Joined: 12 Jul 2006
Location: The Netherlands
|Posted: Wed Sep 06, 2006 8:26 am Post subject: Code Injection (originaly by SoulX)
|THIS TUTORIAL WAS MADE BY SOULX. I FOUND IT VERY USEFULL, BUT IT'S MADE FOR TRAINER MAKER KIT. ALL CREDITS SHOULD GO TO SOULX.
ok, we'll use Cheat Engine and minesweeper. We will use assembler so the game will set the time to a specific amount, instead of increasing it every time.
-----Find time value-----------
So start CE and MineSweeper. Attach CE to MineSweeper and find the value for the time. You can do this be searching for "value between". So, start with between 0-10, and then 10-20 or something. Add the avlue to your table.
------Find code increasing time--------
Right click the adress in your table and select "Find out what writes to this adress". You'll get a screen with a list. Within a second, there will be a new item in the list. It should look like
01002ff5 - ff 05 9c 57 00 01 - inc [0100579c]
The adress of the code is the first part, "010002ff5". You'll have to remember it. The next part is byte representation of the code and the last part is the more readable version of the code.
----Opening the Auto Assembler--------
Ok, so we got the piece of code in the list. Select it and click the button "Show dissasembler". A new screen with a lot of code will pop up. The topmost piece of code is the one we just found. Select it and got to the menu "Tools -> Auto Assemble".
Now, you got a plain window that looks like a text editor. We could use a template, but we will do it by hand. This is the text you should enter. Don't copy paste, but really type it by hand. The comment will explain the lines, but the script won't work with the comment in it (don't know why).
[ENABLE] //This will be run once the script is being enabled
alloc(OurCode,1024) //Gives a label to a place we can put our code
label(ReturnHere) //makes a label. We'll have to define it later.
01002FF5: //the adress of the code increasing the time. We will insert code here...
jmp OurCode //jumps to our code
nop //a byte meaning nothing. The original command was 6 bytes, the jump only 5
ReturnHere: //now we can jump here by jumping to ReturnHere
OurCode: //place our code here
//originaly it was "inc [0100579c]". That increases by one. mov sets a value.
//12C is hexadecimal for 300. You can replace it with any value you want.
jmp ReturnHere //jump back to the place the code should be
[DISABLE] //This will be run once the script is being disabled
dealloc(OurCode) //release the memory
inc [0100579c] //replace with the original code.
----------Using the script-----------
ok, now you got a script that should work (you need to remove the comment). Now, in the file menu you can save the script, or add it to your cheat table. It will be stored in the table if you do, so you don't need any external files. Anyway, click "File -> Assign to current cheat table". Now you can enable and disable it by checking the freeze box in your table.
For a short list of common commands, see this: