View previous topic :: View next topic |
Author |
Message |
Labyrnth Moderator Reputation: 9
Joined: 28 Nov 2006 Posts: 6285
|
Posted: Tue Jun 05, 2007 5:50 pm Post subject: |
|
|
CE reads symbols, so this can be used to get the base address of the module.
Pinball.exe+175b7
Pinball.exe base address is 10000000
So 10000000 + 175b7 = 10175b7
In return is the same as.
Pinball.exe+175b7
============================
So why not use 10175b7 in stead of Pinball.exe+175b7.
Well lets see why.
Say you loaded the game again and looked for the same thing over and found the address changed to 30175b7 <--- Whoa !
So the trainer or aa SCRIPT WONT WORK NOW, IT IS SEEING THE WRONG ADDRESS. Then we try again and it is changed again.
50175b7
So we look at the base address again and see what happened.
Now the base address of Pinball.exe is 50000000.
So by using Pinball.exe+ we get the base address of the module every time we load the game and run our script.
50175b7-50000000 = 175b7
Pinball.exe+175b7
All this is really used for is to defeat the code shift.
You dont see it in maple because it isnt necessary to use it unless you are getting a shift.
_________________
|
|
Back to top |
|
|
samuri25404 Grandmaster Cheater Reputation: 7
Joined: 04 May 2007 Posts: 955 Location: Why do you care?
|
Posted: Tue Jun 05, 2007 6:54 pm Post subject: |
|
|
Ok, I'm starting to understand it now. So what I should do to my code is edit the address to "Minesweeper.exe+2FF5", because its base address is 01000000.
Therefore my code will now become:
Code: |
[ENABLE]
alloc(ChiliDog,4)
registersymbol(ChiliDog)
winmine.exe+2FF5:
mov eax, [ChiliDog]
mov [0100579C], eax
nop
nop
[DISABLE]
dealloc(ChiliDog)
unregistersymbol(ChiliDog)
winmine.exe+2FF5:
inc [0100579C]
|
I'll go try it out right now.
Edit: The proccess is winmine.exe, not Minesweeper.exe, changed it.
Edit 2: Still disconnects. o_O
|
|
Back to top |
|
|
Labyrnth Moderator Reputation: 9
Joined: 28 Nov 2006 Posts: 6285
|
Posted: Tue Jun 05, 2007 7:05 pm Post subject: |
|
|
Dude, that is only needed for a code shift.
Mine sweeper isnt shifting.
And it isnt disconnecting, You are crashing the game because the code injection is not right.
Your script is all wrong.
You cant overwrite the original code like this or you crash.
You need to stop what your doing and read some tuts on writing AA scripts.
winmine.exe+2FF5: <--- increasers address
mov eax, [ChiliDog] <--- Overwriting increaser _ inc [0100579C] *The crash because you wrote to the increaser's address over writing it.
mov [0100579C], eax <--- Same as above
nop
nop
Not even getting to the [DISABLE] because the game is already crashed.
_________________
|
|
Back to top |
|
|
samuri25404 Grandmaster Cheater Reputation: 7
Joined: 04 May 2007 Posts: 955 Location: Why do you care?
|
Posted: Tue Jun 05, 2007 10:51 pm Post subject: |
|
|
Eh?
I heeded your warning and went to go read some Tut's.
Luckily, the forums is filled with so much crap, that the Search Box becomes virtually useless after two-three pages. (Sometimes even fewer)
I read Skyone's Tutorial, I read TheSorcerer's Tutorial, I read Dark Byte's Tutorial, and I've probably read others that I can't remember. (Note these are only Tuts on the language, not writing scripts.)
Would you happen to know where I could learn this kind of stuff?
~~~~~~~~~~~
I think I kind of understand what you're saying about my script. Should I have instead created somewhere else to put my script?
Such as the template below
Code: |
[enable]
alloc(whatever,x)
alloc(chilidog,y)
label(whatever)
registersymbol(chilidog)
whatever:
put my script here
[disable]
dealloc
dealloc
unregistersymbol
|
|
|
Back to top |
|
|
sponge I'm a spammer Reputation: 1
Joined: 07 Nov 2006 Posts: 6009
|
Posted: Tue Jun 05, 2007 10:56 pm Post subject: |
|
|
you have to restore registers and flags after your modifcation... unless what you want to do is modify a register... and then you have to reinstate the original operand.
_________________
|
|
Back to top |
|
|
samuri25404 Grandmaster Cheater Reputation: 7
Joined: 04 May 2007 Posts: 955 Location: Why do you care?
|
Posted: Tue Jun 05, 2007 11:02 pm Post subject: |
|
|
sponge wrote: | you have to restore registers and flags after your modifcation... unless what you want to do is modify a register... and then you have to reinstate the original operand. |
Eh? No, you don't understand. Wha the was saying is that I screwed up so badly on the first part of the script that it wouldnt have mattered what happened after that.
Edit: Thanks for trying though. The effort is appreciated. =)
By the way, I rewrote my script, but it won't tick in CE, after I add it to my CT. -.-;
Code: |
[enable]
alloc(WhatNowMinesweeper,256)
alloc(ChiliDog,4)
label(WhatNowMinesweeper)
registersymbol(ChiliDog)
01002FF5:
jmp WhatNowMinesweeper
nop
WhatNowMinesweeper:
mov eax,[ChiliDog]
mov [0100579C],eax
[disable]
dealloc(WhatNowMinesweeper)
dealloc(ChiliDog)
unregistersymbol(ChiliDog)
01002FF5:
inc [0100579C]
|
|
|
Back to top |
|
|
sponge I'm a spammer Reputation: 1
Joined: 07 Nov 2006 Posts: 6009
|
Posted: Tue Jun 05, 2007 11:03 pm Post subject: |
|
|
why are you even moving the value of chillidog into eax... you dont even state the value of chili dog...
btw im still correct... because probably inc sets a flag and a conditional jump will probably be near....
chilidog:
dd/db/dw XXXXXXXXXXX
because some random value will be moved in at the first place just define the beginning value and you can change the rest on your ct.
_________________
|
|
Back to top |
|
|
samuri25404 Grandmaster Cheater Reputation: 7
Joined: 04 May 2007 Posts: 955 Location: Why do you care?
|
Posted: Tue Jun 05, 2007 11:09 pm Post subject: |
|
|
sponge wrote: | why are you even moving the value of chillidog into eax... you dont even state the value of chili dog...
btw im still correct... because probably inc sets a flag and a conditional jump will probably be near....
chilidog:
dd/db/dw XXXXXXXXXXX
because some random value will be moved in at the first place just define the beginning value and you can change the rest on your ct. |
Ok, I've seen this in many Maplestory scripts, and have yet to see it in any tut. What is dd/db/dw? Sorry if I'm being a burden, but could you explain their uses and such?
I'm moving the value of ChiliDog into eax because you can't put
Code: |
mov [address],[ChiliDog]
|
Edit: Is EAX the correct register to use? I'm gonna go look that up.
|
|
Back to top |
|
|
sponge I'm a spammer Reputation: 1
Joined: 07 Nov 2006 Posts: 6009
|
Posted: Tue Jun 05, 2007 11:12 pm Post subject: |
|
|
it just defines the value of the address. db XX XX XX dw XXXX XXXX dd XXXXXXXX
dd 0 makes the 4 bytes at that address 00
dd 1 = 00000001
you can use eax.just restore it after
push eax
//do your crap here
pop eax
_________________
|
|
Back to top |
|
|
samuri25404 Grandmaster Cheater Reputation: 7
Joined: 04 May 2007 Posts: 955 Location: Why do you care?
|
Posted: Tue Jun 05, 2007 11:20 pm Post subject: |
|
|
Alright. So what my code should be is...
Code: |
[enable]
alloc(WhatNowMinesweeper,256)
alloc(ChiliDog,4)
label(WhatNowMinesweeper)
registersymbol(ChiliDog)
ChiliDog:
dd 0
01002FF5:
jmp WhatNowMinesweeper
nop
WhatNowMinesweeper:
push eax
mov eax,[ChiliDog]
mov [0100579C],eax
pop eax
[disable]
dealloc(WhatNowMinesweeper)
dealloc(ChiliDog)
unregistersymbol(ChiliDog)
01002FF5:
inc [0100579C]
|
If this works, I swear you are the greatest man (woman?) alive. If it doesn't, then when you finally get it through to me, you will be the greatest whatever alive. =)
Definately Rep up once I can rep again. ("You have to wait xxxxx seconds to rep again.")
Edit: Ok, I tried to tick it, and it may have, I didn't see, but Minesweeper crashed and gave me an error. This time, however, it's not a Data Execution Error, just "Entertainment Pack Minesweeper Game has encountered a problem and needs to close."
|
|
Back to top |
|
|
sponge I'm a spammer Reputation: 1
Joined: 07 Nov 2006 Posts: 6009
|
Posted: Tue Jun 05, 2007 11:21 pm Post subject: |
|
|
that wont work... you ahve to jump back to normal code. its like a hook... you redirect it out... but after that you have to redirect it back in or else it has no where else to go.
_________________
|
|
Back to top |
|
|
samuri25404 Grandmaster Cheater Reputation: 7
Joined: 04 May 2007 Posts: 955 Location: Why do you care?
|
Posted: Tue Jun 05, 2007 11:23 pm Post subject: |
|
|
o_O
Jump back to normal code? As in the code below?
Code: |
WhatNowMinesweeper:
...
...
...
...
jmp 01002FF5
|
Edit: Ok, there's just one minor problem. When I tick the script, Minesweeper freezes. I'm gonna go ahead and guess that my script is fine, and I'm just not supposed to do this. If anyone wants to take a look at my script and maybe determine if something's wrong or not, here it is:
Code: |
[enable]
alloc(WhatNowMinesweeper,256)
alloc(ChiliDog,4)
label(WhatNowMinesweeper)
registersymbol(ChiliDog)
ChiliDog:
dd 0
01002FF5:
jmp WhatNowMinesweeper
nop
WhatNowMinesweeper:
push eax
mov eax,[ChiliDog]
mov [0100579C],eax
pop eax
jmp 01002FF5
[disable]
dealloc(WhatNowMinesweeper)
dealloc(ChiliDog)
unregistersymbol(ChiliDog)
01002FF5:
inc [0100579C]
|
|
|
Back to top |
|
|
sponge I'm a spammer Reputation: 1
Joined: 07 Nov 2006 Posts: 6009
|
Posted: Wed Jun 06, 2007 6:18 pm Post subject: |
|
|
that will be an infinite loop... a long jump is 5 bytes... so jmp 1002ffa
easier way is
Addy:
jmp/call
nops go here
return:
at the end of your code do
jmp return
you need to label(return )
_________________
|
|
Back to top |
|
|
samuri25404 Grandmaster Cheater Reputation: 7
Joined: 04 May 2007 Posts: 955 Location: Why do you care?
|
Posted: Wed Jun 06, 2007 7:39 pm Post subject: |
|
|
Yeah, I'm confused.
The long jump thing... Why am I jumping to 01002FFA?
Edit: I believe the address is 6 Bytes, therefore a long jump + a nop = 6 bytes.
o.o;
But I see for the other thing. Instead, my code should be...
Code: |
[enable]
alloc(WhatNowMinesweeper,256)
alloc(ChiliDog,4)
label(WhatNowMinesweeper)
label(ReturnHere)
registersymbol(ChiliDog)
ChiliDog:
dd 0
01002FF5:
jmp WhatNowMinesweeper
nop
ReturnHere:
WhatNowMinesweeper:
push eax
mov eax,[ChiliDog]
mov [0100579C],eax
pop eax
jmp ReturnHere
[disable]
dealloc(WhatNowMinesweeper)
dealloc(ChiliDog)
unregistersymbol(ChiliDog)
01002FF5:
inc [0100579C]
|
Edit:
I did a similar script before, (just lookin' through my old stuff) that didn't crash Minesweeper, yet was almost exactly the same as my first one:
Code: |
[enable]
alloc(waffles,512)
registersymbol(waffles)
0100579C:
mov eax, [waffles]
mov [0100579C], eax
[disable]
dealloc(waffles)
unregistersymbol(waffles)
0100579C:
inc [0100579C]
|
Are you guys misleading me? o.O
|
|
Back to top |
|
|
Chi-Tur How do I cheat? Reputation: 0
Joined: 13 Jun 2007 Posts: 1
|
Posted: Wed Jun 13, 2007 5:14 pm Post subject: ty |
|
|
ty that helped wit almost evryting..
|
|
Back to top |
|
|
|