Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How to restore original value when disabling script

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Arcansel
Cheater
Reputation: 0

Joined: 04 Jun 2022
Posts: 28

PostPosted: Sat Oct 01, 2022 5:59 pm    Post subject: How to restore original value when disabling script Reply with quote

As the titles says, i am having trouble trying to restore a value that i am modifying when i enable the script, i am acessing this value from an address i got from register [RCX+20], this instruction only acesses this address. I want to save the original value before i apply the modification so that i can restore it when i disable the script, it feels like the answer is staring at me but i am not seeing it, i have searched a lot for 2 days about this and tried diferent approaches in an attempt to solve it but i can't seem to make it work in any way.

Code:

[ENABLE]
{$lua}

if syntaxcheck then return [[
define(MOVESPEED,0)
]]
end

local scan = AOBScan("F3 0F 10 49 20 EB 4A","+X-C-W")

assert(scan,'Could not find AOB')

local addr1 = getAddress(scan[0])

--local e,o,b,a=splitDisassembledString(disassemble(addr1))

scan.destroy()

return ([[
define(MOVESPEED,%08X)
]]):format(addr1)

{$asm}

alloc(newmem,$1000,MOVESPEED)
alloc(movespeedpointer,8)

registersymbol(MOVESPEED)
registersymbol(movespeedpointer)

label(code)
label(return)

newmem:

push rax
lea rax,[rcx+20]
mov [movespeedpointer],rax
pop rax

code:
  //mov [rcx+20],(float)22  //commented because i can't restore it after disabling.
  movss xmm1,[rcx+20]
  jmp return

MOVESPEED:
  jmp newmem
return:

[DISABLE]

//need to restore it here somehow.

MOVESPEED:
  db F3 0F 10 49 20

unregistersymbol(*)
dealloc(*)
Back to top
View user's profile Send private message
maxhat
Newbie cheater
Reputation: 0

Joined: 10 Apr 2012
Posts: 23

PostPosted: Sat Oct 01, 2022 6:24 pm    Post subject: Reply with quote

Quote:
local scan = AOBScan("F3 0F 10 49 20 EB 4A","+X-C-W")


[ F3 0F 10 49 20 ] EB 4A

is your original value

at the disable section it already should replace the 5 bytes that was used to make the jump to your entry point...

Quote:

[DISABLE]

//need to restore it here somehow.

MOVESPEED:
db F3 0F 10 49 20 // your original code before jump
Back to top
View user's profile Send private message
Arcansel
Cheater
Reputation: 0

Joined: 04 Jun 2022
Posts: 28

PostPosted: Sat Oct 01, 2022 8:08 pm    Post subject: Reply with quote

maxhat wrote:
Quote:
local scan = AOBScan("F3 0F 10 49 20 EB 4A","+X-C-W")


[ F3 0F 10 49 20 ] EB 4A

is your original value

at the disable section it already should replace the 5 bytes that was used to make the jump to your entry point...

Quote:

[DISABLE]

//need to restore it here somehow.

MOVESPEED:
db F3 0F 10 49 20 // your original code before jump


You seem to misunderstand, what you say only restores the instruction, i said above that i am trying to restore the value the address in [RCX+20] is holding, basicaly dereferencing it and changing the value (already done), i want this value to be restored to the same value it was holding when i enabled the script when disabling the script, NOT the instruction itself because that is already being done.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Sat Oct 01, 2022 10:31 pm    Post subject: Reply with quote

The first thing to do is to save the original value. Obviously, you'll need the address of the value to read it. Since you don't know the address of the value until the injection point is run, you'll need to save the value in the code injection itself. Importantly, it should save the value only the first time the injection is run. Also, be weary if the address changes (e.g. maybe going to a new level could change rcx- save the new value or keep the old value?).
Saving the new value if/when rcx changes:
Code:
...
alloc(newmem,$1000,MOVESPEED)
alloc(movespeedpointer,16,MOVESPEED)

label(orignalval)
label(return)

registersymbol(MOVESPEED)
registersymbol(movespeedpointer)

newmem:
  add rcx,20
  cmp [movespeedpointer],rcx
  je @f
  mov [movespeedpointer],rcx
  movss xmm0,[rcx]
  movss [originalval],xmm0
@@:
  mov [rcx],(float)22.0
  sub rcx,20

// original code:
  movss xmm1,[rcx+20]
  jmp return

movespeedpointer:
  dq 0
originalval:
  dd (float)0.0

...
And if you don't want to save a new value if/when rcx changes:
Code:
...
newmem:
  add rcx,20
  cmp qword ptr [movespeedpointer],0
  jne @f
  movss xmm0,[rcx]
  movss [originalval],xmm0
@@:
  mov [movespeedpointer],rcx
  mov [rcx],(float)22.0
  sub rcx,20

// original code:
  ...
Edit: changed `dd 0.0f` to `dd (float)0.0`; see following posts

When disabling the script, simply write the saved value back to the saved address.
Code:
[DISABLE]
{$lua}
if syntaxcheck then return end

local savedata = getAddress'movespeedpointer'
local addr = readQword(savedata)
local v = readFloat(savedata + 8)

writeFloat(addr, v)
{$asm}
...
(haven't tested this)
_________________
I don't know where I'm going, but I'll figure it out when I get there.


Last edited by ParkourPenguin on Sun Oct 02, 2022 12:16 pm; edited 1 time in total
Back to top
View user's profile Send private message
Arcansel
Cheater
Reputation: 0

Joined: 04 Jun 2022
Posts: 28

PostPosted: Sat Oct 01, 2022 11:44 pm    Post subject: Reply with quote

ParkourPenguin wrote:
The first thing to do is to save the original value. Obviously, you'll need the address of the value to read it. Since you don't know the address of the value until the injection point is run, you'll need to save the value in the code injection itself. Importantly, it should save the value only the first time the injection is run. Also, be weary if the address changes (e.g. maybe going to a new level could change rcx- save the new value or keep the old value?).
Saving the new value if/when rcx changes:
Code:
...
alloc(newmem,$1000,MOVESPEED)
alloc(movespeedpointer,16,MOVESPEED)

label(orignalval)
label(return)

registersymbol(MOVESPEED)
registersymbol(movespeedpointer)

newmem:
  add rcx,20
  cmp [movespeedpointer],rcx
  je @f
  mov [movespeedpointer],rcx
  movss xmm0,[rcx]
  movss [originalval],xmm0
@@:
  mov [rcx],(float)22.0
  sub rcx,20

// original code:
  movss xmm1,[rcx+20]
  jmp return

movespeedpointer:
  dq 0
originalval:
  dd 0.0f

...
And if you don't want to save a new value if/when rcx changes:
Code:
...
newmem:
  add rcx,20
  cmp qword ptr [movespeedpointer],0
  jne @f
  movss xmm0,[rcx]
  movss [originalval],xmm0
@@:
  mov [movespeedpointer],rcx
  mov [rcx],(float)22.0
  sub rcx,20

// original code:
  ...

When disabling the script, simply write the saved value back to the saved address.
Code:
[DISABLE]
{$lua}
if syntaxcheck then return end

local savedata = getAddress'movespeedpointer'
local addr = readQword(savedata)
local v = readFloat(savedata + 8)

writeFloat(addr, v)
{$asm}
...
(haven't tested this)


Thank you ParkourPenguin, yes that works as intended, the "dd 0.0f" part didn't work so i changed to (float)0 and now it does.

Regarding the address, as far as i know the address only changes when i restart the game, but the value itself changes depending on what stage of the game i m in.
For example, this movement speed value is for when the character is running/flying and it normaly is 4.25, but i arrived at a stage where the character flies and the value is 22 which is where i am at the moment, i already though of a countermeasure to this while i was testing my fixed code, it is thanks to the other value, walk speed value changes when the run/fly speed value changes so i can use that to set which run/fly speed value i want to restore even if it changes when going to another stage. Hopefully nothing diferent comes up and crushes this countermeasure, i still haven't finished the game.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Sun Oct 02, 2022 12:12 pm    Post subject: Reply with quote

"dd 0.0f" - sorry, I was thinking of C. "dd (float)0" is correct in CE's AA.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites