Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Getting stuck trying to move values into variables, etc

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Autem
Expert Cheater
Reputation: 1

Joined: 30 Jan 2023
Posts: 118

PostPosted: Mon May 08, 2023 11:52 am    Post subject: Getting stuck trying to move values into variables, etc Reply with quote

I was wondering if someone could help me understand exactly what the fastest streamlined method is to do what I'm trying to do below? I always tend to get stuck and have problems when I'm moving values from pointers into my variables and so on.

This is a nearly finished script, I'd say about 80% done. As it stands, though, I can't even get it to activate. Nothing happens when I check the box.

The final step after this portion is working will be to try and take the values from the variables named "first" and "second" in the memrec3 section, and apply those values to the pointer addresses that were previously already stored into "first" and "second" in the earlier memrec 2.

So basically it's going to be:
I go to the first part of the game where a pointer address gets loaded into my variables, then after that I will advance to another section of the game where new values will appear (at new addresses) that I want to take and overwrite those original values in the original addresses that were first stored in my variables when I went to the first part of the game.

Please take a look at where I'm passing to variables and let me know how to go about those the right way. I don't get an error, but the script won't activate either.

Code:
define(address,"WWE2K23_x64.exe"+10F5483)
define(bytes,0F B6 88 E4 15 00 00)

define(address2,"WWE2K23_x64.exe"+10F54C3)
define(bytes2,0F B6 88 E5 15 00 00)

define(address3,"WWE2K23_x64.exe"+10762B4)
define(bytes3,0F B7 80 E4 15 00 00)

[ENABLE]
 
assert(address,bytes)
alloc(newmem,$1000,"WWE2K23_x64.exe"+10F5483)
alloc(first,1)
registersymbol(first)
label(code)
label(return)

newmem:
push rax
mov rax, byte ptr [rax+000015E4]
  mov [first],byte ptr [rax]
pop rax

code:
  movzx ecx,byte ptr [rax+000015E4]
  jmp return

address:
  jmp newmem
  nop 2
return:

assert(address2,bytes2)
alloc(newmem2,$1000,"WWE2K23_x64.exe"+10F54C3)
alloc(second,1)
registersymbol(second)
label(code2)
label(return2)

newmem2:
push rax
mov rax, byte ptr [rax+000015E5]
  mov [second],rax
pop rax


code2:
  movzx ecx,byte ptr [rax+000015E5]
  jmp return2

address2:
  jmp newmem2
  nop 2
return2:

assert(address3,bytes3)
alloc(newmem3,$1000,"WWE2K23_x64.exe"+10762B4)

label(code3)
label(return3)

newmem3:
push rax
mov rax, byte ptr [rax+000015E4]
  mov [first],rax
mov rax, byte ptr [rax+1]
  mov [second],rax
pop rax

code3:
  movzx eax,word ptr [rax+000015E4]
  jmp return3

address3:
  jmp newmem3
  nop 2
return3:


[DISABLE]
address:
  db bytes
  // movzx ecx,byte ptr [rax+000015E4]

dealloc(newmem)
dealloc(first)
unregistersymbol(first)
{
// ORIGINAL CODE - INJECTION POINT: WWE2K23_x64.exe+10F5483

WWE2K23_x64.exe+10F545F: CC                    - int 3
WWE2K23_x64.exe+10F5460: 48 83 EC 28           - sub rsp,28
WWE2K23_x64.exe+10F5464: 48 8B 05 65 FA 5A 02  - mov rax,[WWE2K23_x64.exe+36A4ED0]
WWE2K23_x64.exe+10F546B: 48 85 C0              - test rax,rax
WWE2K23_x64.exe+10F546E: 75 07                 - jne WWE2K23_x64.exe+10F5477
WWE2K23_x64.exe+10F5470: B8 FF FF FF FF        - mov eax,FFFFFFFF
WWE2K23_x64.exe+10F5475: EB 04                 - jmp WWE2K23_x64.exe+10F547B
WWE2K23_x64.exe+10F5477: 0F B7 40 1C           - movzx eax,word ptr [rax+1C]
WWE2K23_x64.exe+10F547B: 0F B7 C8              - movzx ecx,ax
WWE2K23_x64.exe+10F547E: E8 5D 8F 34 FF        - call WWE2K23_x64.exe+43E3E0
// ---------- INJECTING HERE ----------
WWE2K23_x64.exe+10F5483: 0F B6 88 E4 15 00 00  - movzx ecx,byte ptr [rax+000015E4]
// ---------- DONE INJECTING  ----------
WWE2K23_x64.exe+10F548A: 48 83 C4 28           - add rsp,28
WWE2K23_x64.exe+10F548E: E9 ED C7 5A FF        - jmp WWE2K23_x64.exe+6A1C80
WWE2K23_x64.exe+10F5493: CC                    - int 3
WWE2K23_x64.exe+10F5494: CC                    - int 3
WWE2K23_x64.exe+10F5495: CC                    - int 3
WWE2K23_x64.exe+10F5496: CC                    - int 3
WWE2K23_x64.exe+10F5497: CC                    - int 3
WWE2K23_x64.exe+10F5498: CC                    - int 3
WWE2K23_x64.exe+10F5499: CC                    - int 3
WWE2K23_x64.exe+10F549A: CC                    - int 3
}
address2:
  db bytes2
  // movzx ecx,byte ptr [rax+000015E5]

dealloc(newmem2)
dealloc(second)
unregistersymbol(second)
{
// ORIGINAL CODE - INJECTION POINT: WWE2K23_x64.exe+10F54C3

WWE2K23_x64.exe+10F549F: CC                    - int 3
WWE2K23_x64.exe+10F54A0: 48 83 EC 28           - sub rsp,28
WWE2K23_x64.exe+10F54A4: 48 8B 05 25 FA 5A 02  - mov rax,[WWE2K23_x64.exe+36A4ED0]
WWE2K23_x64.exe+10F54AB: 48 85 C0              - test rax,rax
WWE2K23_x64.exe+10F54AE: 75 07                 - jne WWE2K23_x64.exe+10F54B7
WWE2K23_x64.exe+10F54B0: B8 FF FF FF FF        - mov eax,FFFFFFFF
WWE2K23_x64.exe+10F54B5: EB 04                 - jmp WWE2K23_x64.exe+10F54BB
WWE2K23_x64.exe+10F54B7: 0F B7 40 1C           - movzx eax,word ptr [rax+1C]
WWE2K23_x64.exe+10F54BB: 0F B7 C8              - movzx ecx,ax
WWE2K23_x64.exe+10F54BE: E8 1D 8F 34 FF        - call WWE2K23_x64.exe+43E3E0
// ---------- INJECTING HERE ----------
WWE2K23_x64.exe+10F54C3: 0F B6 88 E5 15 00 00  - movzx ecx,byte ptr [rax+000015E5]
// ---------- DONE INJECTING  ----------
WWE2K23_x64.exe+10F54CA: 48 83 C4 28           - add rsp,28
WWE2K23_x64.exe+10F54CE: E9 AD C7 5A FF        - jmp WWE2K23_x64.exe+6A1C80
WWE2K23_x64.exe+10F54D3: CC                    - int 3
WWE2K23_x64.exe+10F54D4: CC                    - int 3
WWE2K23_x64.exe+10F54D5: CC                    - int 3
WWE2K23_x64.exe+10F54D6: CC                    - int 3
WWE2K23_x64.exe+10F54D7: CC                    - int 3
WWE2K23_x64.exe+10F54D8: CC                    - int 3
WWE2K23_x64.exe+10F54D9: CC                    - int 3
WWE2K23_x64.exe+10F54DA: CC                    - int 3
}
address3:
  db bytes3
  // movzx eax,word ptr [rax+000015E4]

dealloc(newmem3)

{
// ORIGINAL CODE - INJECTION POINT: WWE2K23_x64.exe+10762B4

WWE2K23_x64.exe+1076291: 41 B1 06                 - mov r9b,06
WWE2K23_x64.exe+1076294: 4D 8B C5                 - mov r8,r13
WWE2K23_x64.exe+1076297: 49 8B D7                 - mov rdx,r15
WWE2K23_x64.exe+107629A: 48 8B CF                 - mov rcx,rdi
WWE2K23_x64.exe+107629D: FF 90 B0 06 00 00        - call qword ptr [rax+000006B0]
WWE2K23_x64.exe+10762A3: 41 88 47 0A              - mov [r15+0A],al
WWE2K23_x64.exe+10762A7: 0F B7 CB                 - movzx ecx,bx
WWE2K23_x64.exe+10762AA: E8 31 81 3C FF           - call WWE2K23_x64.exe+43E3E0
WWE2K23_x64.exe+10762AF: 48 85 C0                 - test rax,rax
WWE2K23_x64.exe+10762B2: 74 0E                    - je WWE2K23_x64.exe+10762C2
// ---------- INJECTING HERE ----------
WWE2K23_x64.exe+10762B4: 0F B7 80 E4 15 00 00     - movzx eax,word ptr [rax+000015E4]
// ---------- DONE INJECTING  ----------
WWE2K23_x64.exe+10762BB: 66 41 89 47 38           - mov [r15+38],ax
WWE2K23_x64.exe+10762C0: EB 07                    - jmp WWE2K23_x64.exe+10762C9
WWE2K23_x64.exe+10762C2: 66 41 C7 47 38 00 00     - mov word ptr [r15+38],0000
WWE2K23_x64.exe+10762C9: 48 8B 07                 - mov rax,[rdi]
WWE2K23_x64.exe+10762CC: 48 8B CF                 - mov rcx,rdi
WWE2K23_x64.exe+10762CF: FF 90 A8 06 00 00        - call qword ptr [rax+000006A8]
WWE2K23_x64.exe+10762D5: C7 44 24 28 FF FF FF FF  - mov [rsp+28],FFFFFFFF
WWE2K23_x64.exe+10762DD: 48 8D 05 44 30 51 02     - lea rax,[WWE2K23_x64.exe+3589328]
WWE2K23_x64.exe+10762E4: 48 89 44 24 20           - mov [rsp+20],rax
WWE2K23_x64.exe+10762E9: 44 8B 4C 24 30           - mov r9d,[rsp+30]
}
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Mon May 08, 2023 12:11 pm    Post subject: Reply with quote

Quote:
Code:
newmem:
push rax
mov rax, byte ptr [rax+000015E4]
  mov [first],byte ptr [rax]
pop rax

code:
  movzx ecx,byte ptr [rax+000015E4]
  jmp return
rax is an 8-byte register. `mov rax, byte ptr [rax+000015E4]` doesn't make sense.
`mov [first],byte ptr [rax]` is a memory-to-memory move. This isn't allowed in general.
`rax` isn't even a pointer here- it's just a byte value.

The original code reads the value for you. Why not use that?
Code:
newmem:
  movzx ecx,byte ptr [rax+000015E4]
  mov byte ptr [first],cl
  jmp return

I didn't look at the other two injections too closely, but they seem to have similar problems.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Autem
Expert Cheater
Reputation: 1

Joined: 30 Jan 2023
Posts: 118

PostPosted: Mon May 08, 2023 5:10 pm    Post subject: Reply with quote

I think I need more help specifically with forming a solid understanding of when/how to transfer "x" over to "z" or whatever, in the differing forms.

I never have issues with normal "mov" instructions like mov rax, [rax+74c] or things like that.

Where I run into HUGE problems, always, is when I'm trying to simplify things by creating my own variables to use and it just never works as I think it would based on my previous coding endeavors. Ask me how to put a pointer address into MyVar and then how to take the value of some other existing address and overwrite the pointer's value that MyVar contains in it... and I become absolutely clueless and stumble around. I search and can't find a clear cut check list or page that explains in easy terms the different ways to get "this piece of data" into "this other address" when I'm using variables. I also run into some confusion with xmm registers but nowhere near as bad as variables.

In coding in general my understanding was always that creating your own variable can make things easier and there's a lot of ways to work with them. In Cheat Engine assembly, however, I seem to run into even more confusion with them.

Any help getting a very easy to follow checklist or something for how to know to write each variant of "move this over there", and would be easy for someone with a slight learning disability to follow, would be amazing.

Today for example I'm struggling with the idea of:
1. I want to load a pointer address into MyVar

2. Then I want to go to another point in the game when a specific value will appear (in a totally unrelated address) and I will want to transfer that new value INTO and overwrite the value that the pointer stored in MyVar contains.

...and I just get stuck. I tend to keep thinking something like this SHOULD work to pass that second value into the stored address in MyVar...
mov [MyVar], [rcx+74c]
or
mov [MyVar], [rax]
or
mov [MyVar+74c], rcx
or even
mov MyVar, [rcx+74c]
... because I'm trying to move the value over the existing value that the address saved within MyVar contains. Sometimes I just get errors saying it won't compile, other times it saves fine but then it won't activate, etc...

Help me crack this understanding, please! I've done well with other coding and variable, so I am sure it's just something with me where some curve here with CE is way different.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Mon May 08, 2023 9:37 pm    Post subject: Reply with quote

Variables are a higher-level concept that don't precisely exist in assembly. Learn about assembly first before learning reverse engineering.

The string (text) declared with labels, allocs, aobscans, etc. are called symbols. These symbols get associated with an address. When they're used in an AA script, they get replaced with the address they're associated with.

`alloc(first,1)` gets 1 byte of memory and associates the symbol "first" with the address of that byte. When you write "first" in the AA script, it gets replaced with that address. e.g. if the address of that byte is 1E54D4000, `mov [first],eax` becomes `mov [1E54D4000],eax`. There are no variables- symbols are just a fancy way of writing hard coded addresses.

Memory-to-memory moves can't happen. `mov [address1],[address2]` will always fail to assemble. It's impossible to do this in a single instruction. You have to use two instructions to do this: `mov eax,[address2]` followed by `mov [address1],eax`

This post is somewhat related:
https://forum.cheatengine.org/viewtopic.php?p=5783825#5783825

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Autem
Expert Cheater
Reputation: 1

Joined: 30 Jan 2023
Posts: 118

PostPosted: Mon May 08, 2023 10:30 pm    Post subject: Reply with quote

Thank you for those clarification points.

EDIT: Never mind the new question below. I figured out the issue was just me being a moron and having the wrong amount of bytes allocated from when I made some changes. Thanks again for everything!

---

As I continue to work on this script, I'm at an unusual situation now where it seems like "lea" has a bug or is unable to be used twice in the same script? Can you tell me why these two attempts to move addresses into symbols (which are listed in my addresslist with the correct names) will work individually, but when I have them both together like this only the 2nd one will work?

Code:
push rax
lea rax, [rax+000015E4]
mov [zekont],rax
pop rax

push rcx
lea rcx, [rax+000015E5]
mov [zekond2],rcx
pop rcx


If I comment-out the bottom one, the top one works again. When they're both active, the top one's address is too long and therefore doesn't work. It's like the existence of the second one is sabotaging the first.

Same problem when I was trying with all rax for both, rather than rcx for the second one.

When I go to the memory viewer and set a breakpoint and step by step watch the values and everything, it all looks correct! I was sure I'd find something being moved/copied wrong, but it was all correct. But somehow when I look at the symbols in my addresses, only 1 will have the right address and value. Where could the error be coming from and what can I do? Or do they need to be in separate AA scripts entirely?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites