|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
satandidnowrong Newbie cheater Reputation: 0
Joined: 02 Mar 2024 Posts: 11
|
Posted: Wed Mar 06, 2024 9:21 pm Post subject: Unexpected Behaviour when Combining Scripts that Work Apart |
|
|
For four iterations of this same script with different aobs much farther a part than a five byte jmp (no overlapping aobs), running the same newmem individually from their own aobs, when put together, function for some times one attribute spend, and most of the time immediately crashes. Following, at the end, is the combined script that afa my knowledge goes, should work. What silliness am i missing? Why do they work independent and not together?
Many loves. Thanks for being here.
Code: |
[ENABLE]
aobscanmodule(statPointCostStrAOB,xxx,6A FF 6A 04 56 E8 96)
alloc(newmem,$1000)
newmem:
push 01
code:
// push -01
push 04
push esi
jmp return
statPointCostStrAOB:
jmp newmem
return:
registersymbol(statPointCostStrAOB)
[DISABLE]
statPointCostStrAOB:
db 6A FF 6A 04 56
unregistersymbol(statPointCostStrAOB)
dealloc(newmem)
|
Code: |
[ENABLE]
aobscanmodule(statPointCostStrAOB,xxx,6A FF 6A 04 56 E8 96)
aobscanmodule(statPointCostNrgAOB,xxx,6A FF 6A 04 56 E8 30)
aobscanmodule(statPointCostDexAOB,xxx,6A FF 6A 04 56 E8 EA)
aobscanmodule(statPointCostVitAOB,xxx,6A FF 6A 04 56 E8 83)
alloc(newmem,$1000)
newmem:
push 01
code:
// push -01
push 04
push esi
jmp return
statPointCostStrAOB:
jmp newmem
statPointCostNrgAOB:
jmp newmem
statPointCostDexAOB:
jmp newmem
statPointCostVitAOB:
jmp newmem
return:
registersymbol(statPointCostStrAOB)
registersymbol(statPointCostNrgAOB)
registersymbol(statPointCostDexAOB)
registersymbol(statPointCostVitAOB)
[DISABLE]
statPointCostStrAOB:
db 6A FF 6A 04 56
statPointCostNrgAOB:
db 6A FF 6A 04 56
statPointCostDexAOB:
db 6A FF 6A 04 56
statPointCostVitAOB:
db 6A FF 6A 04 56
unregistersymbol(*)
dealloc(*)
|
I am NOT talking about d3 >:{
I just noticed the disable bytes are same for all of them. This is not a mis take though I am going to investigate brb.
I just double checked the aobs and they are different and I knew the aobs and enable/disable were functioning as expected (in their placement and deplacement). This is the first thing I check when I write a script.
_________________
Proudly at opencheattables |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4307
|
Posted: Thu Mar 07, 2024 1:37 am Post subject: |
|
|
Each injection point needs its own return label, and because the code injection modifies the stack in an unbalanced way, you can't just call the code injection and `ret` to return. In general, each code injection would need its own memory.
Code: | newmem:
injectStr:
push 01
push 04
push esi
jmp returnStr
injectNrg:
push 01
push 04
push esi
jmp returnNrg
...
statPointCostStrAOB:
jmp newmem
returnStr:
statPointCostNrgAOB:
jmp newmem
returnNrg:
...
| (technically you could call it and do bad things to the stack to get the `ret` instruction to work, but that's troublesome)
In this specific case, there's an easier way of doing this. It seems like you're simply changing `push -1` to `push 1`. There's no need to inject any code: just change the value being pushed at the injection point itself.
Code: | [ENABLE]
aobscanmodule(statPointCostStrAOB,xxx,6A FF 6A 04 56 E8 96)
aobscanmodule(statPointCostNrgAOB,xxx,6A FF 6A 04 56 E8 30)
aobscanmodule(statPointCostDexAOB,xxx,6A FF 6A 04 56 E8 EA)
aobscanmodule(statPointCostVitAOB,xxx,6A FF 6A 04 56 E8 83)
// changes `push -1` (6A FF) to `push 1` (6A 01)
statPointCostStrAOB+1:
db 01
statPointCostNrgAOB+1:
db 01
statPointCostDexAOB+1:
db 01
statPointCostVitAOB+1:
db 01
registersymbol(statPointCostStrAOB)
registersymbol(statPointCostNrgAOB)
registersymbol(statPointCostDexAOB)
registersymbol(statPointCostVitAOB)
[DISABLE]
statPointCostStrAOB+1:
db FF
statPointCostNrgAOB+1:
db FF
statPointCostDexAOB+1:
db FF
statPointCostVitAOB+1:
db FF
unregistersymbol(*) |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
satandidnowrong Newbie cheater Reputation: 0
Joined: 02 Mar 2024 Posts: 11
|
Posted: Thu Mar 07, 2024 11:02 am Post subject: |
|
|
The intent is to allow the user to set their options, if they want 0 or -1
The symbol has been taken out for simplicity and readability and curt.
Your simplified code functions well, thank you, and a symbol can easily be added for superfluous customization.
I want to under stand -why- my code did not work.
I recall sending multiple aobs to the same function before. It is just like any other function. When they return, they go to where they came from.
The stack is handled by the rest of the code as I do not skip any function, only overwrite value.
The code i provided makes logical sense to me and to be better I need to know how it is wrong lest I place my foot into the same pit fall.
Thank you for your response, if this is the end know I am grateful and will apply this practice and be better and more knowledgeable.
The code is very simple and as I am writing it I am grateful again for it. It is pretty.
_________________
Proudly at opencheattables |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4307
|
Posted: Thu Mar 07, 2024 12:17 pm Post subject: |
|
|
satandidnowrong wrote: | When they return, they go to where they came from. | They don't.
satandidnowrong wrote: | Code: | newmem:
...
jmp return
statPointCostStrAOB:
jmp newmem
statPointCostNrgAOB:
jmp newmem
statPointCostDexAOB:
jmp newmem
statPointCostVitAOB:
jmp newmem
return: |
| In this code, the `return` label is defined as the address 5 bytes after the address `statPointCostVitAOB` (5 bytes after because the `jmp` instruction takes up 5 bytes). The instruction `jmp return` always jumps to this address. The other 3 injection points, statPointCostStrAOB / statPointCostNrgAOB / statPointCostDexAOB, will jump to the same address. Those three injections will never return to where they came from.
In other words, `jmp return` just jumps to a single address- `return`. It can't magically jump to other addresses. If you want to jump to other addresses, you'll need explicit labels for each of them. e.g. in my code, these are returnStr, returnNrg, etc.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|