| View previous topic :: View next topic |
| Author |
Message |
roon_shady
How do I cheat?
![]() Reputation: 0
Joined: 22 Jun 2021
Posts: 4
|
 Posted: Tue Jun 22, 2021 11:53 am Post subject: I have a CT file but I want to move the changes to the EXE |
 |
|
I have a CT file with two scripts that I want to mod permanently into the game's EXE itself. but I am unsure on how to go about it. I have attached the CT file in question
| Code: | <?xml version="1.0" encoding="utf-8"?>
<CheatTable CheatEngineTableVersion="28">
<CheatEntries>
<CheatEntry>
<ID>0</ID>
<Description>"Nitro for player only"</Description>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>//Made by Geri with Cheat Engine 5.6.1
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
label(nitrolabel)
registersymbol(nitrolabel)
aobscan(aobnitro,f3 0f 58 41 0c)
aobnitro:
nitrolabel:
jmp newmem
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
mov [ecx+0c],42C80000
originalcode:
addss xmm0,[ecx+0c]
exit:
jmp returnhere
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
nitrolabel:
addss xmm0,[ecx+0c]
//Alt: db F3 0F 58 41 0C
unregistersymbol(nitrolabel)
</AssemblerScript>
<Hotkeys>
<Hotkey>
<Action>Toggle Activation</Action>
<Keys>
<Key>97</Key>
</Keys>
<ID>0</ID>
<ActivateSound>Activate</ActivateSound>
<DeactivateSound>Deactivate</DeactivateSound>
</Hotkey>
</Hotkeys>
</CheatEntry>
<CheatEntry>
<ID>2</ID>
<Description>"Unlimited Health"</Description>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>//Made by Geri with Cheat Engine 6.0
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
label(healthlabel)
registersymbol(healthlabel)
aobscan(aobhealth,8b 8e 50 1c 00 00 8b)
newmem: //this is allocated memory, you have read,write,execute access
mov [esi+1AB0],0
originalcode:
mov ecx,[esi+00001C50]
exit:
jmp returnhere
aobhealth:
healthlabel:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
healthlabel:
mov ecx,[esi+00001C50]
//Alt: db 8B 8E 50 1C 00 00
unregistersymbol(healthlabel)
</AssemblerScript>
<Hotkeys>
<Hotkey>
<Action>Toggle Activation</Action>
<Keys>
<Key>98</Key>
</Keys>
<ID>0</ID>
<ActivateSound>Activate</ActivateSound>
<DeactivateSound>Deactivate</DeactivateSound>
</Hotkey>
</Hotkeys>
</CheatEntry>
</CheatEntries>
<UserdefinedSymbols/>
</CheatTable>
|
|
|
| Back to top |
|
 |
TheyCallMeTim13
Wiki Contributor
 Reputation: 50
Joined: 24 Feb 2017
Posts: 976
Location: Pluto
|
| Posted: Tue Jun 22, 2021 4:00 pm Post subject: |
|
|
If the modified code is in the EXE then you should be able too. But it looks like you'd have to find a place to create a code cave, or rewrite the scripts so you don't need to redirect the game's code. Then open the EXE file in CE or a hex editor and change the bytes as needed and save the EXE file.
_________________
|
|
| Back to top |
|
|
roon_shady
How do I cheat?
![]() Reputation: 0
Joined: 22 Jun 2021
Posts: 4
|
| Posted: Tue Jun 22, 2021 11:14 pm Post subject: |
|
|
I tried creating a code cave in OllyDbg and saved the exe but for some reason it isn't working as expected
Maybe I'm missing something 🤔
EDIT: Added attachments on the changes I made. though I'm not sure if its 100% correct
| Description: |
|
| Filesize: |
7.36 KB |
| Viewed: |
1718 Time(s) |
|
| Description: |
|
| Filesize: |
24.86 KB |
| Viewed: |
1718 Time(s) |
|
|
|
| Back to top |
|
|
TheyCallMeTim13
Wiki Contributor
Reputation: 50
Joined: 24 Feb 2017
Posts: 976
Location: Pluto
|
| Posted: Wed Jun 23, 2021 5:42 am Post subject: |
|
|
It looks like the code cave starts at 0xC3A12 but your jumping to 0xC3A11. Plus your script sets the value at an address then uses that to add to XMM0, but your code cave adds to XMM0 then sets the addresses value so the set value may never get used.
_________________
|
|
| Back to top |
|
|
roon_shady
How do I cheat?
![]() Reputation: 0
Joined: 22 Jun 2021
Posts: 4
|
| Posted: Wed Jun 23, 2021 5:58 am Post subject: |
|
|
| So I should move the mov statement above the addps statement in the code cave?
|
|
| Back to top |
|
|
TheyCallMeTim13
Wiki Contributor
Reputation: 50
Joined: 24 Feb 2017
Posts: 976
Location: Pluto
|
| Posted: Wed Jun 23, 2021 10:46 am Post subject: |
|
|
Yeah, that and making sure the jump address is at the start of the code cave.
The bytes for "addss xmm0,[ecx+0c]" are "F3 0f 58 41 0C", but with that jump you have "00 F3 0F 58 41 0C" which I don't think it's what you want. Thus it's showing as "add bl,dh" and "addps", and not "addss" which is what the script has.
_________________
|
|
| Back to top |
|
|
roon_shady
How do I cheat?
![]() Reputation: 0
Joined: 22 Jun 2021
Posts: 4
|
| Posted: Wed Jun 23, 2021 10:53 am Post subject: |
|
|
| Alright thanks for your input. After messing around with it a little bit I finally got to patching the exe, with a little bit of help of x64dbg as well
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
