|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
bmmlst310 How do I cheat? Reputation: 0
Joined: 22 Sep 2023 Posts: 8
|
Posted: Thu Mar 21, 2024 4:09 am Post subject: Size of the Instruction Changed and How to Solve It? |
|
|
I made an aobscan script. The aob is like this:
Code: | 5C 00 90 0F B7 C5 F3 0F 11 44 24 1C 8B 4C 24 1C 81 F1 |
It worked well when I did it. But when I rebooted the game, it's not working and I found the aob changed to this(the opcode 90 is removed):
Code: | 5C 00 0F B7 C5 F3 0F 11 44 24 1C 8B 4C 24 1C 81 F1 |
And sometimes I found a 90 is added to it:
Code: | 5C 00 90 0F B7 C5 F3 0F 11 44 24 1C 8B 4C 24 1C 81 F1 90 |
I attempted to use wildcards to solve it, but it seems that wildcards cannot represent an empty opcode. Is there any way to solve this problem?
|
|
Back to top |
|
|
panraven Grandmaster Cheater Reputation: 55
Joined: 01 Oct 2008 Posts: 943
|
Posted: Thu Mar 21, 2024 9:07 am Post subject: |
|
|
The easier way is to create 2 (or multiple) version of memory records of the script, place them under a parent memory record (eg, a header group, right-click -> [Create Header]), then set the parent 'Activate this activate its' children'.
BAD: if the aob of the versions are not specific enough to be unique, then multiple script may activate at the same time, one of wrongly activated scripts may cause error or crash.
_________________
- Retarded. |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4307
|
Posted: Thu Mar 21, 2024 12:37 pm Post subject: |
|
|
What does that script look like? I can't figure out what that code is suppose to be.
Generate a new aobscan template at that injection point. Make sure to include the comment at the bottom that shows the original code around the injection point.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
bmmlst310 How do I cheat? Reputation: 0
Joined: 22 Sep 2023 Posts: 8
|
Posted: Thu Mar 21, 2024 8:33 pm Post subject: |
|
|
ParkourPenguin wrote: | What does that script look like? I can't figure out what that code is suppose to be.
Generate a new aobscan template at that injection point. Make sure to include the comment at the bottom that shows the original code around the injection point. |
This is my script:
Code: | [ENABLE]
aobscanmodule(INJECT,HWR.exe,5C 00 90 0F B7 C5 F3 0F 11 44 24 1C 8B 4C 24 1C 81 F1) // should be unique
alloc(newmem,$1000)
alloc(mag,4)
label(code)
label(return)
mag:
dd (float)1
newmem:
movss xmm0,[mag]
jmp code
code:
movss [esp+1C],xmm0
jmp return
INJECT+06:
jmp newmem
nop
return:
registersymbol(INJECT mag)
[DISABLE]
INJECT+06:
db F3 0F 11 44 24 1C
unregistersymbol(INJECT mag)
dealloc(newmem mag) |
And ORIGINAL CODE:
Code: | {
// ORIGINAL CODE - INJECTION POINT: HWR.exe+239495
HWR.exe+239471: 8B 0D 48 67 8F 00 - mov ecx,[HWR.exe+516748]
HWR.exe+239477: E8 64 B2 EE FF - call HWR.exe+1246E0
HWR.exe+23947C: 0F B7 6B 14 - movzx ebp,word ptr [ebx+14]
HWR.exe+239480: 8B 44 24 1C - mov eax,[esp+1C]
HWR.exe+239484: 90 - nop
HWR.exe+239485: F3 0F 10 44 24 10 - movss xmm0,[esp+10]
HWR.exe+23948B: 33 D2 - xor edx,edx
HWR.exe+23948D: F3 0F 5C 00 - subss xmm0,[eax]
HWR.exe+239491: 90 - nop
HWR.exe+239492: 0F B7 C5 - movzx eax,bp
// ---------- INJECTING HERE ----------
HWR.exe+239495: F3 0F 11 44 24 1C - movss [esp+1C],xmm0
// ---------- DONE INJECTING ----------
HWR.exe+23949B: 8B 4C 24 1C - mov ecx,[esp+1C]
HWR.exe+23949F: 81 F1 18 E7 CD DD - xor ecx,DDCDE718
HWR.exe+2394A5: 89 0C 83 - mov [ebx+eax*4],ecx
HWR.exe+2394A8: 0F B7 43 14 - movzx eax,word ptr [ebx+14]
HWR.exe+2394AC: 40 - inc eax
HWR.exe+2394AD: F7 F6 - div esi
HWR.exe+2394AF: 0F B7 C2 - movzx eax,dx
HWR.exe+2394B2: 66 89 43 14 - mov [ebx+14],ax
HWR.exe+2394B6: 90 - nop
HWR.exe+2394B7: 89 0C 83 - mov [ebx+eax*4],ecx
} |
I also tried to inject to the location "F3 0F 5C 00", but there still have those sporadic 90.
------------------------------------------------------------------------------------
And this time I found the xor data changed, so did the opcode.
Code: | // ---------- INJECTING HERE ----------
HWR.exe+2399B5: F3 0F 11 44 24 1C - movss [esp+1C],xmm0
// ---------- DONE INJECTING ----------
HWR.exe+2399BB: 8B 4C 24 1C - mov ecx,[esp+1C]
HWR.exe+2399BF: 81 F1 DA E7 CD DD - xor ecx,DDCDE7DA |
I tried to use wild card and expand aob codes, but I always manage to find more than one result.
Description: |
|
Filesize: |
21.29 KB |
Viewed: |
524 Time(s) |
|
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4307
|
Posted: Thu Mar 21, 2024 10:13 pm Post subject: |
|
|
It's very weird that you're injecting at an instruction that's accessing a value on the stack, but I'll ignore that for now.
It's possible the game could be doing some weird kind of random unpacking / JIT compilation thing, but it's far more likely that either you're finding several different injection points or the game updated.
Look at the addresses of those aobs you found in your first post. If the aob magically changes again, go to the address of an aob you found in a previous instance and see if it changed there too. I really think you're just looking at different code.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
bmmlst310 How do I cheat? Reputation: 0
Joined: 22 Sep 2023 Posts: 8
|
Posted: Fri Mar 22, 2024 10:04 pm Post subject: |
|
|
ParkourPenguin wrote: | It's very weird that you're injecting at an instruction that's accessing a value on the stack, but I'll ignore that for now.
It's possible the game could be doing some weird kind of random unpacking / JIT compilation thing, but it's far more likely that either you're finding several different injection points or the game updated.
Look at the addresses of those aobs you found in your first post. If the aob magically changes again, go to the address of an aob you found in a previous instance and see if it changed there too. I really think you're just looking at different code. |
Yes, you're right. Not any updates recently, but everytime I reboot the game there are always several changed opcodes.
I was just trying to see how many results I can find. I found and injected those instructions in a traditional way(changed/unchanged value cause the encrypted data).
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|