| View previous topic :: View next topic |
| Author |
Message |
limau
Newbie cheater
![]() Reputation: 0
Joined: 18 Jun 2014
Posts: 21
|
 Posted: Wed Jul 02, 2014 6:20 am Post subject: Which Assembly is Correct? |
 |
|
Hi all,
I have some question here regarding CE. I am using SWF Decompiler and here is the function in question.
| Code: | private function updateNeedTime() : void
{
var _loc_1:* = _productionGrid.data as StructureShopItemData;
if (resCon.time_txt != null && _loc_1 != null)
{
resCon.time_txt.text = _sNeedTime + DateTime.timeDurationDay(_loc_1.iTime * (_numberSetter.iCurrentValue / 10));
}
return;
}// end function |
Now, I want to set the value "_loc_1.iTime" into 0 to remove the time element.
Now, inside the SWF Decompiler, here's what I got.
| Code: | _as3_getlex framecore.structure.views.windows.machine:MachineWindow::_sNeedTime
//60 85 1b
_as3_getlex framecore.structure.views.themepanel.isometric.tools::DateTime
//d1
_as3_getlocal <1>
//66 f4 05
_as3_getproperty iTime
//60 db 39
_as3_getlex framecore.structure.views.windows.machine:MachineWindow::_numberSetter
//66 8f 3a
_as3_getproperty iCurrentValue
//24 0a
_as3_pushbyte 10
//a3
_as3_divide
//73
_as3_convert_i
//a2
_as3_multiply
//46 ee 32 01
_as3_callproperty timeDurationDay(param count:1)
//a0
_as3_add
//61 89 3a
_as3_setproperty text
//47 |
See the Image to see the CE Memory Viewer.
Which is correct? How do I rectify it?
| Description: |
|
| Filesize: |
98.32 KB |
| Viewed: |
13504 Time(s) |
|
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
| Posted: Wed Jul 02, 2014 6:44 am Post subject: |
|
|
Cheat engine interprets it as x86 code, which this is not
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
limau
Newbie cheater
![]() Reputation: 0
Joined: 18 Jun 2014
Posts: 21
|
| Posted: Wed Jul 02, 2014 7:51 am Post subject: |
|
|
| Then how do I modify the machine code if I cannot see what the assembly do and which register it uses?
|
|
| Back to top |
|
|
STN
I post too much
 Reputation: 43
Joined: 09 Nov 2005
Posts: 2676
|
| Posted: Wed Jul 02, 2014 12:07 pm Post subject: |
|
|
Are you sure this is code. If it is data which it looks like it then it never gets executed and hence all that gibberish.
You can also intentionally mess up a disassembler's displaying of code by throwing garbage opcodes (common with malware/anti-debug apps) or even sometimes unintentionally. I don't think this is that though.
You can modify it as usual. Double click on it and modify or add it as address (array of bytes) and modify the bytes directly or modify the bytes in hex viewer below.
_________________
|
|
| Back to top |
|
|
daspamer
Grandmaster Cheater Supreme
 Reputation: 54
Joined: 13 Sep 2011
Posts: 1588
|
| Posted: Wed Jul 02, 2014 12:26 pm Post subject: |
|
|
Check where iTime is being set.
Post back the function as AS and as RAW.
_________________
I'm rusty and getting older, help me re-learn lua. |
|
| Back to top |
|
|
cashd
Cheater
![]() Reputation: 0
Joined: 25 Nov 2012
Posts: 25
|
| Posted: Wed Jul 02, 2014 3:49 pm Post subject: |
|
|
the thing you got from the SWF decompiler is flash bytecode
you can patch directly byte code of flash
but to know exactly how to change them, you need to look on action script manual, the problem with that method, you have limit to change only the same amount of bytes and not more
if you just want to nop this function you can insert 02 on all the opcodes and replace them
02 is nop in flash bytecode 
the second way to patch flash is to patch the translated x86 code, ive done it for candy crush when i wanted to do unlimit steps.
but the problem with that, you cant find the AoB unless you really use that function.
you must first load the level before it translated to x86
|
|
| Back to top |
|
|
limau
Newbie cheater
![]() Reputation: 0
Joined: 18 Jun 2014
Posts: 21
|
| Posted: Wed Jul 02, 2014 11:23 pm Post subject: |
|
|
Thanks guys.. You are right, it is coded in action script 3 as3 format and it's not the same as assembly x86. That's why it doesn't make sense in CE.. So in this case I can only use CE as a hex editor.
Anyone has the complete instruction table byte code for AS3 language for flash?
@DaSpamer, instead I could change the code to
| Code: | | resCon.time_txt.text = _sNeedTime |
and the modification will be much easier?
|
|
| Back to top |
|
|
daspamer
Grandmaster Cheater Supreme
Reputation: 54
Joined: 13 Sep 2011
Posts: 1588
|
| Posted: Thu Jul 03, 2014 1:39 pm Post subject: |
|
|
That won't help,
The function only displays the time, so if you change it to
| Code: | | resCon.time_txt.text = _sNeedTime |
You're just editing time visaully.
It's better to modify where _sNeedTime is being set.
_________________
I'm rusty and getting older, help me re-learn lua. |
|
| Back to top |
|
|
cashd
Cheater
![]() Reputation: 0
Joined: 25 Nov 2012
Posts: 25
|
|
| Back to top |
|
|
daspamer
Grandmaster Cheater Supreme
Reputation: 54
Joined: 13 Sep 2011
Posts: 1588
|
| Posted: Thu Jul 03, 2014 5:34 pm Post subject: |
|
|
That won't help to achieve what he wants.
He wants to modify the iTime value.
| Quote: | | Now, I want to set the value "_loc_1.iTime" into 0 to remove the time element. |
Overriding the function with 02, will simply disable the function actions, it will not modify the iTime value nor the text object.
_________________
I'm rusty and getting older, help me re-learn lua. |
|
| Back to top |
|
|
cashd
Cheater
![]() Reputation: 0
Joined: 25 Nov 2012
Posts: 25
|
| Posted: Thu Jul 03, 2014 5:50 pm Post subject: |
|
|
he can do it by change the code where the time is set.
i said use 02 if he want to remove the function
if he want to modify the function he may use the action script bytecode and change it there and it possible
ive found in some game once a way to load same level all the times
by change the byte code
so it possible.
he can search the following tool developed by CyberShadow (my mate  )
https://github.com/CyberShadow/RABCDAsm
qoutes
"RABCDAsm is a collection of utilities including an ActionScript 3 assembler/disassembler, and a few tools to manipulate SWF files. These are:"
|
|
| Back to top |
|
|
daspamer
Grandmaster Cheater Supreme
Reputation: 54
Joined: 13 Sep 2011
Posts: 1588
|
|
| Back to top |
|
|
limau
Newbie cheater
![]() Reputation: 0
Joined: 18 Jun 2014
Posts: 21
|
| Posted: Fri Jul 04, 2014 1:46 am Post subject: |
|
|
| Code: | | resCon.time_txt.text = _sNeedTime + DateTime.timeDurationDay(_loc_1.iTime * (_numberSetter.iCurrentValue / 10)); |
You guys are right. This function seems to be the displaying function.
sNeedTime is a string type, displaying the text while _numberSetter.iCurrentValue is holding the amount put in while _loc_1.iTime hold the time needed for 1 item to be completed.
So, to make it work, _loc_1.iTime need to be set to a small value or zero.
By the way, I am seeing alot of _loc_2.* in the code or _loc_*.*.
loc stands for local variable?
AS function
| Code: | private function updateNeedTime() : void
{
var _loc_1:* = _productionGrid.data as StructureShopItemData;
if (resCon.time_txt != null && _loc_1 != null)
{
resCon.time_txt.text = _sNeedTime + DateTime.timeDurationDay(_loc_1.iTime * (_numberSetter.iCurrentValue / 10));
}
return;
}// end function |
Raw Data
| Code: |
private function updateNeedTime() : void
{
//d0
_as3_getlocal <0>
//30
_as3_pushscope
//60 e2 39
_as3_getlex framecore.structure.views.windows.machine:MachineWindow::_productionGrid
//66 93 01
_as3_getproperty data
//60 81 08
_as3_getlex framecore.structure.moudle.structure::StructureShopItemData
//87
_as3_astypelate
//80 81 08
_as3_coerce framecore.structure.moudle.structure::StructureShopItemData
//d5
_as3_setlocal <1>
//60 ce 0c
_as3_getlex framecore.structure.views.windows.exchangetask:AbstractPop::resCon
//66 8b 3a
_as3_getproperty time_txt
//20
_as3_pushnull
//ab
_as3_equals
//96
_as3_not
//2a
_as3_dup
//12 05 00 00
_as3_iffalse offset: 5
//29
_as3_pop
//d1
_as3_getlocal <1>
//20
_as3_pushnull
//ab
_as3_equals
//96
_as3_not
//12 23 00 00
_as3_iffalse offset: 35
//60 ce 0c
_as3_getlex framecore.structure.views.windows.exchangetask:AbstractPop::resCon
//66 8b 3a
_as3_getproperty time_txt
//60 fa 39
_as3_getlex framecore.structure.views.windows.machine:MachineWindow::_sNeedTime
//60 85 1b
_as3_getlex framecore.structure.views.themepanel.isometric.tools::DateTime
//d1
_as3_getlocal <1>
//66 f4 05
_as3_getproperty iTime
//60 db 39
_as3_getlex framecore.structure.views.windows.machine:MachineWindow::_numberSetter
//66 8f 3a
_as3_getproperty iCurrentValue
//24 0a
_as3_pushbyte 10
//a3
_as3_divide
//73
_as3_convert_i
//a2
_as3_multiply
//46 ee 32 01
_as3_callproperty timeDurationDay(param count:1)
//a0
_as3_add
//61 89 3a
_as3_setproperty text
//47
_as3_returnvoid
}// end function
|
"StructureShopItemData" seems to hold the value of _loc_1.iTime.
How do I find this structure?
|
|
| Back to top |
|
|
daspamer
Grandmaster Cheater Supreme
Reputation: 54
Joined: 13 Sep 2011
Posts: 1588
|
| Posted: Fri Jul 04, 2014 9:40 am Post subject: |
|
|
Yes loc stands for local variable.
Easiest way to find where iTime is being set, is to either search for
iTime
or search for
iTime =
(Hopefully it's being set there).
_________________
I'm rusty and getting older, help me re-learn lua. |
|
| Back to top |
|
|
limau
Newbie cheater
![]() Reputation: 0
Joined: 18 Jun 2014
Posts: 21
|
| Posted: Fri Jul 04, 2014 11:00 am Post subject: |
|
|
There is too many variable with "iTime =", however I did able to find "StructureShopItemData"
| Code: | package framecore.structure.moudle.structure
{
import __AS3__.vec.*;
import flash.display.*;
import flash.utils.*;
import framecore.structure.moudle.expand.data.*;
import framecore.structure.views.themepanel.isometric.data.floral.*;
public class StructureShopItemData extends Object
{
private var _iSellCash:int;
private var _iType:int;
private var _iPos:int;
private var _iExp:int;
private var _iCash:int;
private var _iLevel:int;
private var _iSize:int;
private var _iSizeX:int;
private var _iSizeY:int;
private var _iId:int;
private var _sName:String;
private var _iIndex:int;
private var _bIsGold:Boolean;
private var _currencyType:int;
private var _iLuxury:int;
private var _iSex:int;
private var _iTime:int;
private var _iSecTime:int;
private var _iOutput:int;
*
*
* |
Below, there is this function
| Code: |
*
*
*
public function get iTime() : int
{
return _iTime;
}// end function
public function set iTime(param1:int) : void
{
_iTime = param1;
return;
}// end function
*
*
* |
Therefore, why not return 0 instead of return _iTime?
| Code: | public function get iTime() : int
{
//d0
_as3_getlocal <0>
//30
_as3_pushscope
//60 d6 19
_as3_getlex framecore.structure.moudle.structure:StructureShopItemData::_iTime
//48
_as3_returnvalue
}// end function |
| Code: | d0 30 60 d6 19 48
d0 24 00 02 02 48 |
Initially when the game is already running, it didn't do anything.
When I loaded the game 98%, replace the code, then run it, the flash screen turn white and blank..
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
