View previous topic :: View next topic |
Author |
Message |
Twistedfate Expert Cheater Reputation: 1
Joined: 11 Mar 2016 Posts: 231
|
Posted: Fri May 26, 2017 10:28 am Post subject: How to define bytes inside registersymbol |
|
|
I made register symbol _modad and its contain the
offset 208 for version one of the game
and
offset 220 for version two of the game
both offsets for one code but 2 different versions of the game ...
The injection works very well but the problem in Disable section
If I disable the script it will
db 89 86 08 02 00 00
the offset will change for v2 of the game to 208 instead of 220
I want to place the bytes of the offset like this
db 89 86 [bytes of the offset ] 00 00
Code: | [ENABLE]
aobscanmodule(Antistuns,game.exe,89 86 ?? ?? ?? ?? ?? ?? ?? ?? ?? 8B 86 ?? ?? ?? ?? 89 86 ?? ?? ?? ?? 8B 86 ?? ?? ?? ?? 89 86 ?? ?? ?? ?? 8B 86 ?? ?? ?? ?? 85 C0 )
label(code)
label(return)
newmem:
cmp [esi+_karen],#40
jne code
mov [esi+_modad],#103
jmp return
code:
mov [esi+_modad],eax
jmp return
Antistuns:
jmp newmem
nop
return:
registersymbol(Antistuns)
[Disable]
Antistuns:
db 89 86 08 02 00 00
unregistersymbol(Antistuns)
dealloc(newmem)
|
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4299
|
|
Back to top |
|
|
Twistedfate Expert Cheater Reputation: 1
Joined: 11 Mar 2016 Posts: 231
|
Posted: Fri May 26, 2017 12:32 pm Post subject: another question |
|
|
another question:
thnx the above code works
for this code the register symbol want work
Code: | aobscan(koo,8B 46 2C 85 C0 7E 06 )
label(_koo)
registersymbol(_koo)
[koo+2]:
_koo:
|
while this code works !
code → mov ebx,[esi+00000220]
aob → 8B 9E 20020000
can u explain why and how to use offset 2c in reg symbol or something constant ..
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4299
|
Posted: Fri May 26, 2017 1:13 pm Post subject: |
|
|
I don't know what you're asking.
If you want to know how to dynamically change the displacement in an addressing mode, modifying the machine code would be the most straightforward option.
Code: | // replace uint32 with a 32-bit displacement
_koo:
db 8B 9E // mov ebx,[esi+disp32]
dd uint32 // disp32 |
Lua is another option.
Code: | _koo:
{$lua}
return string.format('mov ebx,[esi+%X]', uint32)
{$asm} |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
panraven Grandmaster Cheater Reputation: 55
Joined: 01 Oct 2008 Posts: 942
|
Posted: Fri May 26, 2017 1:30 pm Post subject: |
|
|
The [koo+2] read 4 bytes so work for 20 02 00 00 but not 2c (will read as 0x7ec0862c).
But with ce 6.7, this is possible:
Code: |
...
label(_koo)
registersymbol(_koo)
$readBytes('koo+2'): // only single quote work
_koo:
...
|
_koo label is 0x2c, not 0x7ec0862c.
_________________
- Retarded. |
|
Back to top |
|
|
Twistedfate Expert Cheater Reputation: 1
Joined: 11 Mar 2016 Posts: 231
|
Posted: Fri May 26, 2017 2:50 pm Post subject: |
|
|
panraven wrote: | The [koo+2] read 4 bytes so work for 20 02 00 00 but not 2c |
Code: | aobscan(koo,8B 46 ?? 85 C0 ?? ?? 89 86 ?? ?? ?? ?? 53)
label(_koo)
registersymbol(_koo)
$readBytes('_koo+2'):
_koo: |
it doesn't work the script can't be activated.
u mean Ce 6.6 or where is version 6.7 ?
|
|
Back to top |
|
|
|