| View previous topic :: View next topic |
| Author |
Message |
RVL63
How do I cheat?
![]() Reputation: 0
Joined: 29 Mar 2025
Posts: 3
|
 Posted: Sat Mar 29, 2025 8:40 am Post subject: Change value movups xmm0,[rbx] into AA script |
 |
|
Hello, I am relatively new to scripting...
Trying to change the value with CTRL-E works perfect and sticks during a session.
Nothing writes to the address.
Opcodes accessing the address is only
7FF60C87E420 - 0F10 03 - movups xmm0,[rbx]
Trying to auto assemble a script whereby I can change the value with hotkeys.
Been reading tutorials and in the forum but can not find the solution.
Any help would be appreciated.
Extra Info:
7FF60C87E415 - 48 8D 9F 98020000 - lea rbx,[rdi+00000298]
7FF60C87E41C - 0F1F 40 00 - nop dword ptr [rax+00]
7FF60C87E420 - 0F10 03 - movups xmm0,[rbx] <<
7FF60C87E423 - 0F29 44 24 30 - movaps [rsp+30],xmm0
7FF60C87E428 - 0F10 4B 10 - movups xmm1,[rbx+10]
RAX=0000018A0B0CEB68
RBX=0000018A009AF978
RCX=00000000FFFFFFFF
RDX=0000000000003189
RSI=000000559700ED60
RDI=0000018A009AF6E0
RBP=0000018A009AFDB0
RSP=000000559700EC70
R8=0000000000000122
R9=00007FF60D0FB650
R10=00007FF60D0FB160
R11=000000559700ED20
R12=0000000000000000
R13=001BDD2B899406F6
R14=000000559700F9D8
R15=0000018B9CF5DC90
RIP=00007FF60C87E423
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 150
Joined: 06 Jul 2014
Posts: 4661
|
| Posted: Sat Mar 29, 2025 11:10 am Post subject: |
|
|
`movups` = "move unaligned packed singles". In this case, the word "packed" means it's moving four floats at once. Of those four, which one is the float you want to modify?
Give the address you're watching and the value of rbx
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
RVL63
How do I cheat?
![]() Reputation: 0
Joined: 29 Mar 2025
Posts: 3
|
| Posted: Sat Mar 29, 2025 11:33 am Post subject: |
|
|
Hello ParkourPenguin,
Thanks for the reply.
25412E15D8C
XMM0:0.00 _ 0.39 _ 0.00 _ 8.00
Modify the fourth (8.00)
| Description: |
|
| Filesize: |
93.14 KB |
| Viewed: |
7372 Time(s) |
|
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 150
Joined: 06 Jul 2014
Posts: 4661
|
| Posted: Sat Mar 29, 2025 11:51 am Post subject: |
|
|
| Code: | aobscan(MyInjectionPoint,...)
alloc(newmem,2048,MyInjectionPoint)
alloc(newValue,4)
label(return)
newmem:
movss xmm0,[newValue]
movss [rbx+C],xmm0
movups xmm0,[rbx]
movaps [rsp+30],xmm0
jmp return
newValue:
dd (float)2
MyInjectionPoint:
jmp newmem
nop 3
return:
registersymbol(MyInjectionPoint)
registersymbol(newValue)
... |
Don't forget dealloc / unregistersymbol in the disable section
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
RVL63
How do I cheat?
![]() Reputation: 0
Joined: 29 Mar 2025
Posts: 3
|
| Posted: Sat Mar 29, 2025 12:01 pm Post subject: |
|
|
Hello ParkourPenguin,
Thanks for the information.
Will try this later this evening and let you know the result.
New with dealloc / unregistersymbol in disbale section but will hopefully figure it out.
Thanks again.
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 150
Joined: 06 Jul 2014
Posts: 4661
|
| Posted: Sat Mar 29, 2025 12:20 pm Post subject: |
|
|
Click "Show disassembler", Tools -> Auto Assemble, Template -> AOB Injection
Put `dealloc(newValue)` / `unregistersymbol(newValue)` with the other dealloc / unregistersymbol under [DISABLE]
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
