| View previous topic :: View next topic |
| Author |
Message |
Shiekah
How do I cheat?
![]() Reputation: 0
Joined: 04 Oct 2010
Posts: 2
|
 Posted: Mon Oct 04, 2010 8:41 am Post subject: [solved] patch opcode in plugin container of Firefox |
 |
|
Hello everybody,
I try to make it clear and easy to understand what I am trying to do:
Goal:
Patch an OpCode in a Flash Game in Firefox.
What I've done:
1. with CE i search for an AoB, add the adress to the cheat table and edit the OpCode directly in the table (Value). Problem is, that I've to search everytime I reload the page/restart firefox.
so I went to the Pointer
2. seeking an offset from the Basepointer of the plugin-container.exe from firefox, when...
a) reload the page
b) restart firefox
c) open other swf's like YouTube or anything else
Result: no chance to find an Offset as it depence on how many Flash's are currently open.
so I've always to search the AoB by myself with the CE Searchtool, and that's annoying.
Question: is there a solution to make an AA-Script or C/C++ Script to achieve my goal or to automate the search of the AoB?
thank you in advance
Shiekah
edit I've found this one:
| Quote: |
CE has an AOB scanner as part of the AA language. Look into :
- aobscan(varname, arrayofbyte)
|
either delete or leave the post
|
|
| Back to top |
|
 |
Geri
Moderator
![]() Reputation: 112
Joined: 05 Feb 2010
Posts: 5627
|
| Posted: Mon Oct 04, 2010 8:59 am Post subject: |
|
|
Pointers and stuff like that are usually useless in flash games. At least if You want to find a pointer for a code.
You can write Your script in AA and use AOBscan as described.
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(exit)
label(somelabel)
registersymbol(somelabel)
aobscan(somename,xx xx xx xx xx xx xx)
somename:
somelabel:
jmp newmem
nop
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
db xx xx xx xx //new bytes that You want to add
exit:
jmp returnhere
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
somelabel:
db xx xx xx xx //the original bytes
unregistersymbol(somelabel) |
Or You can write an even shorter one but this is not far from the general template that CE will create.
_________________
|
|
| Back to top |
|
|
Shiekah
How do I cheat?
![]() Reputation: 0
Joined: 04 Oct 2010
Posts: 2
|
| Posted: Mon Oct 04, 2010 9:52 am Post subject: |
|
|
Thank you for your template. the patching works but I've got a new problem:
from the address of the AoB add 22 bytes (eg. [somelabel+16]) I want to toggle the Value (Type Double) -> (mov [somelabel+16],VALUE). I can't do it with Enable/Disable becuase i don't want to repatch to the original AoB -> ergo: the script won't run after re-enabling | Quote: | | If it's not found, the auto assemble script will not execute |
how can I solve this problem?
Thank you
|
|
| Back to top |
|
|
Geri
Moderator
![]() Reputation: 112
Joined: 05 Feb 2010
Posts: 5627
|
| Posted: Mon Oct 04, 2010 11:10 am Post subject: |
|
|
You can use * as a wildcard for aobscan.
Like
aobscan(somename, 16 78 96 * * * * 24 46)
will find every array where * could be any byte. Use * on the code that You have changed and aobscan will find it again.
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
