Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Mono Custom Template incorrect address

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Maniac088
Newbie cheater
Reputation: 0

Joined: 30 Aug 2014
Posts: 12
Location: Johannesburg, South Africa
PostPosted: Thu Apr 29, 2021 3:53 am    Post subject: Mono Custom Template incorrect address Reply with quote
Hi All,

I'm using Custom 'AOB Injection' Templates [ver. 1.3.8].

When I use predprey's mono inject template on the following code, selecting Shield:UpdateChargeProgress+3c as my injection point.

Code:
Shield:UpdateChargeProgress+3c - F3 0F10 46 58         - movss xmm0,[rsi+58]
Shield:UpdateChargeProgress+41 - F3 0F5A C0            - cvtss2sd xmm0,xmm0


I get the following output with the correct opcodes but with the address Shield:UpdateChargeProgress+41 instead of Shield:UpdateChargeProgress+3c:

Code:
// Game Executable   : SPAZ2_64.exe
// Author            : Maniac
// Executable Version: 5.4.5.14205
// Module Version    :
// Script Date       : 2021-04-29
// Created with      : customAOBInjectionTemplates version: 1.3.8
[ENABLE]
alloc(newmem_varShieldCharge,1024)
label(varShieldCharge)
registersymbol(varShieldCharge)
label(return_varShieldCharge)

newmem_varShieldCharge:
  movss xmm0,[rsi+58]
  jmp return_varShieldCharge

Shield:UpdateChargeProgress+41:
varShieldCharge:
  jmp newmem_varShieldCharge
return_varShieldCharge:

[DISABLE]
varShieldCharge:
  db F3 0F 10 46 58

unregistersymbol(varShieldCharge)
dealloc(newmem_varShieldCharge)

{
// ORIGINAL CODE - INJECTION POINT: Shield:UpdateChargeProgress+3c

1F497D0D: 78 1C                          - js 1F497D2B
1F497D0F: E8 EC 82 8C E7                 - call 06D60000
1F497D14: 04 78                          - add al,78
1F497D16: C6                             - db -3A
1F497D17: 78 1C                          - js Shield:UpdateChargeProgress+5
1F497D19: E8 E2 82 8C E7                 - call 06D60000
1F497D1E: 04 C8                          - add al,-38
1F497D20: C7                             - db -39
1F497D21: 78 1C                          - js Shield:UpdateChargeProgress+f
1F497D23: 00 00                          - add [rax],al
1F497D25: 00 00                          - add [rax],al
1F497D27: 00 00                          - add [rax],al
1F497D29: 00 00                          - add [rax],al
1F497D2B: 00 00                          - add [rax],al
1F497D2D: 00 00                          - add [rax],al
1F497D2F: 00 55 48                       - add [rbp+48],dl
Shield:UpdateChargeProgress+2: 8B EC                          - mov ebp,esp
Shield:UpdateChargeProgress+4: 56                             - push rsi
Shield:UpdateChargeProgress+5: 48 83 EC 08                    - sub rsp,08
Shield:UpdateChargeProgress+9: 48 8B F1                       - mov rsi,rcx
Shield:UpdateChargeProgress+c: F3 0F 11 4D F0                 - movss [rbp-10],xmm1
Shield:UpdateChargeProgress+11: F3 0F 10 46 4C                 - movss xmm0,[rsi+4C]
Shield:UpdateChargeProgress+16: F3 0F 5A C0                    - cvtss2sd xmm0,xmm0
Shield:UpdateChargeProgress+1a: F3 0F 10 0D 8E 01 00 00        - movss xmm1,[Shield:UpdateChargeProgress+1b0]
Shield:UpdateChargeProgress+22: F3 0F 5A C9                    - cvtss2sd xmm1,xmm1
Shield:UpdateChargeProgress+26: 66 0F 2F C8                    - comisd xmm1,xmm0
Shield:UpdateChargeProgress+2a: 0F 85 3B 00 00 00              - jne Shield:UpdateChargeProgress+6b
Shield:UpdateChargeProgress+30: 0F 8A 35 00 00 00              - jp Shield:UpdateChargeProgress+6b
Shield:UpdateChargeProgress+36: 0F 82 2F 00 00 00              - jb Shield:UpdateChargeProgress+6b
Shield:UpdateChargeProgress+3c: F3 0F 10 46 58                 - movss xmm0,[rsi+58]
// ---------- INJECTING HERE ----------
Shield:UpdateChargeProgress+41: F3 0F 5A C0                    - cvtss2sd xmm0,xmm0
// ---------- DONE INJECTING  ----------
Shield:UpdateChargeProgress+45: 66 0F 57 C9                    - xorpd xmm1,xmm1
Shield:UpdateChargeProgress+49: 66 0F 2F C8                    - comisd xmm1,xmm0
Shield:UpdateChargeProgress+4d: 75 1C                          - jne Shield:UpdateChargeProgress+6b
Shield:UpdateChargeProgress+4f: 7A 1A                          - jp Shield:UpdateChargeProgress+6b
Shield:UpdateChargeProgress+51: 72 18                          - jb Shield:UpdateChargeProgress+6b
Shield:UpdateChargeProgress+53: 48 8B CE                       - mov rcx,rsi
Shield:UpdateChargeProgress+56: 48 83 EC 20                    - sub rsp,20
Shield:UpdateChargeProgress+5a: 49 BB 02 7F 49 1F 00 00 00 00  - mov r11,000000001F497F02
Shield:UpdateChargeProgress+64: 41 FF D3                       - call r11
Shield:UpdateChargeProgress+67: 48 83 C4 20                    - add rsp,20
Shield:UpdateChargeProgress+6b: F3 0F 10 46 4C                 - movss xmm0,[rsi+4C]
Shield:UpdateChargeProgress+70: F3 0F 5A C0                    - cvtss2sd xmm0,xmm0
Shield:UpdateChargeProgress+74: F3 0F 10 0D 24 01 00 00        - movss xmm1,[Shield:UpdateChargeProgress+1a0]
Shield:UpdateChargeProgress+7c: F3 0F 5A C9                    - cvtss2sd xmm1,xmm1
Shield:UpdateChargeProgress+80: 66 0F 2F C8                    - comisd xmm1,xmm0
Shield:UpdateChargeProgress+84: 75 09                          - jne Shield:UpdateChargeProgress+8f
Shield:UpdateChargeProgress+86: 7A 07                          - jp Shield:UpdateChargeProgress+8f
Shield:UpdateChargeProgress+88: 72 05                          - jb Shield:UpdateChargeProgress+8f
Shield:UpdateChargeProgress+8a: E9 CE 00 00 00                 - jmp Shield:UpdateChargeProgress+15d
Shield:UpdateChargeProgress+8f: 48 8B 46 18                    - mov rax,[rsi+18]
Shield:UpdateChargeProgress+93: 48 8B C8                       - mov rcx,rax
Shield:UpdateChargeProgress+96: 83 39 00                       - cmp dword ptr [rcx],00
Shield:UpdateChargeProgress+99: 0F B6 40 5C                    - movzx eax,byte ptr [rax+5C]
Shield:UpdateChargeProgress+9d: 85 C0                          - test eax,eax
Shield:UpdateChargeProgress+9f: 0F 85 B8 00 00 00              - jne Shield:UpdateChargeProgress+15d
Shield:UpdateChargeProgress+a5: F3 0F 10 46 4C                 - movss xmm0,[rsi+4C]
Shield:UpdateChargeProgress+aa: F3 0F 5A C0                    - cvtss2sd xmm0,xmm0
Shield:UpdateChargeProgress+ae: F3 0F 10 4D F0                 - movss xmm1,[rbp-10]
Shield:UpdateChargeProgress+b3: F3 0F 5A C9                    - cvtss2sd xmm1,xmm1
Shield:UpdateChargeProgress+b7: F3 0F 10 56 50                 - movss xmm2,[rsi+50]
}


If I open up the LUA Engine and put in the address I get the correct result

Code:
print(mono_addressLookupCallback(0x1F497D6C))


Output:

Code:
Shield:UpdateChargeProgress+3c


Does the same on Subnautica Below Zero.

Anyone know what could cause this?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25807
Location: The netherlands
PostPosted: Thu Apr 29, 2021 6:20 am    Post subject: Reply with quote
are you using multiselect in the disassembler for some reason? If so, the dark blue line has to be on top, not bottom
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Maniac088
Newbie cheater
Reputation: 0

Joined: 30 Aug 2014
Posts: 12
Location: Johannesburg, South Africa
PostPosted: Thu Apr 29, 2021 7:02 am    Post subject: Reply with quote
Dark Byte wrote:
are you using multiselect in the disassembler for some reason? If so, the dark blue line has to be on top, not bottom


No multiselect, just select the line I want to inject on.
Doesn't matter where I select, it uses the correct opcodes with the address below.

it does it on the below configurations:
CE 7.2 Template 1.3.6
CE 7.2 Template 1.3.8
CE 7.3 beta 2.0.1 Template 1.3.8 (Thank you for the dark mode!)

It doesn't happen with the following:
CE 7.0 Template 1.3.6
CE 7.0 Template 1.3.8

EDIT:
Just tried it on Gold Rush The Game, it did it on only 1 specific line. Address Backhoe:Awake+4f, tried it 5 times in a row and on the 4th and 5th time it worked correctly.

Code:
Backhoe:Awake+30 - 83 38 00              - cmp dword ptr [rax],00
Backhoe:Awake+33 - 66 66 90              - nop 3
Backhoe:Awake+36 - 49 BB FDF48684CF020000 - mov r11,000002CF8486F4FD
Backhoe:Awake+40 - 41 FF D3              - call r11
Backhoe:Awake+43 - 83 F8 01              - cmp eax,01
Backhoe:Awake+46 - 75 09                 - jne Backhoe:Awake+51
Backhoe:Awake+48 - C6 86 38010000 01     - mov byte ptr [rsi+00000138],01
Backhoe:Awake+4f - EB 07                 - jmp Backhoe:Awake+58
Backhoe:Awake+51 - C6 86 38010000 00     - mov byte ptr [rsi+00000138],00
Backhoe:Awake+58 - 48 8D 64 24 00        - lea rsp,[rsp+00]
Backhoe:Awake+5d - 90                    - nop
Backhoe:Awake+5e - 49 BB 38D8AE83CF020000 - mov r11,000002CF83AED838
Backhoe:Awake+68 - 41 FF D3              - call r11
Backhoe:Awake+6b - 85 C0                 - test eax,eax
Backhoe:Awake+6d - 0F84 58000000         - je Backhoe:Awake+cb
Backhoe:Awake+73 - 48 85 F6              - test rsi,rsi
Backhoe:Awake+76 - 0F84 59000000         - je Backhoe:Awake+d5
Backhoe:Awake+7c - 0FB6 8E 38010000      - movzx ecx,byte ptr [rsi+00000138]


I went back to SPAZ2 and it was working correctly.
Restarted the game and CE and it's doing it again on every line.

Used just CE 7.2 for this test.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites