View previous topic :: View next topic |
Author |
Message |
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25288 Location: The netherlands
|
Posted: Wed Dec 07, 2005 10:10 pm Post subject: Auto assembler scripts in cheat tables |
|
|
Let's say you have a auto assemble script and want to put it in a cheat table so you can easily give it to friends, or to have the ability to enable/disable them with hotkeys.
Then write your script as always, but mark the part where you enable the cheat with [enable] and the part where you turn off the cheat with [disable].
It is recommended to place in the disable part the code to cleanup allocated memory in the enable part to save space, and restore the original code, or use another kind of machanism to define enabled or disabled (e.g a byte set to 0 for disabled cheat and 1 for enabled, etc...)
And if you're just too lazy to add the [enable]/[disable] parts yourself after writing a good script you can click on template->cheat table framework code
when done with your enable and disable parts, click on file->assign to current cheat table. CE will verify if the code is valid, and if it is add it to the cheat table
here is a auto assembler script that is valid for cheat tables (for the pinball game that came with xp sp2)
Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
Pinball.exe+175b7:
jmp newmem
nop
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov eax,2//change the eax register to 2
//note that I could also have done mov [esi+00000146],2
originalcode:
mov [esi+00000146],eax
exit:
jmp returnhere
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem) //free memory
Pinball.exe+175b7:
mov [esi+00000146],eax //place the original code back
|
also, I don't know if it's because I have installed all windows symbols, or if the symbols are suplied by default, but on my comp I can replace "Pinball.exe+175b7" with "TPinballTable::ChangeBallCount+D" and it'll work as well. (and should even work in different versions then)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Bepetemish Grandmaster Cheater Reputation: 0
Joined: 12 Apr 2006 Posts: 564 Location: The Netherlands, GreenMile
|
Posted: Fri May 19, 2006 8:22 am Post subject: |
|
|
Tnx, for the info. That was the push in the right direction i needed
_________________
CE Forum is so much fun ;D
Last edited by Bepetemish on Tue Sep 05, 2006 4:34 am; edited 1 time in total |
|
Back to top |
|
|
nightf0x Master Cheater Reputation: 0
Joined: 01 Aug 2006 Posts: 386
|
Posted: Sat Aug 05, 2006 9:33 am Post subject: |
|
|
dude i didnt understand nothing !!!
can u explain that tut shortly i have the dupex code for example
how do i make it option enable / disable on my cheat table??
|
|
Back to top |
|
|
go1orange Legendary Reputation: 0
Joined: 20 Jul 2006 Posts: 1581 Location: New Zealand
|
Posted: Sun Aug 06, 2006 11:28 pm Post subject: |
|
|
3006 view and 2 posts rofl
_________________
A rather bad signature.
|
|
Back to top |
|
|
richie86 Grandmaster Cheater Reputation: 0
Joined: 13 Jan 2006 Posts: 664
|
Posted: Thu Aug 10, 2006 9:36 am Post subject: Re: Auto assembler scripts in cheat tables |
|
|
Dark Byte wrote: | Let's say you have a auto assemble script and want to put it in a cheat table so you can easily give it to friends, or to have the ability to enable/disable them with hotkeys.
Then write your script as always, but mark the part where you enable the cheat with [enable] and the part where you turn off the cheat with [disable].
It is recommended to place in the disable part the code to cleanup allocated memory in the enable part to save space, and restore the original code, or use another kind of machanism to define enabled or disabled (e.g a byte set to 0 for disabled cheat and 1 for enabled, etc...)
And if you're just too lazy to add the [enable]/[disable] parts yourself after writing a good script you can click on template->cheat table framework code
when done with your enable and disable parts, click on file->assign to current cheat table. CE will verify if the code is valid, and if it is add it to the cheat table
here is a auto assembler script that is valid for cheat tables (for the pinball game that came with xp sp2)
Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
Pinball.exe+175b7:
jmp newmem
nop
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov eax,2//change the eax register to 2
//note that I could also have done mov [esi+00000146],2
originalcode:
mov [esi+00000146],eax
exit:
jmp returnhere
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem) //free memory
Pinball.exe+175b7:
mov [esi+00000146],eax //place the original code back
|
also, I don't know if it's because I have installed all windows symbols, or if the symbols are suplied by default, but on my comp I can replace "Pinball.exe+175b7" with "TPinballTable::ChangeBallCount+D" and it'll work as well. (and should even work in different versions then) |
db i get what you means here, after i got it at my table there, I tick it to punch the code? but I cant get the result show "Address = something" as if punch manually i will got the message. How to fix this?
_________________
|
|
Back to top |
|
|
Kenji2007 Cheater Reputation: 0
Joined: 26 Sep 2006 Posts: 33
|
Posted: Sun Oct 08, 2006 8:42 pm Post subject: |
|
|
Hi I got a question - can someone help.
This -> alloc(newmem,2048) //2kb should be enough
Does this allocate memory in the CE memory or in the target memory space ?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25288 Location: The netherlands
|
Posted: Sun Oct 08, 2006 10:27 pm Post subject: |
|
|
target
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Kenji2007 Cheater Reputation: 0
Joined: 26 Sep 2006 Posts: 33
|
Posted: Sun Oct 08, 2006 10:43 pm Post subject: |
|
|
Wow, great.! Now bear with me. Does CE then go about hunting for the "Code cave to allocate that memory or is there a general strategy - meaning that CE will be able to find the non-used memory space. From what I read from the tutorial here it seems finding such unused space is a piece of work by itself. If CE is able to determine such address space then I salute you for a job well done ( at least from me as a beginner point of view ). In order not to get misunderstood , my questions are meant for me to learn - not meant to be cynical or challenging.
Regards & Thanks
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25288 Location: The netherlands
|
Posted: Sun Oct 08, 2006 10:47 pm Post subject: |
|
|
code caves are from 1999 and earlier, since 2000 we can just allocate memory using windows function just as simple as if it's our own process (VirtualAllocEx takes a processhandle)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Kenji2007 Cheater Reputation: 0
Joined: 26 Sep 2006 Posts: 33
|
Posted: Mon Oct 09, 2006 12:04 am Post subject: |
|
|
Ok thanks alot. I am learning alot from here. Thanks again
|
|
Back to top |
|
|
Kenji2007 Cheater Reputation: 0
Joined: 26 Sep 2006 Posts: 33
|
Posted: Tue Oct 10, 2006 10:52 am Post subject: |
|
|
I have a question on Pinball.exe+175b7:
Does it translate to Image base + 175b7 ?
I want to know how to calculate the offset thats the reason for the q. I found out of course that the ASM instruction has address 10175b7 but just wasnt sure where the offset was calculated from ( excuse my limited knowledge on ASM stuff ). I found out using PE explorer as i dont know how otherwise at least I dunno how to using CE - any comments or pointers appreciated
And oh is there a way to determine the target start address from the debugger - I am trying to explore possibilities of using CE (learning process) so hope to get help
Thanks
Description: |
|
Filesize: |
74.55 KB |
Viewed: |
159861 Time(s) |
|
|
|
Back to top |
|
|
JingleHacki Master Cheater Reputation: 0
Joined: 22 Dec 2006 Posts: 496 Location: SWEDEN!
|
Posted: Sun Jan 21, 2007 2:04 am Post subject: |
|
|
this one learned me a bit thanks
_________________
Yeey New Ava and Sig!
Lvl 9x CB kinda-active
Lvl 10x DK perm
Lvl 8x priest active
|
|
Back to top |
|
|
XxScaRxX Master Cheater Reputation: 0
Joined: 22 Jan 2007 Posts: 456
|
Posted: Sat Apr 14, 2007 7:00 am Post subject: |
|
|
nightf0x wrote: | dude i didnt understand nothing !!!
can u explain that tut shortly i have the dupex code for example
how do i make it option enable / disable on my cheat table?? |
put the script in the auto assembler
then go to add to current cheat table
_________________
You wake to suffer through the day
Trade a dream for the pay
Well here's the fact, I hope it sticks
You're just alive out of habit
x0r wrote: | [OFFTOPIC] tags/posts = 16 day ban |
|
|
Back to top |
|
|
samuri25404 Grandmaster Cheater Reputation: 7
Joined: 04 May 2007 Posts: 955 Location: Why do you care?
|
Posted: Tue Jun 05, 2007 4:15 pm Post subject: |
|
|
I don't understand where you get the "Pinball.exe+175b7" thing. Is this supposed to be the address that we're messing with or what?
Edit: I come from the MapleStory hacking section, and none of the AutoAssemble codes there have anything like "Maplestory.exe+1536" in them.
I wrote a code for MineSweeper that dissconects when I tick it. Someone pointed me here, but I don't really understand. Btw, here's my code:
Code: |
[ENABLE]
alloc(ChiliDog,4)
registersymbol(ChiliDog)
01002FF5: //The address that accesses the time
mov eax, [ChiliDog] // move the value of ChiliDog into eax
mov [0100579C], eax // move eax into the value of the addy of Time
nop //fill in the remaining bytes
nop
[DISABLE]
dealloc(ChiliDog)
unregistersymbol(ChiliDog)
01002FF5:
inc [0100579C] //original opcode
|
Just FYI, this was supposed to allow you to add ChiliDog as an address, and change the value to whatever you wanted time to be, and freeze it and what not--even if you could have just found the address of time and froze it that way.
|
|
Back to top |
|
|
sponge I'm a spammer Reputation: 1
Joined: 07 Nov 2006 Posts: 6009
|
Posted: Tue Jun 05, 2007 5:33 pm Post subject: |
|
|
its a base image +offset which is RVA... another way to define a VA.
_________________
|
|
Back to top |
|
|
|