| View previous topic :: View next topic |
| Author |
Message |
Rzzil
How do I cheat?
![]() Reputation: 0
Joined: 02 Apr 2015
Posts: 9
|
 Posted: Thu Apr 02, 2015 2:08 pm Post subject: What's wrong with my code |
 |
|
| Code: | push eax
mov eax,[ecx+00004020]
cmp eax,#1000
pop eax
jl originalcode
mov [ecx+00004014],#1000
jmp exit
originalcode:
mov [ecx+00004014],edi |
My code is suppose to run | Code: | | mov [ecx+00004014],#1000 |
if [ecx+00004020] is bigger or equal to 1000(decimal) and if less than 1000 jump to originalcode. Picture is the value of [ecx+00004020]. When I run the script it keep skipping to originalcode instead of mov [ecx+00004014],#1000.
Any one have idea how to fix that?
| Description: |
|
| Filesize: |
2.12 KB |
| Viewed: |
10751 Time(s) |
|
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25785
Location: The netherlands
|
| Posted: Fri Apr 03, 2015 4:05 am Post subject: |
|
|
try jb instead of jl
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Rzzil
How do I cheat?
![]() Reputation: 0
Joined: 02 Apr 2015
Posts: 9
|
| Posted: Fri Apr 03, 2015 4:55 am Post subject: |
|
|
| Dark Byte wrote: | | try jb instead of jl |
I just change to jb but same thing happened.
Other script are fine. Only this script happens to be like this.
|
|
| Back to top |
|
|
Geri
Moderator
![]() Reputation: 111
Joined: 05 Feb 2010
Posts: 5636
|
| Posted: Fri Apr 03, 2015 7:02 am Post subject: |
|
|
Try to replace #1000 with (int)1000.
_________________
|
|
| Back to top |
|
|
Rzzil
How do I cheat?
![]() Reputation: 0
Joined: 02 Apr 2015
Posts: 9
|
| Posted: Fri Apr 03, 2015 7:20 am Post subject: |
|
|
| Geri wrote: | | Try to replace #1000 with (int)1000. |
Still does not work. Problem is is not working properly [ecx+00004020] is actually the money cap for the game and [ecx+00004014] is the current money player owned. Initially money cap is 1000 and it is increasing during the game process. I have already try to change to and it is still not working and I try to replace jl to jb as well.
I have no idea whats going on.
One more thing, code "cmp" run perfectly fine when compare other values in any other scripts.
Here is the whole script
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
push eax
mov eax,[ecx+00004020]
cmp eax,#1000
pop eax
jl originalcode
mov [ecx+00004014],#1000
jmp exit
originalcode:
mov [ecx+00004014],edi
exit:
jmp returnhere
"sotes.exe"+1A1BF:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"sotes.exe"+1A1BF:
mov [ecx+00004014],edi
//Alt: db 89 B9 14 40 00 00 |
and original code is in the picture
| Description: |
|
| Filesize: |
149.01 KB |
| Viewed: |
10656 Time(s) |
|
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Fri Apr 03, 2015 8:26 am Post subject: |
|
|
I think it doesn't work because of jump at "sotes.exe+1A1B3".
Try different hackpoint.
EDIT:
From your code:
1. you are checking "is money cap is lower than 1000?"
2. if yes, do nothing.
3. if no, set current money to 1000
Is this something you want to achieve?
_________________
|
|
| Back to top |
|
|
Rzzil
How do I cheat?
![]() Reputation: 0
Joined: 02 Apr 2015
Posts: 9
|
| Posted: Fri Apr 03, 2015 8:39 am Post subject: |
|
|
| mgr.inz.Player wrote: | I think it doesn't work because of jump at "sotes.exe+1A1B3".
Try different hackpoint. |
I think that one is not a force jump the code can definitely run if I take out
| Code: | push eax
mov eax,[ecx+00004020]
cmp eax,#1000
pop eax
jl originalcode |
and put it | Code: | mov [ecx+00004014],#1000
jmp exit
originalcode:
mov [ecx+00004014],edi |
Player money is lock to (int)1000. The thing is I can lock money with out the "cmp" compare part in this script. I am just curious why "cmp" does not work here.
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Fri Apr 03, 2015 9:21 am Post subject: |
|
|
Could you post a little more original code. I'm just curious what's above sotes.exe+1A1AB.
Especially, what's inside EDX register.
_________________
|
|
| Back to top |
|
|
Rzzil
How do I cheat?
![]() Reputation: 0
Joined: 02 Apr 2015
Posts: 9
|
| Posted: Fri Apr 03, 2015 9:21 am Post subject: To mgr.inz.Player |
|
|
Yea....Because the money cap can not be lower than 1000. That's why I want to use it as a double check to make sure the code only affect current money. But due to some reason it did not work.
Edit:
Of course. Register and original code is in the attachment.
| Description: |
|
| Filesize: |
24.18 KB |
| Viewed: |
10604 Time(s) |
|
| Description: |
|
| Filesize: |
43.49 KB |
| Viewed: |
10604 Time(s) |
|
Last edited by Rzzil on Fri Apr 03, 2015 9:36 am; edited 1 time in total |
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Fri Apr 03, 2015 9:31 am Post subject: |
|
|
Is money cap a 32bit value, Or maybe 16bit value? (structure dissector only guesses )
EDIT: (ok, it is 32bit, I see this from the screenshot you just attached)
| Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
newmem:
cmp word ptr [ecx+00004020],#1000
jl originalcode
mov edi,#1000
originalcode:
mov [ecx+00004014],edi
jmp returnhere
"sotes.exe"+1A1BF:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
"sotes.exe"+1A1BF:
mov [ecx+00004014],edi
//Alt: db 89 B9 14 40 00 00 |
_________________
Last edited by mgr.inz.Player on Fri Apr 03, 2015 9:43 am; edited 2 times in total |
|
| Back to top |
|
|
Rzzil
How do I cheat?
![]() Reputation: 0
Joined: 02 Apr 2015
Posts: 9
|
| Posted: Fri Apr 03, 2015 9:41 am Post subject: |
|
|
| mgr.inz.Player wrote: | Is money cap a 32bit value, Or maybe 16bit value? (structure dissector only guesses )
| Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
newmem:
cmp word ptr [ecx+00004020],#1000
jl originalcode
mov edi,#1000
originalcode:
mov [ecx+00004014],edi
jmp returnhere
"sotes.exe"+1A1BF:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
"sotes.exe"+1A1BF:
mov [ecx+00004014],edi
//Alt: db 89 B9 14 40 00 00 |
|
I've try both 16bit and 32bit. Still no luck.I think is 32bit.
Edit:
I actually change money cap value to 99999999(decimal) and it correctly display in game.
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Fri Apr 03, 2015 10:12 am Post subject: |
|
|
| Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
newmem:
pushfd
cmp dword ptr [ecx+00004020],#1000
jl originalcode
mov edi,#1000
originalcode:
popfd
mov [ecx+00004014],edi //orig
jmp returnhere
"sotes.exe"+1A1BF:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
"sotes.exe"+1A1BF:
mov [ecx+00004014],edi
//Alt: db 89 B9 14 40 00 00 |
_________________
|
|
| Back to top |
|
|
Rzzil
How do I cheat?
![]() Reputation: 0
Joined: 02 Apr 2015
Posts: 9
|
| Posted: Fri Apr 03, 2015 10:18 am Post subject: |
|
|
| mgr.inz.Player wrote: | | Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
newmem:
pushfd
cmp dword ptr [ecx+00004020],#1000
jl originalcode
mov edi,#1000
originalcode:
popfd
mov [ecx+00004014],edi //orig
jmp returnhere
"sotes.exe"+1A1BF:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
"sotes.exe"+1A1BF:
mov [ecx+00004014],edi
//Alt: db 89 B9 14 40 00 00 |
|
It worked!!!!But I still don't understand what is actually happened.
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Fri Apr 03, 2015 10:24 am Post subject: |
|
|
This should also work:
| Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
newmem:
cmp dword ptr [ecx+00004020],#1000
jl originalcode
mov edi,#1000
originalcode:
test eax,eax
mov [ecx+00004014],edi //orig
jmp returnhere
"sotes.exe"+1A1BF:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
"sotes.exe"+1A1BF:
mov [ecx+00004014],edi
//Alt: db 89 B9 14 40 00 00 |
Our cmp dword ptr [ecx+00004020],#1000 affected CPU flags, previously set by "test eax,eax".
this pair:
test eax,eax
jle LABEL
can be translated to: jump to LABEL when eax is zero or negative.
You could use other hackpoint, this one: "sotes.exe+1A1BD"
_________________
|
|
| Back to top |
|
|
Rzzil
How do I cheat?
![]() Reputation: 0
Joined: 02 Apr 2015
Posts: 9
|
| Posted: Fri Apr 03, 2015 10:31 am Post subject: |
|
|
| mgr.inz.Player wrote: | This should also work:
| Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
newmem:
cmp dword ptr [ecx+00004020],#1000
jl originalcode
mov edi,#1000
originalcode:
test eax,eax
mov [ecx+00004014],edi //orig
jmp returnhere
"sotes.exe"+1A1BF:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
"sotes.exe"+1A1BF:
mov [ecx+00004014],edi
//Alt: db 89 B9 14 40 00 00 |
Our cmp dword ptr [ecx+00004020],#1000 affected CPU flags, previously set by "test eax,eax".
this pair:
test eax,eax
jle LABEL
can be translated to: jump to LABEL when eax is zero or negative.
You could use other hackpoint, this one: "sotes.exe+1A1BD" |
Thank you so much for fixing these. One more question...I just try changing my code to | Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,"sotes.exe"+1A1BF)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
push eax
mov eax,[ecx+00004020]
cmp eax,#1000
pop eax
jl originalcode
mov edi,#1000
mov [ecx+00004014],edi
jmp exit
originalcode:
mov [ecx+00004014],edi
exit:
jmp returnhere
"sotes.exe"+1A1BF:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"sotes.exe"+1A1BF:
mov [ecx+00004014],edi
//Alt: db 89 B9 14 40 00 00 |
The different between my initial code and this one is only add one line
But it still worked. How did that affect "cmp" above
In my initial code I use | Code: | | mov [ecx+00004014],#1000 |
new one : | Code: | mov edi,#1000
mov [ecx+00004014],edi |
Last edited by Rzzil on Fri Apr 03, 2015 10:37 am; edited 2 times in total |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
