateful again for it. It is pretty.
_________________
Proudly at opencheattables
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 140

Joined: 06 Jul 2014
Posts: 4309
PostPosted: Thu Mar 07, 2024 12:17 pm    Post subject: Reply with quote
satandidnowrong wrote:
When they return, they go to where they came from.
They don't.
satandidnowrong wrote:
Code:
newmem:
  ...
  jmp return

statPointCostStrAOB:
  jmp newmem
statPointCostNrgAOB:
  jmp newmem
statPointCostDexAOB:
  jmp newmem
statPointCostVitAOB:
  jmp newmem
return:
In this code, the `return` label is defined as the address 5 bytes after the address `statPointCostVitAOB` (5 bytes after because the `jmp` instruction takes up 5 bytes). The instruction `jmp return` always jumps to this address. The other 3 injection points, statPointCostStrAOB / statPointCostNrgAOB / statPointCostDexAOB, will jump to the same address. Those three injections will never return to where they came from.

In other words, `jmp return` just jumps to a single address- `return`. It can't magically jump to other addresses. If you want to jump to other addresses, you'll need explicit labels for each of them. e.g. in my code, these are returnStr, returnNrg, etc.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites