Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Need help with 64bit checking if an address is valid

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Autem
Expert Cheater
Reputation: 1

Joined: 30 Jan 2023
Posts: 118

PostPosted: Mon Apr 24, 2023 11:05 am    Post subject: Need help with 64bit checking if an address is valid Reply with quote

EDIT: I found a workaround by locating a static address that always has a specific value during the window I need the script running and is never invalid! :)

But if anyone can clarify for the future exactly what the best way to check for an invalid address/value in 64bit is, that would be greatly appreciated. I did some searching online and found posts claiming "isbadreadptr" might not be a good idea or might be unsafe? Can anyone elaborate on that, and if there's a better alternative let me know?


-----

Original post: I saw a post by DarkByte about how to check if an address is valid and I tried implementing it into this script and had to convert pushfd and pushad to 64bit, etc... but the game crashes at the exact same time it crashes without the validity check.

My goal is to have the rest of the script NOT run if the address its checking against hasn't been given its value yet, and is still a: ?? value
(the expected value will either be a 0 or 1 which i cmp for also)

I tried a couple different approaches and they all have the same result. Here's the most recent attempt:

Code:
define(address,"WWE2K23_x64.exe"+8998F6)
define(bytes,C5 F8 2E C1 7A 06)

define(address2,"WWE2K23_x64.exe"+899930)
define(bytes2,74 76 48 8B 49 28)

[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,"WWE2K23_x64.exe"+8998F6)
alloc(adder,4)
alloc(check,4)
label(code)
label(good)
label(return)

check:
  dd (float)80

adder:
  dd (float)35

newmem:
push rax
push rbx
push rdx
push rsi
push rdi
push rbp
push r8
push r9
push r10
push r11
push r12
push r13
push r14
push r15
push rcx  //save flags
push 4  //size in bytes of pointer
lea eax, [rcx]
push eax
call isbadreadptr
  mov rax,[rcx+28]
  mov rax,[rax+2608]
cmp [rax+c0],0
je good
cmp [rax+c0],1
je good
jmp invalidmemory

good:
//  push rax
//  mov rax,[rcx+28]
//  mov rax,[rax+2608]
//  cmp [rax+c0],1
//  pop rax
//  jne code
  comiss xmm1, [rcx+3c]
  jb code
  comiss xmm1, dword ptr [check]
  ja code
  addss xmm1, dword ptr [adder]

invalidmemory:
pop r15
pop r14
pop r13
pop r12
pop r11
pop r10
pop r9
pop r8
pop rbp
pop rdi
pop rsi
pop rdx
pop rbx
pop rax

code:
  vucomiss xmm0,xmm1
  jp WWE2K23_x64.exe+899902
  jmp return

address:
  jmp newmem
  nop
return:

assert(address2,bytes2)
alloc(newmem2,$1000,"WWE2K23_x64.exe"+899930)

label(code2)
label(return2)

newmem2:

code2:
  jmp WWE2K23_x64.exe+8999A8  //je to restore stunbar gui
  mov rcx,[rcx+28]
  jmp return2

address2:
  jmp newmem2
  nop
return2:

[DISABLE]
address:
  db bytes
  // vucomiss xmm0,xmm1
  // jp WWE2K23_x64.exe+899902

dealloc(newmem)
dealloc(adder)
dealloc(check)

{
// ORIGINAL CODE - INJECTION POINT: WWE2K23_x64.exe+8998F6

WWE2K23_x64.exe+8998CB: 57                       - push rdi
WWE2K23_x64.exe+8998CC: 41 56                    - push r14
WWE2K23_x64.exe+8998CE: 48 81 EC 80 00 00 00     - sub rsp,00000080
WWE2K23_x64.exe+8998D5: C5 F8 29 74 24 70        - vmovaps [rsp+70],xmm6
WWE2K23_x64.exe+8998DB: 48 8B 05 26 97 C6 02     - mov rax,[WWE2K23_x64.exe+3503008]
WWE2K23_x64.exe+8998E2: 48 33 C4                 - xor rax,rsp
WWE2K23_x64.exe+8998E5: 48 89 44 24 68           - mov [rsp+68],rax
WWE2K23_x64.exe+8998EA: 41 0F B6 E8              - movzx ebp,r8b
WWE2K23_x64.exe+8998EE: 48 8B D9                 - mov rbx,rcx
WWE2K23_x64.exe+8998F1: C5 FA 10 41 3C           - vmovss xmm0,[rcx+3C]
// ---------- INJECTING HERE ----------
WWE2K23_x64.exe+8998F6: C5 F8 2E C1              - vucomiss xmm0,xmm1
// ---------- DONE INJECTING  ----------
WWE2K23_x64.exe+8998FA: 7A 06                    - jp WWE2K23_x64.exe+899902
WWE2K23_x64.exe+8998FC: 0F 84 DE 01 00 00        - je WWE2K23_x64.exe+899AE0
WWE2K23_x64.exe+899902: C5 FA 11 49 3C           - vmovss [rcx+3C],xmm1
WWE2K23_x64.exe+899907: 80 79 38 00              - cmp byte ptr [rcx+38],00
WWE2K23_x64.exe+89990B: 74 0A                    - je WWE2K23_x64.exe+899917
WWE2K23_x64.exe+89990D: C5 FA 10 35 87 A3 96 02  - vmovss xmm6,[WWE2K23_x64.exe+3203C9C]
WWE2K23_x64.exe+899915: EB 08                    - jmp WWE2K23_x64.exe+89991F
WWE2K23_x64.exe+899917: 48 8B 41 30              - mov rax,[rcx+30]
WWE2K23_x64.exe+89991B: C5 F2 5E 30              - vdivss xmm6,xmm1,[rax]
WWE2K23_x64.exe+89991F: 48 8B 41 30              - mov rax,[rcx+30]
}
address2:
  db bytes2
  // je WWE2K23_x64.exe+8999A8
  // mov rcx,[rcx+28]

dealloc(newmem2)

{
// ORIGINAL CODE - INJECTION POINT: WWE2K23_x64.exe+899930

WWE2K23_x64.exe+899907: 80 79 38 00              - cmp byte ptr [rcx+38],00
WWE2K23_x64.exe+89990B: 74 0A                    - je WWE2K23_x64.exe+899917
WWE2K23_x64.exe+89990D: C5 FA 10 35 87 A3 96 02  - vmovss xmm6,[WWE2K23_x64.exe+3203C9C]
WWE2K23_x64.exe+899915: EB 08                    - jmp WWE2K23_x64.exe+89991F
WWE2K23_x64.exe+899917: 48 8B 41 30              - mov rax,[rcx+30]
WWE2K23_x64.exe+89991B: C5 F2 5E 30              - vdivss xmm6,xmm1,[rax]
WWE2K23_x64.exe+89991F: 48 8B 41 30              - mov rax,[rcx+30]
WWE2K23_x64.exe+899923: C5 F8 2F 70 04           - vcomiss xmm6,[rax+04]
WWE2K23_x64.exe+899928: 40 0F 93 C6              - setae sil
WWE2K23_x64.exe+89992C: 40 3A 71 61              - cmp sil,[rcx+61]
// ---------- INJECTING HERE ----------
WWE2K23_x64.exe+899930: 74 76                    - je WWE2K23_x64.exe+8999A8
// ---------- DONE INJECTING  ----------
WWE2K23_x64.exe+899932: 48 8B 49 28              - mov rcx,[rcx+28]
WWE2K23_x64.exe+899936: E8 15 4B E5 FF           - call WWE2K23_x64.exe+6EE450
WWE2K23_x64.exe+89993B: 85 C0                    - test eax,eax
WWE2K23_x64.exe+89993D: 75 69                    - jne WWE2K23_x64.exe+8999A8
WWE2K23_x64.exe+89993F: 48 8B 05 9A D5 F5 02     - mov rax,[WWE2K23_x64.exe+37F6EE0]
WWE2K23_x64.exe+899946: 4C 8B B0 58 01 00 00     - mov r14,[rax+00000158]
WWE2K23_x64.exe+89994D: 41 B8 08 00 00 00        - mov r8d,00000008
WWE2K23_x64.exe+899953: 49 8B 16                 - mov rdx,[r14]
WWE2K23_x64.exe+899956: 41 8D 48 18              - lea ecx,[r8+18]
WWE2K23_x64.exe+89995A: E8 11 77 9D FF           - call WWE2K23_x64.exe+271070
}


EDIT: I found a workaround by locating a static address that always has a specific value during the window I need the script running and is never invalid! :)

But if anyone can clarify for the future exactly what the best way to check for an invalid address/value in 64bit is, that would be greatly appreciated. I did some searching online and found posts claiming "isbadreadptr" might not be a good idea or might be unsafe? Can anyone elaborate on that, and if there's a better alternative let me know?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites