 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Jiehfeng
Expert Cheater
 Reputation: 0
Joined: 03 Jan 2014
Posts: 107
|
 Posted: Sun Jan 18, 2015 10:22 am Post subject: Auto Assembler Help - What's wrong over here? |
 |
|
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(health,2048)
label(returnhere)
label(originalcode)
label(exit)
label(nothing)
health: //this is allocated memory, you have read,write,execute access
mov [eax],#5000
mov [ebx+00000480],eax
cmp [ebx+00000480],#5000
je nothing
nothing:
nop
originalcode:
//sub [ebx+00000480],eax
exit:
jmp returnhere
"Tutorial-i386.exe"+24FFB:
jmp health
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"Tutorial-i386.exe"+24FFB:
sub [ebx+00000480],eax
//Alt: db 29 83 80 04 00 00
|
If you noticed, it's the cheat engine tutorial. I'm trying to try out new commands I learned. This is the first part of the tutorial, the code I wrote is useless in the latter part but I want it to work, just for the sake of learning. The tut crashes after the script is enabled, any reason why?
_________________
I know you're reading this, Hitler. |
|
| Back to top |
|
 |
panraven
Grandmaster Cheater
![]() Reputation: 62
Joined: 01 Oct 2008
Posts: 958
|
| Posted: Sun Jan 18, 2015 11:31 am Post subject: |
|
|
mov [eax],#5000
mov [ebx+00000480],eax
cmp [ebx+00000480],#5000
last 2 lines suggest that ebx is a address pointer while eax is 4 bytes integer type,
but 1st line use eax as a pointer, for example if eax is 500 = 0x1f4, this command will write something on the address [0x1f4] , which likely some system or stack area that normally won't be touched.
Remove or comment out 1st line should prevent crash.
To set register eax the value 500, use
mov eax, #500
To set the value at address that hold by eax, use
mov [eax], #500
eax act as a memory address pointer in this case.
|
|
| Back to top |
|
|
Jiehfeng
Expert Cheater
Reputation: 0
Joined: 03 Jan 2014
Posts: 107
|
| Posted: Sun Jan 18, 2015 12:04 pm Post subject: |
|
|
| panraven wrote: | mov [eax],#5000
mov [ebx+00000480],eax
cmp [ebx+00000480],#5000
last 2 lines suggest that ebx is a address pointer while eax is 4 bytes integer type,
but 1st line use eax as a pointer, for example if eax is 500 = 0x1f4, this command will write something on the address [0x1f4] , which likely some system or stack area that normally won't be touched.
Remove or comment out 1st line should prevent crash.
To set register eax the value 500, use
mov eax, #500
To set the value at address that hold by eax, use
mov [eax], #500
eax act as a memory address pointer in this case. |
Thanks for the info!
It seems either mov eax,#5000 or mov [eax],#5000 crashes the tut.
Is there anyway to change the value of eax so I can use the original code in my code? Just for learning purposes as I said. mov [ebx+00000480],#5000 works just fine.
_________________
I know you're reading this, Hitler. |
|
| Back to top |
|
|
panraven
Grandmaster Cheater
![]() Reputation: 62
Joined: 01 Oct 2008
Posts: 958
|
| Posted: Sun Jan 18, 2015 1:43 pm Post subject: |
|
|
| Jiehfeng wrote: | | panraven wrote: | mov [eax],#5000
mov [ebx+00000480],eax
cmp [ebx+00000480],#5000
last 2 lines suggest that ebx is a address pointer while eax is 4 bytes integer type,
but 1st line use eax as a pointer, for example if eax is 500 = 0x1f4, this command will write something on the address [0x1f4] , which likely some system or stack area that normally won't be touched.
Remove or comment out 1st line should prevent crash.
To set register eax the value 500, use
mov eax, #500
To set the value at address that hold by eax, use
mov [eax], #500
eax act as a memory address pointer in this case. |
Thanks for the info!
It seems either mov eax,#5000 or mov [eax],#5000 crashes the tut.
Is there anyway to change the value of eax so I can use the original code in my code? Just for learning purposes as I said. mov [ebx+00000480],#5000 works just fine. |
It is likely eax has its own use in original code.
Try use push/pop pair to save those register that should not be affected, and only after then use those register as temporary variable/register.
For 32-bit system, pushad will push all general purpose registers to stack, but I don't know if there is equivalent on 64-bit system.
By using push/pop, the ESP register will change implicitly, it has to be cautious if the modified code has reference to this register.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
