Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Auto assembler scripts in cheat tables
Goto page Previous  1, 2, 3, 4  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials -> Auto Assembler tutorials
View previous topic :: View next topic  
Author Message
Labyrnth
Moderator
Reputation: 9

Joined: 28 Nov 2006
Posts: 6285

PostPosted: Tue Jun 05, 2007 5:50 pm    Post subject: Reply with quote

CE reads symbols, so this can be used to get the base address of the module.

Pinball.exe+175b7

Pinball.exe base address is 10000000

So 10000000 + 175b7 = 10175b7
In return is the same as.
Pinball.exe+175b7
============================
So why not use 10175b7 in stead of Pinball.exe+175b7.
Well lets see why.

Say you loaded the game again and looked for the same thing over and found the address changed to 30175b7 <--- Whoa !
So the trainer or aa SCRIPT WONT WORK NOW, IT IS SEEING THE WRONG ADDRESS. Then we try again and it is changed again.
50175b7
So we look at the base address again and see what happened.
Now the base address of Pinball.exe is 50000000.

So by using Pinball.exe+ we get the base address of the module every time we load the game and run our script.

50175b7-50000000 = 175b7
Pinball.exe+175b7

All this is really used for is to defeat the code shift.
You dont see it in maple because it isnt necessary to use it unless you are getting a shift.

_________________

Back to top
View user's profile Send private message
samuri25404
Grandmaster Cheater
Reputation: 7

Joined: 04 May 2007
Posts: 955
Location: Why do you care?

PostPosted: Tue Jun 05, 2007 6:54 pm    Post subject: Reply with quote

Ok, I'm starting to understand it now. So what I should do to my code is edit the address to "Minesweeper.exe+2FF5", because its base address is 01000000.

Therefore my code will now become:

Code:

[ENABLE]
alloc(ChiliDog,4)
registersymbol(ChiliDog)

winmine.exe+2FF5:
mov eax, [ChiliDog]
mov [0100579C], eax
nop 
nop

[DISABLE]
dealloc(ChiliDog)
unregistersymbol(ChiliDog)

winmine.exe+2FF5:
inc [0100579C]


I'll go try it out right now.

Edit: The proccess is winmine.exe, not Minesweeper.exe, changed it.

Edit 2: Still disconnects. o_O
Back to top
View user's profile Send private message
Labyrnth
Moderator
Reputation: 9

Joined: 28 Nov 2006
Posts: 6285

PostPosted: Tue Jun 05, 2007 7:05 pm    Post subject: Reply with quote

Dude, that is only needed for a code shift.
Mine sweeper isnt shifting.

And it isnt disconnecting, You are crashing the game because the code injection is not right.

Your script is all wrong.
You cant overwrite the original code like this or you crash.
You need to stop what your doing and read some tuts on writing AA scripts.


winmine.exe+2FF5: <--- increasers address
mov eax, [ChiliDog] <--- Overwriting increaser _ inc [0100579C] *The crash because you wrote to the increaser's address over writing it.
mov [0100579C], eax <--- Same as above
nop
nop


Not even getting to the [DISABLE] because the game is already crashed.

_________________

Back to top
View user's profile Send private message
samuri25404
Grandmaster Cheater
Reputation: 7

Joined: 04 May 2007
Posts: 955
Location: Why do you care?

PostPosted: Tue Jun 05, 2007 10:51 pm    Post subject: Reply with quote

Eh?

I heeded your warning and went to go read some Tut's.

Luckily, the forums is filled with so much crap, that the Search Box becomes virtually useless after two-three pages. (Sometimes even fewer)

I read Skyone's Tutorial, I read TheSorcerer's Tutorial, I read Dark Byte's Tutorial, and I've probably read others that I can't remember. (Note these are only Tuts on the language, not writing scripts.)

Would you happen to know where I could learn this kind of stuff?

~~~~~~~~~~~

I think I kind of understand what you're saying about my script. Should I have instead created somewhere else to put my script?

Such as the template below

Code:

[enable]
alloc(whatever,x)
alloc(chilidog,y)
label(whatever)
registersymbol(chilidog)

whatever:
put my script here

[disable]
dealloc
dealloc
unregistersymbol
Back to top
View user's profile Send private message
sponge
I'm a spammer
Reputation: 1

Joined: 07 Nov 2006
Posts: 6009

PostPosted: Tue Jun 05, 2007 10:56 pm    Post subject: Reply with quote

you have to restore registers and flags after your modifcation... unless what you want to do is modify a register... and then you have to reinstate the original operand.
_________________
Back to top
View user's profile Send private message
samuri25404
Grandmaster Cheater
Reputation: 7

Joined: 04 May 2007
Posts: 955
Location: Why do you care?

PostPosted: Tue Jun 05, 2007 11:02 pm    Post subject: Reply with quote

sponge wrote:
you have to restore registers and flags after your modifcation... unless what you want to do is modify a register... and then you have to reinstate the original operand.


Eh? No, you don't understand. Wha the was saying is that I screwed up so badly on the first part of the script that it wouldnt have mattered what happened after that.

Edit: Thanks for trying though. The effort is appreciated. =)

By the way, I rewrote my script, but it won't tick in CE, after I add it to my CT. -.-;

Code:

[enable]
alloc(WhatNowMinesweeper,256)
alloc(ChiliDog,4)
label(WhatNowMinesweeper)
registersymbol(ChiliDog)

01002FF5:
jmp WhatNowMinesweeper
nop

WhatNowMinesweeper:
mov eax,[ChiliDog]
mov [0100579C],eax

[disable]
dealloc(WhatNowMinesweeper)
dealloc(ChiliDog)
unregistersymbol(ChiliDog)

01002FF5:
inc [0100579C]
Back to top
View user's profile Send private message
sponge
I'm a spammer
Reputation: 1

Joined: 07 Nov 2006
Posts: 6009

PostPosted: Tue Jun 05, 2007 11:03 pm    Post subject: Reply with quote

why are you even moving the value of chillidog into eax... you dont even state the value of chili dog...
btw im still correct... because probably inc sets a flag and a conditional jump will probably be near....

chilidog:
dd/db/dw XXXXXXXXXXX

because some random value will be moved in at the first place just define the beginning value and you can change the rest on your ct.

_________________
Back to top
View user's profile Send private message
samuri25404
Grandmaster Cheater
Reputation: 7

Joined: 04 May 2007
Posts: 955
Location: Why do you care?

PostPosted: Tue Jun 05, 2007 11:09 pm    Post subject: Reply with quote

sponge wrote:
why are you even moving the value of chillidog into eax... you dont even state the value of chili dog...
btw im still correct... because probably inc sets a flag and a conditional jump will probably be near....

chilidog:
dd/db/dw XXXXXXXXXXX

because some random value will be moved in at the first place just define the beginning value and you can change the rest on your ct.


Ok, I've seen this in many Maplestory scripts, and have yet to see it in any tut. What is dd/db/dw? Sorry if I'm being a burden, but could you explain their uses and such?

I'm moving the value of ChiliDog into eax because you can't put

Code:

mov [address],[ChiliDog]


Edit: Is EAX the correct register to use? I'm gonna go look that up.
Back to top
View user's profile Send private message
sponge
I'm a spammer
Reputation: 1

Joined: 07 Nov 2006
Posts: 6009

PostPosted: Tue Jun 05, 2007 11:12 pm    Post subject: Reply with quote

it just defines the value of the address. db XX XX XX dw XXXX XXXX dd XXXXXXXX

dd 0 makes the 4 bytes at that address 00
dd 1 = 00000001
you can use eax.just restore it after

push eax
//do your crap here
pop eax

_________________
Back to top
View user's profile Send private message
samuri25404
Grandmaster Cheater
Reputation: 7

Joined: 04 May 2007
Posts: 955
Location: Why do you care?

PostPosted: Tue Jun 05, 2007 11:20 pm    Post subject: Reply with quote

Alright. So what my code should be is...

Code:

[enable]
alloc(WhatNowMinesweeper,256)
alloc(ChiliDog,4)
label(WhatNowMinesweeper)
registersymbol(ChiliDog)

ChiliDog:
dd 0

01002FF5:
jmp WhatNowMinesweeper
nop

WhatNowMinesweeper:
push eax
mov eax,[ChiliDog]
mov [0100579C],eax
pop eax

[disable]
dealloc(WhatNowMinesweeper)
dealloc(ChiliDog)
unregistersymbol(ChiliDog)

01002FF5:
inc [0100579C]


If this works, I swear you are the greatest man (woman?) alive. If it doesn't, then when you finally get it through to me, you will be the greatest whatever alive. =)

Definately Rep up once I can rep again. ("You have to wait xxxxx seconds to rep again.")

Edit: Ok, I tried to tick it, and it may have, I didn't see, but Minesweeper crashed and gave me an error. This time, however, it's not a Data Execution Error, just "Entertainment Pack Minesweeper Game has encountered a problem and needs to close."
Back to top
View user's profile Send private message
sponge
I'm a spammer
Reputation: 1

Joined: 07 Nov 2006
Posts: 6009

PostPosted: Tue Jun 05, 2007 11:21 pm    Post subject: Reply with quote

that wont work... you ahve to jump back to normal code. its like a hook... you redirect it out... but after that you have to redirect it back in or else it has no where else to go.
_________________
Back to top
View user's profile Send private message
samuri25404
Grandmaster Cheater
Reputation: 7

Joined: 04 May 2007
Posts: 955
Location: Why do you care?

PostPosted: Tue Jun 05, 2007 11:23 pm    Post subject: Reply with quote

o_O

Jump back to normal code? As in the code below?

Code:

WhatNowMinesweeper:
...
...
...
...
jmp 01002FF5


Edit: Ok, there's just one minor problem. When I tick the script, Minesweeper freezes. I'm gonna go ahead and guess that my script is fine, and I'm just not supposed to do this. If anyone wants to take a look at my script and maybe determine if something's wrong or not, here it is:

Code:

[enable]
alloc(WhatNowMinesweeper,256)
alloc(ChiliDog,4)
label(WhatNowMinesweeper)
registersymbol(ChiliDog)

ChiliDog:
dd 0

01002FF5:
jmp WhatNowMinesweeper
nop

WhatNowMinesweeper:
push eax
mov eax,[ChiliDog]
mov [0100579C],eax
pop eax
jmp 01002FF5

[disable]
dealloc(WhatNowMinesweeper)
dealloc(ChiliDog)
unregistersymbol(ChiliDog)

01002FF5:
inc [0100579C]
Back to top
View user's profile Send private message
sponge
I'm a spammer
Reputation: 1

Joined: 07 Nov 2006
Posts: 6009

PostPosted: Wed Jun 06, 2007 6:18 pm    Post subject: Reply with quote

that will be an infinite loop... a long jump is 5 bytes... so jmp 1002ffa

easier way is

Addy:
jmp/call
nops go here
return:



at the end of your code do


jmp return

you need to label(return )

_________________
Back to top
View user's profile Send private message
samuri25404
Grandmaster Cheater
Reputation: 7

Joined: 04 May 2007
Posts: 955
Location: Why do you care?

PostPosted: Wed Jun 06, 2007 7:39 pm    Post subject: Reply with quote

Yeah, I'm confused.

The long jump thing... Why am I jumping to 01002FFA?

Edit: I believe the address is 6 Bytes, therefore a long jump + a nop = 6 bytes.

o.o;

But I see for the other thing. Instead, my code should be...

Code:

[enable]
alloc(WhatNowMinesweeper,256)
alloc(ChiliDog,4)
label(WhatNowMinesweeper)
label(ReturnHere)
registersymbol(ChiliDog)

ChiliDog:
dd 0

01002FF5:
jmp WhatNowMinesweeper
nop
ReturnHere:

WhatNowMinesweeper:
push eax
mov eax,[ChiliDog]
mov [0100579C],eax
pop eax
jmp ReturnHere

[disable]
dealloc(WhatNowMinesweeper)
dealloc(ChiliDog)
unregistersymbol(ChiliDog)

01002FF5:
inc [0100579C]


Edit:

I did a similar script before, (just lookin' through my old stuff) that didn't crash Minesweeper, yet was almost exactly the same as my first one:

Code:

[enable]
alloc(waffles,512)
registersymbol(waffles)

0100579C:
mov eax, [waffles]
mov [0100579C], eax

[disable]
dealloc(waffles)
unregistersymbol(waffles)

0100579C:
inc [0100579C]


Are you guys misleading me? o.O
Back to top
View user's profile Send private message
Chi-Tur
How do I cheat?
Reputation: 0

Joined: 13 Jun 2007
Posts: 1

PostPosted: Wed Jun 13, 2007 5:14 pm    Post subject: ty Reply with quote

ty that helped wit almost evryting..
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials -> Auto Assembler tutorials All times are GMT - 6 Hours
Goto page Previous  1, 2, 3, 4  Next
Page 2 of 4

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites