Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Comparison Instruction Not Working as Expected
Goto page Previous  1, 2, 3
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Modify_This
Newbie cheater
Reputation: 0

Joined: 24 Sep 2024
Posts: 23

PostPosted: Tue Oct 15, 2024 10:30 am    Post subject: Reply with quote

Game Hacking Dojo wrote:
Yes the original code at the injection pointer is reassembled in the hook. To do the effect of writing 0 to the health without the ability to change the instruction itself since we used reassemble, you can use move 0 to eax to before the instruction executes.

Code:
mov eax,0       //there are multiple ways to move 0 to a register but this is easier for you to understand and change
reassemble(INJECT+0B)      //mov [ebx+05DB90A0],eax



This seems to work now, thank you, though for some reason when I disable the script, nobody dies, and occasionally the game will crash, so something in the game is not correctly returning back to the original code I would assume. This isn't something new though, so it's not related to the reassemble() because I've noticed it from the beginning. I just wasn't really worried about it at the time since I was more focused on getting the script to work. But now I'm curious why it doesn't return the code to the way it was when disabled. The disabled inject code uses the same few bytes from the aobscan as you can see in my script I provided previously.

Also, the script works for both the 1st and 2nd levels, but only individually, meaning, if I complete level 1, and then the game transitions or automatically loads the next level, the script does not work, and I can't disable it due to the error <Not all instructions could be injected>", so I have to close CE and reopen it. I'm sure this is because when it loads the new level, this level is in a different part of memory, which I can verify by doing a aobscan. So, how would I modify the script to look for this change?

If this opens a whole new can of worms that you don't want to really deal with, just let me know.
Back to top
View user's profile Send private message
Game Hacking Dojo
Expert Cheater
Reputation: 1

Joined: 17 Sep 2023
Posts: 229

PostPosted: Tue Oct 15, 2024 2:46 pm    Post subject: Reply with quote

The game would crash because the address changes when the game loads a new map. Reassemble() will not update the bytes to the new address because it only gets executed once the script gets activated. The disable section includes the bytes supposed to be rewritten once the script is disabled, and those are set and hard-coded when you first make the script.

A simple and effective solution is to hook above this instruction (mov [ebx+05DB90A0],eax).

This way you don't have to deal with any of the headaches. Oh, but this way I get killed. Then you have to think a bit and make the script write something like this:

Code:
  cmp enemy_team,1
  je label_kill_enemy

  mov eax,my_health
  jmp code

label_kill_enemy:
  mov eax,0
  jmp code

code:
bla bla bla


This has to happen somewhere above your original injection point and shouldn't include that instruction with the address in it
Back to top
View user's profile Send private message Visit poster's website
Modify_This
Newbie cheater
Reputation: 0

Joined: 24 Sep 2024
Posts: 23

PostPosted: Wed Oct 16, 2024 9:52 am    Post subject: Reply with quote

Game Hacking Dojo wrote:
The game would crash because the address changes when the game loads a new map. Reassemble() will not update the bytes to the new address because it only gets executed once the script gets activated. The disable section includes the bytes supposed to be rewritten once the script is disabled, and those are set and hard-coded when you first make the script.

A simple and effective solution is to hook above this instruction (mov [ebx+05DB90A0],eax).

This way you don't have to deal with any of the headaches. Oh, but this way I get killed. Then you have to think a bit and make the script write something like this:

Code:
  cmp enemy_team,1
  je label_kill_enemy

  mov eax,my_health
  jmp code

label_kill_enemy:
  mov eax,0
  jmp code

code:
bla bla bla


This has to happen somewhere above your original injection point and shouldn't include that instruction with the address in it


So, I came up with this script which goes back about 20 instructions, due to finding a unique AOBscan. It seems to work for the most part, though only if I update the Changing Offset for each of the instructions, which there are 5.

It also fixes the issue of nobody dies when I disable the script. Though the script still fails and cannot be disabled when the next level loads, but I think that is expected because the address for the code changes. I'll deal with that later.

I tried using the reassemble() for each one, but the game usually crashes. It could be because I have the wrong offset for each reassemble() since it's very tedious trying to count the bytes for 20 instructions, and then assign the correct amount for each of the 5 instructions that require the Changing Offset to be updated. Is there not an option in CE to calculate the number of bytes between instructions?

Also, when you use many instructions like I did in my script, doesn't the script then return to the next instruction after the jump, meaning all those instructions get executed again? Am I expected to add 20 NOPs?

How do you tell it to return back but at the address that is after all those instructions? Please don't tell me the only way is to count all the bytes again from the beginning of the jump, and then add that to the return or something.

Code:

[ENABLE]
aobscan(INJECT,05 DC 02 00 00 83 EF 04 8B 1F 89 83 * * * * 8D 86 58)
alloc(newmem,$1000)

label(code)
label(return)

newmem:
add eax,000002DC
sub edi,04
mov ebx,[edi]
mov [ebx+05D160A0],eax
lea eax,[esi+00000058]
mov eax,[eax+05D160A0]
mov [edi],eax
add edi,04
lea eax,[esi+00000058]
mov eax,[eax+05D160A0]
mov eax,[eax+05D160A0]
mov [edi],eax
add edi,04
lea eax,[esi+00000028]
mov eax,[eax+05D160A0]
sub [edi-04],eax
sub edi,04
mov eax,[edi]
mov ebx,[edi-04]
  cmp ebx,17654
  jne code
  mov eax,#100
  jmp return

code:
  mov eax,0
//  reassemble(INJECT+0A) //10 for changing offset
//  reassemble(INJECT+16) //22 for changing offset
//  reassemble(INJECT+24) //36 for changing offset
//  reassemble(INJECT+2A) //42 for changing offset
//  reassemble(INJECT+3C) //60 for changing offset
  jmp return

INJECT:
  jmp newmem
return:
registersymbol(INJECT)

[DISABLE]
INJECT:
  db 05 DC 02 00 00

unregistersymbol(INJECT)
dealloc(newmem)
Back to top
View user's profile Send private message
Game Hacking Dojo
Expert Cheater
Reputation: 1

Joined: 17 Sep 2023
Posts: 229

PostPosted: Wed Oct 16, 2024 11:00 am    Post subject: Reply with quote

This is not a solution but rather a problem introduction. You didn't go up one instruction to include more (totally useless) offsets in the script to introduce more problems.

You don't need an AOB scan for a game that gets no updates. And if even if this game gets updates if the AOB is complicated for you then don't use it. Start with something easy. Try the "code injection" template instead.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Goto page Previous  1, 2, 3
Page 3 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites