View previous topic :: View next topic |
Author |
Message |
PinPoint Expert Cheater Reputation: 10
Joined: 07 Apr 2016 Posts: 223 Location: Scotland
|
Posted: Thu Apr 14, 2016 3:25 am Post subject: signifying value types in auto assembler |
|
|
I'm practicing auto assembler and writing scripts with the CE tutorial and I'm on step 4. I'm using the method of " mov [ebx+00000494],(float)5000 " in newmem to set the value to 5000.
How to i signify the value as double for the ammo part if this is the problem?
My script for health works Code: | [ENABLE]
alloc(health,1024)
label(returnhere)
label(originalcode)
label(exit)
health:
mov [ebx+00000494],(float)5000
originalcode:
//fstp dword ptr [ebx+00000494]
exit:
jmp returnhere
"Tutorial-i386.exe"+25DF0:
jmp health
nop
returnhere:
[DISABLE]
dealloc(health)
"Tutorial-i386.exe"+25DF0:
fstp dword ptr [ebx+00000494]
|
but the one for ammo doesn't
Code: | [ENABLE]
alloc(ammo,1024)
label(returnhere)
label(originalcode)
label(exit)
ammo:
mov [ebx+00000498],(double)5000
originalcode:
//fstp qword ptr [ebx+00000498]
exit:
jmp returnhere
"Tutorial-i386.exe"+25B9B:
jmp ammo
nop
returnhere:
[DISABLE]
dealloc(ammo)
"Tutorial-i386.exe"+25B9B:
fstp qword ptr [ebx+00000498]
|
the ammo code does affect the tutorial ammo as when you click fire it doesn't change, its frozen more or less, but it doesn't change to 5000
|
|
Back to top |
|
|
Cake-san Grandmaster Cheater Reputation: 8
Joined: 18 Dec 2014 Posts: 541 Location: Semenanjung
|
Posted: Thu Apr 14, 2016 4:24 am Post subject: |
|
|
Double is 8 bytes:
Code: |
[ENABLE]
alloc(ammo,1024)
label(returnhere)
label(originalcode)
label(_value)
ammo:
fstp st(0) // pop the previous value
push eax
mov eax,[_value]
mov [ebx+00000498],eax
mov eax,[_value+4]
mov [ebx+0000049C],eax
pop eax
originalcode:
//fstp qword ptr [ebx+00000498]
jmp returnhere
_value:
dq (double)5000
"Tutorial-i386.exe"+25B9B:
jmp ammo
nop
returnhere:
[DISABLE]
dealloc(ammo)
"Tutorial-i386.exe"+25B9B:
fstp qword ptr [ebx+00000498]
|
or
Code: |
[ENABLE]
alloc(ammo,1024)
label(returnhere)
label(_value)
ammo:
fstp st(0) // pop the previous value
fld qword ptr [_value]
fstp qword ptr [ebx+00000498]
jmp returnhere
_value:
dq (double)5000
"Tutorial-i386.exe"+25B9B:
jmp ammo
nop
returnhere:
[DISABLE]
dealloc(ammo)
"Tutorial-i386.exe"+25B9B:
fstp qword ptr [ebx+00000498]
|
_________________
... |
|
Back to top |
|
|
PinPoint Expert Cheater Reputation: 10
Joined: 07 Apr 2016 Posts: 223 Location: Scotland
|
Posted: Thu Apr 14, 2016 4:57 am Post subject: |
|
|
Thats great thanks. I can see how the second script you done works,_value set to 5000 in double. _value to top of stack, top of stack into [ebx+xxxxx]. but unsure of how your first script works. why would you have this?:
mov eax,[_value+4]
mov [ebx+0000049C],eax
also, why wouldn't my other way work of just doing
mov [ebx+00000498],(double)5000
|
|
Back to top |
|
|
Danier2312 How do I cheat? Reputation: 0
Joined: 14 Apr 2016 Posts: 1
|
Posted: Thu Apr 14, 2016 6:08 pm Post subject: |
|
|
Thanks for this. Can it run remotely?
|
|
Back to top |
|
|
|