 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
SMagic
How do I cheat?
![]() Reputation: 0
Joined: 03 Jan 2009
Posts: 6
|
 Posted: Mon Aug 01, 2016 6:43 pm Post subject: Help Access Violation Auto Assemble script |
 |
|
I tried to get addresses from registers in step 4 of Tutorial. When I wrote aobscanmodule in two different scripts, they worked fine. Now I tried to combine them into one. It has the error "Access Violation" for every time I click "Hit me (float)". There is no error if I click "Fire (Double)".
I need to help to figure out what wrongs in my script.
| Code: | [ENABLE]
aobscanmodule(Float,Tutorial-i386.exe,D9 9E 94 04 00 00) // should be unique
aobscanmodule(Double,Tutorial-i386.exe,DD 9B 98 04 00 00)
alloc(newmem,$1000)
globalalloc(p_float,4)
globalalloc(p_double,8)
label(isFloat)
label(isDouble)
label(return)
newmem:
isFloat:
mov [p_float],esi
fstp dword ptr [esi+00000494]
jmp return
isDouble:
mov [p_double],ebx
fstp qword ptr [ebx+00000498]
jmp return
Float:
jmp isFloat
nop
Double:
jmp isDouble
nop
return:
registersymbol(Float)
registersymbol(Double)
[DISABLE]
Float:
db D9 9E 94 04 00 00
Double:
db DD 9B 98 04 00 00
unregistersymbol(Float)
unregistersymbol(Double)
dealloc(newmem)
unregistersymbol(p_float)
unregistersymbol(p_double)
{
Float
// ORIGINAL CODE - INJECTION POINT: "Tutorial-i386.exe"+2452F
"Tutorial-i386.exe"+2450B: DB 7D C0 - fstp tword ptr [ebp-40]
"Tutorial-i386.exe"+2450E: B8 04 00 00 00 - mov eax,00000004
"Tutorial-i386.exe"+24513: E8 58 A1 FE FF - call Tutorial-i386.exe+E670
"Tutorial-i386.exe"+24518: 89 45 D0 - mov [ebp-30],eax
"Tutorial-i386.exe"+2451B: DB 45 D0 - fild dword ptr [ebp-30]
"Tutorial-i386.exe"+2451E: DB 6D C0 - fld tword ptr [ebp-40]
"Tutorial-i386.exe"+24521: DE C1 - faddp
"Tutorial-i386.exe"+24523: D9 5D FC - fstp dword ptr [ebp-04]
"Tutorial-i386.exe"+24526: D9 45 FC - fld dword ptr [ebp-04]
"Tutorial-i386.exe"+24529: D8 AE 94 04 00 00 - fsubr dword ptr [esi+00000494]
// ---------- INJECTING HERE ----------
"Tutorial-i386.exe"+2452F: D9 9E 94 04 00 00 - fstp dword ptr [esi+00000494]
// ---------- DONE INJECTING ----------
"Tutorial-i386.exe"+24535: FF B6 94 04 00 00 - push [esi+00000494]
"Tutorial-i386.exe"+2453B: 8D 45 BC - lea eax,[ebp-44]
"Tutorial-i386.exe"+2453E: 50 - push eax
"Tutorial-i386.exe"+2453F: B9 04 00 00 00 - mov ecx,00000004
"Tutorial-i386.exe"+24544: BA 04 00 00 00 - mov edx,00000004
"Tutorial-i386.exe"+24549: B8 00 00 00 00 - mov eax,00000000
"Tutorial-i386.exe"+2454E: E8 1D 90 01 00 - call Tutorial-i386.exe+3D570
"Tutorial-i386.exe"+24553: 8B 55 BC - mov edx,[ebp-44]
"Tutorial-i386.exe"+24556: 8B 86 80 04 00 00 - mov eax,[esi+00000480]
"Tutorial-i386.exe"+2455C: E8 AF CE 06 00 - call Tutorial-i386.exe+91410
}
{
Double
// ORIGINAL CODE - INJECTION POINT: "Tutorial-i386.exe"+24353
"Tutorial-i386.exe"+2432B: E8 40 A3 FE FF - call Tutorial-i386.exe+E670
"Tutorial-i386.exe"+24330: 83 C0 01 - add eax,01
"Tutorial-i386.exe"+24333: 75 05 - jne Tutorial-i386.exe+2433A
"Tutorial-i386.exe"+24335: B8 01 00 00 00 - mov eax,00000001
"Tutorial-i386.exe"+2433A: A1 B0 D7 5D 00 - mov eax,[Tutorial-i386.exe+1DD7B0]
"Tutorial-i386.exe"+2433F: 89 45 F8 - mov [ebp-08],eax
"Tutorial-i386.exe"+24342: A1 B4 D7 5D 00 - mov eax,[Tutorial-i386.exe+1DD7B4]
"Tutorial-i386.exe"+24347: 89 45 FC - mov [ebp-04],eax
"Tutorial-i386.exe"+2434A: DD 45 F8 - fld qword ptr [ebp-08]
"Tutorial-i386.exe"+2434D: DC AB 98 04 00 00 - fsubr qword ptr [ebx+00000498]
// ---------- INJECTING HERE ----------
"Tutorial-i386.exe"+24353: DD 9B 98 04 00 00 - fstp qword ptr [ebx+00000498]
// ---------- DONE INJECTING ----------
"Tutorial-i386.exe"+24359: FF B3 9C 04 00 00 - push [ebx+0000049C]
"Tutorial-i386.exe"+2435F: FF B3 98 04 00 00 - push [ebx+00000498]
"Tutorial-i386.exe"+24365: 8D 45 CC - lea eax,[ebp-34]
"Tutorial-i386.exe"+24368: 50 - push eax
"Tutorial-i386.exe"+24369: B9 04 00 00 00 - mov ecx,00000004
"Tutorial-i386.exe"+2436E: BA 04 00 00 00 - mov edx,00000004
"Tutorial-i386.exe"+24373: B8 00 00 00 00 - mov eax,00000000
"Tutorial-i386.exe"+24378: E8 A3 91 01 00 - call Tutorial-i386.exe+3D520
"Tutorial-i386.exe"+2437D: 8B 55 CC - mov edx,[ebp-34]
"Tutorial-i386.exe"+24380: 8B 83 70 04 00 00 - mov eax,[ebx+00000470]
} |
|
|
| Back to top |
|
 |
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Mon Aug 01, 2016 6:59 pm Post subject: |
|
|
| You're not combining your scripts correctly. Just create one, then, with the script window open, highlight the instruction in memory viewer for your second injection point, and just create another script using the same script window.
|
|
| Back to top |
|
|
SMagic
How do I cheat?
![]() Reputation: 0
Joined: 03 Jan 2009
Posts: 6
|
| Posted: Mon Aug 01, 2016 7:08 pm Post subject: |
|
|
| Quote: | | highlight the instruction in memory viewer for your second injection point, and just create another script using the same script window. |
I don't know how to do it. Can you help me?
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
|
| Back to top |
|
|
SMagic
How do I cheat?
![]() Reputation: 0
Joined: 03 Jan 2009
Posts: 6
|
| Posted: Mon Aug 01, 2016 8:06 pm Post subject: |
|
|
| Thanks, I fixed it.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
