Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How to write instruction to move a value into a symbol?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Autem
Expert Cheater
Reputation: 1

Joined: 30 Jan 2023
Posts: 118

PostPosted: Tue May 09, 2023 1:31 am    Post subject: How to write instruction to move a value into a symbol? Reply with quote

I have a symbol in my addresslist which I want to keep an eye on as the values change.

In an AA script, how do I take a value from another address and move it into the VALUE of that symbol, WITHOUT changing the symbol's address? I don't want to change the value of the symbol. I want to change the value of the address the symbol leads to.

For example if the symbol leads to the address "game.exe+271458" which has a value of "4", I want that 4 changed to the new value that is coming from a new address in my script. The value will be 1 byte. I do not want to change the symbol's address; just the value of the address it is connected to ("game.exe+271458") at the time.

I thought something like this would do it, but it's not working. I've played around and at one point I got it to change the value of the symbol, but it just was the wrong (random) value instead of the correct one. So I think I'm close...

Code:
push rcx
lea rcx, [rcx-1]
mov [NewValue],rcx
pop rcx
push rcx
push rax
mov rax, [NewValue]
mov rcx, [Address]
mov byte ptr [rcx],al
pop rcx
pop rax
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Tue May 09, 2023 9:21 am    Post subject: Reply with quote

Addresses (locations) and values are different and are usually treated differently. It can be confusing when you are temporarily treating an address like a value.

If you create a symbol to store your address, you can easily manipulate it inside of your cheat table, where you can assign hotkeys; you do not need to manipulate it inside of the script.

With that being said, assuming that I am understanding you correctly, you could to do something like below. There are probably better ways to accomplish this. I have not tested this for errors:


Code:
value_script:
push rax
mov rax,[register+offset]  //store value that you want to use for your manipulation
mov [value],rax
pop rax
//code

address_script:
push rax
lea rax,[register+offset]  //store address that contains the value that you want to manipulate
mov [address],rax
pop rax
//code

manipulation:
push rax
push rcx
mov rax,[address]          //now rax will contain the address
mov rcx,[value]            //now rcx will contain the value
mov [rax],rcx              //now the value at address rax will contain the value that was placed into rcx
pop rcx
pop rax
//code
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Tue May 09, 2023 10:54 am    Post subject: Reply with quote

Autem wrote:
In an AA script, how do I take a value from another address and move it into the VALUE of that symbol, WITHOUT changing the symbol's address? I don't want to change the value of the symbol. I want to change the value of the address the symbol leads to.
This is a little confusing.
Symbols don't directly have values. They're associated with an address. That address (usually) has a value. If you're talking about the "value" of a symbol, it's really the value of the address the symbol is associated with.

Are you confused regarding how pointers work?
Pointers are basically a value type (like integers, floats, strings, etc.) where the value is the address of something else.
If a symbol stores a pointer and you want the value of the pointed-to address, you'll need to make two dereferences:
Code:
alloc (myPointer,8)

...

// myPointer contains an address
injection1:
  mov [myPointer],rdx  // rdx is the address of something else

// the value stored at "myPointer" is now the address of something else

...

injection2:
  mov rcx,[myPointer]  // rcx is now the value stored at the address "myPointer": equivalently, rcx is the address of something else
  mov eax,[rcx]  // eax is now the value at the address of something else

There are a ridiculous number of explanations of pointers online if you search for them.
Regarding CE specifically, try understanding step 8 of the CE tutorial. Video walkthrough:
https://www.youtube.com/watch?v=3dyIrcx8Z8g

Edit: something obvious to me that might not be to you: square brackets mean "the value at this address"
Code:
mov [rax],ecx   // write the 4-byte value in ecx to the value at the address in rax
mov ecx,[rax]   // read the 4-byte value at the address in rax to ecx

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Autem
Expert Cheater
Reputation: 1

Joined: 30 Jan 2023
Posts: 118

PostPosted: Tue May 09, 2023 11:43 am    Post subject: Reply with quote

Methos, I had the same exact result with your version.

ParkourPenguin wrote:

Symbols don't directly have values. They're associated with an address. That address (usually) has a value. If you're talking about the "value" of a symbol, it's really the value of the address the symbol is associated with.

Are you confused regarding how pointers work?


I do have trouble grasping some of the concepts regarding pointers vs addresses vs values and how to pass the intended data around without errors. I have a slight learning disability that makes it harder for me to remember things and I kind of need to go through the motions of dealing with a problem and finding the solution and then that's how stuff eventually sticks, sometimes needing more than one time. Sorry if some of my questions seem foolish. I am trying to study and learn all this so I can use the right terminology with you guys instead of sounding like a kid.

I found the solution to the current step I'm at with this script and it was a silly mistake on my part related to having trouble with addresses vs values and which get the brackets.

The current fix for this step was:
mov rcx,[rax] --correct, and working
mov [rcx],rax --the problem that was causing the wrong (bigger) values to be copied to the intended address


...and yes, I feel like a complete moron for that. It's just so hard for some reason to get it to permanently click which way to write those, I guess.

Now for the final step of my script I need to make the new value import again to the intended address when I trigger that new value to change. The idea here is that in this game, there are 2 sets of "moves/abilities" for a character. 1 is a static address that gets checked once when you select a character, and then a new array that temporarily exists for that match/fight gets created with those values. When I change an ability for a character while I'm in character select, the changing of that ability ONLY applies to the temporary array that only lasts during one match. My intention is to make it so when I'm selecting a character and I change their ability, the changed ability is also applied to the static/permanent array so that next time I choose that character they'll already have those abilities I customized.

I think I'll be able to get that working, but not sure if I'm missing something and it already SHOULD be doing that. This is the full current version of the script if anything stands out to you near the manipulation part. I'm not sure if this already should be copying the changes to the address or if I need another step?

Code:
define(address3,"WWE2K23_x64.exe"+10762B4)
define(bytes3,0F B7 80 E4 15 00 00)

define(address4,"WWE2K23_x64.exe"+10F54C3)
define(bytes4,0F B6 88 E5 15 00 00)

define(address5,"WWE2K23_x64.exe"+128C413)
define(bytes5,40 38 39 74 0A)

[ENABLE]

assert(address3,bytes3)
alloc(newmem3,$1000,"WWE2K23_x64.exe"+10762B4)
alloc(address1,8)
registersymbol(address1)
alloc(address2,8)
registersymbol(address2)
alloc(newvalue,8)
registersymbol(newvalue)
alloc(newvalue2,8)
registersymbol(newvalue2)
label(code3)
label(return3)

newmem3:  // store the address that will get a new value
push rax
lea rax, [rax+000015E4]
mov [address1],rax
pop rax
push rax
lea rax, [rax+000015E5]
mov [address2],rax
pop rax

code3:
  movzx eax,word ptr [rax+000015E4]
  jmp return3

address3:
  jmp newmem3
  nop 2
return3:

assert(address4,bytes4)
alloc(newmem4,$1000,"WWE2K23_x64.exe"+10F54C3)

label(code4)
label(return4)

newmem4:  // An identical method that happens at a different point in the game, and stores the address that will get a new value
push rax
lea rax, [rax+000015E4]
mov [address1],rax
pop rax
push rcx
lea rcx, [rax+000015E5]
mov [address2],rcx
pop rcx

code4:
  movzx ecx,byte ptr [rax+000015E5]
  jmp return4

address4:
  jmp newmem4
  nop 2
return4:

assert(address5,bytes5)
alloc(newmem5,$1000,"WWE2K23_x64.exe"+128C413)
label(code5)
label(return5)

newmem5:  //sets the new values that are intented for import into the above saved addresses in the next step
push rcx
lea rcx, [rcx-1]
mov [newvalue],rcx
pop rcx
push rcx
lea rcx, [rcx]
mov [newvalue2],rcx
pop rcx
// Manipulation final step; time to import the new values into the stored addresses below
push rcx
push rax
mov rax,[newvalue]
mov rcx,[address1]
mov rcx,[rax]
pop rcx
pop rax
push rcx
push rax
mov rax, [newvalue2]
mov rcx, [address2]
mov rcx,[rax]
pop rcx
pop rax


code5:
  cmp [rcx],dil
  je WWE2K23_x64.exe+128C422
  jmp return5

address5:
  jmp newmem5
return5:

[DISABLE]


address3:
  db bytes3
  // movzx eax,word ptr [rax+000015E4]

dealloc(newmem3)
dealloc(address1)
unregistersymbol(address1)
dealloc(address2)
unregistersymbol(address2)
{
// ORIGINAL CODE - INJECTION POINT: WWE2K23_x64.exe+10762B4

WWE2K23_x64.exe+1076291: 41 B1 06                 - mov r9b,06
WWE2K23_x64.exe+1076294: 4D 8B C5                 - mov r8,r13
WWE2K23_x64.exe+1076297: 49 8B D7                 - mov rdx,r15
WWE2K23_x64.exe+107629A: 48 8B CF                 - mov rcx,rdi
WWE2K23_x64.exe+107629D: FF 90 B0 06 00 00        - call qword ptr [rax+000006B0]
WWE2K23_x64.exe+10762A3: 41 88 47 0A              - mov [r15+0A],al
WWE2K23_x64.exe+10762A7: 0F B7 CB                 - movzx ecx,bx
WWE2K23_x64.exe+10762AA: E8 31 81 3C FF           - call WWE2K23_x64.exe+43E3E0
WWE2K23_x64.exe+10762AF: 48 85 C0                 - test rax,rax
WWE2K23_x64.exe+10762B2: 74 0E                    - je WWE2K23_x64.exe+10762C2
// ---------- INJECTING HERE ----------
WWE2K23_x64.exe+10762B4: 0F B7 80 E4 15 00 00     - movzx eax,word ptr [rax+000015E4]
// ---------- DONE INJECTING  ----------
WWE2K23_x64.exe+10762BB: 66 41 89 47 38           - mov [r15+38],ax
WWE2K23_x64.exe+10762C0: EB 07                    - jmp WWE2K23_x64.exe+10762C9
WWE2K23_x64.exe+10762C2: 66 41 C7 47 38 00 00     - mov word ptr [r15+38],0000
WWE2K23_x64.exe+10762C9: 48 8B 07                 - mov rax,[rdi]
WWE2K23_x64.exe+10762CC: 48 8B CF                 - mov rcx,rdi
WWE2K23_x64.exe+10762CF: FF 90 A8 06 00 00        - call qword ptr [rax+000006A8]
WWE2K23_x64.exe+10762D5: C7 44 24 28 FF FF FF FF  - mov [rsp+28],FFFFFFFF
WWE2K23_x64.exe+10762DD: 48 8D 05 44 30 51 02     - lea rax,[WWE2K23_x64.exe+3589328]
WWE2K23_x64.exe+10762E4: 48 89 44 24 20           - mov [rsp+20],rax
WWE2K23_x64.exe+10762E9: 44 8B 4C 24 30           - mov r9d,[rsp+30]
}

address4:
  db bytes4
  // movzx ecx,byte ptr [rax+000015E5]

dealloc(newmem4)
dealloc(newvalue)
unregistersymbol(newvalue)
dealloc(newvalue2)
unregistersymbol(newvalue2)
{
// ORIGINAL CODE - INJECTION POINT: WWE2K23_x64.exe+10F54C3

WWE2K23_x64.exe+10F549F: CC                    - int 3
WWE2K23_x64.exe+10F54A0: 48 83 EC 28           - sub rsp,28
WWE2K23_x64.exe+10F54A4: 48 8B 05 25 FA 5A 02  - mov rax,[WWE2K23_x64.exe+36A4ED0]
WWE2K23_x64.exe+10F54AB: 48 85 C0              - test rax,rax
WWE2K23_x64.exe+10F54AE: 75 07                 - jne WWE2K23_x64.exe+10F54B7
WWE2K23_x64.exe+10F54B0: B8 FF FF FF FF        - mov eax,FFFFFFFF
WWE2K23_x64.exe+10F54B5: EB 04                 - jmp WWE2K23_x64.exe+10F54BB
WWE2K23_x64.exe+10F54B7: 0F B7 40 1C           - movzx eax,word ptr [rax+1C]
WWE2K23_x64.exe+10F54BB: 0F B7 C8              - movzx ecx,ax
WWE2K23_x64.exe+10F54BE: E8 1D 8F 34 FF        - call WWE2K23_x64.exe+43E3E0
// ---------- INJECTING HERE ----------
WWE2K23_x64.exe+10F54C3: 0F B6 88 E5 15 00 00  - movzx ecx,byte ptr [rax+000015E5]
// ---------- DONE INJECTING  ----------
WWE2K23_x64.exe+10F54CA: 48 83 C4 28           - add rsp,28
WWE2K23_x64.exe+10F54CE: E9 AD C7 5A FF        - jmp WWE2K23_x64.exe+6A1C80
WWE2K23_x64.exe+10F54D3: CC                    - int 3
WWE2K23_x64.exe+10F54D4: CC                    - int 3
WWE2K23_x64.exe+10F54D5: CC                    - int 3
WWE2K23_x64.exe+10F54D6: CC                    - int 3
WWE2K23_x64.exe+10F54D7: CC                    - int 3
WWE2K23_x64.exe+10F54D8: CC                    - int 3
WWE2K23_x64.exe+10F54D9: CC                    - int 3
WWE2K23_x64.exe+10F54DA: CC                    - int 3
}

address5:
  db bytes5
  // cmp [rcx],dil
  // je WWE2K23_x64.exe+128C422

dealloc(newmem5)
{
// ORIGINAL CODE - INJECTION POINT: WWE2K23_x64.exe+128C413

WWE2K23_x64.exe+128C3F4: E8 E7 58 41 FF     - call WWE2K23_x64.exe+6A1CE0
WWE2K23_x64.exe+128C3F9: 0F B6 F8           - movzx edi,al
WWE2K23_x64.exe+128C3FC: 45 84 FF           - test r15b,r15b
WWE2K23_x64.exe+128C3FF: 74 2A              - je WWE2K23_x64.exe+128C42B
WWE2K23_x64.exe+128C401: 41 3A C6           - cmp al,r14b
WWE2K23_x64.exe+128C404: 74 25              - je WWE2K23_x64.exe+128C42B
WWE2K23_x64.exe+128C406: 48 8D 4E 38        - lea rcx,[rsi+38]
WWE2K23_x64.exe+128C40A: 48 8D 46 3A        - lea rax,[rsi+3A]
WWE2K23_x64.exe+128C40E: 48 3B C8           - cmp rcx,rax
WWE2K23_x64.exe+128C411: 74 18              - je WWE2K23_x64.exe+128C42B
// ---------- INJECTING HERE ----------
WWE2K23_x64.exe+128C413: 40 38 39           - cmp [rcx],dil
// ---------- DONE INJECTING  ----------
WWE2K23_x64.exe+128C416: 74 0A              - je WWE2K23_x64.exe+128C422
WWE2K23_x64.exe+128C418: 48 FF C1           - inc rcx
WWE2K23_x64.exe+128C41B: 48 3B C8           - cmp rcx,rax
WWE2K23_x64.exe+128C41E: 75 F3              - jne WWE2K23_x64.exe+128C413
WWE2K23_x64.exe+128C420: EB 09              - jmp WWE2K23_x64.exe+128C42B
WWE2K23_x64.exe+128C422: 40 84 FF           - test dil,dil
WWE2K23_x64.exe+128C425: 0F 85 36 02 00 00  - jne WWE2K23_x64.exe+128C661
WWE2K23_x64.exe+128C42B: 48 63 03           - movsxd  rax,dword ptr [rbx]
WWE2K23_x64.exe+128C42E: 45 33 F6           - xor r14d,r14d
WWE2K23_x64.exe+128C431: 48 8B CB           - mov rcx,rbx
}


EDIT: I'm actually still way farther off than I thought. It turns out it's not even doing the first initial manipulation. I thought it was, and that I needed to figure out how to trigger it again when I change an ability in the game... but after testing a breakpoint and looking at things it's not even doing what I thought it was doing the first time. I have no idea what to do. Please help.
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Tue May 09, 2023 1:48 pm    Post subject: Reply with quote

Autem wrote:
Methos, I had the same exact result with your version.
-What I have posted above should work, but in order for it to work, it assumes that you understand some basics. If you post your script showing how you approached things, then perhaps I can take a look at what might be incorrect.

My understanding of assembly is not nearly as advanced as others here like ParkourPenguin, so maybe he can correct me if I say anything that is not accurate.

A few things that might help:

lea (load effective address) ... use this to store an address.

[...] brackets represent a value. However, if you are using lea, then you are storing the address (location) for whatever is inside of those brackets. Since addresses are composed of values (hex), they can also be stored.


Code:
mov eax,[edx+10]  //copies the value of [edx+10] into the register eax
lea eax,[edx+10]  //copies the address of [edx+10] into the register eax



Code:
push rcx
lea rcx, [rcx-1]
mov [newvalue],rcx
pop rcx
push rcx
lea rcx, [rcx]
mov [newvalue2],rcx
pop rcx


In the above code, you are copying the address of [rcx-1] into an 8 byte register, but then you are copying the address of [rcx] into an 8 byte register. If the values are that close, then you only need to store 1 address.

From the looks of things, you are just moving addresses around, so hopefully this will help to clear things up a bit.
Back to top
View user's profile Send private message
Autem
Expert Cheater
Reputation: 1

Joined: 30 Jan 2023
Posts: 118

PostPosted: Tue May 09, 2023 8:31 pm    Post subject: Reply with quote

I got it working how I wanted!!! Both of you have been a great help and I thank you so much for your patience with me on this issue!

Methos, if you could clarify what you meant in the below quote it would be appreciated. Sounds like I could simplify this...?
Quote:
If the values are that close, then you only need to store 1 address.



Anyway, for anyone curious, the solutions involved...

1) Getting a better grasp of how/when to use brackets, and also how to load a 1 byte value the right way at the right time.

2) In my addresslist, the stored address that gets the new value assigned to it has to be an actual pointer type in the addresslist with the offset of 0.

3) In my addresslist, the new value display needs to NOT be a pointer to show me the correct new values.

Just for reference here is the final copy that works. Most of my corrections happen in the final injection.

Code:
define(address3,"WWE2K23_x64.exe"+10762B4)
define(bytes3,0F B7 80 E4 15 00 00)

define(address4,"WWE2K23_x64.exe"+10F54C3)
define(bytes4,0F B6 88 E5 15 00 00)

define(address6,"WWE2K23_x64.exe"+1076A2D)
define(bytes6,43 88 44 38 38)

[ENABLE]

assert(address3,bytes3)
alloc(newmem3,$1000,"WWE2K23_x64.exe"+10762B4)
alloc(address1,8)
registersymbol(address1)
alloc(address2,8)
registersymbol(address2)
alloc(newvalue,1)
registersymbol(newvalue)
alloc(newvalue2,1)
registersymbol(newvalue2)
label(code3)
label(return3)

newmem3:  // store the address that will get a new value
push rax
lea rax, [rax+000015E4]
mov [address1],rax
pop rax
push rax
lea rax, [rax+000015E5]
mov [address2],rax
pop rax

code3:
  movzx eax,word ptr [rax+000015E4]
  jmp return3

address3:
  jmp newmem3
  nop 2
return3:

assert(address4,bytes4)
alloc(newmem4,$1000,"WWE2K23_x64.exe"+10F54C3)

label(code4)
label(return4)

newmem4:  // An identical method that happens at a different point in the game, and stores the address that will get a new value
push rax
lea rax, [rax+000015E4]
mov [address1],rax
pop rax
push rcx
lea rcx, [rax+000015E5]
mov [address2],rcx
pop rcx

code4:
  movzx ecx,byte ptr [rax+000015E5]
  jmp return4

address4:
  jmp newmem4
  nop 2
return4:

assert(address6,bytes6)
alloc(newmem6,$1000,"WWE2K23_x64.exe"+1076A2D)

label(code6)
label(return6)

newmem6: // Manipulation final step; time to import the new values into the stored addresses below
pushf
mov [r8+r15+38],al
cmp r8,1
je @f
push rcx
push rax
mov [newvalue], al
mov rax, [newvalue]
mov rcx,[address1]
mov [rcx],rax
//
jmp code6
@@:
push rcx
push rax
mov [newvalue2], al
mov rax, [newvalue2]
mov rcx, [address2]
mov [rcx],rax
//pop rcx
//pop rax
//popf
//mov [r8+r15+38],al
//mov [address1],al
//mov [address2],al

code6:
 // mov [r8+r15+38],al
pop rcx
pop rax
popf
  jmp return6

address6:
  jmp newmem6
return6:

[DISABLE]


address3:
  db bytes3
  // movzx eax,word ptr [rax+000015E4]

dealloc(newmem3)
dealloc(address1)
unregistersymbol(address1)
dealloc(address2)
unregistersymbol(address2)
{
// ORIGINAL CODE - INJECTION POINT: WWE2K23_x64.exe+10762B4

WWE2K23_x64.exe+1076291: 41 B1 06                 - mov r9b,06
WWE2K23_x64.exe+1076294: 4D 8B C5                 - mov r8,r13
WWE2K23_x64.exe+1076297: 49 8B D7                 - mov rdx,r15
WWE2K23_x64.exe+107629A: 48 8B CF                 - mov rcx,rdi
WWE2K23_x64.exe+107629D: FF 90 B0 06 00 00        - call qword ptr [rax+000006B0]
WWE2K23_x64.exe+10762A3: 41 88 47 0A              - mov [r15+0A],al
WWE2K23_x64.exe+10762A7: 0F B7 CB                 - movzx ecx,bx
WWE2K23_x64.exe+10762AA: E8 31 81 3C FF           - call WWE2K23_x64.exe+43E3E0
WWE2K23_x64.exe+10762AF: 48 85 C0                 - test rax,rax
WWE2K23_x64.exe+10762B2: 74 0E                    - je WWE2K23_x64.exe+10762C2
// ---------- INJECTING HERE ----------
WWE2K23_x64.exe+10762B4: 0F B7 80 E4 15 00 00     - movzx eax,word ptr [rax+000015E4]
// ---------- DONE INJECTING  ----------
WWE2K23_x64.exe+10762BB: 66 41 89 47 38           - mov [r15+38],ax
WWE2K23_x64.exe+10762C0: EB 07                    - jmp WWE2K23_x64.exe+10762C9
WWE2K23_x64.exe+10762C2: 66 41 C7 47 38 00 00     - mov word ptr [r15+38],0000
WWE2K23_x64.exe+10762C9: 48 8B 07                 - mov rax,[rdi]
WWE2K23_x64.exe+10762CC: 48 8B CF                 - mov rcx,rdi
WWE2K23_x64.exe+10762CF: FF 90 A8 06 00 00        - call qword ptr [rax+000006A8]
WWE2K23_x64.exe+10762D5: C7 44 24 28 FF FF FF FF  - mov [rsp+28],FFFFFFFF
WWE2K23_x64.exe+10762DD: 48 8D 05 44 30 51 02     - lea rax,[WWE2K23_x64.exe+3589328]
WWE2K23_x64.exe+10762E4: 48 89 44 24 20           - mov [rsp+20],rax
WWE2K23_x64.exe+10762E9: 44 8B 4C 24 30           - mov r9d,[rsp+30]
}

address4:
  db bytes4
  // movzx ecx,byte ptr [rax+000015E5]

dealloc(newmem4)
dealloc(newvalue)
unregistersymbol(newvalue)
dealloc(newvalue2)
unregistersymbol(newvalue2)
{
// ORIGINAL CODE - INJECTION POINT: WWE2K23_x64.exe+10F54C3

WWE2K23_x64.exe+10F549F: CC                    - int 3
WWE2K23_x64.exe+10F54A0: 48 83 EC 28           - sub rsp,28
WWE2K23_x64.exe+10F54A4: 48 8B 05 25 FA 5A 02  - mov rax,[WWE2K23_x64.exe+36A4ED0]
WWE2K23_x64.exe+10F54AB: 48 85 C0              - test rax,rax
WWE2K23_x64.exe+10F54AE: 75 07                 - jne WWE2K23_x64.exe+10F54B7
WWE2K23_x64.exe+10F54B0: B8 FF FF FF FF        - mov eax,FFFFFFFF
WWE2K23_x64.exe+10F54B5: EB 04                 - jmp WWE2K23_x64.exe+10F54BB
WWE2K23_x64.exe+10F54B7: 0F B7 40 1C           - movzx eax,word ptr [rax+1C]
WWE2K23_x64.exe+10F54BB: 0F B7 C8              - movzx ecx,ax
WWE2K23_x64.exe+10F54BE: E8 1D 8F 34 FF        - call WWE2K23_x64.exe+43E3E0
// ---------- INJECTING HERE ----------
WWE2K23_x64.exe+10F54C3: 0F B6 88 E5 15 00 00  - movzx ecx,byte ptr [rax+000015E5]
// ---------- DONE INJECTING  ----------
WWE2K23_x64.exe+10F54CA: 48 83 C4 28           - add rsp,28
WWE2K23_x64.exe+10F54CE: E9 AD C7 5A FF        - jmp WWE2K23_x64.exe+6A1C80
WWE2K23_x64.exe+10F54D3: CC                    - int 3
WWE2K23_x64.exe+10F54D4: CC                    - int 3
WWE2K23_x64.exe+10F54D5: CC                    - int 3
WWE2K23_x64.exe+10F54D6: CC                    - int 3
WWE2K23_x64.exe+10F54D7: CC                    - int 3
WWE2K23_x64.exe+10F54D8: CC                    - int 3
WWE2K23_x64.exe+10F54D9: CC                    - int 3
WWE2K23_x64.exe+10F54DA: CC                    - int 3
}

address6:
  db bytes6
  // mov [r8+r15+38],al

dealloc(newmem6)

{
// ORIGINAL CODE - INJECTION POINT: WWE2K23_x64.exe+1076A2D

WWE2K23_x64.exe+1076A04: 48 8B 07              - mov rax,[rdi]
WWE2K23_x64.exe+1076A07: 49 8B D0              - mov rdx,r8
WWE2K23_x64.exe+1076A0A: 48 8B CF              - mov rcx,rdi
WWE2K23_x64.exe+1076A0D: FF 90 90 03 00 00     - call qword ptr [rax+00000390]
WWE2K23_x64.exe+1076A13: 41 C6 47 0A 06        - mov byte ptr [r15+0A],06
WWE2K23_x64.exe+1076A18: 44 8B 87 74 06 00 00  - mov r8d,[rdi+00000674]
WWE2K23_x64.exe+1076A1F: 41 83 F8 02           - cmp r8d,02
WWE2K23_x64.exe+1076A23: 73 0D                 - jae WWE2K23_x64.exe+1076A32
WWE2K23_x64.exe+1076A25: 0F B6 CB              - movzx ecx,bl
WWE2K23_x64.exe+1076A28: E8 B3 B2 62 FF        - call WWE2K23_x64.exe+6A1CE0
// ---------- INJECTING HERE ----------
WWE2K23_x64.exe+1076A2D: 43 88 44 38 38        - mov [r8+r15+38],al
// ---------- DONE INJECTING  ----------
WWE2K23_x64.exe+1076A32: 48 8D 05 EF 28 51 02  - lea rax,[WWE2K23_x64.exe+3589328]
WWE2K23_x64.exe+1076A39: 44 8B 4C 24 30        - mov r9d,[rsp+30]
WWE2K23_x64.exe+1076A3E: E9 E3 06 00 00        - jmp WWE2K23_x64.exe+1077126
WWE2K23_x64.exe+1076A43: 3C 07                 - cmp al,07
WWE2K23_x64.exe+1076A45: 0F 85 71 02 00 00     - jne WWE2K23_x64.exe+1076CBC
WWE2K23_x64.exe+1076A4B: 4D 8B C7              - mov r8,r15
WWE2K23_x64.exe+1076A4E: 49 8B D4              - mov rdx,r12
WWE2K23_x64.exe+1076A51: E8 8A 99 00 00        - call WWE2K23_x64.exe+10803E0
WWE2K23_x64.exe+1076A56: 80 B8 F0 00 00 00 00  - cmp byte ptr [rax+000000F0],00
WWE2K23_x64.exe+1076A5D: 0F 84 DE 06 00 00     - je WWE2K23_x64.exe+1077141
}
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Wed May 10, 2023 10:35 am    Post subject: Reply with quote

Glad you figured it out.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites