View previous topic :: View next topic |
Author |
Message |
CE noob How do I cheat? Reputation: 0
Joined: 21 Apr 2014 Posts: 5
|
Posted: Mon Apr 21, 2014 12:16 pm Post subject: Learning how to use auto assemble |
|
|
Hi I am trying to learn how to use auto assemble and am having a small problem.
I have the address of what I want to change and when I click "find out what access this address" I get "mov eax,[ecx+8]" which I want to change to "mov eax,[ecx+64]"
So I tried writing the code
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
Add mov eax,[ecx+64]
originalcode:
mov eax,[ecx+8]
exit:
jmp returnhere
06B129AB:
jmp newmem
returnhere:
But this crashes the game. This is probably a simple noob mistake but I have spent hours reading trying to find out how to do what I want to do and have hit a brick wall.
Any help or nudges in the right direction would be greatly appreciated.
Kind regards
Paul
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Mon Apr 21, 2014 12:26 pm Post subject: Re: Learning how to use auto assemble |
|
|
Where is the rest of your code (enable/disable)? Let CE build the script for you so that your script will be complete and correct.
Code: | Add mov eax,[ecx+64] |
^^This is no good, delete Add
Code: | originalcode:
mov eax,[ecx+8] |
^^Moving [ecx+64] does nothing if you mov [ecx+8] immediately afterwards. Instead, do not execute the originalcode:
Code: | newmem:
mov eax,[ecx+64]
jmp returnhere |
To let CE build the script for you, highlight the instruction in memory viewer, and select 'tools' from the drop-down menu. Click on 'Auto Assemble'. In the AA window, select 'Template' and click on 'Cheat table framework code'. Select 'Template' again, and click on 'Code injection'. Click 'okay'.
Also, you should use module addresses in your script...to do that, go to memory viewer and select 'View' from the drop-down menu. Make sure 'Show module addresses' is checked.
|
|
Back to top |
|
|
CE noob How do I cheat? Reputation: 0
Joined: 21 Apr 2014 Posts: 5
|
Posted: Mon Apr 21, 2014 1:10 pm Post subject: |
|
|
Hi MethOS
Thanks for your help I did what you suggested and it still crashes the game.
What I think is happening is what I want to change only accesses that address in my script and my script is inserting mov eax,[ecx+64] at the address in my script (I have attached a picture to show you want I mean) the address of mov eax,[ecx+8] changes so that is why I am using the address I have in my script
imageshackdotcom/a/img843/3403/svpc.png
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Mon Apr 21, 2014 2:48 pm Post subject: |
|
|
Please paste your entire script here.
It's difficult to say why it is crashing without knowing what your targeted value actually represents. However, if I had to guess, I would say that it's crashing probably because the instruction that you are using to manipulate the targeted address is also accessing other addresses...and changing those values is what is actually causing the problem.
To check if the instruction is accessing other addresses:
Right-click on your targeted address in your cheat table and click on 'find out what accesses'...in the debugger window, right-click on an open space and select 'check if found opcodes also access other addresses'. Here, you can see if your targeted instruction is accessing other addresses (besides your targeted address). If it is, you can try using a different instruction, or, filter out all of the unwanted addresses.
|
|
Back to top |
|
|
CE noob How do I cheat? Reputation: 0
Joined: 21 Apr 2014 Posts: 5
|
Posted: Mon Apr 21, 2014 4:23 pm Post subject: |
|
|
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov eax,[ecx+64]
originalcode:
exit:
jmp returnhere
06B129AB:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
06B129AB:
adc [edi-708FF479],cl
//Alt: db 10 8F 87 0B 70 8F
This script is writing mov eax,[ecx+64] to address 06B129AB I can watch in memory viewer and see this happen.
What I need it to do is write mov eax,[ecx+64] to the address that mov eax,[ecx+8] is at (mov eax,[ecx+8] address changes) if I click what accesses this address at 06B129AB I can see what address mov eax,[ecx+8] is currently at but I want to automate this process.
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Mon Apr 21, 2014 5:59 pm Post subject: |
|
|
You're not making sense. Please follow my instructions and report back...and provide more details on the exact steps taken.
|
|
Back to top |
|
|
CE noob How do I cheat? Reputation: 0
Joined: 21 Apr 2014 Posts: 5
|
Posted: Mon Apr 21, 2014 6:17 pm Post subject: |
|
|
I followed your instructions and no other address showed up.
Here is step by step of the process I want to automate.
1. Open memory viewer
2. Go to address 06B129AB
3. Right click this address and click what access this address
4. Add mov eax,[ecx+8] to codelist
5. Double click mov eax,[ecx+8] and change it to mov eax,[ecx+64]
The address is the attached picture is different every time
Description: |
|
Filesize: |
6.99 KB |
Viewed: |
24235 Time(s) |
|
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Mon Apr 21, 2014 7:11 pm Post subject: |
|
|
I will not help you if you do not follow my instructions.
In the above picture, there should be an instruction (in the upper window) that shows:
Click the 'Stop' button, then highlight that instruction and click on the button to the right that says 'view disassembler'. In the Memory Viewer window (top portion), right-click on the instruction in question and click on 'Find out what addresses access this instruction'.
If only 1 address shows up, you can proceed with the instruction outlined in my original post.
|
|
Back to top |
|
|
justa_dude Grandmaster Cheater Reputation: 23
Joined: 29 Jun 2010 Posts: 891
|
Posted: Mon Apr 21, 2014 7:24 pm Post subject: |
|
|
CE noob wrote: | I followed your instructions and no other address showed up.
Here is step by step of the process I want to automate.
1. Open memory viewer
2. Go to address 06B129AB
3. Right click this address and click what access this address
4. Add mov eax,[ecx+8] to codelist
5. Double click mov eax,[ecx+8] and change it to mov eax,[ecx+64]
The address is the attached picture is different every time |
I didn't study your original post very closely, so I could be missing something.... but it looks like you're trying to inject your script into a data section instead of a code one. If the addresses didn't move around every time, your script should probably look something like:
Code: |
[ENABLE]
b7b6e2d:
mov eax,[ecx+64]
[DISABLE]
b7b6e2d:
mov eax,[ecx+8]
|
Since it moves around every time, you're going to have to use an aobscan or something to inject in the right place, eg:
Code: |
[ENABLE]
aobscan(myhack, 1 2 3 4 5 6 7 8 9 ? ? ?)
label(hack)
registersymbol(hack)
myhack:
hack:
mov eax,[ecx+64]
[DISABLE]
hack:
mov eax,[ecx+8]
|
_________________
A nagy kapu mellett, mindig van egy kis kapu.
----------------------
Come on... |
|
Back to top |
|
|
CE noob How do I cheat? Reputation: 0
Joined: 21 Apr 2014 Posts: 5
|
Posted: Mon Apr 21, 2014 7:25 pm Post subject: |
|
|
++METHOS wrote: | I will not help you if you do not follow my instructions.
In the above picture, there should be an instruction (in the upper window) that shows:
Click the 'Stop' button, then highlight that instruction and click on the button to the right that says 'view disassembler'. In the Memory Viewer window (top portion), right-click on the instruction in question and click on 'Find out what addresses access this instruction'.
If only 1 address shows up, you can proceed with the instruction outlined in my original post. |
Im not sure what part i havent followed.
I have just done this Click the 'Stop' button, then highlight that instruction and click on the button to the right that says 'view disassembler'. In the Memory Viewer window (top portion), right-click on the instruction in question and click on 'Find out what addresses access this instruction'.
and heaps of addresses show up
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Mon Apr 21, 2014 7:36 pm Post subject: |
|
|
Like I said, this is probably why your script is crashing...assuming you followed my original post.
You can complete the CE tutorial and learn how to dissect data structures in order to filter out the bad addresses...or...use a different approach.
|
|
Back to top |
|
|
CE noob How do I cheat? Reputation: 0
Joined: 21 Apr 2014 Posts: 5
|
Posted: Mon Apr 21, 2014 7:39 pm Post subject: |
|
|
++METHOS wrote: | Like I said, this is probably why your script is crashing...assuming you followed my original post.
You can complete the CE tutorial and learn how to dissect data structures in order to filter out the bad addresses...or...use a different approach. |
Ok thanks heaps for your help
|
|
Back to top |
|
|
|