 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Alamer99
Expert Cheater
![]() Reputation: 1
Joined: 04 Jan 2015
Posts: 136
|
 Posted: Sun Mar 15, 2015 5:45 pm Post subject: Skyrim Crashing After I Enable AA Script |
 |
|
So I Made This Script ( Skyrim Legendary Edition 1.9.32.0.8 )
| Code: | [ENABLE]
alloc(Cheats,2048)
label(GodMode)
label(ChtGM)
label(ShoutHack)
label(ChtShout)
label(iGodMode)
label(iShout)
label(Player)
label(Health)
label(Magicka)
label(Stamina)
label(OrgCodeGM)
label(OrgCodeShout)
registersymbol(GodMode)
registersymbol(ChtGM)
registersymbol(ShoutHack)
registersymbol(ChtShout)
registersymbol(iGodMode)
registersymbol(iShout)
registersymbol(Player)
registersymbol(Health)
registersymbol(Magicka)
registersymbol(Stamina)
registersymbol(OrgCodeGM)
registersymbol(OrgCodeShout)
aobscan(aobGodMode,89 11 D9 40 08 D8 64 24 10 57 8B CE)
aobscan(aobShout,CC 8B 41 08 85 C0 74 07 8B 4C 24 04 89 48 10 C2 04 00)
aobGodMode:
GodMode:
jmp ChtGM
aobShout+C:
ShoutHack:
jmp ChtShout
Cheats:
iGodMode:
db 00
db 00
db 00
db 00
iShout:
db 00
ChtGM:
cmp [esi+4],0 //compare if player
je Player //jmp
cmp [iGodMode+3],1 //1 hit ko
jne OrgCodeGM
mov edx,(float)-100 //-100% will insta kill anyone
jmp OrgCodeGM //continue to original code
Player:
cmp edi,18 //hp
je Health
cmp edi,19 //magicka
je Magicka
cmp edi,1A //stamina
je Stamina
jmp OrgCodeGM //else do originalcode
Health:
cmp byte ptr [iGodMode],1 //enabled?
jne OrgCodeGM
mov edx,0
Magicka:
cmp byte ptr [iGodMode+1],1 //enabled?
jne OrgCodeGM
mov edx,0
Stamina:
cmp byte ptr [iGodMode+2],1 //enabled?
jne OrgCodeGM
mov edx,0
OrgCodeGM:
mov [ecx],edx
fld dword ptr [eax+08]
ChtShout:
cmp [iShout],1 //enabled?
jne OrgCodeShout
mov ecx,0 //0 = charged
jmp OrgCodeShout //continue
OrgCodeShout:
mov [eax+10],ecx
ret 0004
[DISABLE]
GodMode:
db 89 11 D9 40 08 D8 64 24 10 57 8B CE //disabled
ShoutHack:
db 89 48 10 C2 04 00 //disabled
unregistersymbol(GodMode)
unregistersymbol(ChtGM)
unregistersymbol(ShoutHack)
unregistersymbol(ChtShout)
unregistersymbol(iGodMode)
unregistersymbol(iShout)
unregistersymbol(Player)
unregistersymbol(Health)
unregistersymbol(Magicka)
unregistersymbol(Stamina)
unregistersymbol(OrgCodeGM)
unregistersymbol(OrgCodeShout) |
But For Some Reason The Game Crashes Just After I Enable The Script Any Help Would Be Appreciated ? 
|
|
| Back to top |
|
 |
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sun Mar 15, 2015 5:54 pm Post subject: |
|
|
For starters, all of these are missing jumps/returns:
| Code: | Health:
cmp byte ptr [iGodMode],1 //enabled?
jne OrgCodeGM
mov edx,0
Magicka:
cmp byte ptr [iGodMode+1],1 //enabled?
jne OrgCodeGM
mov edx,0
Stamina:
cmp byte ptr [iGodMode+2],1 //enabled?
jne OrgCodeGM
mov edx,0
OrgCodeGM:
mov [ecx],edx
fld dword ptr [eax+08] |
|
|
| Back to top |
|
|
hhhuut
Grandmaster Cheater
 Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Sun Mar 15, 2015 6:18 pm Post subject: |
|
|
Secondly, after jumping to the "OrgCodeGM" label ...
| Code: | OrgCodeGM:
mov [ecx],edx
fld dword ptr [eax+08]
ChtShout:
cmp [iShout],1 //enabled?
jne OrgCodeShout
mov ecx,0 //0 = charged
jmp OrgCodeShout //continue
OrgCodeShout:
mov [eax+10],ecx
ret 0004 |
... every instruction after it will also be executed, including the return, which pops 6 bytes from the stack where no byte should have been poped at all ...
|
|
| Back to top |
|
|
Alamer99
Expert Cheater
![]() Reputation: 1
Joined: 04 Jan 2015
Posts: 136
|
| Posted: Mon Mar 16, 2015 10:16 am Post subject: |
|
|
@++METHOS
what do you mean by missing jumps/returns? because they are being jumped to from the "Player" instruction
| Code: | Player:
cmp edi,18 //hp
je Health //<<- Jumping To Health Function Right ?
cmp edi,19 //magicka
je Magicka
cmp edi,1A //stamina
je Stamina
jmp OrgCodeGM //else do originalcode |
and also i add a jump to OrgCodeGM for all Health/Magicka/Stamina
| Code: | Health:
cmp byte ptr [iGodMode],1 //enabled?
jne OrgCodeGM
mov edx,0
jmp OrgCodeGM |
@hhhuut
i did not know that  ok so i created a simple instruction "Nothing" to skip other instructions
| Code: | OrgCodeGM:
mov [ecx],edx
fld dword ptr [eax+08]
jmp Nothing
ChtShout:
cmp [iShout],1 //enabled?
jne OrgCodeShout
mov ecx,0 //0 = charged
jmp OrgCodeShout //continue
OrgCodeShout:
mov [eax+10],ecx
ret 0004
jmp Nothing
Nothing:
|
--------------------------
Yet Still The Game is Crashing as i enable The AA
oh, by the way
i made a single script for god mode and the game did not crash same for the shout hack if i made them single scripts
God Mode AA Script
| Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
label(player)
label(hackhp)
label(hackmg)
label(hackst)
label(iGodMode)
registersymbol(iGodMode)
newmem:
iGodMode:
dd 00
dd 00
cmp [esi+4],0
je player
cmp byte ptr [iGodMode+3],1
jne originalcode
mov edx,(float)-1000000
jmp originalcode
player:
cmp edi,18 //health
je hackhp
cmp edi,19 //magicka
je hackmg
cmp edi,1A //stamina
je hackst
jmp originalcode
hackhp:
cmp byte ptr [iGodMode],1
jne originalcode
mov edx,0 //infinite
hackmg:
cmp byte ptr [iGodMode+1],1
jne originalcode
mov edx,0 //infinite
hackst:
cmp byte ptr [iGodMode+2],1
jne originalcode
mov edx,0 //infinite
originalcode:
mov [ecx],edx
fld dword ptr [eax+08]
exit:
jmp returnhere
"TESV.exe"+2E061E:
jmp newmem
returnhere:
[DISABLE]
dealloc(newmem)
"TESV.exe"+2E061E:
mov [ecx],edx
fld dword ptr [eax+08]
//Alt: db 89 11 D9 40 08 |
Activated The Script And Cheats Worked Without Any Game Crash
And For Shout Also Without Crash
| Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem:
mov ecx,0
originalcode:
mov [eax+10],ecx
ret 0004
exit:
jmp returnhere
"TESV.exe"+2FCC2B:
jmp newmem
nop
returnhere:
[DISABLE]
"TESV.exe"+2FCC2B:
mov [eax+10],ecx
ret 0004
//Alt: db 89 48 10 C2 04 00 |
its Like Once i Merge 2 AA Codes in 1 Script The Game Crashes ?
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Mon Mar 16, 2015 11:12 am Post subject: |
|
|
| Alamer99 wrote: | @++METHOS
what do you mean by missing jumps/returns? because they are being jumped to from the "Player" instruction
|
-They are being 'jumped to', but what code do you instruct the target to run after it arrives at those locations? Look at my post. Without proper jumps/returns following each one of those code entries the code below each entry will be executed. This presents a major problem, especially for your OrgCodeGM entry:
| Code: | OrgCodeGM:
mov [ecx],edx
fld dword ptr [eax+08]
//without a jump/return here, the ChtShout code will also be executed
ChtShout:
cmp [iShout],1 //enabled?
jne OrgCodeShout
mov ecx,0 //0 = charged
jmp OrgCodeShout //continue |
|
|
| Back to top |
|
|
Alamer99
Expert Cheater
![]() Reputation: 1
Joined: 04 Jan 2015
Posts: 136
|
| Posted: Mon Mar 16, 2015 2:21 pm Post subject: |
|
|
@++METHOS
ok got the idea so i made this
| Code: | OrgCodeGM:
mov [ecx],edx
fld dword ptr [eax+08]
jmp Nothing //now it goes to Nothing So The Instructions Down Dont Get Executed
ChtShout:
//codes
SomeOther:
//codes
Nothing: //at the end of the script just before [disable]
|
yet again the game still crashing
|
|
| Back to top |
|
|
hhhuut
Grandmaster Cheater
Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Mon Mar 16, 2015 2:54 pm Post subject: |
|
|
| Code: | [ENABLE]
alloc(Cheats,2048)
label(GodMode)
label(ChtGM)
label(ShoutHack)
label(ChtShout)
label(iGodMode)
label(iShout)
label(Player)
label(Health)
label(Magicka)
label(Stamina)
label(OrgCodeGM)
label(OrgCodeShout)
registersymbol(GodMode)
registersymbol(ShoutHack)
registersymbol(iGodMode)
registersymbol(iShout)
aobscan(aobGodMode,89 11 D9 40 08 D8 64 24 10 57 8B CE)
aobscan(aobShout,CC 8B 41 08 85 C0 74 07 8B 4C 24 04 89 48 10 C2 04 00)
aobGodMode:
GodMode:
jmp ChtGM
aobShout+C:
ShoutHack:
jmp ChtShout
Cheats:
iGodMode:
db 00 00 00 00
iShout:
db 00
ChtGM:
cmp [esi+4],0 //compare if player
je Player //jmp
cmp [iGodMode+3],1 //1 hit ko
jne OrgCodeGM
mov edx,(float)-100 //-100% will insta kill anyone
jmp OrgCodeGM //continue to original code
Player:
cmp edi,18 //hp
je Health
cmp edi,19 //magicka
je Magicka
cmp edi,1A //stamina
je Stamina
jmp OrgCodeGM //else do originalcode
Health:
cmp byte ptr [iGodMode],1 //enabled?
jne OrgCodeGM
mov edx,0
jmp OrgCodeGM
Magicka:
cmp byte ptr [iGodMode+1],1 //enabled?
jne OrgCodeGM
mov edx,0
jmp OrgCodeGM
Stamina:
cmp byte ptr [iGodMode+2],1 //enabled?
jne OrgCodeGM
mov edx,0
OrgCodeGM:
mov [ecx],edx
fld dword ptr [eax+08]
jmp exit
ChtShout:
cmp [iShout],1 //enabled?
jne OrgCodeShout
mov ecx,0 //0 = charged
OrgCodeShout:
mov [eax+10],ecx
ret 0004
exit:
[DISABLE]
GodMode:
db 89 11 D9 40 08 D8 64 24 10 57 8B CE //disabled
ShoutHack:
db 89 48 10 C2 04 00 //disabled
unregistersymbol(GodMode)
unregistersymbol(ShoutHack)
unregistersymbol(iGodMode)
unregistersymbol(iShout) |
I just corrected the script a bit, i.e. you don't need to register every label as a symbol. If it's just a jump-mark, then it's sufficient to declare it as a label ...
I didn't explicitly tested the script with skyrim (just corrected it from my cell phone), but more or less it should work without crashing the game ...
But if you're not sure about it, you can also use the two different scripts you got to work ...
|
|
| Back to top |
|
|
Alamer99
Expert Cheater
![]() Reputation: 1
Joined: 04 Jan 2015
Posts: 136
|
| Posted: Mon Mar 16, 2015 4:02 pm Post subject: |
|
|
@hhhuut
Still Crash
But I Got Some Good News, I Finally Know The Reason Causing The Game To Crash Which is Very Very Weird Its in The Shout Hack
When I Make This Script To Hack The Shout Recharge Timer The Game Doesn't Crash And Just Works As It Should Be Hacked
| Code: | [ENABLE]
alloc(ChtShout,2048)
label(ShoutHack)
registersymbol(ShoutHack)
label(OrgCodeShout)
label(Nothing)
ChtShout:
mov ecx,0
OrgCodeShout:
mov [eax+10],ecx
ret 0004
jmp Nothing
aobscan(aobShout,CC 8B 41 08 85 C0 74 07 8B 4C 24 04 89 48 10 C2 04 00)
aobShout+C:
ShoutHack:
jmp ChtShout
nop
Nothing:
[DISABLE]
ShoutHack:
mov [eax+10],ecx
ret 0004
dealloc(ChtShout)
unregistersymbol(ShoutHack) |
But Surprisingly When I Put a Byte To Compare, The Game Crashes Like This
| Code: | [ENABLE]
alloc(ChtShout,2048)
label(ShoutHack)
registersymbol(ShoutHack)
label(OrgCodeShout)
label(Nothing)
label(iShout) //To Compare If The Hack Is Enabled
registersymbol(iShout)
ChtShout:
iShout:
db 00 //Initiate
cmp byte ptr [iShout],1 //Compare
jne OrgCodeShout
mov ecx,0
jmp OrgCodeShout
OrgCodeShout:
mov [eax+10],ecx
ret 0004
jmp Nothing
aobscan(aobShout,CC 8B 41 08 85 C0 74 07 8B 4C 24 04 89 48 10 C2 04 00)
aobShout+C:
ShoutHack:
jmp ChtShout
nop
Nothing:
[DISABLE]
ShoutHack:
mov [eax+10],ecx
ret 0004
dealloc(ChtShout)
unregistersymbol(ShoutHack)
unregistersymbol(iShout) |
So Thats Weird[/b]
|
|
| Back to top |
|
|
hhhuut
Grandmaster Cheater
Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Mon Mar 16, 2015 4:27 pm Post subject: |
|
|
No it isn't:
When initializing the "iShout" compare memory inside the "chtShout" label, it'll also be executed, which means it'll not only serve as a compare (0 or 1) but CE will write the code "00 00" into the changed memory routine and your processor will also interpret that bytes, so in the end you have a completely different instruction than you originally intended to ...
Btw: putting the aobscan-funtion after the to execute code is no good programming style:
| Code: | [ENABLE]
alloc(ChtShout,2048)
label(ShoutHack)
registersymbol(ShoutHack)
label(OrgCodeShout)
label(Nothing)
label(iShout) //To Compare If The Hack Is Enabled
registersymbol(iShout)
aobscan(aobShout,CC 8B 41 08 85 C0 74 07 8B 4C 24 04 89 48 10 C2 04 00)
ChtShout:
cmp byte ptr [iShout],1 //Compare
jne OrgCodeShout
mov ecx,0
//jmp OrgCodeShout <-- don't need this one because the following label will automatically be executed
OrgCodeShout:
mov [eax+10],ecx
ret 0004
jmp Nothing
//Here it won't be executed!
iShout:
db 00 //Initiate
aobShout+C:
ShoutHack:
jmp ChtShout
nop
Nothing:
[DISABLE]
ShoutHack:
mov [eax+10],ecx
ret 0004
dealloc(ChtShout)
unregistersymbol(ShoutHack)
unregistersymbol(iShout) |
Oh, and of course my previous script crashes (but you made the same mistake in your posted script, so I oversaw it  ):
| Code: | mov [eax+10],ecx
ret 0004 |
These two instructions are 6 bytes long. A (near) jump is only five long, so in the original code there's missing the "nop" for the 6th byte, which causes the processor to misinterpret the following instructions
Adding this "nop" will fix the issue (at least with the shout-label. I don't know if the GM-label also needs a nop).
| Code: | ...
aobscan(aobGodMode,89 11 D9 40 08 D8 64 24 10 57 8B CE)
aobscan(aobShout,CC 8B 41 08 85 C0 74 07 8B 4C 24 04 89 48 10 C2 04 00)
aobGodMode:
GodMode:
jmp ChtGM
aobShout+C:
ShoutHack:
jmp ChtShout
nop //<-- That one's the important (missing) part!
Cheats:
... |
EDIT: Your GM-instructions seem to be exactly five bytes long (two for the "mov" and three for the "fld"), so you don't need a nop there ...
|
|
| Back to top |
|
|
Alamer99
Expert Cheater
![]() Reputation: 1
Joined: 04 Jan 2015
Posts: 136
|
| Posted: Mon Mar 16, 2015 7:13 pm Post subject: |
|
|
Thank You Man  Worked Like A Charm All Cheats Are Now Working
Anyways I Have An 2 Optional Questions If You Don't Want To Answer Them It's Ok Im Just Curious To Know
Q1\ I Created This Script Yesterday Look At It (The Rest Of The Script is The Same As The New Script Removed It Just To Save Space )
| Code: | ChtGM:
iGodMode:
db 00 00 00 00
cmp [esi+4],0
je Player
cmp byte ptr [iGodMode+3],1
jne OrgCodeGM
mov edx,(float)-100000
jmp OrgCodeGM
aobscan(aobGM,89 11 D9 40 08)
aobGM:
GodModeHack:
jmp ChtGM |
i used this script and it worked without causing the game to crash even though that | Code: | iGodMode:
db 00 00 00 00 |
Is Getting Executed So Why Here the Game Didn't Crash While In the Shout Script The Game Crashed
Q2\I Tried To Merge The Working God Mode And Shout Hack Into 1 Script So It Looked Like This
| Code: | [ENABLE]
alloc(ChtGM,2048)
label(GodModeHack)
registersymbol(GodModeHack)
label(Nothing)
label(OrgCodeGM)
label(Player)
label(Health)
label(Magicka)
label(Stamina)
label(iGodMode)
registersymbol(iGodMode)
alloc(ChtShout,2048)
label(ShoutHack)
registersymbol(ShoutHack)
label(OrgCodeShout)
label(iShout)
registersymbol(iShout)
aobscan(aobGM,89 11 D9 40 08)
aobscan(aobShout,CC 8B 41 08 85 C0 74 07 8B 4C 24 04 89 48 10 C2 04 00)
ChtGM:
cmp [esi+4],0
je Player
cmp byte ptr [iGodMode+3],1
jne OrgCodeGM
mov edx,(float)-100000
jmp OrgCodeGM
iGodMode:
db 00 00 00 00
iShout:
db 00
Player:
cmp edi,18
je Health
cmp edi,19
je Magicka
cmp edi,1A
je Stamina
jmp OrgCodeGM
Health:
cmp byte ptr [iGodMode],1
jne OrgCodeGM
mov edx,0
jmp OrgCodeGM
Magicka:
cmp byte ptr [iGodMode+1],1
jne OrgCodeGM
mov edx,0
jmp OrgCodeGM
Stamina:
cmp byte ptr [iGodMode+2],1
jne OrgCodeGM
mov edx,0
jmp OrgCodeGM
OrgCodeGM:
mov [ecx],edx
fld dword ptr [eax+08]
jmp Nothing
ChtShout:
cmp byte ptr [iShout],1
jne OrgCodeShout
mov ecx,0
jmp OrgCodeShout
OrgCodeShout:
mov [eax+10],ecx
ret 0004
jmp Nothing
aobGM:
GodModeHack:
jmp ChtGM
aobShout+C:
ShoutHack:
jmp ChtShout
nop
Nothing:
[DISABLE]
GodModeHack:
mov [ecx],edx
fld dword ptr [eax+08]
ShoutHack:
mov [eax+10],ecx
ret 0004
dealloc(ChtGM)
dealloc(ChtShout)
unregistersymbol(GodModeHack)
unregistersymbol(iGodMode)
unregistersymbol(ShoutHack)
unregistersymbol(iShout) |
The Same Thing Is Game Crashed  So Do You Got Any Idea
But Anyways as I Said These Questions Are Optional If You Dont Want To Answer Its OK You Helped Me Alot Thanks Man
Last edited by Alamer99 on Tue Mar 17, 2015 7:01 am; edited 1 time in total |
|
| Back to top |
|
|
hhhuut
Grandmaster Cheater
Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Tue Mar 17, 2015 5:30 am Post subject: |
|
|
Q1: The bytes "00 00" code for the instruction "add eax, [al]" which doesn't change anything if executed that way, BUT if you put the bytes after another instruction it's possible you change that instruction to a completely different one which you didn't want to create at all. And of course if an undesired instruction is executed it's possible to crash the game
Q2: I'll perhaps be able to test your script myself this evening
But you can always control if everything has been injected as you wrote it by following the injection jump (Goto the address you have injected the code in the disassembler view, right click -> Follow). Compare the instructions with the ones you've written in the script. That way it's easy to find mistakes...
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
