Cheat Engine

[sylvanus]

original bytes from 004B44E7 to 004B44ED is :

004B44E7 50 push eax
004B44E8 FF 75 DC push [ebp-24]
004B44EB 8D 45 CC lea eax,[ebp-34]

50 FF 75 DC 8D 45 CC --> 7 BYTES, sure?

view image please :

[img]http://img528.imageshack.us/my.php?image=originalivrf3.jpg[/img]



next, i am patching with 7 bytes too in 004B44E7 :

call CODECAVE (5 BYTES)
nop (1 BYTE) -----> 5 + 1 + 1 = 7 bytes
nop (1 BYTE)

this is my code :

if (status == true) {
FixMem(GetCurrentProcess(), (void*)IVADDY, 5, PAGE_EXECUTE_READWRITE, (DWORD*)oldprot);
IVADDY = 0x004B44E7;
*(BYTE*)IVADDY = 0xE8; // call is 1 byte
*(DWORD*)(IVADDY + 1) = JMP(IVADDY, itemvac);//address of codecave is 4 byte
*(DWORD*)(IVADDY + 5) = 0x90; //nop is 1 byte
*(DWORD*)(IVADDY + 6) = 0x90; //nop is 1 byte

1+ 4 + 1 + 1 = 7 bytes? sure?

BUT!, oh suprise,

original bytes from 004B44E7 to 004B44EB patching correct!
but...

MORE BYTES are PATCHED??

view image

[img]http://img204.imageshack.us/my.php?image=patchmemoryko8.jpg[/img]

too patch.. FROM

004B44EE to 004B44F3 ??

004B44EE 00 00 add [eax],al ??
004B44F0 00 c4 add ah,al ??
004B44F2 4e dec esi ??
004B44EE 89 00 mov [eax],eax ??

any help please??

[GMZorita]

*(DWORD*)(IVADDY + 5) = 0x90; //nop is 1 byte
*(DWORD*)(IVADDY + 6) = 0x90; //nop is 1 byte

WRONG!
It was supose to be like this:

[Noz3001]

BYTE DWORD DWORD DWORD = 13. You need 7.

[sylvanus]

Yeah,

I am a stupid, I am ancioso for my trainer finishes that I did not realize this small mistake

in 32 bits, registers eax, ebx are DWORD = 2 WORDS
D = double

1 word = 2bytes

eax = 2 word = 4 bytes

and 1byte = 1 byte jeje

thanks GMZorita.