Fresco Grandmaster Cheater Reputation: 4
Joined: 07 Nov 2010 Posts: 600
|
Posted: Wed Jun 27, 2012 5:38 am Post subject: |
|
|
DaNemeziz wrote: | [...]why some are usin eax and some ecx? from where you know what to use? <.< and why you are having 5cc as offset? o.O i'm confused now[...] |
doesn't really matter if you use eax or ecx, but if you plan to use the original eax in your aa code, it's recommended not to use it or use ecx or others, of course never use esp or ebp, also esi and edi are not recommended, use only general purpose registers, eax, ebx, ecx, edx.
maybe hes using 5cc as an example
as for how to get the address of a pointer in a memory location:
Code: | [ENABLE]
alloc(newmem,128)
label(addressyouwant)
registersymbol(addressyouwant)
newmem:
push eax
mov eax,[007367E8]
lea eax,[eax+574]
mov dword ptr [addressyouwant],eax
pop eax
//originalcode
ret
//the value of addressyouwant will be the address of the pointer
addressyouwant:
db 00 00 00 00
auto_assemble_address:
call newmem
//maybe some nops
[DISABLE]
dealloc(newmem)
unregistersymbol(addressyouwant)
auto_assemble_address:
//original code |
now simply add a new address with address: addressyouwant, and it's value will be the address of the pointer
make sure the code is activated and that the auto_assemble_address: is being executed every 0.1 milliseconds
[EDIT]
never mind i just saw your mistake.
richie86 wrote: | [...]
Code: | [ENABLE]
registersymbol(X)
alloc(X,8)
// This seems doesn't work
mov eax, 007367E8
add eax, 574
mov [x], eax
[DISABLE]
unregistersymbol(X)
dealloc(X) |
|
try :
Code: | [ENABLE]
alloc(x,32)
label(ics)
registersymbol(ics)
x:
mov eax,007367E8
add eax,574
mov [ics],eax
ics:
db 00 00 00 00
[DISABLE]
dealloc(x)
unregistersymbol(ics)
|
make sure that the code is ran by the program, because it won't work if it's not run.
_________________
... Fresco |
|