View previous topic :: View next topic |
Author |
Message |
mre521 Cheater Reputation: 0
Joined: 29 Aug 2006 Posts: 25
|
Posted: Mon Jul 16, 2007 1:08 pm Post subject: |
|
|
thx DB, this is just what i needed _________________
|
|
Back to top |
|
|
kamakzy56 Advanced Cheater Reputation: 0
Joined: 03 Oct 2007 Posts: 67 Location: Texas
|
Posted: Wed Oct 03, 2007 9:06 pm Post subject: ok.... |
|
|
ok i got all of that... but how would i add that to a trainer im making with CE? |
|
Back to top |
|
|
iSpiro Grandmaster Cheater Supreme Reputation: 0
Joined: 14 Dec 2006 Posts: 1197
|
Posted: Mon Oct 08, 2007 4:45 pm Post subject: |
|
|
Ok so lets say, i have an adress,
eg: 07226544
I want to make a script like this:
[Enable]
07226544:
ret 0004
[Disable]
07226544:
jmp 29
Now the adress is in a crc'ed mem region, how can i change it to another place and avoiding the crc detecting it, without bypassing the crc? |
|
Back to top |
|
|
sponge I'm a spammer Reputation: 1
Joined: 07 Nov 2006 Posts: 6009
|
Posted: Mon Oct 08, 2007 5:25 pm Post subject: |
|
|
EliteSpiro wrote: | Ok so lets say, i have an adress,
eg: 07226544
I want to make a script like this:
[Enable]
07226544:
ret 0004
[Disable]
07226544:
jmp 29
Now the adress is in a crc'ed mem region, how can i change it to another place and avoiding the crc detecting it, without bypassing the crc? |
you can't with memory changes. _________________
|
|
Back to top |
|
|
Chidori Grandmaster Cheater Reputation: 1
Joined: 25 Apr 2008 Posts: 691 Location: Canada
|
Posted: Sat Aug 09, 2008 12:54 pm Post subject: |
|
|
so do i copy and paste that script u have to notepad?? |
|
Back to top |
|
|
blackmorpheus Expert Cheater Reputation: 0
Joined: 05 Apr 2008 Posts: 159
|
Posted: Sat Sep 27, 2008 2:59 pm Post subject: |
|
|
I have this code, but game crashes when i try to disable it:
Code: |
[ENABLE]
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
004F99B7:
jmp newmem
nop
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
add eax,01
originalcode:
add eax,01
mov [edx+1c],eax
exit:
jmp returnhere
[DISABLE]
dealloc(newmem)
004F99B7:
add eax,01
mov [edx+1c],eax
|
|
|
Back to top |
|
|
random5566 Advanced Cheater Reputation: 0
Joined: 28 Feb 2008 Posts: 82
|
Posted: Sat Oct 04, 2008 1:43 am Post subject: |
|
|
Just to clarify, you don't need PE explorer, to find the base address. I'm beginning to learn auto-assem myself
Kenji2007 wrote: | I have a question on Pinball.exe+175b7:
Does it translate to Image base + 175b7 ?
I want to know how to calculate the offset thats the reason for the q. I found out of course that the ASM instruction has address 10175b7 but just wasnt sure where the offset was calculated from ( excuse my limited knowledge on ASM stuff ). I found out using PE explorer as i dont know how otherwise at least I dunno how to using CE - any comments or pointers appreciated
And oh is there a way to determine the target start address from the debugger - I am trying to explore possibilities of using CE (learning process) so hope to get help
Thanks |
Labyrnth wrote: |
CE reads symbols, so this can be used to get the base address of the module.
Pinball.exe+175b7
Pinball.exe base address is 10000000
So 10000000 + 175b7 = 10175b7
In return is the same as.
Pinball.exe+175b7
============================
So why not use 10175b7 in stead of Pinball.exe+175b7.
Well lets see why.
Say you loaded the game again and looked for the same thing over and found the address changed to 30175b7 <--- Whoa !
So the trainer or aa SCRIPT WONT WORK NOW, IT IS SEEING THE WRONG ADDRESS. Then we try again and it is changed again.
50175b7
So we look at the base address again and see what happened.
Now the base address of Pinball.exe is 50000000.
So by using Pinball.exe+ we get the base address of the module every time we load the game and run our script.
50175b7-50000000 = 175b7
Pinball.exe+175b7
All this is really used for is to defeat the code shift.
You dont see it in maple because it isnt necessary to use it unless you are getting a shift. |
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25287 Location: The netherlands
|
Posted: Sat Oct 04, 2008 4:36 pm Post subject: |
|
|
you can also press ctrl+m to find the real module and even with offset. It'll also show the address using modulename+offset _________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
arutuf2004 Newbie cheater Reputation: 0
Joined: 08 Oct 2008 Posts: 21 Location: 6 Feet Under
|
Posted: Tue Oct 14, 2008 3:55 pm Post subject: |
|
|
yea this really helps, thx |
|
Back to top |
|
|
HeavenShock Newbie cheater Reputation: 0
Joined: 04 Oct 2008 Posts: 12
|
Posted: Mon Oct 20, 2008 6:19 am Post subject: |
|
|
When i get into Memory Viewer > File > There's no such things called assign to current cheat table...
Someone can help me?.. |
|
Back to top |
|
|
Psy Grandmaster Cheater Supreme Reputation: 1
Joined: 27 Mar 2008 Posts: 1366
|
Posted: Mon Oct 20, 2008 7:15 am Post subject: |
|
|
Memory View -> Tools -> Auto Assemble -> Put script in there -> File -> Assign to current CT |
|
Back to top |
|
|
happyreadygo Advanced Cheater Reputation: 1
Joined: 14 Sep 2011 Posts: 87
|
Posted: Fri Aug 17, 2012 11:47 pm Post subject: |
|
|
I have add the aa script to table , but I don't know Lua api to enable by hotkey..
here is my current code without aa script..
Code: | function onHotkey1(Hotkey)
--Executed before the hotkey is handled
writeBytes('203b42e5',0x90,0x90)
writeBytes('20037174',0x9)
cheatcomponent_setActive(CETrainer_CHEAT1, true, 1500)
writeBytes('004284d3',0x4)
if gBeepOnAction then
beep()
end
end
memoryrecordhotkey_onHotkey(memrec4_hotkey1,onHotkey1) |
|
|
Back to top |
|
|
happyreadygo Advanced Cheater Reputation: 1
Joined: 14 Sep 2011 Posts: 87
|
Posted: Mon Aug 20, 2012 7:52 am Post subject: |
|
|
I know it now, I have to made all assemble script into lua string.
and using autoAssemble(String). |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25287 Location: The netherlands
|
Posted: Mon Aug 20, 2012 7:10 pm Post subject: |
|
|
Or you can just do memoryrecord_freeze(memrecobject) _________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
DaSpamer Grandmaster Cheater Supreme Reputation: 52
Joined: 13 Sep 2011 Posts: 1578
|
Posted: Thu Aug 23, 2012 6:23 pm Post subject: |
|
|
make first a Auto Assemble script
then open LUA (create a button in ur form if u haven't)
and enter this
Code: | function CEButton3Click(sender)
local memrec=addresslist_getMemoryRecordByDescription(getAddressList(), "F")
memoryrecord_freeze(memrec)
end |
NOTE:
Change the "F" to the script name.
If you want to change Text on success/faild, then try this:
add first
after (if using trainer generator.. I'm generating a form, then creating a new forum because its easier fro me )
Code: | gBeepOnAction=false |
After that
create a button and enter this:
Code: | function CEButton3Click(sender)
if (gButtonOnF) then
control_setCaption(CETrainer_CEButton3, "Enable")
gButtonOnF=false
local memrec=addresslist_getMemoryRecordByDescription(getAddressList(), "F")
memoryrecord_unfreeze(memrec)
else
control_setCaption(CETrainer_CEButton3, "Enabled")
gButtonOnF=true
local memrec=addresslist_getMemoryRecordByDescription(getAddressList(), "F")
memoryrecord_freeze(memrec)
end
end
|
You should change the 'Enable' to something you want.
The 'gButtonOnF' to what you placed above (after the gBeepOnAction=false)
the getAddressList(), "F") to getAddressList(), "AA descriptions")
It much easier this way, and much better for me..
Hope I helped. |
|
Back to top |
|
|
|