View previous topic :: View next topic |
Author |
Message |
Stacktrace Expert Cheater Reputation: 1
Joined: 04 Jul 2015 Posts: 105
|
Posted: Thu Jun 02, 2016 7:20 am Post subject: [Suggestion/Request] Plugin or feature of this |
|
|
Hey, here comes a bit of an unusual post. I'm sorry if some here might get angry at me for requesting something but it's all good if this won't happen I just thought I'd like to post my thoughts on this.
Okey so, latest games and their integrtiy checks are pretty decent and hard to bypass. Usually you're able to use the kernel mode debugger (DBVM) which I've done for the past years on this game that I won't mention which uses a very good integrity check. But, in most games where you want to cheat you'll probably use the NOP feature once in a while when quick-testing something you name it. If you didn't know, you're also able to NOP instructions by using DBVM and it's change register! What you do is, get the address you want to NOP, go one line down to the instruction under it and copy it's address, go one line up again to the address you want to NOP then click change registers and paste in the address under it into 'EIP'. It will then ignore the instruction / NOP it. (Common sense.) Yes, it has the exact same effect as manually nopping an address. I myself along with many others have used this method since 2013 now on this game and I tell you, the amount of hacks we've been able to pull off is a lot without any integrity check bothering us!
But it can be quite tedious to go down, copy an address, go back up, change registers, paste in EIP just to do this awesome thing probably not many have thought of. And I've been calling it a 'dnop' (debugger nop). Wouldn't it be amazing with a Cheat Engine plugin that leaves you the choice to right click the address and press DNOP this address or some other graet looking name? Just like how you can right click an address, NOP this address. It'd be so useful if you could just right click it and press DNOP this address which would then set a breakpoint to it with the address under as EIP on the address you clicked it on! If no CE developers liked this idea, could this atleast be a somewhat plugin? If there is any good plugin creators out there of course. (I'm telling you, many people will use it. I know just myself around 10 people that use this method on games with anti cheats.)
|
|
Back to top |
|
|
predprey Master Cheater Reputation: 24
Joined: 08 Oct 2015 Posts: 486
|
Posted: Thu Jun 02, 2016 10:16 am Post subject: |
|
|
I'm guessing you are DNopping cuz integrity checks would detect nopping?
I think I can write a Lua extention to add an option to the disassembler's popup menu. But is the number of instructions skipped constant(i.e 1)? Or I let users decide by multiselecting start to end?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25287 Location: The netherlands
|
Posted: Thu Jun 02, 2016 10:32 am Post subject: |
|
|
you could do both.
disassemblerview exposes SelectedAddress and SelectedAddress2
In case of multiselection the two addresses aren't the same.
and the disassembler can be used to figure out the size in bytes of the instruction of the last selected line
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
predprey Master Cheater Reputation: 24
Joined: 08 Oct 2015 Posts: 486
|
Posted: Thu Jun 02, 2016 10:38 am Post subject: |
|
|
yea i was thinking if i should write the function to use both addresses or just make it fixed. YAGNI ftw
btw will there be the software breakpoint prompt once the number of hardware breakpoints reaches the limit when i use debug_setbreakpoint?
|
|
Back to top |
|
|
Stacktrace Expert Cheater Reputation: 1
Joined: 04 Jul 2015 Posts: 105
|
Posted: Thu Jun 02, 2016 11:05 am Post subject: |
|
|
predprey wrote: | I'm guessing you are DNopping cuz integrity checks would detect nopping?
I think I can write a Lua extention to add an option to the disassembler's popup menu. But is the number of instructions skipped constant(i.e 1)? Or I let users decide by multiselecting start to end? |
Ah, I'd appreciate that so much! It'd make my day
Yeah, to DNOP a instruction you have to copy the address under it, then paste that into the EIP register of the address you want to (D)NOP. Here's a GIF showing what I mean:
https://gyazo.com/d609e5f418481b0f4461755927e2553e
What happens is it ends up skipping the instruction resulting into the effect of nopping it. This would be amazing if you'd pull something like that of. Thanks man, really appreciated. Yup, I'm doing it to prevent the integrity checker detecting my edits. Here's an example of why Dnopping is useful:
You're hacking a game, you found the address that writes to health, instead of writing a code injection you decide to NOP it (which usually works just fine as damage won't decrease your health) but the game crashes! Here's where DBVM comes in, it's usually undetected in-games (even the latest ones) then you can just DNOP it and boom, you've got infinite health.
By the way, I reputated you . Don't worry, if you won't be able to pull this off you still deserve it.
|
|
Back to top |
|
|
predprey Master Cheater Reputation: 24
Joined: 08 Oct 2015 Posts: 486
|
Posted: Thu Jun 02, 2016 11:49 am Post subject: |
|
|
http://forum.cheatengine.org/viewtopic.php?p=5674807#5674807
I'm working on a shortcut configurator currently, so until I finish then you can set the shortcut for this functions with
Code: | local shortcut = 'F5' --Change this to whatever key combination you like (e.g. 'Ctrl+K'
local menu = getMemoryViewForm().DisassemblerView.PopupMenu.Items
for i=0,menu.Count-1 do
if menu[i].Caption == 'Set DNOP Breakpoint' then
menu[i].setShortcut(shortcut)
end
end |
Last edited by predprey on Thu Jun 02, 2016 12:06 pm; edited 1 time in total |
|
Back to top |
|
|
Stacktrace Expert Cheater Reputation: 1
Joined: 04 Jul 2015 Posts: 105
|
Posted: Thu Jun 02, 2016 12:02 pm Post subject: |
|
|
Thank you so much! I very much appreciate your help although I ran into a problem, it doesn't work. :/ When I press "Set DNOP Breakpoint" it only debugs the address like it would if you press "Toggle breakpoint" so I have to run it which still does nothing. I'm not sure where to post this, my thread or your thread so I'll post on both (sorry if spam). Thanks again though! If you're able to fix this issue then this would be life-changing and the way it looks where you can right click an address is just amazing. We need more people like you!
Hmm, I looked into the code and I added this line
if i == EIP then
EIP = j
( debug_continueFromBreakpoint(co_run)
return 1 ) after those lines. Then I went to the minAddr+1 and changed it to +5 which leads to the address after the one I want to DNOP and it worked. Seems to be some sort of math going on with calculating where the second address is.. +1 leads to some weird opcode that doesn't even run in the function, like those add's then I plussed with 5 and it lead me to the other one(won't work in other addresses obviously) hopefully you're able to figure this out!
Yup I noticed where to + it.. So you see the bytes on the left of the address?
https://gyazo.com/e07e9d634e335f4a3c2f04b828b03b58
if you plus the address with the amount of bytes it has, it'll lead you to the address under it, in this case +3.. Hope that helped
Latest edit:
Thank you so much! I very much appreciate your help!
It works perfectly fine (if the fix I added is used)!
By the way, it still doesn't step the debugger but I edited your code into doing that (as of now it just breakpoints it)
http://pastebin.com/KPVLDw03
This is truly amazing, I might be over-reacting but I've wanted something like this for ages, and here it is. I'm so thankful you have absolutely no idea, this will save me a lot of time and I'll finally be able to leave my clipboard alone! Thanks I wish I could rep you hundreds of times. Haha!
|
|
Back to top |
|
|
|