|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Jiehfeng Expert Cheater Reputation: 0
Joined: 03 Jan 2014 Posts: 107
|
Posted: Wed Aug 17, 2016 11:20 am Post subject: A Simple Solution to STEP 9 |
|
|
In the tutorial, 4 of the players have string names. Dave, Eric, HAL and KITT.
You can use those to target who ever you like.
[ebx+15] has the string names.
Code: |
//Dave unlimited health
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
label(cheat)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
cmp word ptr [ebx+15],'Da' //two characters per cmp is only possible
cmp word ptr [ebx+17],'ve' //after the two characters 'Da', add 2 to the offset, and if the string has more characters, keep adding two etc.
je cheat
mov [ebx+04],eax
fldz
exit:
jmp returnhere
cheat:
mov [ebx+04],(float)100
fldz
jmp exit
"Tutorial-i386.exe"+261D7:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"Tutorial-i386.exe"+261D7:
mov [ebx+04],eax
fldz
//Alt: db 89 43 04 D9 EE
|
_________________
I know you're reading this, Hitler. |
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Wed Aug 17, 2016 6:31 pm Post subject: |
|
|
You can actually compare 4 characters at a time.
Code: | cmp dword ptr [ebx+15],'Dave' |
|
|
Back to top |
|
|
Jiehfeng Expert Cheater Reputation: 0
Joined: 03 Jan 2014 Posts: 107
|
|
Back to top |
|
|
djdoom32 Newbie cheater Reputation: 0
Joined: 11 Mar 2012 Posts: 19 Location: germany
|
Posted: Fri Aug 19, 2016 3:05 pm Post subject: |
|
|
why not this way:
[ENABLE]
aobscanmodule(INJECT,Tutorial-i386.exe,89 43 04 D9 EE)
alloc(newmem,$1000)
label(code)
label(newcode)
label(return)
newmem:
newcode:
cmp dword ptr [ebx+15],'Dave'
je code
cmp dword ptr [ebx+15],'Eric'
je code
mov [ebx+04],eax
fldz
jmp return
code:
mov [ebx+04],(float)100
fldz
jmp return
INJECT:
jmp newcode
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 89 43 04 D9 EE
unregistersymbol(INJECT)
dealloc(newmem)
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|