Joined: 02 Jan 2012 Posts: 23 Location: Deutschland
Posted: Fri Apr 19, 2024 8:09 am Post subject: Stardew Valley 64Bit - Random address write
It's been a long time since i played Stardew Valley. It was 32 Bit, now it's a 64 Bit game.
My cheat tables aren't working anymore and i tried to create a new one but encountered a problem with the 64 bit values/addresses. (see the screenshot below).
I try to get the address "7FFF1833A7CC" registered but it shows me the real value of the address as "D45DF2FE".
I see that the address points from the current address +D45DF2FE to the destination address "7FFF1833A7CC". But how i store (or get to) "7FFF1833A7CC" now?
I know how to do it if it would be an adress like rax/eax but can't figuring it out how to do it with a RANDOM generated address.
Yes, the addresses changes on every restart.
That's RIP-relative addressing. Take the address of the next instruction and add the signed 32-bit displacement to it to get the accessed address. i.e. `time+7+(LONG)[time+2]`. The `(LONG)` part indicates the value at the address in the square brackets is a signed 32-bit integer.
Do an aobscan to find that instruction. You'll need to make the AoB pattern yourself. Use wildcards, scan all memory (right click near writable/executable/CoW), and make sure there's only one result.
Joined: 02 Jan 2012 Posts: 23 Location: Deutschland
Posted: Sat Apr 20, 2024 1:05 am Post subject:
LoL.
I see the referenced topic is exactly the same where i stuck with.
The dude is cheating Stardew Valley too. ^.^
Thanks for the tip. It's working.
My ASM Code for this is:
[ENABLE]
aobscan(time,83 05 ?? ?? ?? ?? 0A 8B 0D)
registersymbol(time)
[DISABLE]
unregistersymbol(time)
And i added an address with "time+7+(LONG)[time+2]" to get to the time.
To manipulate the tick of the time (that is 10 minutes) i added another address with "time+6" in byte.
To manipulate the tick of the time (that is 10 minutes) i added another address with "time+6" in byte.
The `add` instruction sign-extends immediate values. i.e. that byte value is signed- click "Signed"
(this is only important if the user tries a value above 127)
Also, that byte is in the AoB signature. You should replace it with wildcards, or change it back to 0A in the [DISABLE] section and forbid the user from modifying it while the script is disabled (unregistering the symbol works) _________________
I don't know where I'm going, but I'll figure it out when I get there.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum