 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
xcynic
Cheater
![]() Reputation: 0
Joined: 28 Aug 2010
Posts: 31
|
 Posted: Sun Mar 06, 2011 7:58 pm Post subject: Pointer into Assembly Script |
 |
|
Hello again, so I've been learning (some) ASM and starting to get a hang of it.
BUT, when I tried to hack a game that used pointers, my whole world turned upside down, well I guess it did since Im somewhat drunk writing this...
Okey, back to the point..
I've written this script, but everytime I restart the game, the adress that I want changes (i've got the pointer), but I need to put that pointer in my script. Well. here is my script!
| Code: |
[ENABLE]
alloc(newmem,2048) //2kb should be enough
alloc(lol,1000)
label(returnhere)
label(originalcode)
label(exit)
mov ecx,50 // For the loop (?)
newmem:
jmp lol
lol:
push eax
mov eax,1000
mov [022aa95c],eax //Sets the value to 1000.
push eax
mov [022aa95c],eax
loop lol
jmp exit
originalcode:
add al,dh
exit:
jmp returnhere
022aa95c:
db 90 90 90
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem,2048)
022aa95c:
db 00 00 64 40 3F 6C EA 8A 53 C9 2C 37 00 00 00 00 //The value when //the char is halfway down the screen
|
BUT, everywhere there is 022aa95c, the pointer should be..
The pointer is:
"icytower15.exe"+000F8E38
(offsets)
1st: cc
2nd: 40
3rd: 124
4th: 8
4th: 0
Thanks alot, and answers will be really appreciated! 
Soz for my poor english..
|
|
| Back to top |
|
 |
Geri
Moderator
![]() Reputation: 111
Joined: 05 Feb 2010
Posts: 5627
|
| Posted: Sun Mar 06, 2011 8:28 pm Post subject: |
|
|
This code doesn't make any sense. 
You are injecting a code on a memory address (which is not even a code) to change the memory address itself. And even if it would be a code, you just push eax too times, mess up ecx, use integer instead of hex and loop what? Lol.
You will laugh at this when you will not be drunk.
_________________
|
|
| Back to top |
|
|
xcynic
Cheater
![]() Reputation: 0
Joined: 28 Aug 2010
Posts: 31
|
| Posted: Sun Mar 06, 2011 8:35 pm Post subject: |
|
|
| Geri wrote: | This code doesn't make any sense.
You are injecting a code on a memory address (which is not even a code) to change the memory address itself. And even if it would be a code, you just push eax too times, mess up ecx, use integer instead of hex and loop what? Lol.
You will laugh at this when you will not be drunk. |
It does work as wanted tho ;O
SEC and Ill put it on youtube :3
Here is a less "fkd up" version of the script (still somewhat drunk )
| Code: |
[ENABLE]
alloc(newmem,2048) //2kb should be enough
alloc(lol,1000)
label(returnhere)
label(originalcode)
label(exit)
newmem:
jmp lol
lol:
push eax
mov eax,1000
mov [022396F4],eax //Sets the value to 1000.
jmp exit
originalcode:
add al,dh
exit:
jmp returnhere
022396F4:
db 90 90 90
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem,2048)
022396F4:
db 00 00 64 40 3F 6C EA 8A 53 C9 2C 37 00 00 00 00
|
Youtube: youtube . com / watch ? v=LZYdqY3Y9CE
BTW:
How do you change the value of an adress with a script?
(Isnt that what im doing here: mov [022396F4],eax
Change the value of the adress 022396F4 to eax (1000) ahhh, I changed it to 3e8 now :p
|
|
| Back to top |
|
|
-DEViL-
Expert Cheater
![]() Reputation: 3
Joined: 21 Apr 2007
Posts: 185
|
| Posted: Mon Mar 07, 2011 5:28 am Post subject: |
|
|
| Code: | alloc(cave,256)
label(invalid)
cave:
pushad
mov eax,["icytower15.exe"+000F8E38]
or eax,eax
je short invalid//check if it's valid pointer or not
mov eax,[eax+cc]
or eax,eax
je short invalid
mov eax,[eax+40]
or eax,eax
je short invalid
mov eax,[eax+124]
or eax,eax
je short invalid
mov eax,[eax+8]
or eax,eax
je short invalid
mov [eax],#100//your desired value
invalid:
push #50//50 ms timeout before loop it again
call sleep
popad
jmp cave
createthread(cave) |
|
|
| Back to top |
|
|
xcynic
Cheater
![]() Reputation: 0
Joined: 28 Aug 2010
Posts: 31
|
| Posted: Mon Mar 07, 2011 8:43 am Post subject: |
|
|
| [eXtreme] wrote: | | Code: | alloc(cave,256)
label(invalid)
cave:
pushad
mov eax,["icytower15.exe"+000F8E38]
or eax,eax
je short invalid//check if it's valid pointer or not
mov eax,[eax+cc]
or eax,eax
je short invalid
mov eax,[eax+40]
or eax,eax
je short invalid
mov eax,[eax+124]
or eax,eax
je short invalid
mov eax,[eax+8]
or eax,eax
je short invalid
mov [eax],#100//your desired value
invalid:
push #50//50 ms timeout before loop it again
call sleep
popad
jmp cave
createthread(cave) |
|
Not quite sure how to use this, also, what is the 'or' function?
|
|
| Back to top |
|
|
xcynic
Cheater
![]() Reputation: 0
Joined: 28 Aug 2010
Posts: 31
|
| Posted: Wed Mar 09, 2011 5:55 am Post subject: |
|
|
| bump..
|
|
| Back to top |
|
|
Geri
Moderator
![]() Reputation: 111
Joined: 05 Feb 2010
Posts: 5627
|
| Posted: Wed Mar 09, 2011 9:19 am Post subject: |
|
|
This is how you can follow pointers in ASM. Check the static base, save the address at the first offset. Then again and again until you reach the value. But first you need to figure out what is the pointer path to your value. (The "or" will check that eax is not 0 but some valid pointer.)
_________________
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
