 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
b6ooy
Grandmaster Cheater
![]() Reputation: 0
Joined: 21 Sep 2006
Posts: 653
|
 Posted: Fri Oct 09, 2009 9:25 am Post subject: [C++]Fixing ASM jumps and calls |
 |
|
I want to fix the jumps and calls in the copied memory , using C++ .
For example :
| Code: |
// static code
005B53BC - push 02
005B53BE - push 05
005B53C0 - lea ecx,[esp+00000054h]
005B53C7 - mov byte ptr [esp+0000088h],04
005B53CF - call 0046b2f0
005B53D4 - test eax,eax
005B03D6 - je 005b53f7
|
| Code: |
// copied code
03EE0000 - push 02
03EE0002 - push 05
03EE0004 - lea ecx,[esp+00000054h]
03EE000B - mov byte ptr [esp+0000088h],04
03EE0013 - call 03e4aee4
03EE0018 - test eax,eax
03EE001A - je 03ee003b
|
| Code: |
// What I want to do with the copied code
03EE0000 - push 02
03EE0002 - push 05
03EE0004 - lea ecx,[esp+00000054h]
03EE000B - mov byte ptr [esp+0000088h],04
03EE0013 - call 0046b2f0
03EE0018 - test eax,eax
03EE001A - je 005b53f7
|
I want my program to copy the selected static memory region to a new allocated memory , currently I made it to copy byte by byte and check if it is 0xE8 or 0x74 / 0x75 .
if its a call(0xE8) next 4 bytes = to - from + 5
if its a short jump next byte = to - from + 2
and so on ..
this method does not always work as a 0xE8 byte doesn't mean there is going to be a call .
I have to make something better and more accurate , so if anyone know the idea to make this to work please explain it to me . I can code .
|
|
| Back to top |
|
 |
Deltron Z
Expert Cheater
![]() Reputation: 1
Joined: 14 Jun 2009
Posts: 164
|
| Posted: Fri Oct 09, 2009 1:32 pm Post subject: |
|
|
| You will have to code your own disassembler, so you can analyze the code and replace relative addresses according to ceratin rules. since you don't have to completely disassemble the code, you can simply hold an array that contains opcodes and length of the instruction in bytes, then just find the index, i, of the opcode in the array and add Array[i] to the address. if the opcode contains a relative address (certain jumps and calls), then modify the 4 bytes at the next address.
|
|
| Back to top |
|
|
smartz993
I post too much
 Reputation: 2
Joined: 20 Jun 2006
Posts: 2013
Location: USA
|
| Posted: Fri Oct 09, 2009 3:26 pm Post subject: |
|
|
I think Hacker Disassembler Engine might be useful to you. It's very fast, and easy to use.
http://vx.netlux.org/vx.php?id=eh04
(not sure if it has the latest version, but looks recent)
Just get length of the opcode, and add the length to your loop counter or whatever you're doing.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
