 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
TheRedEye
Cheater
![]() Reputation: 0
Joined: 30 May 2007
Posts: 30
|
 Posted: Tue Jun 12, 2007 9:08 am Post subject: Help With An Address -> Move To VB.. |
 |
|
i got this address on the assembly 0060A6Ba
them i moved it to the CT and the value was on 4bytes = 2301645195
and when i replaced the address the value became 4bytes= 2307952784
now i want to move it into Visual Basic.. I did the same thing with this 3 addresses from the assembly and it works well:
004194F7, 004194E6, 004194FD
everything works for it..
if i change the value of 0060A6Ba from CE with the CT it works. 0060A6Ba ->2307952784
But when i change it from VB it don't work for some reason, it crash my game but on CE it works!
what can i do?
when i change the type of the address in CE i get diffrents value like Float and more
|
|
| Back to top |
|
 |
Labyrnth
Moderator
![]() Reputation: 10
Joined: 28 Nov 2006
Posts: 6301
|
| Posted: Tue Jun 12, 2007 9:52 am Post subject: |
|
|
In VB you are poking OPCODE.
So be sure you have it right. And in CE if it is an AA script it is using allocated memory, which is a code cave. So in VB you need to poke the code cave with the code.
The cave can be found manually with CE or a code caver.
Then you poke the address with the correct OPCODE that is the representation of the assembly.
Also you need to show a snip-it of your code so people can see what your doing.
Example:
| Code: | Call LAB(&H4283EA, &H89)
Call LAB(&H4283EB, &H83)
Call LAB(&H4283EC, &HE2)
Call LAB(&H4283ED, &H3)
Call LAB(&H4283EE, &H0)
Call LAB(&H4283EF, &H0) |
|
|
| Back to top |
|
|
TheRedEye
Cheater
![]() Reputation: 0
Joined: 30 May 2007
Posts: 30
|
| Posted: Tue Jun 12, 2007 10:01 am Post subject: |
|
|
do u know how to do OPCODE in VB?
another thing:
i can take some address i found in the assembly and change them with VB normally and it will work..
i took the U.Ammo what writes to the address and i saw 3 addresses with some assembly thing on it.
so I took the addresses at the start and placed them in the CT
then I wrote their Values when they "replaced" and when they are dont.
then I put it in VB to change the address when they are On and Off with simple edit address
like this
Call WriteALong("WarRock", &H4194F7, 261132432)
With non assembly thing..
why i cant do it now?
I do:
| Code: |
On:
Private Sub Command35_Click()
Call WriteAFloat("WarRock", &H60A6BA, 2307952784#)
End Sub
Off:
Private Sub Command35_Click()
Call WriteAFloat("WarRock", &H60A6BA, 2301645195#)
End Sub
|
# appear cause the number is too big as long..
that maybe the problem?
|
|
| Back to top |
|
|
Labyrnth
Moderator
![]() Reputation: 10
Joined: 28 Nov 2006
Posts: 6301
|
| Posted: Tue Jun 12, 2007 10:37 am Post subject: |
|
|
Ok with this address, it has several more in it instead of this one.
H60A6BA
Depending on the assembly,.
OK try this Module "Jackson Module"
It is a older module but easy to understand.
| Code: | 'Add the below to a module.
Declare Function GetAsyncKeyState Lib "user32" (ByVal vKey As Long) As Integer
Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hWnd As Long, lpdwProcessId As Long) As Long
Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Declare Function Hotkey Lib "user32" Alias "GetAsyncKeyState" (ByVal key As Long) As Integer
'Make your Function below Example "LAB"
Public Function LAB(address As Long, value As Long)
Dim handle As Long, processID As Long, ProcessHandle As Long, gamewindowtext As String, bytes As Byte
handle = FindWindow(vbNullString, "Leap Frog") 'Here is your games window name MUST BE CORRECT NAME
GetWindowThreadProcessId handle, processID
ProcessHandle = OpenProcess(&H1F0FFF, True, processID)
WriteProcessMemory ProcessHandle, address, value, 1, 0
CloseHandle ProcessHandle
End Function
|
===============================================
OK and here is a form source used with the Jackson Module
This is a source to a trainer i did for a game called Leap Frog.
You can see how the address's are getting poked.
Lets look at CMD Button 1:
The address i found in CE was 4283EA
It was the lives for the game. All i did was a simple nop.
You know when nopping it nops all the opcodes so it looks like this in CE memory view when you nop:
4283EA nop <-- Altho this was the only address, the rest are in the following instruction of the assembly.
4283EB nop
4283EC nop
4283ED nop
4283EE nop
4283EF nop
You know nop = 90 in OPCODE.
So now in VB using this module you will poke each address with the opcode you are altering.
If it is not a nop, and you are actually writing the instruction. Looking in memory view you can see the opcode needed for the address's.
Then you would do something that looks like CMD Button 2.
Which in this case is setting lives instruction back to normal.
So in conclusion you are altering each individual address in the instruction that controls what you found. 2 Opcode per address, just like if you was messing with a hex editor.
| Code: | Private Sub Command1_Click()
Call LAB(&H4283EA, &H90)
Call LAB(&H4283EB, &H90)
Call LAB(&H4283EC, &H90)
Call LAB(&H4283ED, &H90)
Call LAB(&H4283EE, &H90)
Call LAB(&H4283EF, &H90)
End Sub
Private Sub Command2_Click()
Call LAB(&H4283EA, &H89)
Call LAB(&H4283EB, &H83)
Call LAB(&H4283EC, &HE2)
Call LAB(&H4283ED, &H3)
Call LAB(&H4283EE, &H0)
Call LAB(&H4283EF, &H0)
End Sub
Private Sub Command3_Click()
Call LAB(&H41D296, &HA)
End Sub
Private Sub Label2_Click()
Form2.Show
End Sub
Private Sub Timer1_Timer()
'Add this to a timer, which is enabled and has an interval of 200.
If Hotkey(70) Then Command1_Click
If Hotkey(85) Then Command2_Click
If Hotkey(66) Then Command3_Click
End Sub
|
|
|
| Back to top |
|
|
TheRedEye
Cheater
![]() Reputation: 0
Joined: 30 May 2007
Posts: 30
|
| Posted: Tue Jun 12, 2007 12:27 pm Post subject: |
|
|
Nop = 90?!
that helped me a lot dude!
you pwn the ball!
|
|
| Back to top |
|
|
Labyrnth
Moderator
![]() Reputation: 10
Joined: 28 Nov 2006
Posts: 6301
|
| Posted: Tue Jun 12, 2007 12:49 pm Post subject: |
|
|
| high6 wrote: | Nop != 90
Nop = 144
and
Nop = 90h |
Dont confuse him mate...
Nop = 144 <--- You dont need this....
Because when using nops the opcode is 90, in memory and in hex editors.
Not 00 like some think.
|
|
| Back to top |
|
|
TheRedEye
Cheater
![]() Reputation: 0
Joined: 30 May 2007
Posts: 30
|
| Posted: Tue Jun 12, 2007 1:02 pm Post subject: |
|
|
doesn't meter you guys helped me out!
thanks!
the thing that help me is to change the value into hex in stand of dec
|
|
| Back to top |
|
|
Labyrnth
Moderator
![]() Reputation: 10
Joined: 28 Nov 2006
Posts: 6301
|
| Posted: Tue Jun 12, 2007 1:12 pm Post subject: |
|
|
Nop = 144
Thats why i said you dont need this  .
Thats Dec, and we are not using that.
|
|
| Back to top |
|
|
TheRedEye
Cheater
![]() Reputation: 0
Joined: 30 May 2007
Posts: 30
|
| Posted: Tue Jun 12, 2007 2:16 pm Post subject: |
|
|
144 = nop in dec
90 = nop in hex
i got it?
|
|
| Back to top |
|
|
Labyrnth
Moderator
![]() Reputation: 10
Joined: 28 Nov 2006
Posts: 6301
|
| Posted: Tue Jun 12, 2007 2:49 pm Post subject: |
|
|
Yep.
Thats it, You can do it in your windows calculator, just change it to the scientific one and your good to go.
|
|
| Back to top |
|
|
TheRedEye
Cheater
![]() Reputation: 0
Joined: 30 May 2007
Posts: 30
|
| Posted: Tue Jun 12, 2007 3:46 pm Post subject: |
|
|
you pwns guys
accpet my blessing 
|
|
| Back to top |
|
|
Labyrnth
Moderator
![]() Reputation: 10
Joined: 28 Nov 2006
Posts: 6301
|
| Posted: Tue Jun 12, 2007 6:31 pm Post subject: |
|
|
| high6 wrote: |
"nops the opcode is 90" IS NOT RIGHT!
People will never learn if you put false bullshit into their heads. They need to know hex and dec are 2 different number systems. |
Bring your proof when you come to try and say im filling someones head with BS.
You really have no clue what your saying right now.
90 is the opcode for a nop.
I know exactly what i said, and even showed a complete source code of a released trainer doing it.
===============================================
By the way i guess these sites are wrong as well. Especially MSDN
And not to mention, you need to PM DarkByte and tell him CE is messed up because it is placing 90 and a opcode for nop. Also get in touch with the people who made Art Money and T-Search as well, Oh and Microsoft Driver Studio Sice, The makers of IDA Pro and last but not least, Oleh Yuschuk the maker of Ollydbg.
http://pdos.csail.mit.edu/6.828/2005/readings/i386/NOP.htm
http://blogs.msdn.com/oldnewthing/archive/2004/11/11/255800.aspx
http://en.wikipedia.org/wiki/NOP
===============================================
Also lets have a look at CE in the memory view as well.
Here we have out basic address,opcode,and assembly
Now here we have or address, *90 for opcode, and whats this? a nop
===============================================
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
