| 
			
				|  | Cheat Engine The Official Site of Cheat Engine
 
 
 |  
 
	
		| View previous topic :: View next topic |  
		| Author | Message |  
		| Portujua How do I cheat?
 
 ![]() Reputation: 0 
 Joined: 27 Feb 2012
 Posts: 6
 
 
 | 
			
				|  Posted: Mon Feb 27, 2012 7:39 am    Post subject: What does eax, ebx, ecx means? |   |  
				| 
 |  
				| I've started in this a few days ago.. I do know the basic of programming (C#, C++, Java, Pascal)
 And i really want to learn about hacks and how to make them..
 Also i've done the cheat engine tutorials but i think in a mechanic way, cause i don't know what ebx, eax or ecx means.. (see photo)
 I do know whats an offset, but.. i know them like i.e [eax+18] in that example offset its 18...
 But as i said, i don't know what those values mean exactly..
 Can anyone explain me? /: and tell me why doesnt show me an integer as offset?
 also, can i say the name of the game im trying to hack?, to see if someones know about it...
 Else, can anyone just explain me what eax, ebx, ecx mean? /:
 
 
 
 
	
		
	 
		| Description: |  |  
		| Filesize: | 479.58 KB |  
		| Viewed: | 41093 Time(s) |  
		| 
  
 
 |  
 |  |  
		| Back to top |  |  
		|  |  
		| Acubra Advanced Cheater
 
 ![]() Reputation: 0 
 Joined: 19 Jun 2011
 Posts: 64
 Location: C:\Windows\System32\HoG
 
 | 
			
				|  Posted: Mon Feb 27, 2012 9:30 am    Post subject: |   |  
				| 
 |  
				| Hey, eax, ecx, ebx, edx and so on are the so called registers. You can look up general information about those on wikipedia (http://en.wikipedia.org/wiki/X86_assembly_language#Registers).
 
 I don't get want you want to know concerning the offsets. Sorry.
 |  |  
		| Back to top |  |  
		|  |  
		| Corruptor Advanced Cheater
 
 ![]() Reputation: 3 
 Joined: 10 Aug 2011
 Posts: 82
 
 
 | 
			
				|  Posted: Mon Feb 27, 2012 3:15 pm    Post subject: |   |  
				| 
 |  
				| Since you know about basic programming languages things will get a lot easier   
 well, written programms (except for java programs) compile into assembler. Assembler is a thery abstract language. Everything that assembler knows is:
 1: a universal stack. you can access it with the push and pop commands
 2: the program memory. Simply, a huge block of memory that is directly accessed using the adresses. Imagine it as if you put every variable into a huuuuuge single array
 3: the so-called registers. Imagine it as a bunch of local variables. As for the registers there are:
 - eax, ebx, ecx and edx which are 32 bit integers. They are generally used for everything. In modern compilers, there is a guideline that edx may not be altered by a function call while the other 3 registers may have a completely different value after a function call. (eg, eax is used as a return value quite often)
 - esi and edi: usually used with string operations
 - ebp and esp: these registers are used with the universal stack where ebp is the beginning of the stack and esp the top of it.
 - eip: doesnt even matter. points at the next instruction that is executet. nothing you should worry about
   
 So, the registers are used to read and write from/into memory. Most of the commands in assembler can only be used with those registers. For example, if you have the "int i" and write something like "i += 5", in assembler it might look like this:
 
  	  | Code: |  	  | //assuming 0x1234 is the adress in this huge memory block where i is stored (could be anywhere) mov eax, [1234] //moves the value which is standing at the adress "0x1234" (note: always hex) into eax
 add eax, 5 //adds 5 to it
 mov [1234], eax //moves the new value back to the adress
 | 
 
 As you can see, you need those registers for any kind of calculation and thus, basically for everything.
 
 Now about those offsets:
 Assuming basic c++ knowledge (its so mutch clearer than java could ever be ^.^) i just give you this peace of code:
 
  	  | Code: |  	  | struct unitStruct { int health;
 int ammo;
 }
 //somwhere in your code
 unitStruct* unitPtr = new unitStruct;
 | 
 As you might know, you do now have a pointer pointing at a unitStruct structure. When you create sutch a structure, the int health and the int ammo will be put into the huge memory block - next to each other. No space in between them. It would look like this:
 
  	  | Code: |  	  | 0x0000fab0: 64 00 00 00 0x0000fab4: 0a 00 00 00
 | 
 (note that the numbers are in the hexadecimal system; thus 00 is exactly one byte)
 Now, when you access the ammo or the health
 
  	  | Code: |  	  | unitPtr->health = 100; unitPtr->ammo = 10;
 | 
 You obviously use the pointer to do so. The pointer will point to the start of the structure (using the upper example, to 0x00fab0). Now knowing that the variables are always in the same order, how do you access the ammo? As we know, its always 4 bytes behind the first variable. Thus, we add a 4 to the pointer. Since we cant actually add 4 to the value of the pointer, we need the registers (eax etc) again. This is what it will look like in assembler:
 
  	  | Code: |  	  | mov eax, 0000fab0 //load the address into eax (you do that using the pointer, but for sake of easiness we assume that its on a static position) mov [eax+4],a
 | 
 now we have the situation that we have in the tutorial: you have the start adress of the structure (eax) and add a 4 to it to get to the ammo. The same thing happens with classes (which are basically structs) or if you have an array.
 
 Now so far about integer offsets. But why do you have a register as offset? well, that for example happens if you iterate through an array using a for loop. Given code:
 
  	  | Code: |  	  | for(int i = 0; i < 10; i++) { someArray[i] = 5;
 }
 | 
 As for an array, you can imagine it as a struct with a lot of variables of the same type in it. As for this, you, again, access them using an offset. Just this time, you cant just write +4 or something like that, since you dont access one single variable, but the first 10 inside this array. Ever wondered why the first index of an array is 0 and not 1? thats because the index of an array is basically the offset (multiplied by the size of a single element of corse, else we would jump one byte further instead of the 4 bytes that an integer holds and read some mix of element 1 and element 2). As for the code snipped, the offset is 0 at first, than 1, than 2 etc. It has to change. As for changing values, you need to use a register (else you cant calculate nothing). Thus, in sutch a situation, the offset is not a static number, but another register. The sniped could look like this:
 
 
  	  | Code: |  	  | [... more code ...] mov eax, 0x1234 //assuming 1234 is the start address of the array
 mov ebx, 0 //we start at the first index: 0
 
 mov [eax+ebx*4],5 //moves 5 into the calculated adress. note the *4; the size of an integer is 4 bytes, not only 1.
 add ebx, 1 //to the next index
 cmp ebx, 10
 jb <back to the mov[eax+ebx*4]>
 [... more code ...]
 | 
 here you use ebx to count the index; ebx here is the int i in the code sniped. the cmp is simply a if(ebx < 10) repeat it
 You see something like [eax+ebx*4] quite often. However, you sniped might be more complicated, the 4 might allready be calculated into the ebx (add ebx,4 instead of add ebx,1) or the variable you were finding is just a single byte.
 
 Now using that knowledge, heres the code from your screenshot:
 
 The values are written below:
 eax = 8
 ebx = 8
 ecx = C419588
 And the "value of the pointer needed" is C419588. Note that this is exactly the value of ecx. Because it its the address of the array, and ebx is the index (mostlikely 8 or 2, depending on if it holds integer or bytes). eax is the value written into this variable.
 
 Well, read it a few times. Hope you understand most of it.
 As for the name, as long as you cant play it online, mentioning the name should be fine. Else, if you want further help, information like "rpg" or "shooter", what kind of value you were searching for (ammo, health, whatever) etc would be quite helpful.
 |  |  
		| Back to top |  |  
		|  |  
		| happyreadygo Advanced Cheater
 
 ![]() Reputation: 1 
 Joined: 14 Sep 2011
 Posts: 87
 
 
 | 
			
				|  Posted: Mon Feb 27, 2012 9:55 pm    Post subject: |   |  
				| 
 |  
				| This is really cool . thankyou 
 but are there any cheatengine function or tool that can convert the opcode into higher language?
 |  |  
		| Back to top |  |  
		|  |  
		| Portujua How do I cheat?
 
 ![]() Reputation: 0 
 Joined: 27 Feb 2012
 Posts: 6
 
 
 | 
			
				|  Posted: Mon Feb 27, 2012 10:00 pm    Post subject: |   |  
				| 
 |  
				| @Corruptor thanks, i understand most of it.. anyway, im still trying to get familiar with it... but, one more time, thanks.. it helped me a lot.. 
 The game actually can be played online but it isn't rpg and it doesn't has "highscores" or that stuff..
 The game is MineCraft, maybe you know it..
 And what i'm trying to hack (if you've played before) is the number of items in my inventory..
 |  |  
		| Back to top |  |  
		|  |  
		| Corruptor Advanced Cheater
 
 ![]() Reputation: 3 
 Joined: 10 Aug 2011
 Posts: 82
 
 
 | 
			
				|  Posted: Tue Feb 28, 2012 10:32 am    Post subject: |   |  
				| 
 |  
				| Well, in most cases, hacking a game using cheat engine comes down to "how could the programmer have written this?" So, what i know about the inventory in minecraft (i never played it, just know it from seeing the game):
 1: you have an inventory with a limited size
 2: items are stackable, and a full stack has a size of 64
 3: minecraft is written in java, which doesnt support unsigned values.
 
 Well, since the value can't reach any other numbers than 64, i asume its stored in a byte (which can hold up to 127 (remember, java)).
 
 Now, an inventory with a static size could be an array, either of objects or of bytes that directly hold the amount. However, the idea with that array is the important one. As allready mentioned before, the second register can be the index of the value. What you would have to look for:
 in the info window, is ebx always 8? I assume that the 8 is some kind of index of your inventory (the 9th. place in it maybe?). Try to find a pattern, when ebx changes and how it changes. Still, i assume its the index of the inventory, so putting an other item with an other amount into that inventory place may change the value you found and you used "find out what writes to this address" on.
 However, you might know about the VM of java and stuff. Finding a pointer chain will mostlikely be pain in the ass, so you might want to use code injection instead.
 |  |  
		| Back to top |  |  
		|  |  
		| Hacker Aspirant Newbie cheater
 
 ![]() Reputation: 0 
 Joined: 24 Sep 2012
 Posts: 22
 
 
 | 
			
				|  Posted: Fri Nov 09, 2012 6:41 am    Post subject: forget |   |  
				| 
 |  
				| Dont forget about the damn codeshifting Minecraft uses. |  |  
		| Back to top |  |  
		|  |  
		| n0 m3rcY Cheater
 
 ![]() Reputation: 0 
 Joined: 18 Jun 2012
 Posts: 42
 
 
 | 
			
				|  Posted: Wed Nov 14, 2012 3:52 pm    Post subject: |   |  
				| 
 |  
				| Java is run in its own virtual machine, and it dynamically creates classes and data storage. It's been a while since I reversed java, but last I remember I gave up on minecraft because it was a pain in the ass due to dynamic allocation for each class object when it was picked up, and etc. 
 If you want to hack java games it's better to just decompile the .jar and edit the source, then recompile. Minecraft's obfuscated, but there are a few deobfuscated version lying around.
 |  |  
		| Back to top |  |  
		|  |  
		|  |  
  
	| 
 
 | You cannot post new topics in this forum You cannot reply to topics in this forum
 You cannot edit your posts in this forum
 You cannot delete your posts in this forum
 You cannot vote in polls in this forum
 You cannot attach files in this forum
 You can download files in this forum
 
 |  |