|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
DiamondsBattle How do I cheat? Reputation: 0
Joined: 02 Aug 2022 Posts: 6
|
Posted: Fri Aug 26, 2022 7:22 am Post subject: Instruction can't be compiled when calling System.Object |
|
|
I am trying to call a game function using createThread in a script, but since it contains a call to System.Object:__icall_wrapper_ves_icall_object_new_specific, the script cannot be compiled as I am guessing it is not a recognized address by ce.
How can I fix this ?
Here is the full script :
Code: |
[ENABLE]
alloc(thread, 2048)
createThread(thread)
thread:
push ebp
mov ebp,esp
push edi
push esi
sub esp,20
mov eax,[ebp+08]
mov eax,[eax+10]
mov [esp+04],00000003
mov [esp],eax
cmp [eax],eax
call 17EDAAD4
mov edx,eax
mov eax,[05847DEC]
mov ecx,eax
mov edi,edx
mov esi,ecx
test eax,eax
jne 19AFE38C
mov [esp],1848F788
mov eax,eax
call System.Object:__icall_wrapper_ves_icall_object_new_specific
mov [eax+10],193FE2F0
mov [eax+14],18D22460
mov [eax+20],18D28A00
mov ecx,[18D28A1C]
mov [eax+0C],ecx
mov ecx,[18D28A18]
mov [eax+08],ecx
mov byte ptr [eax+30],00
mov ecx,05847DEC
mov [ecx],eax
mov esi,eax
mov edx,1848F828
mov [esp+04],esi
mov [esp],edi
lea ebp,[ebp+00]
call 19AFE3AC
lea esp,[ebp-08]
lea esp,[ebp-08]
pop esi
pop edi
leave
ret
[DISABLE]
|
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Fri Aug 26, 2022 12:17 pm Post subject: |
|
|
Putting it in quotes sometimes helps.
Code: | call "System.Object:__icall_wrapper_ves_icall_object_new_specific" | If that doesn't work, use Lua to get the address. e.g.:
Code: | [ENABLE]
{$lua}
-- could do other stuff to get the address: e.g. mono-related functions
local addr = getAddress'System.Object:__icall_wrapper_ves_icall_object_new_specific'
return ('define(whatever,%08X)'):format(addr)
{$asm}
...
call whatever // define replaces "whatever" with the literal address |
Is this process 32-bit or 64-bit? If it's 64-bit, you'll need to be near the target address to call it directly (i.e. give or take 2 GiB). _________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
DiamondsBattle How do I cheat? Reputation: 0
Joined: 02 Aug 2022 Posts: 6
|
Posted: Sat Aug 27, 2022 3:03 pm Post subject: |
|
|
Hey,
Thanks for the reply.
The lua part seems to work, but whenever I try to use "call whatever", I get a "This instruction can't be compiled" problem again... |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Sat Aug 27, 2022 6:33 pm Post subject: |
|
|
Really? What address is being returned? Put `print(tostring(addr))` just before the return
CE 7.4 can assemble `call x` as a pseudoinstruction if the destination is more than 2 GiB away, so 64-bit RIP-relative addressing shouldn't be a problem. (This is assuming you're using an up-to-date version of CE) _________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|