 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Noobrzor
Advanced Cheater
![]() Reputation: 0
Joined: 19 May 2014
Posts: 74
|
 Posted: Sat Feb 27, 2016 1:54 pm Post subject: Code pattern I used often won't work for some reason |
 |
|
Greetings
Here's the code I started out with:
| Code: | [ENABLE]
aobscanmodule(canBoostJump,prototypeenginef.dll,8B 44 24 24 89 44 3A 08)
alloc(newmem,$1000)
label(code)
label(return)
newmem:
cmp [esp+18],prototypeenginef.GImage::GImage+1BD57
jne code
cmp [esp+1C],prototypeenginef.GImage::GImage+1D546
jne code
cmp [esp+2C],prototypeenginef.GImage::GImage+7DBE11
jne code
cmp [esp+48],prototypeenginef.GImage::GImage+782ACC
jne code
cmp [esp+58],prototypeenginef.GImage::GImage+DE74A
jne code
mov [esp+24],#0 //jump boosts used = 0
jmp code
code:
mov eax,[esp+24]
mov [edx+edi+08],eax
cmp byte ptr [esp+28],00
jmp return
canBoostJump:
jmp newmem
nop
nop
nop
return:
registersymbol(canBoostJump)
[DISABLE]
canBoostJump:
db 8B 44 24 24 89 44 3A 08
unregistersymbol(canBoostJump)
dealloc(newmem) |
and here is what's happening:
//scroll down to my second post//
Everything seems to check out, when I // all the cmp's the script works perfectly. Trouble is it affects several addresses at the same time, and I'm trying to limit it to only the one I want. I had used that cmp method in countless other games, and for some reason I can't compare now properly.
I activate the script and find what accesses the 'code' part'. The address I want has the upposted Stack View. So it should have been compared properly, i.e. not jumped because esp+18 and the rest was equal to the posted (don't look at the esp+24 in the picture, it's wrong. I meant all the relevant esp+18/1c/2c/48/58 are just as posted). But it jumped any way. Why the heck?
Cheers and thanks for your time.
Last edited by Noobrzor on Sat Feb 27, 2016 3:27 pm; edited 3 times in total |
|
| Back to top |
|
 |
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sat Feb 27, 2016 2:07 pm Post subject: |
|
|
Create a segment of code for ONLY your filtered address, and set a breakpoint on it (or, right-click to see what addresses are being accessed):
| Code: | newmem:
//code for filter
je filter
jmp originalcode
filter:
mov eax,[esp+24] //////////////set breakpoint here
mov [edx+edi+08],eax
cmp byte ptr [esp+28],00
jmp return
originalcode:
mov eax,[esp+24]
mov [edx+edi+08],eax
cmp byte ptr [esp+28],00
jmp return |
Fine-tune your filter(s) as needed.
|
|
| Back to top |
|
|
Noobrzor
Advanced Cheater
![]() Reputation: 0
Joined: 19 May 2014
Posts: 74
|
| Posted: Sat Feb 27, 2016 3:25 pm Post subject: |
|
|
I don't think your advice is any help. I had done the originalcode and hack separations before, as well as additional filters, but that's not the problem here. With how the code is the end result is the same, afaik.
Here's what I did and I think it illustrates what's happening completely:
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sat Feb 27, 2016 8:59 pm Post subject: |
|
|
| Noobrzor wrote: | | I don't think your advice is any help. |
-Awesome. Good luck then.
|
|
| Back to top |
|
|
Noobrzor
Advanced Cheater
![]() Reputation: 0
Joined: 19 May 2014
Posts: 74
|
| Posted: Sun Feb 28, 2016 5:54 am Post subject: |
|
|
| ++METHOS wrote: | | Noobrzor wrote: | | I don't think your advice is any help. |
-Awesome. Good luck then. |
I do not know if you're being sarcastic or not.
The picutre I posted shows exactly the code you recommended and it not working despite that.
Or am I misunderstanding something?
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sun Feb 28, 2016 8:24 am Post subject: |
|
|
he meant to use such script:
| Code: | [ENABLE]
aobscanmodule(canBoostJump,prototypeenginef.dll,8B 44 24 24 89 44 3A 08)
alloc(newmem,$1000)
label(code)
label(return)
newmem:
cmp [esp+18],prototypeenginef.GImage::GImage+1BD57
jne code
cmp [esp+1C],prototypeenginef.GImage::GImage+1D546
jne code
cmp [esp+2C],prototypeenginef.GImage::GImage+7DBE11
jne code
cmp [esp+48],prototypeenginef.GImage::GImage+782ACC
jne code
cmp [esp+58],prototypeenginef.GImage::GImage+DE74A
jne code
mov [esp+24],#0 // <======= do breakpoint at this line
mov eax,[esp+24]
mov [edx+edi+08],eax
cmp byte ptr [esp+28],00
jmp return
code:
mov eax,[esp+24]
mov [edx+edi+08],eax
cmp byte ptr [esp+28],00
jmp return
canBoostJump:
jmp newmem
nop
nop
nop
return:
registersymbol(canBoostJump)
[DISABLE]
canBoostJump:
db 8B 44 24 24 89 44 3A 08
unregistersymbol(canBoostJump)
dealloc(newmem) |
Inject above code, look for it in memory browser (follow jmp instruction at injection point), do a "find out what addresses this instruction accesses" on this line
mov [esp+24],#0
If it doesn't hit anything, then your filtering is broken.
You have to build your filter the other way:
First inject this script and do "find out what addresses this instruction accesses" on lea line
You will need addressOfBoostJumpFlag, change it in the script.
| Code: | [ENABLE]
aobscanmodule(canBoostJump,prototypeenginef.dll,8B 44 24 24 89 44 3A 08)
alloc(newmem,$1000)
label(code)
label(return)
newmem:
lea eax,[edx+edi+08]
cmp eax,addressOfBoostJumpFlag
jne code
mov eax,[esp+18]
lea eax,[eax] // <===== HERE, THIS LINE
code:
mov eax,[esp+24]
mov [edx+edi+08],eax
cmp byte ptr [esp+28],00
jmp return
canBoostJump:
jmp newmem
nop
nop
nop
return:
registersymbol(canBoostJump)
[DISABLE]
canBoostJump:
db 8B 44 24 24 89 44 3A 08
unregistersymbol(canBoostJump)
dealloc(newmem) |
You will get one or more results, use the one with top most hits as a first filtering value
Then do this script to get second filtering value:
| Code: | [ENABLE]
aobscanmodule(canBoostJump,prototypeenginef.dll,8B 44 24 24 89 44 3A 08)
alloc(newmem,$1000)
label(code)
label(return)
newmem:
lea eax,[edx+edi+08]
cmp eax,addressOfBoostJumpFlag
jne code
cmp [esp+18],firstFilteringValue
jne code
mov eax,[esp+1C]
lea eax,[eax] // <===== HERE, THIS LINE
code:
mov eax,[esp+24]
mov [edx+edi+08],eax
cmp byte ptr [esp+28],00
jmp return
canBoostJump:
jmp newmem
nop
nop
nop
return:
registersymbol(canBoostJump)
[DISABLE]
canBoostJump:
db 8B 44 24 24 89 44 3A 08
unregistersymbol(canBoostJump)
dealloc(newmem) |
And so on.
_________________
Last edited by mgr.inz.Player on Sun Feb 28, 2016 8:40 am; edited 2 times in total |
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sun Feb 28, 2016 8:38 am Post subject: |
|
|
| Noobrzor wrote: | | ++METHOS wrote: | | Noobrzor wrote: | | I don't think your advice is any help. |
-Awesome. Good luck then. |
I do not know if you're being sarcastic or not. |
-Nope. But I'm sure someone else will help you.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
