 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
iRiot
Master Cheater
 Reputation: 0
Joined: 03 Jul 2007
Posts: 395
Location: Aka RIOT
|
 Posted: Sat Nov 29, 2008 7:32 pm Post subject: [Help] asm c++ |
 |
|
Iam trying to code Dice Vac for maplestory v55 and whenever i enable it it gives me the black screen and freezes maplestory any ideas on how to make it work?
my code:
| Code: |
#include <windows.h>
#include "resource.h"
#define JMP(frm, to) (int)(((int)to - (int)frm) - 5);
DWORD DiceVacAddy = (0x0074306a + 5);
__declspec(naked) void DiceVacHook()
{
__asm
{
pushad
mov edx, [0x89361c] //Char X
mov ebx, [edx+0x580]
mov ecx,[edx+0x584]
//add ebx, [right]
//sub ebx, [left]
mov eax,[0x892a9c] //Walls
mov [eax+0xC],ebx
mov [eax+0x14],ebx
mov [eax+0x10],ecx
mov [eax+0x18],ecx
popad
mov [ebx], eax
mov edi,[ebp+0x10]
jmp DiceVacAddy
}
}
void DiceVacOn (HWND hWnd)
{
*(BYTE*)0x0074306A = 0xE9;
*(DWORD*)(0x0074306A+1) = JMP( 0x0074306A, DiceVacHook );
*(DWORD*)0x00745CC6 = 0x0162840F; //0f 84 62 01
*(WORD*)(0x00745CC6 + 4) = 0x0000; //00 00
*(WORD*)0x0073F4A4 = 0x0575; // 75 05
*(DWORD*)0x0073F755 = 0x00D0850F; //0f 85 d0 00 // 00 00
*(WORD*)(0x0073F755 + 4) = 0x0000; //00 00
}
|
Original Script:
| Code: | [Enable]
alloc(dICE,64)
alloc(right,4)
alloc(left,4)
registersymbol(right)
registersymbol(left)
label(return)
dICE:
pushad
mov edx, [89361c] //Char X
mov ebx, [edx+580]
mov ecx,[edx+584]
add ebx, [right]
sub ebx, [left]
mov eax,[892a9c] //Walls
mov [eax+C],ebx
mov [eax+14],ebx
mov [eax+10],ecx
mov [eax+18],ecx
popad
mov [ebx], eax
mov edi,[ebp+10]
jmp return
right:
db 00 00
left:
db 00 00
74306a:
jmp dICE
return:
745cc6:
db 0f 84 62 01 00 00
73f4a4:
db 75 05
73f755:
db 0f 85 d0 00 00 00
[Disable]
74306a:
mov [ebx], eax
mov edi,[ebp+10]
745cc6:
db 0f 85 62 01 00 00
73f4a4:
db 74 05
73f755:
db 0f 84 d0 00 00 00
dealloc(dICE)
dealloc(left)
dealloc(right)
unregistersymbol(left)
unregistersymbol(right) |
_________________
|
|
| Back to top |
|
 |
kitterz
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 24 Dec 2007
Posts: 1268
|
| Posted: Sat Nov 29, 2008 8:11 pm Post subject: |
|
|
Hmmm. It look perfect to me. Did you confim that the AA script works in the first place?
_________________
|
|
| Back to top |
|
|
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
| Posted: Sat Nov 29, 2008 8:34 pm Post subject: Re: [Help] asm c++ |
|
|
| iRiot wrote: | Iam trying to code Dice Vac for maplestory v55 and whenever i enable it it gives me the black screen and freezes maplestory any ideas on how to make it work?
my code:
| Code: |
#include <windows.h>
#include "resource.h"
#define JMP(frm, to) (int)(((int)to - (int)frm) - 5);
DWORD DiceVacAddy = (0x0074306a + 5);
__declspec(naked) void DiceVacHook()
{
__asm
{
pushad
mov edx, [0x89361c] //Char X
mov ebx, [edx+0x580]
mov ecx,[edx+0x584]
//add ebx, [right]
//sub ebx, [left]
mov eax,[0x892a9c] //Walls
mov [eax+0xC],ebx
mov [eax+0x14],ebx
mov [eax+0x10],ecx
mov [eax+0x18],ecx
popad
mov [ebx], eax
mov edi,[ebp+0x10]
jmp DiceVacAddy
}
}
void DiceVacOn (HWND hWnd)
{
*(BYTE*)0x0074306A = 0xE9;
*(DWORD*)(0x0074306A+1) = JMP( 0x0074306A, DiceVacHook );
*(DWORD*)0x00745CC6 = 0x0162840F; //0f 84 62 01
*(WORD*)(0x00745CC6 + 4) = 0x0000; //00 00
*(WORD*)0x0073F4A4 = 0x0575; // 75 05
*(DWORD*)0x0073F755 = 0x00D0850F; //0f 85 d0 00 // 00 00
*(WORD*)(0x0073F755 + 4) = 0x0000; //00 00
}
|
Original Script:
| Code: | [Enable]
alloc(dICE,64)
alloc(right,4)
alloc(left,4)
registersymbol(right)
registersymbol(left)
label(return)
dICE:
pushad
mov edx, [89361c] //Char X
mov ebx, [edx+580]
mov ecx,[edx+584]
add ebx, [right]
sub ebx, [left]
mov eax,[892a9c] //Walls
mov [eax+C],ebx
mov [eax+14],ebx
mov [eax+10],ecx
mov [eax+18],ecx
popad
mov [ebx], eax
mov edi,[ebp+10]
jmp return
right:
db 00 00
left:
db 00 00
74306a:
jmp dICE
return:
745cc6:
db 0f 84 62 01 00 00
73f4a4:
db 75 05
73f755:
db 0f 85 d0 00 00 00
[Disable]
74306a:
mov [ebx], eax
mov edi,[ebp+10]
745cc6:
db 0f 85 62 01 00 00
73f4a4:
db 74 05
73f755:
db 0f 84 d0 00 00 00
dealloc(dICE)
dealloc(left)
dealloc(right)
unregistersymbol(left)
unregistersymbol(right) |
|
| Code: |
*(DWORD*)0x00745CC6 = 0x0162840F; //0f 84 62 01
*(WORD*)(0x00745CC6 + 4) = 0x0000; //00 00
*(WORD*)0x0073F4A4 = 0x0575; // 75 05
*(DWORD*)0x0073F755 = 0x00D0850F; //0f 85 d0 00 // 00 00
*(WORD*)(0x0073F755 + 4) = 0x0000; //00 00
|
I see.. Don't reverse the bytes...try 0x0f846201 instead of 0x0162840F and so on.
|
|
| Back to top |
|
|
kitterz
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 24 Dec 2007
Posts: 1268
|
| Posted: Sat Nov 29, 2008 8:37 pm Post subject: |
|
|
No. The bytes need to be reversed, or else it'll be wrong.
_________________
|
|
| Back to top |
|
|
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
| Posted: Sat Nov 29, 2008 8:53 pm Post subject: |
|
|
| If not than try a simple xor operation...
|
|
| Back to top |
|
|
iRiot
Master Cheater
Reputation: 0
Joined: 03 Jul 2007
Posts: 395
Location: Aka RIOT
|
| Posted: Sat Nov 29, 2008 9:11 pm Post subject: |
|
|
yea thats the problem theres nothign wrong with the coding and all the addresses are updated .. and the script works perfectly with the engine
_________________
|
|
| Back to top |
|
|
Bizarro
I post too much
 Reputation: 0
Joined: 01 May 2007
Posts: 2648
|
| Posted: Sat Nov 29, 2008 9:30 pm Post subject: |
|
|
| Code: | mov edx, [0x89361c]
mov edx,[edx] // add this |
c++ asm is a little different than the one in ce
_________________
w8 baby.com Banner contest, Come join NOW!!
Check us out for Prize deatils |
|
| Back to top |
|
|
lurc
Grandmaster Cheater Supreme
 Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Sat Nov 29, 2008 9:36 pm Post subject: |
|
|
VirtualProtect to PAGE_EXECUTE_READWRITE and it should work.
Edit:
And like bizzaro said, for the first thing it has to be:
| Code: | | mov edx, dword ptr [0x89361C] |
_________________
|
|
| Back to top |
|
|
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
| Posted: Sat Nov 29, 2008 10:23 pm Post subject: |
|
|
| lurc wrote: | VirtualProtect to PAGE_EXECUTE_READWRITE and it should work.
Edit:
And like bizzaro said, for the first thing it has to be:
| Code: | | mov edx, dword ptr [0x89361C] |
|
That won't do anything. I just read the code and it looks like you are jumping back to the address and the address is jumping to the code cave in an infinite loop. The solution is change the return address to original address 0x05
|
|
| Back to top |
|
|
smartz993
I post too much
 Reputation: 2
Joined: 20 Jun 2006
Posts: 2013
Location: USA
|
| Posted: Sat Nov 29, 2008 10:46 pm Post subject: |
|
|
| lurc wrote: | | VirtualProtect to PAGE_EXECUTE_READWRITE and it should work. |
I already told him to do that on MSN...lmfao
| void wrote: | | That won't do anything. I just read the code and it looks like you are jumping back to the address and the address is jumping to the code cave in an infinite loop. The solution is change the return address to original address 0x05 |
If you read the source, he is jmping back to the original address plus 5.
| Code: | | DWORD DiceVacAddy = (0x0074306a + 5); |
|
|
| Back to top |
|
|
lurc
Grandmaster Cheater Supreme
Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Sat Nov 29, 2008 10:48 pm Post subject: |
|
|
| _void_ wrote: | | lurc wrote: | VirtualProtect to PAGE_EXECUTE_READWRITE and it should work.
Edit:
And like bizzaro said, for the first thing it has to be:
| Code: | | mov edx, dword ptr [0x89361C] |
|
That won't do anything. I just read the code and it looks like you are jumping back to the address and the address is jumping to the code cave in an infinite loop. The solution is change the return address to original address 0x05 |
Are you actually stupid? Can you not read correctly?
| Code: | DWORD DiceVacAddy = (0x0074306a + 5);
...
jmp DiceVacAddy
...
*(BYTE*)0x0074306A = 0xE9;
*(DWORD*)(0x0074306A+1) = JMP( 0x0074306A, DiceVacHook ); |
DiceVacAddy is 0x0074306A + 5.
He jumps to DiceVacAddy
He Modifies 0x0074306A (DiceVacAddy without +5).
@smartz993:
Add _void_ to the list 
_________________
|
|
| Back to top |
|
|
smartz993
I post too much
Reputation: 2
Joined: 20 Jun 2006
Posts: 2013
Location: USA
|
| Posted: Sat Nov 29, 2008 10:55 pm Post subject: |
|
|
| lurc wrote: | | _void_ wrote: | | lurc wrote: | VirtualProtect to PAGE_EXECUTE_READWRITE and it should work.
Edit:
And like bizzaro said, for the first thing it has to be:
| Code: | | mov edx, dword ptr [0x89361C] |
|
That won't do anything. I just read the code and it looks like you are jumping back to the address and the address is jumping to the code cave in an infinite loop. The solution is change the return address to original address 0x05 |
Are you actually stupid? Can you not read correctly?
| Code: | DWORD DiceVacAddy = (0x0074306a + 5);
...
jmp DiceVacAddy
...
*(BYTE*)0x0074306A = 0xE9;
*(DWORD*)(0x0074306A+1) = JMP( 0x0074306A, DiceVacHook ); |
DiceVacAddy is 0x0074306A + 5.
He jumps to DiceVacAddy
He Modifies 0x0074306A (DiceVacAddy without +5).
@smartz993:
Add _void_ to the list |
ahaha <33
It was probly just a mistake..although he has been acting all high and mighty about his fASM lately..
Anyways, i have no idea what your problem is. Let's talk on MSN.
**EDIT:
| Code: | void _declspec(naked) __stdcall DiceVacHook()
{
__asm
{
pushad
mov edx,[0089361ch]
mov edx,[edx]
mov ebx,[edx+580h]
mov ecx,[edx+584h]
mov eax,[00892a9ch]
mov eax,[eax]
mov [eax+0xC],ebx
mov [eax+0x14],ebx
mov [eax+0x10],ecx
mov [eax+0x18],ecx
popad
mov [ebx], eax
mov edi,[ebp+0x10]
jmp DiceVacAddy
}
} |
There.
Last edited by smartz993 on Sat Nov 29, 2008 11:09 pm; edited 1 time in total |
|
| Back to top |
|
|
iRiot
Master Cheater
Reputation: 0
Joined: 03 Jul 2007
Posts: 395
Location: Aka RIOT
|
| Posted: Sat Nov 29, 2008 11:09 pm Post subject: |
|
|
| Code: | void _declspec(naked) __stdcall DiceVacHook()
{
__asm
{
pushad
mov edx,[0089361ch]
mov edx,[edx]
mov ebx,[edx+580h]
mov ecx,[edx+584h]
mov eax,[00892a9ch]
mov eax,[eax]
mov [eax+0xc],ebx
mov [eax+14h],ebx
mov [eax+10h],ecx
mov [eax+18h],ecx
popad
mov [ebx], eax
mov edi,[ebp+0x10]
jmp DiceVacAddy
}
}
|
WORKS thanks to Smartz 
_________________
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
