 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
gotogo
How do I cheat?
![]() Reputation: 0
Joined: 16 Sep 2015
Posts: 4
|
 Posted: Wed Sep 16, 2015 12:28 pm Post subject: Help me with function |
 |
|
I found a game function in OllyDbg that create units, it have 2 arguments (1 i guess is id of unit, second is how much units should be created) When I nop this:
| Code: |
016C6693 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
016C6696 |. 69C9 D4090000 IMUL ECX,ECX,9D4
016C669C |. FF70 05 PUSH DWORD PTR DS:[EAX+5]
016C669F |. 030D 80DFBA01 ADD ECX,DWORD PTR DS:[1BADF80]
016C66A5 |. FF70 01 PUSH DWORD PTR DS:[EAX+1]
016C66A8 |. E8 23EFD7FF CALL rise.014455D0
|
and tried build some units - nothing happend, so it should be right function, then I restored all code and allocated some memory in cheat engine when i paste this code:
| Code: |
MOV EAX,DWORD PTR SS:[EBP+8]
IMUL ECX,ECX,9D4
PUSH DWORD PTR DS:[EAX+5]
ADD ECX,DWORD PTR DS:[1BADF80]
PUSH DWORD PTR DS:[EAX+1]
CALL rise.014455D0
RET
|
and then created a new threat to execute this code but my game is always crashing. pls help me when I am wrong  ? maybe I should to push all same arguments is stack before ?
| Description: |
|
| Filesize: |
756.28 KB |
| Viewed: |
4124 Time(s) |
|
|
|
| Back to top |
|
 |
deama1234
Master Cheater
![]() Reputation: 3
Joined: 20 Dec 2014
Posts: 328
|
| Posted: Wed Sep 16, 2015 1:29 pm Post subject: |
|
|
| Code: | MOV EAX,DWORD PTR SS:[EBP+8]
IMUL ECX,ECX,9D4
PUSH DWORD PTR DS:[EAX+5]
ADD ECX,DWORD PTR DS:[1BADF80]
PUSH DWORD PTR DS:[EAX+1]
CALL rise.014455D0
RET |
It's cause all the registers are "0" and don't point to anything when you create a new thread.
|
|
| Back to top |
|
|
gotogo
How do I cheat?
![]() Reputation: 0
Joined: 16 Sep 2015
Posts: 4
|
| Posted: Thu Sep 17, 2015 8:59 am Post subject: |
|
|
| Quote: | | It's cause all the registers are "0" and don't point to anything when you create a new thread. |
Thanks for your respond, maybe do u have any ideas how to fix it ? Should I set them manually or what ?
I tried without registers, just numbers and now it's not crashing, just nothing happend but should build 1 worker(32h = 50d - id of worker)
| Code: | push 1
push 32
call 014455D0
retn
|
|
|
| Back to top |
|
|
panraven
Grandmaster Cheater
![]() Reputation: 62
Joined: 01 Oct 2008
Posts: 958
|
| Posted: Thu Sep 17, 2015 2:33 pm Post subject: |
|
|
( OOPS, I guess I'm getting too old, see the wrong thing :/ I saw the [EAX+0c] as [EBP+0c] at 16c668c which is not right. cannot see what parameter 2, if any, is.
Anyway the logging should still work and see some thing. )
1st parameter is not just number, it is a pointer. It can be seen from addr 016C6693 ,which move the 1st parameter [ebp+08] into eax, and using eax to refer +5,+1 offset at line ~9c, ~a5.
The 2nd parameter [ebp+0c] had been move to ecx, multiplied by 9d4h and added to an addr from a static address. It's multiplied so not a pointer, may be some unit id, but also may be your unit slot number to be receiving the created unit.
Try make a code cave to log the parameter and guess what it means? eg> (assume the code is in static address)
| Code: |
globalalloc(___,$4000)
[ENABLE]
assert(16c6696,69)
___+10:
imul ecx,ecx,9d4
pushad
add ecx,[1badf80]
mov [___+110],ecx // calculated ecx at 16c6696
mov eax,[ebp+08]
mov [___+100],eax // 1st parameter
mov ecx,[ebp+0c]
mov [___+104],ecx // 2nd parameter
mov ecx,[eax+1]
mov [___+108],ecx // [1st param + 1] = ??
mov ecx,[eax+5]
mov [___+10c],ecx // [1st param + 5] = ??
popad
jmp 16c669c
16c6696:
jmp ___+10
nop
[DISABLE]
assert(16c6696,e9)
16c6696:
imul ecx,ecx,9d4 |
view ___+100 at memory viewer, the 4bytes in order are : 1st parameter, 2nd parameter, [1st param + 01], [1st param + 05], & calculated ECX at 16c6696.
Dissect structure for the pointer-like values may see something indicating what it means.
With these further information, you may more ready to make a cheat of your desired effect.
_________________
- Retarded. |
|
| Back to top |
|
|
gotogo
How do I cheat?
![]() Reputation: 0
Joined: 16 Sep 2015
Posts: 4
|
| Posted: Thu Sep 17, 2015 3:11 pm Post subject: |
|
|
| thank you so much panraven, i will try to figure out tommorow
|
|
| Back to top |
|
|
deama1234
Master Cheater
![]() Reputation: 3
Joined: 20 Dec 2014
Posts: 328
|
| Posted: Thu Sep 17, 2015 5:50 pm Post subject: |
|
|
| Why don't you just leave it as it is and replace the second "argument" with like 10 so it creates 10 units instead of 1 or however many.
|
|
| Back to top |
|
|
gotogo
How do I cheat?
![]() Reputation: 0
Joined: 16 Sep 2015
Posts: 4
|
| Posted: Fri Sep 18, 2015 12:35 am Post subject: |
|
|
| This function not only create units, it's upgrading something too, I am trying to create some bot in c++ to auto upgrade something when I got enough money for it. Why? because it's funny and make game easier. But I am new one in ASM but know basics.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
