 |
Cheat Engine The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Reak I post too much
Reputation: 0
Joined: 15 May 2007 Posts: 3496
|
Posted: Thu Jan 03, 2008 9:17 am Post subject: Array of byte problem |
|
|
Hey guys,
Well I've the next problem and I really can't get it to work.
Well here's the script I want to write in delphi:
| Code: | alloc(speed, 128)
label(exit)
00438861:
jmp speed
db 90 90 90
exit:
speed:
mov eax,0
mov [ebp+0c],eax
cmp dword ptr [ebx+000002d8],00
je 0043887b
mov eax,[ebp-24]
jmp 00438869 |
My problem is: Writing on the allocated memory.
First I ticked the script with CE and went to the just-allocated memory:
So I copied the array of bytes out of it:
| Code: | SpeedAllc1: Array [0..15] of Byte =($B8, $00, $00, $00, $00, $89, $45, $0C, $83, $BB, $D8, $02, $00, $00, $00, $0F);
SpeedAllc2: Array [0..15] of Byte =($89, $45, $0C, $83, $BB, $D8, $02, $00, $00, $00, $0F, $84, $66, $88, $65, $C3);
SpeedAllc3: Array [0..15] of Byte =($83, $BB, $D8, $02, $00, $00, $00, $0F, $84, $66, $88, $65, $C3, $8B, $45, $DC);
SpeedAllc4: Array [0..15] of Byte =($0F, $84, $66, $88, $CA, $C7, $8B, $45, $DC, $E9, $4C, $88, $CA, $C7, $00, $00);
SpeedAllc5: Array [0..7] of Byte =($8B, $45, $DC, $E9, $4C, $88, $65, $C3);
SpeedAllc6: Array [0..15] of Byte =($E9, $4C, $88, $CA, $C7, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00); |
Then I wrote it on it:
| Code: | Speed := VirtualAllocEx(HandleWindow, nil, $512, MEM_RESERVE or MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(HandleWindow, Speed, @SpeedAllc1, 5, Write);
WriteProcessMemory(HandleWindow, ptr(integer(Speed)+5), @SpeedAllc2, 3, Write);
WriteProcessMemory(HandleWindow, ptr(integer(Speed)+8), @SpeedAllc3, 7, Write);
WriteProcessMemory(HandleWindow, ptr(integer(Speed)+15), @SpeedAllc4, 6, Write);
WriteProcessMemory(HandleWindow, ptr(integer(Speed)+21), @SpeedAllc5, 3, Write);
WriteProcessMemory(HandleWindow, ptr(integer(Speed)+24), @SpeedAllc6, 5, Write); |
But it writes this on it:
I don't know why it doesn't write the right.
What did I do wrong?
|
|
| Back to top |
|
 |
appalsap Moderator
Reputation: 0
Joined: 27 Apr 2006 Posts: 6753 Location: Pakistan
|
Posted: Thu Jan 03, 2008 10:10 am Post subject: |
|
|
because jumps are relative to the location you allocate to, you cannot statically copy the bytes and alloc to a different location, expecting it to be the same
_________________
|
|
| Back to top |
|
 |
Reak I post too much
Reputation: 0
Joined: 15 May 2007 Posts: 3496
|
Posted: Thu Jan 03, 2008 10:47 am Post subject: |
|
|
ummm okay thanks.
How should I do it then? Is there something which can translate ASM-codes to array of bytes or something else what I can inject with WPM?
|
|
| Back to top |
|
 |
--Pillboi-- Grandmaster Cheater Supreme
Reputation: 0
Joined: 06 Mar 2007 Posts: 1383 Location: I don't understand the question. Is this a 1 to 10 thing?
|
Posted: Thu Jan 03, 2008 11:52 am Post subject: |
|
|
Credits to samuri25404
_________________
Enter darkness, leave the light, Here be nightmare, here be fright...
Earth and Water, Fire and Air. Prepare to meet a creature rare.
Enter now if you dare, Enter now the dragon's lair. |
|
| Back to top |
|
 |
samuri25404 Grandmaster Cheater
Reputation: 7
Joined: 04 May 2007 Posts: 955 Location: Why do you care?
|
Posted: Thu Jan 03, 2008 12:35 pm Post subject: |
|
|
Unfortunately, that's managed code--I'm not sure if it's gonna work in Delphi or not.
Wiccaan said he might take a shot at converting it to C++.
_________________
|
|
| Back to top |
|
 |
Symbol I'm a spammer
Reputation: 0
Joined: 18 Apr 2007 Posts: 5094 Location: Israel.
|
Posted: Thu Jan 03, 2008 12:51 pm Post subject: |
|
|
There are formulas... I don't remember reversed far jump, I think short jump (forward) is Address + 2 + Bytes_To_Jump, far is Address + 6 + Bytes_To_Jump, as for short reversed I think its Address + 2 + Bytes_To_Jump_After_NOTing
For example, NOT:
11110000
________
00001111
When you use Bla.Enabled = !Bla.Enable you actually "not" the bits and the result is opposite.
for far reversed its probably the same but +6, nothing google can't solve.
|
|
| Back to top |
|
 |
Dark Byte Site Admin
Reputation: 474
Joined: 09 May 2003 Posts: 25956 Location: The netherlands
|
Posted: Thu Jan 03, 2008 2:40 pm Post subject: |
|
|
addresstojumpto-addressafterthejmpinstruction
fix: (before the write)
| Code: |
pdword(@speedAllc4[2])^:=$0043887b -(integer(Speed)+15+6); //+6 because instruction is 6 long
pdword(@speedAllc6[1])^:=$00438869-(integer(Speed)+24+5); //+5 because instruction is 5 long
|
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
 |
Reak I post too much
Reputation: 0
Joined: 15 May 2007 Posts: 3496
|
Posted: Thu Jan 03, 2008 9:11 pm Post subject: |
|
|
Ohh damn. Darky you're the best
Thanks 1000x times!
|
|
| Back to top |
|
 |
samuri25404 Grandmaster Cheater
Reputation: 7
Joined: 04 May 2007 Posts: 955 Location: Why do you care?
|
Posted: Thu Jan 03, 2008 9:35 pm Post subject: |
|
|
Lol
Darky?
_________________
|
|
| Back to top |
|
 |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|