 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Rzzil
How do I cheat?
![]() Reputation: 0
Joined: 02 Apr 2015
Posts: 9
|
 Posted: Thu Apr 02, 2015 2:08 pm Post subject: What's wrong with my code |
 |
|
| Code: | push eax
mov eax,[ecx+00004020]
cmp eax,#1000
pop eax
jl originalcode
mov [ecx+00004014],#1000
jmp exit
originalcode:
mov [ecx+00004014],edi |
My code is suppose to run | Code: | | mov [ecx+00004014],#1000 |
if [ecx+00004020] is bigger or equal to 1000(decimal) and if less than 1000 jump to originalcode. Picture is the value of [ecx+00004020]. When I run the script it keep skipping to originalcode instead of mov [ecx+00004014],#1000.
Any one have idea how to fix that? |
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 474
Joined: 09 May 2003
Posts: 25926
Location: The netherlands
|
| Posted: Fri Apr 03, 2015 4:05 am Post subject: |
|
|
try jb instead of jl
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Rzzil
How do I cheat?
![]() Reputation: 0
Joined: 02 Apr 2015
Posts: 9
|
| Posted: Fri Apr 03, 2015 4:55 am Post subject: |
|
|
| Dark Byte wrote: | | try jb instead of jl |
I just change to jb but same thing happened.
Other script are fine. Only this script happens to be like this. |
|
| Back to top |
|
|
Geri
Moderator
![]() Reputation: 112
Joined: 05 Feb 2010
Posts: 5627
|
| Posted: Fri Apr 03, 2015 7:02 am Post subject: |
|
|
Try to replace #1000 with (int)1000.
_________________
|
|
| Back to top |
|
|
Rzzil
How do I cheat?
![]() Reputation: 0
Joined: 02 Apr 2015
Posts: 9
|
| Posted: Fri Apr 03, 2015 7:20 am Post subject: |
|
|
| Geri wrote: | | Try to replace #1000 with (int)1000. |
Still does not work. Problem is is not working properly [ecx+00004020] is actually the money cap for the game and [ecx+00004014] is the current money player owned. Initially money cap is 1000 and it is increasing during the game process. I have already try to change to and it is still not working and I try to replace jl to jb as well.
I have no idea whats going on.
One more thing, code "cmp" run perfectly fine when compare other values in any other scripts.
Here is the whole script
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
push eax
mov eax,[ecx+00004020]
cmp eax,#1000
pop eax
jl originalcode
mov [ecx+00004014],#1000
jmp exit
originalcode:
mov [ecx+00004014],edi
exit:
jmp returnhere
"sotes.exe"+1A1BF:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"sotes.exe"+1A1BF:
mov [ecx+00004014],edi
//Alt: db 89 B9 14 40 00 00 |
and original code is in the picture |
|
| Back to top |
|
|
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Fri Apr 03, 2015 8:26 am Post subject: |
|
|
I think it doesn't work because of jump at "sotes.exe+1A1B3".
Try different hackpoint.
EDIT:
From your code:
1. you are checking "is money cap is lower than 1000?"
2. if yes, do nothing.
3. if no, set current money to 1000
Is this something you want to achieve?
_________________
|
|
| Back to top |
|
|
Rzzil
How do I cheat?
![]() Reputation: 0
Joined: 02 Apr 2015
Posts: 9
|
| Posted: Fri Apr 03, 2015 8:39 am Post subject: |
|
|
| mgr.inz.Player wrote: | I think it doesn't work because of jump at "sotes.exe+1A1B3".
Try different hackpoint. |
I think that one is not a force jump the code can definitely run if I take out
| Code: | push eax
mov eax,[ecx+00004020]
cmp eax,#1000
pop eax
jl originalcode |
and put it | Code: | mov [ecx+00004014],#1000
jmp exit
originalcode:
mov [ecx+00004014],edi |
Player money is lock to (int)1000. The thing is I can lock money with out the "cmp" compare part in this script. I am just curious why "cmp" does not work here. |
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Fri Apr 03, 2015 9:21 am Post subject: |
|
|
Could you post a little more original code. I'm just curious what's above sotes.exe+1A1AB.
Especially, what's inside EDX register.
_________________
|
|
| Back to top |
|
|
Rzzil
How do I cheat?
![]() Reputation: 0
Joined: 02 Apr 2015
Posts: 9
|
| Posted: Fri Apr 03, 2015 9:21 am Post subject: To mgr.inz.Player |
|
|
Yea....Because the money cap can not be lower than 1000. That's why I want to use it as a double check to make sure the code only affect current money. But due to some reason it did not work.
Edit:
Of course. Register and original code is in the attachment.
Last edited by Rzzil on Fri Apr 03, 2015 9:36 am; edited 1 time in total |
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Fri Apr 03, 2015 9:31 am Post subject: |
|
|
Is money cap a 32bit value, Or maybe 16bit value? (structure dissector only guesses )
EDIT: (ok, it is 32bit, I see this from the screenshot you just attached)
| Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
newmem:
cmp word ptr [ecx+00004020],#1000
jl originalcode
mov edi,#1000
originalcode:
mov [ecx+00004014],edi
jmp returnhere
"sotes.exe"+1A1BF:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
"sotes.exe"+1A1BF:
mov [ecx+00004014],edi
//Alt: db 89 B9 14 40 00 00 |
_________________
Last edited by mgr.inz.Player on Fri Apr 03, 2015 9:43 am; edited 2 times in total |
|
| Back to top |
|
|
Rzzil
How do I cheat?
![]() Reputation: 0
Joined: 02 Apr 2015
Posts: 9
|
| Posted: Fri Apr 03, 2015 9:41 am Post subject: |
|
|
| mgr.inz.Player wrote: | Is money cap a 32bit value, Or maybe 16bit value? (structure dissector only guesses )
| Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
newmem:
cmp word ptr [ecx+00004020],#1000
jl originalcode
mov edi,#1000
originalcode:
mov [ecx+00004014],edi
jmp returnhere
"sotes.exe"+1A1BF:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
"sotes.exe"+1A1BF:
mov [ecx+00004014],edi
//Alt: db 89 B9 14 40 00 00 |
|
I've try both 16bit and 32bit. Still no luck.I think is 32bit.
Edit:
I actually change money cap value to 99999999(decimal) and it correctly display in game. |
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Fri Apr 03, 2015 10:12 am Post subject: |
|
|
| Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
newmem:
pushfd
cmp dword ptr [ecx+00004020],#1000
jl originalcode
mov edi,#1000
originalcode:
popfd
mov [ecx+00004014],edi //orig
jmp returnhere
"sotes.exe"+1A1BF:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
"sotes.exe"+1A1BF:
mov [ecx+00004014],edi
//Alt: db 89 B9 14 40 00 00 |
_________________
|
|
| Back to top |
|
|
Rzzil
How do I cheat?
![]() Reputation: 0
Joined: 02 Apr 2015
Posts: 9
|
| Posted: Fri Apr 03, 2015 10:18 am Post subject: |
|
|
| mgr.inz.Player wrote: | | Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
newmem:
pushfd
cmp dword ptr [ecx+00004020],#1000
jl originalcode
mov edi,#1000
originalcode:
popfd
mov [ecx+00004014],edi //orig
jmp returnhere
"sotes.exe"+1A1BF:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
"sotes.exe"+1A1BF:
mov [ecx+00004014],edi
//Alt: db 89 B9 14 40 00 00 |
|
It worked!!!!But I still don't understand what is actually happened. |
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Fri Apr 03, 2015 10:24 am Post subject: |
|
|
This should also work:
| Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
newmem:
cmp dword ptr [ecx+00004020],#1000
jl originalcode
mov edi,#1000
originalcode:
test eax,eax
mov [ecx+00004014],edi //orig
jmp returnhere
"sotes.exe"+1A1BF:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
"sotes.exe"+1A1BF:
mov [ecx+00004014],edi
//Alt: db 89 B9 14 40 00 00 |
Our cmp dword ptr [ecx+00004020],#1000 affected CPU flags, previously set by "test eax,eax".
this pair:
test eax,eax
jle LABEL
can be translated to: jump to LABEL when eax is zero or negative.
You could use other hackpoint, this one: "sotes.exe+1A1BD"
_________________
|
|
| Back to top |
|
|
Rzzil
How do I cheat?
![]() Reputation: 0
Joined: 02 Apr 2015
Posts: 9
|
| Posted: Fri Apr 03, 2015 10:31 am Post subject: |
|
|
| mgr.inz.Player wrote: | This should also work:
| Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
newmem:
cmp dword ptr [ecx+00004020],#1000
jl originalcode
mov edi,#1000
originalcode:
test eax,eax
mov [ecx+00004014],edi //orig
jmp returnhere
"sotes.exe"+1A1BF:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
"sotes.exe"+1A1BF:
mov [ecx+00004014],edi
//Alt: db 89 B9 14 40 00 00 |
Our cmp dword ptr [ecx+00004020],#1000 affected CPU flags, previously set by "test eax,eax".
this pair:
test eax,eax
jle LABEL
can be translated to: jump to LABEL when eax is zero or negative.
You could use other hackpoint, this one: "sotes.exe+1A1BD" |
Thank you so much for fixing these. One more question...I just try changing my code to | Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,"sotes.exe"+1A1BF)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
push eax
mov eax,[ecx+00004020]
cmp eax,#1000
pop eax
jl originalcode
mov edi,#1000
mov [ecx+00004014],edi
jmp exit
originalcode:
mov [ecx+00004014],edi
exit:
jmp returnhere
"sotes.exe"+1A1BF:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"sotes.exe"+1A1BF:
mov [ecx+00004014],edi
//Alt: db 89 B9 14 40 00 00 |
The different between my initial code and this one is only add one line
But it still worked. How did that affect "cmp" above
In my initial code I use | Code: | | mov [ecx+00004014],#1000 |
new one : | Code: | mov edi,#1000
mov [ecx+00004014],edi |
Last edited by Rzzil on Fri Apr 03, 2015 10:37 am; edited 2 times in total |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
