 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
DistortioN69
Newbie cheater
![]() Reputation: 0
Joined: 14 Mar 2010
Posts: 16
|
 Posted: Sun Mar 14, 2010 11:38 am Post subject: Help with converting AA to ASM |
 |
|
Hi, i tryed to convert this script into ASM
| Code: | [ENABLE]
alloc(DetectGM,25)
label(ReturnName)
00553A83: //C7 46 0C 00 00 00 00 89 47 04
jmp DetectGM
nop
nop
ReturnName:
DetectGM:
cmp [eax+70],5D4D475B //[GM]
je 00000000
mov [esi+0c],00000000
jmp ReturnName
[DISABLE]
dealloc(DetectGM)
00553A83:
mov [esi+0c],00000000
|
Ive read some posts and made this in vc++
| Code: | // GM Detect.cpp : Defines the exported functions for the DLL application.
//
#include "stdafx.h"
#include <windows.h>
#define JMP(frm,to) (((int)to - (int)frm)-5)
__declspec(naked) void myCodeCave ()
{
__asm
{
cmp [eax+0x70],0x5D4D475B //[GM]
je 00000000
mov [esi+0x0c],0x00000000
jmp dword ptr ds:[Address+5] // Address is a DWORD variable that holds the changed address to jump you codecave
}
}
void GMDetect ()
{
DWORD Address = 0x00553A83;
*(BYTE*)Address = 0xe9; // defining jump opcode
*(DWORD*)(Address+1) = JMP(Address,myCodeCave);
}
|
but when compiling i get (i cannot post url's so i removed the path from the build log.
| Quote: | 1>GM Detect.cpp
1>gm detect.cpp(17) : error C2094: label 'Address' was undefined
1>Build log was saved at "BuildLog.h t m"
1>GM Detect - 1 error(s), 0 warning(s)
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ========== |
anybody can help me with this plz ?
|
|
| Back to top |
|
 |
AtheistCrusader
Grandmaster Cheater
![]() Reputation: 6
Joined: 23 Sep 2006
Posts: 681
|
| Posted: Sun Mar 14, 2010 12:46 pm Post subject: |
|
|
*(BYTE*)Address = 0xe9;
define that BEFORE the asm code, in declarations
|
|
| Back to top |
|
|
DistortioN69
Newbie cheater
![]() Reputation: 0
Joined: 14 Mar 2010
Posts: 16
|
| Posted: Sun Mar 14, 2010 1:59 pm Post subject: |
|
|
ok im not that good with c so correct me if im wrong i have this now
| Code: | // GM Detect.cpp : Defines the exported functions for the DLL application.
//
#include "stdafx.h"
#include <windows.h>
#define JMP(frm,to) (((int)to - (int)frm)-5)
#define Adress
#define myCodeCave
void GMDetect()
{
DWORD Address = 0x00553A83;
*(BYTE*)Address = 0xe9; // defining jump opcode
*(DWORD*)(Address+1) = JMP(Address,myCodeCave);
}
__declspec(naked) void myCodeCave ()
{
__asm
{
cmp [eax+0x70],0x5D4D475B
je 00000000
mov [esi+0x0c],0x00000000
jmp dword ptr ds:[Address+5]
}
}
|
but now i get some other errors ... 
| Code: | 1>------ Build started: Project: GM Detect, Configuration: Debug Win32 ------
1>Compiling...
1>GM Detect.cpp
1>c:\users\distortion\documents\visual studio 2008\projects\project1\gm detect\gm detect\gm detect.cpp(16) : error C2059: syntax error : ')'
1>c:\users\distortion\documents\visual studio 2008\projects\project1\gm detect\gm detect\gm detect.cpp(17) : error C2143: syntax error : missing ';' before '{'
1>c:\users\distortion\documents\visual studio 2008\projects\project1\gm detect\gm detect\gm detect.cpp(17) : error C2447: '{' : missing function header (old-style formal list?)
1>Build log was saved at "file://c:\Users\DistortioN\Documents\Visual Studio 2008\Projects\Project1\GM Detect\GM Detect\Debug\BuildLog.h t m"
1>GM Detect - 3 error(s), 0 warning(s)
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ========== |
|
|
| Back to top |
|
|
NoMercy
Master Cheater
![]() Reputation: 1
Joined: 09 Feb 2009
Posts: 289
|
| Posted: Sun Mar 14, 2010 2:23 pm Post subject: |
|
|
U forget the Nops, they are before it jmps back so the jmp = + 7
Ill do it like this, idk if it compiles since i just code, but u can try
| Code: |
#include <windows.h>
#define JMP(frm,to) (((int)to - (int)frm)-5)
DWORD Address = 0x00553A83;
DWORD RetAdress = (Adress + 7) // cause 2 nops
__declspec(naked) void myCodeCave ()
{
__asm
{
cmp [eax+0x70], 0x5D4D475B //[GM]
je [00000000]
mov [esi+0x0c],0x00000000
jmp [RetAdress]
}
}
void GMDetect ()
{
*(BYTE*)Address = 0xe9; // defining jump opcode
*(DWORD*)(Address+1) = JMP(Address,myCodeCave);
*(WORD*) (Address +5)= 0x9090;
} |
Last edited by NoMercy on Sun Mar 14, 2010 2:27 pm; edited 1 time in total |
|
| Back to top |
|
|
DistortioN69
Newbie cheater
![]() Reputation: 0
Joined: 14 Mar 2010
Posts: 16
|
| Posted: Sun Mar 14, 2010 2:26 pm Post subject: |
|
|
it gives theese errors : | Code: | 1>------ Build started: Project: GM Detect, Configuration: Debug Win32 ------
1>Compiling...
1>GM Detect.cpp
1>c:\users\distortion\documents\visual studio 2008\projects\project1\gm detect\gm detect\gm detect.cpp(7) : error C2065: 'Adress' : undeclared identifier
1>c:\users\distortion\documents\visual studio 2008\projects\project1\gm detect\gm detect\gm detect.cpp(8) : error C2144: syntax error : 'void' should be preceded by ';'
1>Build log was saved at "file://c:\Users\DistortioN\Documents\Visual Studio 2008\Projects\Project1\GM Detect\GM Detect\Debug\BuildLog.h t m"
1>GM Detect - 2 error(s), 0 warning(s)
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========
|
|
|
| Back to top |
|
|
NoMercy
Master Cheater
![]() Reputation: 1
Joined: 09 Feb 2009
Posts: 289
|
| Posted: Sun Mar 14, 2010 2:28 pm Post subject: |
|
|
adress = Address ??? lol?
and
DWORD RetAdress = (Adress + 7) // cause 2 nops i forgot the ";" try again
|
|
| Back to top |
|
|
DistortioN69
Newbie cheater
![]() Reputation: 0
Joined: 14 Mar 2010
Posts: 16
|
| Posted: Sun Mar 14, 2010 5:35 pm Post subject: |
|
|
ive managed to create a executable wtih this code : | Code: |
#include "stdafx.h"
#include <windows.h>
#define JMP(frm,to) (((int)to - (int)frm)-5)
DWORD Adress = 0x00553A83;
DWORD RetAdress = (Adress + 7); // cause 2 nops
__declspec(naked) void myCodeCave ()
{
__asm
{
cmp [eax+0x70], 0x5D4D475B //[GM]
je [0x00000000]
mov [esi+0x0c],0x00000000
jmp [RetAdress]
}
}
void main ()
{
*(BYTE*)Adress = 0xe9; // defining jump opcode
*(DWORD*)(Adress+1) = JMP(Adress,myCodeCave);
*(WORD*) (Adress +5)= 0x9090;
}
int main(void);
|
the problem is the app kills itself ... anybody see where it might go wrong ?
doenst it needs to know what program to modify ? if so .. how do i do that ?
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Sun Mar 14, 2010 5:42 pm Post subject: |
|
|
learn how to code properly before making any further attempts here. that will modify code in your client. it kills itself because that memory is probably not valid. assuming it is your main terminates straight away. i don't know wtf you're doing with your main anyway. i'm surprised that compiles. i guess it looks like an overloaded function to the compiler.
and lol at your second line of assembly. good shit..
|
|
| Back to top |
|
|
DistortioN69
Newbie cheater
![]() Reputation: 0
Joined: 14 Mar 2010
Posts: 16
|
| Posted: Sun Mar 14, 2010 6:04 pm Post subject: |
|
|
euhm that 2nd line of asm is to dc my client when a GM pops up in my radius ... and why would that memory be invalid ... i converted it from a working CE script ...
but yeah .. learn how to code .. was a really good answer .. you sir helped me alot ... 
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Sun Mar 14, 2010 6:08 pm Post subject: |
|
|
| Code: | 00553A83: //C7 46 0C 00 00 00 00 89 47 04
jmp DetectGM
nop
nop
ReturnName:
DetectGM:
cmp [eax+70],5D4D475B //[GM]
je 00000000
mov [esi+0c],00000000
jmp ReturnName |
sir, you realise this is a basic case of starvation ? and it's invalid because memory of different processes stopped being directly addressable since over a decade ago. so unless the game you are attempting to hack is running on 16 bit DOS or something, good luck trying with that
seriously, go read some basic tutorials
|
|
| Back to top |
|
|
DistortioN69
Newbie cheater
![]() Reputation: 0
Joined: 14 Mar 2010
Posts: 16
|
| Posted: Sun Mar 14, 2010 6:22 pm Post subject: |
|
|
again .. what an answer .. i can go read 100's of tutorials that wont explain me what is going wrong here ... indeed i dont have much c++ knowledge .. so what .. im just trying to convert AA code to a dll to call upon with another language ... but im making an app as a step in between because its easyer to run ..
now seriously ... i read the tut on how to convert the AA code to ASM ... it compiles without any errors .. whats wrong ?
if i load up the CE script everything works ...
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Mon Mar 15, 2010 4:29 am Post subject: |
|
|
in your exe, that memory is not valid. it is most likely not allocated. even if you were to inject you need to change the page that is holding that address' protection. it will most likely be executable and readable but not writable. look into VirtualProtect() for that
and tell me why you have 2 main functions
|
|
| Back to top |
|
|
NoMercy
Master Cheater
![]() Reputation: 1
Joined: 09 Feb 2009
Posts: 289
|
| Posted: Tue Mar 16, 2010 2:33 pm Post subject: |
|
|
| _visiON_ wrote: | *(BYTE*)Address = 0xe9;
define that BEFORE the asm code, in declarations |
this is not needed
|
|
| Back to top |
|
|
AtheistCrusader
Grandmaster Cheater
![]() Reputation: 6
Joined: 23 Sep 2006
Posts: 681
|
| Posted: Tue Mar 16, 2010 2:38 pm Post subject: |
|
|
| NoMercy wrote: | | _visiON_ wrote: | *(BYTE*)Address = 0xe9;
define that BEFORE the asm code, in declarations |
this is not needed |
Well I didn't really see a call to the GMDetect() function so address will be undefined.
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Thu Mar 18, 2010 10:14 am Post subject: |
|
|
since i'm feeling nice.. here is an example of an AA script I converted the other day for a trainer I'm making..
| Code: | [enable]
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
00692B06:
jmp newmem
nop
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
push dword ptr [esi+000000f8]
fstp dword ptr [esi+000000f8]
pop dword ptr [esi+000000f8]
exit:
jmp returnhere
[disable] |
| Code: | #include "resource.h"
#include <windows.h>
#include <tchar.h>
#include <commctrl.h>
#pragma comment( lib, "comctl32.lib" )
#define JMP( frm, to ) ( ( ( int )to - ( int )frm ) - 5 )
HMODULE hModule;
DWORD BoostRet = 0x00692B0C;
DWORD BoostAddr = 0x00692B06;
BYTE BoostOrig[] = { 0xD9, 0x9E, 0xF8, 0x00, 0x00, 0x00 }; // fstp dword ptr [esi+0x000000f8]
void WriteJMP( DWORD from, DWORD to ) {
DWORD flOldProtect;
VirtualProtect( ( LPVOID )from, 5, PAGE_EXECUTE_READWRITE, &flOldProtect );
*( BYTE* )from = 0xE9;
*( DWORD* )( from + 1 ) = JMP( from, to );
VirtualProtect( ( LPVOID )from, 5, flOldProtect, &flOldProtect );
}
__declspec( naked ) void BoostHook() {
__asm {
push dword ptr [esi+0x000000f8]
fstp dword ptr [esi+0x000000f8]
pop dword ptr [esi+0x000000f8]
jmp [BoostRet]
}
}
void ActivateBoost( BOOL bActivate ) {
if( bActivate )
WriteJMP( BoostAddr, ( DWORD )BoostHook );
else {
DWORD flOldProtect;
VirtualProtect( ( LPVOID )BoostAddr, sizeof BoostOrig, PAGE_EXECUTE_READWRITE, &flOldProtect );
RtlMoveMemory( ( LPVOID )BoostAddr, BoostOrig, sizeof BoostOrig );
VirtualProtect( ( LPVOID )BoostAddr, sizeof BoostOrig, flOldProtect, &flOldProtect );
}
}
INT_PTR CALLBACK DlgProc( HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam ) {
switch( uMsg ) {
case WM_INITDIALOG: {
TCHAR szhWnd[15];
DWORD dwProcessId;
HWND hWnd = FindWindow( _T("GameFrame"), _T("Need for Speed™ Most Wanted") );
_stprintf_s( szhWnd, _countof( szhWnd ), _T("%08X"), hWnd );
SetDlgItemText( hwndDlg, IDC_EDIT2, szhWnd );
GetWindowThreadProcessId( hWnd, &dwProcessId );
_stprintf_s( szhWnd, _countof( szhWnd ), _T("%08X"), dwProcessId );
SetDlgItemText( hwndDlg, IDC_EDIT1, szhWnd );
RegisterHotKey( hwndDlg, 0, MOD_ALT, '1' );
return TRUE;
}
case WM_HOTKEY: {
switch( wParam ) {
case 0:
SendMessage( GetDlgItem( hwndDlg, IDC_CHECK1 ), BM_CLICK, NULL, NULL );
break;
default:
return FALSE;
}
return TRUE;
}
case WM_COMMAND: {
if( HIWORD( wParam ) == BN_CLICKED ) {
switch( LOWORD( wParam ) ) {
case IDC_CHECK1:
ActivateBoost( IsDlgButtonChecked( hwndDlg, IDC_CHECK1 ) == BST_CHECKED );
break;
case IDC_BUTTON1:
SendMessage( hwndDlg, WM_CLOSE, NULL, NULL );
break;
default:
return FALSE;
}
return TRUE;
}
break;
}
case WM_CLOSE:
EndDialog( hwndDlg, 0 );
return TRUE;
}
return FALSE;
}
void main() {
INITCOMMONCONTROLSEX iccex;
iccex.dwSize = sizeof iccex;
iccex.dwICC = ICC_STANDARD_CLASSES;
InitCommonControlsEx( &iccex );
DialogBoxParam( hModule, MAKEINTRESOURCE( IDD_DIALOG1 ), NULL, DlgProc, NULL );
FreeLibraryAndExitThread( hModule, 0 );
}
BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved ) {
if( fdwReason == DLL_PROCESS_ATTACH ) {
hModule = hinstDLL;
CreateThread( NULL, NULL, ( LPTHREAD_START_ROUTINE )main, NULL, NULL, NULL );
return TRUE;
}
return FALSE;
} |
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
