Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[Suggestion/Request] Plugin or feature of this

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Stacktrace
Expert Cheater
Reputation: 1

Joined: 04 Jul 2015
Posts: 105

PostPosted: Thu Jun 02, 2016 7:20 am    Post subject: [Suggestion/Request] Plugin or feature of this Reply with quote

Hey, here comes a bit of an unusual post. I'm sorry if some here might get angry at me for requesting something but it's all good if this won't happen I just thought I'd like to post my thoughts on this.

Okey so, latest games and their integrtiy checks are pretty decent and hard to bypass. Usually you're able to use the kernel mode debugger (DBVM) which I've done for the past years on this game that I won't mention which uses a very good integrity check. But, in most games where you want to cheat you'll probably use the NOP feature once in a while when quick-testing something you name it. If you didn't know, you're also able to NOP instructions by using DBVM and it's change register! What you do is, get the address you want to NOP, go one line down to the instruction under it and copy it's address, go one line up again to the address you want to NOP then click change registers and paste in the address under it into 'EIP'. It will then ignore the instruction / NOP it. (Common sense.) Yes, it has the exact same effect as manually nopping an address. I myself along with many others have used this method since 2013 now on this game and I tell you, the amount of hacks we've been able to pull off is a lot without any integrity check bothering us!

But it can be quite tedious to go down, copy an address, go back up, change registers, paste in EIP just to do this awesome thing probably not many have thought of. And I've been calling it a 'dnop' (debugger nop). Wouldn't it be amazing with a Cheat Engine plugin that leaves you the choice to right click the address and press DNOP this address or some other graet looking name? Just like how you can right click an address, NOP this address. It'd be so useful if you could just right click it and press DNOP this address which would then set a breakpoint to it with the address under as EIP on the address you clicked it on! If no CE developers liked this idea, could this atleast be a somewhat plugin? If there is any good plugin creators out there of course. (I'm telling you, many people will use it. I know just myself around 10 people that use this method on games with anti cheats.)
Back to top
View user's profile Send private message
predprey
Master Cheater
Reputation: 24

Joined: 08 Oct 2015
Posts: 486

PostPosted: Thu Jun 02, 2016 10:16 am    Post subject: This post has 1 review(s) Reply with quote

I'm guessing you are DNopping cuz integrity checks would detect nopping?

I think I can write a Lua extention to add an option to the disassembler's popup menu. But is the number of instructions skipped constant(i.e 1)? Or I let users decide by multiselecting start to end?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25252
Location: The netherlands

PostPosted: Thu Jun 02, 2016 10:32 am    Post subject: Reply with quote

you could do both.

disassemblerview exposes SelectedAddress and SelectedAddress2
In case of multiselection the two addresses aren't the same.
and the disassembler can be used to figure out the size in bytes of the instruction of the last selected line

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
predprey
Master Cheater
Reputation: 24

Joined: 08 Oct 2015
Posts: 486

PostPosted: Thu Jun 02, 2016 10:38 am    Post subject: Reply with quote

yea i was thinking if i should write the function to use both addresses or just make it fixed. YAGNI ftw Laughing

btw will there be the software breakpoint prompt once the number of hardware breakpoints reaches the limit when i use debug_setbreakpoint?
Back to top
View user's profile Send private message
Stacktrace
Expert Cheater
Reputation: 1

Joined: 04 Jul 2015
Posts: 105

PostPosted: Thu Jun 02, 2016 11:05 am    Post subject: Reply with quote

predprey wrote:
I'm guessing you are DNopping cuz integrity checks would detect nopping?

I think I can write a Lua extention to add an option to the disassembler's popup menu. But is the number of instructions skipped constant(i.e 1)? Or I let users decide by multiselecting start to end?


Ah, I'd appreciate that so much! It'd make my day Smile

Yeah, to DNOP a instruction you have to copy the address under it, then paste that into the EIP register of the address you want to (D)NOP. Here's a GIF showing what I mean:

https://gyazo.com/d609e5f418481b0f4461755927e2553e

What happens is it ends up skipping the instruction resulting into the effect of nopping it. This would be amazing if you'd pull something like that of. Thanks man, really appreciated. Yup, I'm doing it to prevent the integrity checker detecting my edits. Here's an example of why Dnopping is useful:

You're hacking a game, you found the address that writes to health, instead of writing a code injection you decide to NOP it (which usually works just fine as damage won't decrease your health) but the game crashes! Here's where DBVM comes in, it's usually undetected in-games (even the latest ones) then you can just DNOP it and boom, you've got infinite health.

By the way, I reputated you Very Happy. Don't worry, if you won't be able to pull this off you still deserve it.
Back to top
View user's profile Send private message
predprey
Master Cheater
Reputation: 24

Joined: 08 Oct 2015
Posts: 486

PostPosted: Thu Jun 02, 2016 11:49 am    Post subject: Reply with quote

http://forum.cheatengine.org/viewtopic.php?p=5674807#5674807

I'm working on a shortcut configurator currently, so until I finish then you can set the shortcut for this functions with
Code:
local shortcut = 'F5' --Change this to whatever key combination you like (e.g. 'Ctrl+K'
local menu = getMemoryViewForm().DisassemblerView.PopupMenu.Items
for i=0,menu.Count-1 do
   if menu[i].Caption == 'Set DNOP Breakpoint' then
      menu[i].setShortcut(shortcut)
   end
end


Last edited by predprey on Thu Jun 02, 2016 12:06 pm; edited 1 time in total
Back to top
View user's profile Send private message
Stacktrace
Expert Cheater
Reputation: 1

Joined: 04 Jul 2015
Posts: 105

PostPosted: Thu Jun 02, 2016 12:02 pm    Post subject: Reply with quote

predprey wrote:
http://forum.cheatengine.org/viewtopic.php?p=5674807#5674807


Thank you so much! I very much appreciate your help although I ran into a problem, it doesn't work. :/ When I press "Set DNOP Breakpoint" it only debugs the address like it would if you press "Toggle breakpoint" so I have to run it which still does nothing. I'm not sure where to post this, my thread or your thread so I'll post on both (sorry if spam). Thanks again though! If you're able to fix this issue then this would be life-changing and the way it looks where you can right click an address is just amazing. We need more people like you! Very Happy

Hmm, I looked into the code and I added this line
if i == EIP then
EIP = j
( debug_continueFromBreakpoint(co_run)
return 1 ) after those lines. Then I went to the minAddr+1 and changed it to +5 which leads to the address after the one I want to DNOP and it worked. Seems to be some sort of math going on with calculating where the second address is.. +1 leads to some weird opcode that doesn't even run in the function, like those add's then I plussed with 5 and it lead me to the other one(won't work in other addresses obviously) hopefully you're able to figure this out! Very Happy

Yup I noticed where to + it.. So you see the bytes on the left of the address?
https://gyazo.com/e07e9d634e335f4a3c2f04b828b03b58
if you plus the address with the amount of bytes it has, it'll lead you to the address under it, in this case +3.. Hope that helped Smile

Latest edit:
Thank you so much! I very much appreciate your help!
It works perfectly fine (if the fix I added is used)! Smile

By the way, it still doesn't step the debugger but I edited your code into doing that (as of now it just breakpoints it)
http://pastebin.com/KPVLDw03

This is truly amazing, I might be over-reacting but I've wanted something like this for ages, and here it is. I'm so thankful you have absolutely no idea, this will save me a lot of time and I'll finally be able to leave my clipboard alone! Thanks Very Happy Very Happy I wish I could rep you hundreds of times. Haha!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites