| View previous topic :: View next topic |
| Author |
Message |
Zeroist
Grandmaster Cheater Supreme
 Reputation: 0
Joined: 06 Oct 2007
Posts: 1624
Location: I /facepalm'ed when I saw that post about pacifist being a "fake"... Rofl.
|
 Posted: Tue Oct 21, 2008 6:03 pm Post subject: [C++]Help with Flags |
 |
|
I read the complete post that was posted with asm scripts being converted into the correct format for being read.
This is the one.
http://forum.cheatengine.org/viewtopic.php?t=220203
I saw the complicity of it and wondered if by doing registers that it would be a few less lines to declare, and a few less script changes (since there is no script). Wouldn't it?
Like doing a simple zero flag register:
This address I just randomly pulled out my ass.
I know for it to be recognized it has to be in hexidecimal other wise it would put it as a decimal so....
| Code: | | 0x006803EC ZF [*][ ] |
and would it not be under WORD and not DWORD?
Now, i completely have no idea of where to go... =X
(No idea what needs to be declared, etc)
Also, I searched and found a few threads over flags, but still it went over my head. Anyone care to explain it in laman's terms?
Anything is helpful ^_^
_________________
Bypassed a wordfilter with another url
Last edited by Zeroist on Tue Oct 21, 2008 7:08 pm; edited 1 time in total |
|
| Back to top |
|
 |
lurc
Grandmaster Cheater Supreme
 Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Tue Oct 21, 2008 6:16 pm Post subject: |
|
|
Flags are completely different. They aren't really a data type, but more of something that is set or not set.
What your looking for is SetThreadContext.
_________________
|
|
| Back to top |
|
|
nog_lorp
Grandmaster Cheater
 Reputation: 0
Joined: 26 Feb 2006
Posts: 743
|
| Posted: Tue Oct 21, 2008 6:25 pm Post subject: |
|
|
Your question doesn't really make sense. If you think that changes the value at 006803EC, you are mistaken. What it does is wait until the instruction at 006803EC, and before that instruction is run it sets ZF to [0 apparently, it doesn't matter for the example. sponge].
Just for conceptual understanding, let me give some background: There actually aren't really flag registers, there is THE flag register: one register that holds each flag bit - it is protected, you can't access it with mov etc, but there are some commands that let you fux with it: SAHF, LAHF, PUSHF, POPF.
_________________
Mutilated lips give a kiss on the wrist of the worm-like tips of tentacles expanding in my mind
I'm fine accepting only fresh brine you can get another drop of this yeah you wish
Last edited by nog_lorp on Tue Oct 21, 2008 6:38 pm; edited 1 time in total |
|
| Back to top |
|
|
sponge
I'm a spammer
 Reputation: 1
Joined: 07 Nov 2006
Posts: 6009
|
| Posted: Tue Oct 21, 2008 6:28 pm Post subject: |
|
|
I always thought one "tick" sets it to 0 and another "tick" sets the flag to 1.
Suddenly your claim towards creating a vac seems shabby. I don't think it was a confusion of what FLAG is but he probably just mixed up flags and debug registers to come up with flag registers.
FYI there is no E in decimal, so obviously its not decimal. Size of the instruction has nothing to do with the setting of flags.
_________________
|
|
| Back to top |
|
|
Zeroist
Grandmaster Cheater Supreme
Reputation: 0
Joined: 06 Oct 2007
Posts: 1624
Location: I /facepalm'ed when I saw that post about pacifist being a "fake"... Rofl.
|
| Posted: Tue Oct 21, 2008 6:37 pm Post subject: |
|
|
| lurc wrote: | Flags are completely different. They aren't really a data type, but more of something that is set or not set.
What your looking for is SetThreadContext. |
Can you explain roughly what the format of it would be like you did the other post? =X
I understood what you said unlike alot of other tutorials people posted over anything else... =O
I realize that before I use the function, I would mostlikely need to use the SuspendThread function befure (I guess you could say) "Ticking" the flag.
and that declaring use from kernel32.dll would be needed.
AND
One more question.
I saw and used the Lbot you made lurc which makes me come to think that you had had some experience with overcoming Gameguard's protection. Would by using DBs (Just like CE/UCEs) not require a CRC bypass nor a GGCRC?
| nog_lorp wrote: | Your question doesn't really make sense. If you think that changes the value at 006803EC, you are mistaken. What it does is wait until the instruction at 006803EC, and before that instruction is run it sets ZF to [0 apparently, it doesn't matter for the example. sponge].
Just for conceptual understanding, let me give some background: There actually aren't really flag registers, there is THE flag register: one register that holds each flag bit - it is protected, you can't access it with mov etc, but there are some commands that let you fux with it: SAHF, LAHF, PUSHF, POPF. |
Alright. So what would be needed for the zero flag or an effect LIKE the zero flag? =O
_________________
Bypassed a wordfilter with another url
Last edited by Zeroist on Tue Oct 21, 2008 6:49 pm; edited 4 times in total |
|
| Back to top |
|
|
nog_lorp
Grandmaster Cheater
Reputation: 0
Joined: 26 Feb 2006
Posts: 743
|
| Posted: Tue Oct 21, 2008 6:38 pm Post subject: |
|
|
| sponge wrote: | I always thought one "tick" sets it to 0 and another "tick" sets the flag to 1.
Suddenly your claim towards creating a vac seems shabby. I don't think it was a confusion of what FLAG is but he probably just mixed up flags and debug registers to come up with flag registers. |
Talking to me? I haven't used CE in over a year other than the occasional memory search, so I don't remember the exact GUI implementation. 'My' vac didn't involve any branching operations anyways.
He appears to think that "tick ZF' has something to do with the data at the address... Either that or he thinks there is some need for a reference to an instruction needs some size information with it.
_________________
Mutilated lips give a kiss on the wrist of the worm-like tips of tentacles expanding in my mind
I'm fine accepting only fresh brine you can get another drop of this yeah you wish |
|
| Back to top |
|
|
Zeroist
Grandmaster Cheater Supreme
Reputation: 0
Joined: 06 Oct 2007
Posts: 1624
Location: I /facepalm'ed when I saw that post about pacifist being a "fake"... Rofl.
|
| Posted: Tue Oct 21, 2008 6:43 pm Post subject: |
|
|
| nog_lorp wrote: | | sponge wrote: | I always thought one "tick" sets it to 0 and another "tick" sets the flag to 1.
Suddenly your claim towards creating a vac seems shabby. I don't think it was a confusion of what FLAG is but he probably just mixed up flags and debug registers to come up with flag registers. |
Talking to me? I haven't used CE in over a year other than the occasional memory search, so I don't remember the exact GUI implementation. 'My' vac didn't involve any branching operations anyways.
He appears to think that "tick ZF' has something to do with the data at the address... Either that or he thinks there is some need for a reference to an instruction needs some size information with it. |
It WAS the 2nd one. Now I don't know what to think =X
_________________
Bypassed a wordfilter with another url |
|
| Back to top |
|
|
lurc
Grandmaster Cheater Supreme
Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Tue Oct 21, 2008 6:54 pm Post subject: |
|
|
The only bypass lBot needed was an inline trampoline on PostMessageA to bypass the hook on it.
DB's engine is far detected and would not only require insane amounts of adjustments, but also bypasses for API hooks. CRC and GGCRC depend on the game, and for MapleStory, DB's engine will also need both.
_________________
|
|
| Back to top |
|
|
Zeroist
Grandmaster Cheater Supreme
Reputation: 0
Joined: 06 Oct 2007
Posts: 1624
Location: I /facepalm'ed when I saw that post about pacifist being a "fake"... Rofl.
|
| Posted: Tue Oct 21, 2008 7:03 pm Post subject: |
|
|
| lurc wrote: | The only bypass lBot needed was an inline trampoline on PostMessageA to bypass the hook on it.
DB's engine is far detected and would not only require insane amounts of adjustments, but also bypasses for API hooks. CRC and GGCRC depend on the game, and for MapleStory, DB's engine will also need both. |
@lurc:
Alright. So from what I've obsorbed, there is no bypass needed for what I'm attempting. Thanks for clarification. ^_^
@nog_lorp:
| Code: | LAHF (Load AH from Flags) copies SF, ZF, AF, PF, and CF to AH bits 7, 6, 4, 2, and 0, respectively (see Figure 3-22). The contents of the remaining bits (5, 3, and 1) are undefined. The flags remain unaffected.
SAHF (Store AH into Flags) transfers bits 7, 6, 4, 2, and 0 from AH into SF, ZF, AF, PF, and CF, respectively (see Figure 3-22). |
So im guessing I'mma be using LAHF and SAHF for my "project". Thanks for the push toward the right direction.
One thing that I'm still left in the hole about is how I'm going to put this into C++ form. =X
_________________
Bypassed a wordfilter with another url
Last edited by Zeroist on Tue Oct 21, 2008 7:04 pm; edited 1 time in total |
|
| Back to top |
|
|
nog_lorp
Grandmaster Cheater
Reputation: 0
Joined: 26 Feb 2006
Posts: 743
|
| Posted: Tue Oct 21, 2008 7:03 pm Post subject: |
|
|
Zeroist: When you are talking about the address of one instruction, you just need the address. The CPU looks at the first bytes to figure out what type of instruction it is, including which particular set of operands it takes (the same mnemonic can refer to several different instructions - for example MOV ECX,EAX is different from MOV [ECX],EAX, and is a different length), and can tell the size of the total instruction. If you want to overwrite an instruction at an address, you are writing data so you need to tell the memory operations what size of data you want to overwrite.
_________________
Mutilated lips give a kiss on the wrist of the worm-like tips of tentacles expanding in my mind
I'm fine accepting only fresh brine you can get another drop of this yeah you wish |
|
| Back to top |
|
|
Zeroist
Grandmaster Cheater Supreme
Reputation: 0
Joined: 06 Oct 2007
Posts: 1624
Location: I /facepalm'ed when I saw that post about pacifist being a "fake"... Rofl.
|
| Posted: Tue Oct 21, 2008 7:07 pm Post subject: |
|
|
| nog_lorp wrote: | | Zeroist: When you are talking about the address of one instruction, you just need the address. The CPU looks at the first bytes to figure out what type of instruction it is, including which particular set of operands it takes (the same mnemonic can refer to several different instructions - for example MOV ECX,EAX is different from MOV [ECX],EAX, and is a different length), and can tell the size of the total instruction. If you want to overwrite an instruction at an address, you are writing data so you need to tell the memory operations what size of data you want to overwrite. |
So attaching to "Maplestory" with any cheat engine, going to Memory View, and then finding my address will do for finding out what I need?
_________________
Bypassed a wordfilter with another url |
|
| Back to top |
|
|
lurc
Grandmaster Cheater Supreme
Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Tue Oct 21, 2008 7:15 pm Post subject: |
|
|
You won't even get to attach to MapleStory with a detected CE.
_________________
|
|
| Back to top |
|
|
Zeroist
Grandmaster Cheater Supreme
Reputation: 0
Joined: 06 Oct 2007
Posts: 1624
Location: I /facepalm'ed when I saw that post about pacifist being a "fake"... Rofl.
|
| Posted: Tue Oct 21, 2008 7:16 pm Post subject: |
|
|
| lurc wrote: | | You won't even get to attach to MapleStory with a detected CE. |
Gameguard doesn't start 'til you click 'START' on the start-up add.
This allowed for alot to people to update addresses for their needs.
BUT ANYWAY,
Whats left would be the format of using SetThreadContext. I have no clue of whats needed to use this function. =X
_________________
Bypassed a wordfilter with another url
Last edited by Zeroist on Tue Oct 21, 2008 7:21 pm; edited 1 time in total |
|
| Back to top |
|
|
lurc
Grandmaster Cheater Supreme
Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Tue Oct 21, 2008 7:18 pm Post subject: |
|
|
| Zeroist wrote: | | lurc wrote: | | You won't even get to attach to MapleStory with a detected CE. |
Gameguard doesn't start 'til you click 'START' on the start-up add.
This allowed for alot to people to update addresses for their needs. |
Oh well then yes.
Although, I prefer to use a unpacked client and just disassemble it using OLLYDBG or IDA and update addresses.
_________________
|
|
| Back to top |
|
|
Zeroist
Grandmaster Cheater Supreme
Reputation: 0
Joined: 06 Oct 2007
Posts: 1624
Location: I /facepalm'ed when I saw that post about pacifist being a "fake"... Rofl.
|
| Posted: Tue Oct 21, 2008 7:44 pm Post subject: |
|
|
| lurc wrote: | | Zeroist wrote: | | lurc wrote: | | You won't even get to attach to MapleStory with a detected CE. |
Gameguard doesn't start 'til you click 'START' on the start-up add.
This allowed for alot to people to update addresses for their needs. |
Oh well then yes.
Although, I prefer to use a unpacked client and just disassemble it using OLLYDBG or IDA and update addresses. |
OLLYDBG would be preferable, but its gets annoying have to unpack it every patch. I just stick to cheat engines.
BUT MOVING ON....
I don't know where to go now. =X
What would you guys suggest:
-Sticking to scripts (somewhat more understood)
-Flags (Since I already used alot of y'alls time)
or
-Registers
Overall, my purpose is to just make a dll you explained to iRiot and a few others. I just thought by using flags it would be alot less of a hassle. =X
_________________
Bypassed a wordfilter with another url |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
