 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
etioplmld
Advanced Cheater
![]() Reputation: 0
Joined: 09 Feb 2021
Posts: 78
|
 Posted: Thu Mar 11, 2021 11:05 pm Post subject: What is the correct Code of custom type for xor fixed value? |
 |
|
In this post.
forum.cheatengine.org/viewtopic.php?t=586164
about Custom data type " XOR Algorithm".
When changing xorkey to F1, test whether the address containing the value F1 will be converted to 0.It will keep popping up "access violation",Or display an incorrect value,Not zero .
In this post
cheatengine.org/forum/viewtopic.php?p=5707518
it is said that the conversion is done by ce itself, then it should be effective for all programs, but this code in some programs will succeed and some will be wrong values. ce automatically generated custom data types, If add 32-bit seems to only have error values and pop-up "access violation".
| Code: |
registerCustomTypeAutoAssembler([[
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(UsesFloat,1)
alloc(CallMethod,1)
globalalloc(xord,4)
label(xork)
registersymbol(xork)
TypeName:
db 'xornb',0
ByteSize:
dd 4
UsesFloat:
db 0
CallMethod:
db 1
xord:
xork:
dd F1
ConvertRoutine:
[64-bit]
mov eax,[rcx]
xor eax,[xork]
ret
[/64-bit]
ConvertBackRoutine:
[64-bit]
xor ecx,[xork]
mov [r8],ecx
ret
[/64-bit]
]])
|
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25833
Location: The netherlands
|
| Posted: Fri Mar 12, 2021 3:04 am Post subject: |
|
|
use alloc instead of globalalloc and then add registersymbol(xork)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
etioplmld
Advanced Cheater
![]() Reputation: 0
Joined: 09 Feb 2021
Posts: 78
|
| Posted: Fri Mar 12, 2021 7:20 am Post subject: |
|
|
Thanks for your answer ,This code is also from Gniarf, and mgr.inz.Player says it can work in ce6.5,but it seems not work in ce 7.2.
| Code: |
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
define(XOR_KEY,0e59d3a5)
TypeName:
db 'XOR Algoritm',0
ByteSize:
dd 4 //4 byte real value and 4 byte encryption key right after it
//stdcall int ConvertRoutine(unsigned char *input);
ConvertRoutine:
[64-bit]
//rcx=address of input
mov eax,dword [rcx] //eax now contains the bytes 'input' pointed to
xor eax,XOR_KEY
ret
[/64-bit]
[32-bit]
mov eax,dword [esp+4]
mov eax,dword [eax]
xor eax,XOR_KEY
ret 4
[/32-bit]
//stdcall void ConvertBackRoutine(int i, unsigned char *output);
ConvertBackRoutine:
[64-bit]
//ecx=input
//rdx=address of output
xor ecx,XOR_KEY
mov [rdx],ecx
ret
[/64-bit]
[32-bit]
//[ebp+8]=input
//[ebp+c]=address of output
push eax
push edi
mov eax,dword [esp+C]
mov edi,dword [esp+10]
xor eax,XOR_KEY
mov dword [edi],eax
pop edi
pop eax
ret 8
[/32-bit]
|
|
|
| Back to top |
|
|
etioplmld
Advanced Cheater
![]() Reputation: 0
Joined: 09 Feb 2021
Posts: 78
|
| Posted: Fri Mar 12, 2021 9:24 pm Post subject: |
|
|
When attaching a different program,[32-bit] Will get the wrong result ,or keep popping up "access violation","external exception",[64-bit]Sometimes there will be correct results, sometimes it will pop up"access violation".
| Code: |
registerCustomTypeAutoAssembler([[
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(UsesFloat,1)
alloc(CallMethod,1)
alloc(xork,4)
registersymbol(xork)
TypeName:
db 'xorna',0
ByteSize:
dd 4
UsesFloat:
db 0
CallMethod:
db 1
xork:
dd F1
ConvertRoutine:
[32-bit]
push ebp
mov ebp,esp
mov eax,[ebp+8]
mov eax,[eax]
xor eax,[xork]
pop ebp
ret
[/32-bit]
ConvertBackRoutine:
[32-bit]
push ebp
mov ebp,esp
push eax
push ebx
mov eax,[ebp+8]
mov ebx,[ebp+10]
xor eax,[xork]
mov [ebx],eax
pop ebx
pop eax
pop ebp
ret
[/32-bit]
]])
|
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25833
Location: The netherlands
|
| Posted: Sat Mar 13, 2021 8:28 am Post subject: |
 |
|
keep in mind that the custom types run inside CE, not in the target.
So if you use the 64 bit ce, you need a 64 bit custom type
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
etioplmld
Advanced Cheater
![]() Reputation: 0
Joined: 09 Feb 2021
Posts: 78
|
| Posted: Fri Mar 26, 2021 12:01 am Post subject: |
|
|
It is very difficult for careless people to do this,It doesn't seem to be a problem with the code.It seems that in some cases,Address list,[ENABLE]{$lua}[DISABLE] has some problem
Last edited by etioplmld on Sun Mar 28, 2021 12:39 am; edited 1 time in total |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25833
Location: The netherlands
|
| Posted: Fri Mar 26, 2021 5:46 am Post subject: |
|
|
That should work unless you're on a really old ce version.
with this custom type for example it works
| Code: |
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(UsesFloat,1)
alloc(CallMethod,1)
alloc(xorkey,4)
registersymbol(xorkey)
TypeName:
db 'Remote xorkey',0
ByteSize:
dd 4
UsesFloat:
db 0 //Change to 1 if this custom type should be treated as a float
CallMethod:
db 1 //Remove or change to 0 for legacy call mechanism
//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: cdecl int ConvertRoutine(unsigned char *input, PTR_UINT address);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
//rdx=address
mov eax,[rcx] //eax now contains the bytes 'input' pointed to
xor eax,[xorkey]
ret
[/64-bit]
[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=address of input
//[ebp+c]=address
//example:
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov eax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value
xor eax,[xorkey]
pop ebp
ret
[/32-bit]
//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: cdecl void ConvertBackRoutine(int i, PTR_UINT address, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address
//r8=address of output
//example:
xor ecx,[xorkey]
mov [r8],ecx //place the integer at the 4 bytes pointed to by r8
ret
[/64-bit]
[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address
//[ebp+10]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+10] //load the output address into ebx
xor eax,[xorkey]
mov [ebx],eax //write the value into the address
pop ebx
pop eax
pop ebp
ret
[/32-bit]
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
etioplmld
Advanced Cheater
![]() Reputation: 0
Joined: 09 Feb 2021
Posts: 78
|
| Posted: Fri Mar 26, 2021 8:52 am Post subject: |
|
|
Thank you, It works perfectly ,this question is a bit difficult for amateurs
 
with notpad++ Compare Plug-in to find old errors ,
It may be a special problem of the computer system,
Sometimes, using ctral+alt+l to run the code is complete correct .
but use
[ENABLE]
{$lua}
[DISABLE]
run it ,Sometimes 32bit it is wrong
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
