 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Loveness
Newbie cheater
![]() Reputation: 0
Joined: 30 Aug 2016
Posts: 14
|
 Posted: Sun May 25, 2025 6:47 am Post subject: Help please with the AOB script |
 |
|
Hi!
I'm not so powerful in scripting, but i know how to make a script etc. But i have a script that i don't know how to resolve it. Hope please to help me..
So i have the following script:
| Code: |
[ENABLE]
aobscanmodule(damage,DOOMTheDarkAges.exe,F3 44 0F 59 C8 49 8B CC 45 0F 28 D8 E8 1E BF F7 FF) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
mulss xmm9,xmm0
mov rcx,r12
movaps xmm11,xmm8
call DOOMTheDarkAges.exe+DA6D50
jmp return
damage:
jmp far newmem
nop 3
return:
registersymbol(damage)
[DISABLE]
damage:
db F3 44 0F 59 C8 49 8B CC 45 0F 28 D8 E8 1E BF F7 FF
unregistersymbol(damage)
dealloc(newmem)
|
Please tell me how to change the script in such a way that the following code to not be present in my script and to not be affected by the script:
| Code: |
call DOOMTheDarkAges.exe+DA6D50
|
i.e. the script to be injected only until this line or be better the script to affect only:
I attach the screenshot of the area of this code. I can't attach the script to another line. Please help me..
| Description: |
|
| Filesize: |
73.26 KB |
| Viewed: |
1844 Time(s) |
|
|
|
| Back to top |
|
 |
DhaosCollider
How do I cheat?
![]() Reputation: 0
Joined: 12 Mar 2022
Posts: 7
|
| Posted: Sun May 25, 2025 8:10 am Post subject: |
|
|
Hi, Loveness.
Do you need 14 bytes jmp? easiest way is to stop doing it.
Another option is 1 byte jmp.
However, you need CE 7.5/later and installing an exception handler might give you new issues.
|
|
| Back to top |
|
|
Loveness
Newbie cheater
![]() Reputation: 0
Joined: 30 Aug 2016
Posts: 14
|
| Posted: Sun May 25, 2025 8:35 am Post subject: |
|
|
| DhaosCollider wrote: | Hi, Loveness.
Do you need 14 bytes jmp? easiest way is to stop doing it.
Another option is 1 byte jmp.
However, you need CE 7.5/later and installing an exception handler might give you new issues. |
To be more simple, i need my script to be like:
| Code: |
[ENABLE]
aobscanmodule(damage,DOOMTheDarkAges.exe,F3 44 0F 59 C8 49 8B CC 45 0F 28 D8 E8) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
mulss xmm9,xmm0
mov rcx,r12
movaps xmm11,xmm8
jmp return
damage:
jmp far newmem
nop 3
return:
registersymbol(damage)
[DISABLE]
damage:
db F3 44 0F 59 C8 49 8B CC 45 0F 28 D8 E8
unregistersymbol(damage)
dealloc(newmem) |
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4694
|
| Posted: Sun May 25, 2025 12:01 pm Post subject: |
|
|
Remove the call as you did. It looks like the call returns a pointer, so you should set rax as needed. If you don't know what it should point to, set rax to 0:
| Code: | ...
code:
mulss xmm9,xmm0
mov rcx,r12
movaps xmm11,xmm8
xor rax,rax
jmp return
... |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Loveness
Newbie cheater
![]() Reputation: 0
Joined: 30 Aug 2016
Posts: 14
|
| Posted: Sun May 25, 2025 12:26 pm Post subject: |
|
|
| ParkourPenguin wrote: | Remove the call as you did. It looks like the call returns a pointer, so you should set rax as needed. If you don't know what it should point to, set rax to 0:
| Code: | ...
code:
mulss xmm9,xmm0
mov rcx,r12
movaps xmm11,xmm8
xor rax,rax
jmp return
... |
|
This call is important.. so if I set it to 0, the game crashes. The problem is that the game is very often updated, so the address is changed.
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4694
|
| Posted: Sun May 25, 2025 5:40 pm Post subject: |
|
|
I don't understand what you want to do. If you want the call to happen, then leave it there. It shouldn't harm anything.
Try the standard 5-byte jump instead:
| Code: | [ENABLE]
aobscanmodule(damage,DOOMTheDarkAges.exe,F3 44 0F 59 C8 49 8B CC 45 0F 28 D8 E8 1E BF F7 FF)
alloc(newmem,$1000,damage)
label(code)
label(return)
newmem:
code:
mulss xmm9,xmm0
jmp return
damage:
jmp newmem
return:
registersymbol(damage)
[DISABLE]
damage:
db F3 44 0F 59 C8
unregistersymbol(damage)
dealloc(newmem)
|
If CE gives an error saying "no nearby memory" or something like that, then you have to use either the 14-byte jump or the 1-byte jump w/ debugging.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
