 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
buyx86
Advanced Cheater
![]() Reputation: 0
Joined: 10 May 2011
Posts: 73
Location: Philippines
|
 Posted: Thu Mar 21, 2024 9:29 am Post subject: Can't activate my script |
 |
|
It's my first time trying my hand at code injection. I've created a few from a game I've been practicing on, and they all worked separately. I wanted to compile them all into a single AOB injection because some share the same signature. But when I had tried converting my first script into a different one that I want to use to combine with other scripts, I can't activate it. This is the first script that I wanted to convert that works.
| Code: |
[ENABLE]
aobscanmodule(GOD_MODE,Sys43VM.DLL,89 14 98 8B 81 10 02 00 00)
alloc(newmem,$1000)
label(troop_hp)
label(moves)
label(solo_hp)
label(code)
label(return)
newmem:
cmp [eax+10C],1
jne code
cmp [eax+F0],1
jne code
troop_hp:
cmp ebx,15
jne moves
lea rsi,[eax+54]
mov rdi,[rsi+4]
cmp rdi,edx
jle moves
mov edx,rdi
jmp code
moves:
cmp ebx,1E
jne solo_hp
lea rsi,[eax+78]
mov rdi,[rsi+4]
cmp rdi,edx
jle solo_hp
mov edx,rdi
jmp code
solo_hp:
cmp ebx,36
jne code
lea rsi,[eax+D8]
mov rdi,[rsi+4]
cmp rdi,edx
jle code
mov edx,rdi
jmp code
code:
mov [eax+ebx*4],edx
mov eax,[ecx+00000210]
jmp return
GOD_MODE:
jmp newmem
nop 4
return:
registersymbol(GOD_MODE)
[DISABLE]
GOD_MODE:
db 89 14 98 8B 81 10 02 00 00
unregistersymbol(GOD_MODE)
dealloc(newmem)
|
And this is the script that won't work after trying to convert it.
| Code: |
[ENABLE]
aobscanmodule(SET1,Sys43VM.DLL,89 14 98 8B 81 10 02 00 00)
//-------------------------------------------------------------------------
alloc(my_code,$4080)
//-------------------------------------------------------------------------
//Declaration
label(GOD_MODE)
label(returnGM)
label(troop_hp)
label(moves)
label(solo_hp)
label(codeSET1)
label(enableGodMode)
//-------------------------------------------------------------------------
//Registering
registersymbol(my_code)
registersymbol(enableGodMode)
registersymbol(SET1)
//------------------------------------------------------------------------
//Variables
enableGodMode:
dd 0
//------------------------------------------------------------------------
//My code
my_code:
//SET1 codes
//God mode start
GOD_MODE:
cmp [enableGodMode],01
jne codeSET1
cmp [eax+10C],1
jne codeSET1
cmp [eax+F0],1
jne codeSET1
troop_hp:
cmp ebx,15
jne moves
lea rsi,[eax+54]
mov rdi,[rsi+4]
cmp rdi,edx
jle moves
mov edx,rdi
jmp codeSET1
moves:
cmp ebx,1E
jne solo_hp
lea rsi,[eax+78]
mov rdi,[rsi+4]
cmp rdi,edx
jle solo_hp
mov edx,rdi
jmp codeSET1
solo_hp:
cmp ebx,36
jne codeSET1
lea rsi,[eax+D8]
mov rdi,[rsi+4]
cmp rdi,edx
jle codeSET1
mov edx,rdi
jmp codeSET1
//God mode end
codeSET1:
mov [eax+ebx*4],edx //original code
mov eax,[ecx+00000210] //original code
jmp returnGM
SET1:
jmp GOD_MODE
nop 4
returnGM:
registersymbol(SET1)
//SET1 end
[DISABLE]
SET1:
db 89 14 98 8B 81 10 02 00 00
unregistersymbol(SET1)
unregistersymbol(enableGodMode)
unregistersymbol(my_code)
dealloc(my_code)
|
Any help would be appreciated in answering what I'd done wrong that I couldn't activate it.
|
|
| Back to top |
|
 |
Csimbi
I post too much
 Reputation: 94
Joined: 14 Jul 2007
Posts: 3110
|
| Posted: Thu Mar 21, 2024 10:28 am Post subject: |
|
|
| What does CE say in the right-click menu?
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 140
Joined: 06 Jul 2014
Posts: 4306
|
| Posted: Thu Mar 21, 2024 12:30 pm Post subject: |
|
|
`mov [eax+ebx*4],edx //original code` - I'm going to assume you didn't touch the original code and that this is a 32-bit process. Don't use 64-bit registers. Replace rax, rcx, rdx, etc. with eax, ecx, edx, etc.
`label(enableGodMode)` - Labels are defined relative to something else- a literal address or some other symbol that is already defined (e.g. alloc, aobscan...). They can't stand on their own. Put it under your code in newmem, or use alloc.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
buyx86
Advanced Cheater
![]() Reputation: 0
Joined: 10 May 2011
Posts: 73
Location: Philippines
|
| Posted: Thu Mar 21, 2024 8:57 pm Post subject: |
|
|
Thanks for the replies.
| Quote: | | What does CE say in the right-click menu? |
It says, <<Not all instructions could be injected>>
| Quote: | | `mov [eax+ebx*4],edx //original code` - I'm going to assume you didn't touch the original code and that this is a 32-bit process. Don't use 64-bit registers. Replace rax, rcx, rdx, etc. with eax, ecx, edx, etc. |
In the first script, it worked fine even with 64-bit registers.
| Quote: | | `label(enableGodMode)` - Labels are defined relative to something else- a literal address or some other symbol that is already defined (e.g. alloc, aobscan...). They can't stand on their own. Put it under your code in newmem, or use alloc. |
I've commented out the 'label(enableGodMode)' but the script still can't be activated.
edit:
I've also tried commenting out 'registersymbol(SET1)' and 'registersymbol(my_code)' with their unregistersymbol counterpart since those are not found in my orignal code. I got a different error when right-clicking the script. it says, <<Error while scanning for AOB's: SET1 Error: Not all results found>>
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 140
Joined: 06 Jul 2014
Posts: 4306
|
| Posted: Thu Mar 21, 2024 10:00 pm Post subject: |
|
|
| buyx86 wrote: | | In the first script, it worked fine even with 64-bit registers. |
64-bit registers don't exist in a 32-bit process. When you write it in the script, CE just pretends you wrote 32-bit registers instead and assembles that. IMO CE should just give an error because that way you'd know what you're writing doesn't make sense.
Good:
| Code: | alloc(foo,4)
foo:
dd 0 |
CE allocates memory and defines the symbol `foo` to be the start of that memory.
Bad:
| Code: | label(foo)
foo:
dd 0 |
`foo` is a symbol, but it's ill-defined. Where is it? CE doesn't know because you didn't specify.
Good:
| Code: | alloc(foo,8)
label(bar)
foo:
dd 0
bar:
dd 1 |
Here, the symbol `bar` is placed after an instruction (`dd`) preceded by `foo:`. This means the symbol `bar` will be defined relative to `foo`- in this case it will be 4 bytes after the address `foo` (e.g. if `foo` is 006C0000, `bar` would be 006C0004).
Bad:
| Code: | alloc(foo,8)
label(bar)
bar:
dd 1
foo:
dd 0 |
Same problem as before. `bar` is ill-defined. It's just standing on its own- it's not defined relative to anything else. This is what you're doing.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
buyx86
Advanced Cheater
![]() Reputation: 0
Joined: 10 May 2011
Posts: 73
Location: Philippines
|
| Posted: Fri Mar 22, 2024 12:10 am Post subject: |
|
|
| Quote: | | 64-bit registers don't exist in a 32-bit process. When you write it in the script, CE just pretends you wrote 32-bit registers instead and assembles that. IMO CE should just give an error because that way you'd know what you're writing doesn't make sense. |
Should I use PUSH and POP on ESI and EDI? I've not tried those yet but maybe it will work.
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 140
Joined: 06 Jul 2014
Posts: 4306
|
| Posted: Fri Mar 22, 2024 12:34 am Post subject: |
|
|
You should always back up and restore registers with `push` and `pop` if you aren't certain whether or not the game is using them for something important.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
buyx86
Advanced Cheater
![]() Reputation: 0
Joined: 10 May 2011
Posts: 73
Location: Philippines
|
| Posted: Fri Mar 22, 2024 1:59 am Post subject: |
|
|
I've saved and restored both EDI and ESI but it still didn't work.
| Code: | //SET1 codes
//God mode start
GOD_MODE:
cmp [enableGodMode],1
jne codeSET1
cmp [eax+10C],1
jne codeSET1
cmp [eax+F0],1
jne codeSET1
push esi //save esi
push edi //save edi
troop_hp:
cmp ebx,15
jne moves
lea esi,[eax+54]
mov edi,[esi+4]
cmp edi,edx
jle moves
mov edx,edi
jmp codeSET1
moves:
cmp ebx,1E
jne solo_hp
lea esi,[eax+78]
mov edi,[esi+4]
cmp edi,edx
jle solo_hp
mov edx,edi
jmp codeSET1
solo_hp:
cmp ebx,36
jne codeSET1
lea esi,[eax+D8]
mov edi,[esi+4]
cmp edi,edx
jle codeSET1
mov edx,edi
jmp codeSET1
//God mode end
codeSET1:
pop edi //restore edi
pop esi //restore esi
mov [eax+ebx*4],edx //original code
mov eax,[ecx+00000210] //original code
jmp returnGM
SET1:
jmp GOD_MODE
nop 4
returnGM:
registersymbol(SET1)
//SET1 end |
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 140
Joined: 06 Jul 2014
Posts: 4306
|
|
| Back to top |
|
|
buyx86
Advanced Cheater
![]() Reputation: 0
Joined: 10 May 2011
Posts: 73
Location: Philippines
|
| Posted: Fri Mar 22, 2024 9:44 pm Post subject: |
|
|
I moved the push here:
| Code: | //God mode start
push esi //save esi
push edi //save edi
cmp [enableGodMode],1 |
I also removed [enableGodMode] from label and added it to alloc. At first I also removed it from from registersymbols, I could activate my script but the code didn't work. When I added it again to registersymbol, the script finally worked. Thank you very much for the help. I really appreciate it.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
