|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
iRiot Master Cheater Reputation: 0
Joined: 03 Jul 2007 Posts: 395 Location: Aka RIOT
|
Posted: Sat Nov 29, 2008 7:32 pm Post subject: [Help] asm c++ |
|
|
Iam trying to code Dice Vac for maplestory v55 and whenever i enable it it gives me the black screen and freezes maplestory any ideas on how to make it work?
my code:
Code: |
#include <windows.h>
#include "resource.h"
#define JMP(frm, to) (int)(((int)to - (int)frm) - 5);
DWORD DiceVacAddy = (0x0074306a + 5);
__declspec(naked) void DiceVacHook()
{
__asm
{
pushad
mov edx, [0x89361c] //Char X
mov ebx, [edx+0x580]
mov ecx,[edx+0x584]
//add ebx, [right]
//sub ebx, [left]
mov eax,[0x892a9c] //Walls
mov [eax+0xC],ebx
mov [eax+0x14],ebx
mov [eax+0x10],ecx
mov [eax+0x18],ecx
popad
mov [ebx], eax
mov edi,[ebp+0x10]
jmp DiceVacAddy
}
}
void DiceVacOn (HWND hWnd)
{
*(BYTE*)0x0074306A = 0xE9;
*(DWORD*)(0x0074306A+1) = JMP( 0x0074306A, DiceVacHook );
*(DWORD*)0x00745CC6 = 0x0162840F; //0f 84 62 01
*(WORD*)(0x00745CC6 + 4) = 0x0000; //00 00
*(WORD*)0x0073F4A4 = 0x0575; // 75 05
*(DWORD*)0x0073F755 = 0x00D0850F; //0f 85 d0 00 // 00 00
*(WORD*)(0x0073F755 + 4) = 0x0000; //00 00
}
|
Original Script:
Code: | [Enable]
alloc(dICE,64)
alloc(right,4)
alloc(left,4)
registersymbol(right)
registersymbol(left)
label(return)
dICE:
pushad
mov edx, [89361c] //Char X
mov ebx, [edx+580]
mov ecx,[edx+584]
add ebx, [right]
sub ebx, [left]
mov eax,[892a9c] //Walls
mov [eax+C],ebx
mov [eax+14],ebx
mov [eax+10],ecx
mov [eax+18],ecx
popad
mov [ebx], eax
mov edi,[ebp+10]
jmp return
right:
db 00 00
left:
db 00 00
74306a:
jmp dICE
return:
745cc6:
db 0f 84 62 01 00 00
73f4a4:
db 75 05
73f755:
db 0f 85 d0 00 00 00
[Disable]
74306a:
mov [ebx], eax
mov edi,[ebp+10]
745cc6:
db 0f 85 62 01 00 00
73f4a4:
db 74 05
73f755:
db 0f 84 d0 00 00 00
dealloc(dICE)
dealloc(left)
dealloc(right)
unregistersymbol(left)
unregistersymbol(right) |
_________________
|
|
Back to top |
|
|
kitterz Grandmaster Cheater Supreme Reputation: 0
Joined: 24 Dec 2007 Posts: 1268
|
Posted: Sat Nov 29, 2008 8:11 pm Post subject: |
|
|
Hmmm. It look perfect to me. Did you confim that the AA script works in the first place?
_________________
|
|
Back to top |
|
|
&Vage Grandmaster Cheater Supreme Reputation: 0
Joined: 25 Jul 2008 Posts: 1053
|
Posted: Sat Nov 29, 2008 8:34 pm Post subject: Re: [Help] asm c++ |
|
|
iRiot wrote: | Iam trying to code Dice Vac for maplestory v55 and whenever i enable it it gives me the black screen and freezes maplestory any ideas on how to make it work?
my code:
Code: |
#include <windows.h>
#include "resource.h"
#define JMP(frm, to) (int)(((int)to - (int)frm) - 5);
DWORD DiceVacAddy = (0x0074306a + 5);
__declspec(naked) void DiceVacHook()
{
__asm
{
pushad
mov edx, [0x89361c] //Char X
mov ebx, [edx+0x580]
mov ecx,[edx+0x584]
//add ebx, [right]
//sub ebx, [left]
mov eax,[0x892a9c] //Walls
mov [eax+0xC],ebx
mov [eax+0x14],ebx
mov [eax+0x10],ecx
mov [eax+0x18],ecx
popad
mov [ebx], eax
mov edi,[ebp+0x10]
jmp DiceVacAddy
}
}
void DiceVacOn (HWND hWnd)
{
*(BYTE*)0x0074306A = 0xE9;
*(DWORD*)(0x0074306A+1) = JMP( 0x0074306A, DiceVacHook );
*(DWORD*)0x00745CC6 = 0x0162840F; //0f 84 62 01
*(WORD*)(0x00745CC6 + 4) = 0x0000; //00 00
*(WORD*)0x0073F4A4 = 0x0575; // 75 05
*(DWORD*)0x0073F755 = 0x00D0850F; //0f 85 d0 00 // 00 00
*(WORD*)(0x0073F755 + 4) = 0x0000; //00 00
}
|
Original Script:
Code: | [Enable]
alloc(dICE,64)
alloc(right,4)
alloc(left,4)
registersymbol(right)
registersymbol(left)
label(return)
dICE:
pushad
mov edx, [89361c] //Char X
mov ebx, [edx+580]
mov ecx,[edx+584]
add ebx, [right]
sub ebx, [left]
mov eax,[892a9c] //Walls
mov [eax+C],ebx
mov [eax+14],ebx
mov [eax+10],ecx
mov [eax+18],ecx
popad
mov [ebx], eax
mov edi,[ebp+10]
jmp return
right:
db 00 00
left:
db 00 00
74306a:
jmp dICE
return:
745cc6:
db 0f 84 62 01 00 00
73f4a4:
db 75 05
73f755:
db 0f 85 d0 00 00 00
[Disable]
74306a:
mov [ebx], eax
mov edi,[ebp+10]
745cc6:
db 0f 85 62 01 00 00
73f4a4:
db 74 05
73f755:
db 0f 84 d0 00 00 00
dealloc(dICE)
dealloc(left)
dealloc(right)
unregistersymbol(left)
unregistersymbol(right) |
|
Code: |
*(DWORD*)0x00745CC6 = 0x0162840F; //0f 84 62 01
*(WORD*)(0x00745CC6 + 4) = 0x0000; //00 00
*(WORD*)0x0073F4A4 = 0x0575; // 75 05
*(DWORD*)0x0073F755 = 0x00D0850F; //0f 85 d0 00 // 00 00
*(WORD*)(0x0073F755 + 4) = 0x0000; //00 00
|
I see.. Don't reverse the bytes...try 0x0f846201 instead of 0x0162840F and so on.
|
|
Back to top |
|
|
kitterz Grandmaster Cheater Supreme Reputation: 0
Joined: 24 Dec 2007 Posts: 1268
|
Posted: Sat Nov 29, 2008 8:37 pm Post subject: |
|
|
No. The bytes need to be reversed, or else it'll be wrong.
_________________
|
|
Back to top |
|
|
&Vage Grandmaster Cheater Supreme Reputation: 0
Joined: 25 Jul 2008 Posts: 1053
|
Posted: Sat Nov 29, 2008 8:53 pm Post subject: |
|
|
If not than try a simple xor operation...
|
|
Back to top |
|
|
iRiot Master Cheater Reputation: 0
Joined: 03 Jul 2007 Posts: 395 Location: Aka RIOT
|
Posted: Sat Nov 29, 2008 9:11 pm Post subject: |
|
|
yea thats the problem theres nothign wrong with the coding and all the addresses are updated .. and the script works perfectly with the engine
_________________
|
|
Back to top |
|
|
Bizarro I post too much Reputation: 0
Joined: 01 May 2007 Posts: 2648
|
Posted: Sat Nov 29, 2008 9:30 pm Post subject: |
|
|
Code: | mov edx, [0x89361c]
mov edx,[edx] // add this |
c++ asm is a little different than the one in ce
_________________
w8 baby.com Banner contest, Come join NOW!!
Check us out for Prize deatils |
|
Back to top |
|
|
lurc Grandmaster Cheater Supreme Reputation: 2
Joined: 13 Nov 2006 Posts: 1900
|
Posted: Sat Nov 29, 2008 9:36 pm Post subject: |
|
|
VirtualProtect to PAGE_EXECUTE_READWRITE and it should work.
Edit:
And like bizzaro said, for the first thing it has to be:
Code: | mov edx, dword ptr [0x89361C] |
_________________
|
|
Back to top |
|
|
&Vage Grandmaster Cheater Supreme Reputation: 0
Joined: 25 Jul 2008 Posts: 1053
|
Posted: Sat Nov 29, 2008 10:23 pm Post subject: |
|
|
lurc wrote: | VirtualProtect to PAGE_EXECUTE_READWRITE and it should work.
Edit:
And like bizzaro said, for the first thing it has to be:
Code: | mov edx, dword ptr [0x89361C] |
|
That won't do anything. I just read the code and it looks like you are jumping back to the address and the address is jumping to the code cave in an infinite loop. The solution is change the return address to original address 0x05
|
|
Back to top |
|
|
smartz993 I post too much Reputation: 2
Joined: 20 Jun 2006 Posts: 2013 Location: USA
|
Posted: Sat Nov 29, 2008 10:46 pm Post subject: |
|
|
lurc wrote: | VirtualProtect to PAGE_EXECUTE_READWRITE and it should work. |
I already told him to do that on MSN...lmfao
void wrote: | That won't do anything. I just read the code and it looks like you are jumping back to the address and the address is jumping to the code cave in an infinite loop. The solution is change the return address to original address 0x05 |
If you read the source, he is jmping back to the original address plus 5.
Code: | DWORD DiceVacAddy = (0x0074306a + 5); |
|
|
Back to top |
|
|
lurc Grandmaster Cheater Supreme Reputation: 2
Joined: 13 Nov 2006 Posts: 1900
|
Posted: Sat Nov 29, 2008 10:48 pm Post subject: |
|
|
_void_ wrote: | lurc wrote: | VirtualProtect to PAGE_EXECUTE_READWRITE and it should work.
Edit:
And like bizzaro said, for the first thing it has to be:
Code: | mov edx, dword ptr [0x89361C] |
|
That won't do anything. I just read the code and it looks like you are jumping back to the address and the address is jumping to the code cave in an infinite loop. The solution is change the return address to original address 0x05 |
Are you actually stupid? Can you not read correctly?
Code: | DWORD DiceVacAddy = (0x0074306a + 5);
...
jmp DiceVacAddy
...
*(BYTE*)0x0074306A = 0xE9;
*(DWORD*)(0x0074306A+1) = JMP( 0x0074306A, DiceVacHook ); |
DiceVacAddy is 0x0074306A + 5.
He jumps to DiceVacAddy
He Modifies 0x0074306A (DiceVacAddy without +5).
@smartz993:
Add _void_ to the list
_________________
|
|
Back to top |
|
|
smartz993 I post too much Reputation: 2
Joined: 20 Jun 2006 Posts: 2013 Location: USA
|
Posted: Sat Nov 29, 2008 10:55 pm Post subject: |
|
|
lurc wrote: | _void_ wrote: | lurc wrote: | VirtualProtect to PAGE_EXECUTE_READWRITE and it should work.
Edit:
And like bizzaro said, for the first thing it has to be:
Code: | mov edx, dword ptr [0x89361C] |
|
That won't do anything. I just read the code and it looks like you are jumping back to the address and the address is jumping to the code cave in an infinite loop. The solution is change the return address to original address 0x05 |
Are you actually stupid? Can you not read correctly?
Code: | DWORD DiceVacAddy = (0x0074306a + 5);
...
jmp DiceVacAddy
...
*(BYTE*)0x0074306A = 0xE9;
*(DWORD*)(0x0074306A+1) = JMP( 0x0074306A, DiceVacHook ); |
DiceVacAddy is 0x0074306A + 5.
He jumps to DiceVacAddy
He Modifies 0x0074306A (DiceVacAddy without +5).
@smartz993:
Add _void_ to the list |
ahaha <33
It was probly just a mistake..although he has been acting all high and mighty about his fASM lately..
Anyways, i have no idea what your problem is. Let's talk on MSN.
**EDIT:
Code: | void _declspec(naked) __stdcall DiceVacHook()
{
__asm
{
pushad
mov edx,[0089361ch]
mov edx,[edx]
mov ebx,[edx+580h]
mov ecx,[edx+584h]
mov eax,[00892a9ch]
mov eax,[eax]
mov [eax+0xC],ebx
mov [eax+0x14],ebx
mov [eax+0x10],ecx
mov [eax+0x18],ecx
popad
mov [ebx], eax
mov edi,[ebp+0x10]
jmp DiceVacAddy
}
} |
There.
Last edited by smartz993 on Sat Nov 29, 2008 11:09 pm; edited 1 time in total |
|
Back to top |
|
|
iRiot Master Cheater Reputation: 0
Joined: 03 Jul 2007 Posts: 395 Location: Aka RIOT
|
Posted: Sat Nov 29, 2008 11:09 pm Post subject: |
|
|
Code: | void _declspec(naked) __stdcall DiceVacHook()
{
__asm
{
pushad
mov edx,[0089361ch]
mov edx,[edx]
mov ebx,[edx+580h]
mov ecx,[edx+584h]
mov eax,[00892a9ch]
mov eax,[eax]
mov [eax+0xc],ebx
mov [eax+14h],ebx
mov [eax+10h],ecx
mov [eax+18h],ecx
popad
mov [ebx], eax
mov edi,[ebp+0x10]
jmp DiceVacAddy
}
}
|
WORKS thanks to Smartz
_________________
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|