| View previous topic :: View next topic |
| Author |
Message |
Aryan
How do I cheat?
![]() Reputation: 0
Joined: 17 Jul 2007
Posts: 4
|
 Posted: Mon Mar 24, 2008 11:22 am Post subject: Address Registers |
 |
|
| How do I use CE to view the registers of a specific address?
|
|
| Back to top |
|
 |
Labyrnth
Moderator
![]() Reputation: 10
Joined: 28 Nov 2006
Posts: 6301
|
| Posted: Mon Mar 24, 2008 11:56 am Post subject: |
|
|
| Set a break point on it. or use olly
|
|
| Back to top |
|
|
Symbol
I'm a spammer
![]() Reputation: 0
Joined: 18 Apr 2007
Posts: 5094
Location: Israel.
|
| Posted: Mon Mar 24, 2008 1:52 pm Post subject: |
|
|
Or, you can make a code cave and use "registersymbol".
Here's a little example:
| Code: | Alloc(Example, 512)
Alloc(EAX2,4)
Alloc(EBX2,4)
Alloc(ECX2,4)
Alloc(EDX2,4)
Alloc(ESI2,4)
Alloc(EDI2,4)
Alloc(EBP2,4)
Alloc(ESP2,4)
RegisterSymbol(EAX2)
RegisterSymbol(EBX2)
RegisterSymbol(ECX2)
RegisterSymbol(EDX2)
RegisterSymbol(ESI2)
RegisterSymbol(EDI2)
RegisterSymbol(EBP2)
RegisterSymbol(ESP2)
//Well EIP is kinda obvious! :D
AddressYouWantToGetRegistersValues:
call Example
//fill with NOPs if needed.
Example:
pushad
mov [EAX2],eax
mov [EBX2],ebx
mov [ECX2],ecx
mov [EDX2],edx
mov [ESI2],esi
mov [EDI2],edi
mov [EBP2],ebp
mov [ESP2],esp
popad
//Original memory here
ret //Use jmp (and replace the call to "Example" with jmp too) if you push anything else or jmp somewhere... |
You could also get ax, bx, cx, etc... values (or just add EAX2 [or something] as "2 Bytes" type) and al/ah by adding it as "Byte" type. (and the high word of eax, ebx, etc... by adding EAX2+2 as 2 bytes type or EBX2+2, etc...)
|
|
| Back to top |
|
|
Aryan
How do I cheat?
![]() Reputation: 0
Joined: 17 Jul 2007
Posts: 4
|
| Posted: Mon Mar 24, 2008 5:09 pm Post subject: |
|
|
| Labyrnth wrote: | | Set a break point on it. or use olly |
What do I do after making it a breakpoint?
|
|
| Back to top |
|
|
Labyrnth
Moderator
![]() Reputation: 10
Joined: 28 Nov 2006
Posts: 6301
|
| Posted: Mon Mar 24, 2008 5:24 pm Post subject: |
|
|
| Go to the game and do something to make it execute the code where you have a break set, then go back to ce and look and see what it tells you.
|
|
| Back to top |
|
|
Aryan
How do I cheat?
![]() Reputation: 0
Joined: 17 Jul 2007
Posts: 4
|
| Posted: Mon Mar 24, 2008 5:34 pm Post subject: |
|
|
| I made a break point on the address so that CE creates a process but the process isnt in the breakthread list when I open it. Also I don't believe there is a way to change the value of it (not sure why I would do that anyway?).
|
|
| Back to top |
|
|
Labyrnth
Moderator
![]() Reputation: 10
Joined: 28 Nov 2006
Posts: 6301
|
| Posted: Mon Mar 24, 2008 5:44 pm Post subject: |
|
|
| You can change the value of a register.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
