| View previous topic :: View next topic |
| Author |
Message |
ElverGone
Master Cheater
 Reputation: 0
Joined: 16 Mar 2007
Posts: 366
Location: Bellocan / The dragon nest left behind
|
 Posted: Wed Feb 20, 2008 1:31 am Post subject: [QUESTION] wtf is this and how do i fit this in? |
 |
|
| Code: | Alloc( MyCode, 2048 ) ; Allocate 2,048 bytes and store the allocated address into MyCode, which we use as the location where our new code goes.
Label( OverwrittenCode ) ; The code that was overwritten by the JMP to MyCode will go here.
Label( Exit ) ; JMP here to exit our custom code and go back to the original code.
Label( Return ) ; The location of the next instruction of the original code.
FullAccess( 0x00400000, 2048 )
0x00400000 :
jmp MyCode
Return :
MyCode : ; The allocated address. Put your code after this.
OverwrittenCode : ; The overwritten code (code that was overwritten by the JMP to MyCode).
dec ebp
pop edx
nop
add byte ptr [ebx], al
Exit : ; Automatic JMP back to the original code, or you can JMP Return directly to avoid coming here.
jmp Return
|
what kind of code is it?
and how do i fit this in there
| Code: | [Enable]
//NoDelay JMP
//40355E - EIP->403561
//NoDelay NOP1
//5F28EE - EIP->5F28F1
//NoDelay NOP2
//5F2902 - EIP->5F2909
//NoDelay NOP3
//593605 - EIP->59360E
[Disable] |
thanks to ferris for this code
_________________
rep me if you like Red Hot Chili Peppers
 |
|
| Back to top |
|
 |
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Wed Feb 20, 2008 7:24 pm Post subject: |
|
|
It's CE script. The code that Cheat Engine uses in it's ASM script engine.
_________________
- Retired. |
|
| Back to top |
|
|
sponge
I'm a spammer
 Reputation: 1
Joined: 07 Nov 2006
Posts: 6009
|
| Posted: Wed Feb 20, 2008 8:48 pm Post subject: |
|
|
If you aren't familiar with the FULLACCESS command I believe it's a wrapper for VirtualProtect (PAGE_EXECUTE_READWRITE).
_________________
|
|
| Back to top |
|
|
ElverGone
Master Cheater
Reputation: 0
Joined: 16 Mar 2007
Posts: 366
Location: Bellocan / The dragon nest left behind
|
| Posted: Wed Feb 20, 2008 9:07 pm Post subject: |
|
|
| Wiccaan wrote: | | It's CE script. The code that Cheat Engine uses in it's ASM script engine. |
i took it from MHS 
_________________
rep me if you like Red Hot Chili Peppers
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
|
| Back to top |
|
|
Negima
I post too much
![]() Reputation: 6
Joined: 22 May 2007
Posts: 2221
|
| Posted: Wed Feb 20, 2008 11:03 pm Post subject: |
|
|
| Code: | [Enable]
//NoDelay JMP
//40355E - EIP->403561
//NoDelay NOP1
//5F28EE - EIP->5F28F1
//NoDelay NOP2
//5F2902 - EIP->5F2909
//NoDelay NOP3
//593605 - EIP->59360E
[Disable] |
All of the opcodes are written into comments....
|
|
| Back to top |
|
|
sponge
I'm a spammer
Reputation: 1
Joined: 07 Nov 2006
Posts: 6009
|
| Posted: Thu Feb 21, 2008 12:56 am Post subject: |
|
|
| Wiccaan wrote: | | ElverGone wrote: | | Wiccaan wrote: | | It's CE script. The code that Cheat Engine uses in it's ASM script engine. |
i took it from MHS |
Congrats?
| Sponge wrote: | | If you aren't familiar with the FULLACCESS command I believe it's a wrapper for VirtualProtect (PAGE_EXECUTE_READWRITE). |
FULLACCESS calls VirtualProtectEx with PAGE_EXECUTE_READWRITE as the param. (As seen in autoassembler.pas:)
| Code: | //unprotectmemory
for i:=0 to length(fullaccess)-1 do
begin
virtualprotectex(processhandle,pointer(fullaccess[i].address),fullaccess[i].size,PAGE_EXECUTE_READWRITE,op);
if (fullaccess[i].address>80000000) and (DarkByteKernel<>0) then
MakeWritable(fullaccess[i].address,(fullaccess[i].size div 4096)*4096,false);
end; |
|
close enuff.
_________________
|
|
| Back to top |
|
|
Noz3001
I'm a spammer
 Reputation: 26
Joined: 29 May 2006
Posts: 6220
Location: /dev/null
|
| Posted: Thu Feb 21, 2008 9:26 am Post subject: |
|
|
| Code: | [Enable]
//NoDelay JMP
//40355E - EIP->403561
//NoDelay NOP1
//5F28EE - EIP->5F28F1
//NoDelay NOP2
//5F2902 - EIP->5F2909
//NoDelay NOP3
//593605 - EIP->59360E
[Disable] |
You can't fit that in there, it's saying that you need to set the value of EIP at the address, I think.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
