Cheat Engine

[vergilganesh]

Is there any software to save the .exe file after applying cheats?? I tried Ollydbg but i dont know how to do that? is it possible? because i m too lazy to open cheat engine or trainer every time i open a game.

[_Veggy]

When you use cheatengine to generate the code caves, it allocates memory.
When dumping the exe normally the allocated memory isn't there so you need to dump the allocated memory aswell and apply it to the .exe using any PE modifying tools.
Easiest would be if you would create the codecaves inside the .exe.
Find some free space inside the .exe, patch the game and save executable.

[Dark Byte]

[TsTg]

[Gniarf]

...Or if your hacks are only made of auto assembler scripts, you may be able to turn them into hardcodable hacks (remember that CE can also be used as a file patcher), however it's a bit more complex that regular AA scripts:
-You can't use module addressing (like jmp game.exe+1234) because there is no module in a file.
-For the same reason you can't use aobscanmodule, use the basic aobscan instead.
-Don't include bytes you'll modify in your aob signatures (or you won't be able to remove your hacks for the file.exe).
-You can't use constant addressing (like 401123: ) to place your code because addresses in files and addresses in a running process (called Virtual Addresses, or VA) are completely different. You can use constant addressing to refer static data (like mov eax,[450000] ) if and only if your target doesn't use ASLR.
-You can't use alloc/dealloc/globalalloc since those are meaningless in a file. Instead use the huge code cave at the end of the memory region that contains the game's code. Use memory viewer->view->memory regions to find where that memory region ends... Or scan for a lot of zeros in an executable, non writable region, and pick the first result after the code you modify.
-If you need to declare variables for you hack, hijack the last bytes of a writable memory region, and refer to it via constant addressing (if you can). DO NOT put it in the cave that contains your code or you'll get an access violation.

Ok so after the "Don't"s here are the "Do"s:
-Putting constants that you'll only read after your code is fine and recommended.
-Everytime you want to refer to a piece of the original code you need to locate it via an aobscan.
-When you have short jumps (they take only 2 bytes) it's simpler to put them in the db xx xx form (with a comment) rather than aobscanning their destination.
-Jumps and calls that have their destination in code you created work as usual.
-Long jumps and calls in the disable section should be in db xx xx xx xx xx form.

Example of a bigass hardcodable hack: http://forum.cheatengine.org/viewtopic.php?t=566147&start=47
I said it must be hardcoded, but it can be applied on a running process too, it's just that it'll be too late since it patches the game's startup.

[++METHOS]

If I were wanting to make a permanent fix, I would use Ollydbg, find a suitable code cave and rewrite my scripts to work with the .exe as a standalone.

If you're just lazy, as you say, do as others have suggested...DB's advice is probably the fastest.

[TsTg]

also you can add an extra empty code section to the app(in case you're code cave is big, or you can't find a ZEROed spot in the exe), best app to use is CFF Explorer, make sure to test exe after adding section, also don't forget updating header data.

[vergilganesh]

I tried using Ollydbg but i got a problem. I cant save more than one changes. There is only one option in "copy to executables --> selection".



I have many questions.
1. I have not found any options like "copy to executables ---> all". If i save under selection only selected changes are saved not all.

2. Is there any possible way to allocate memory just above or below an instruction to do code injection in ollydbg?

3. What are the other tools that are easy to handle and patch the .exe into new one?

4. If the written code is less than the size of original code i filled them with nops. what if the original code is less in size?

[TsTg]

[vergilganesh]

there is no options like "all modifications"



i have changed 3 codes continuously but there is no options available. In version 2.0 there is no copy to executable options.

These three are nearest so it is easy to select individually. But my codes are far distance from each one.


pls Name that plugin because i have lot of em in a site.

[TsTg]

[vergilganesh]

Yes i saved total by using "Shift+End" keys. But i m unable to allocate memory. The application ends at 007386FFF. Cheat engine generates memory after this instruction/address. I can do code injection by using jmp instruction manually if i allocate some memory for my code. How to allocate memory. I googled and i cant findout anything.

[mgr.inz.Player]

You can add a new section. You can use StudPE. Be sure you have set MEM_EXECUTE, MEM_READ and MEM_WRITE flags.

[vergilganesh]

using stud_pe i can add new section. But the code i wrote is 005xxxxx and the section i added is starts at 02f0xxxx. Then how do i save the file. because both are at different sections of memory. using ctrl+g i can go to one address and mark that block., then after pressing crtl+g thn typing address i m unable to select next particular block. I have not any copy to executable--> all modifications options. I have done what you said as it is. There is no option there.

[TsTg]

rewrite your code cave at 02f0xxxx, and do jmp 02f0xxxx from original code location, then save the file.