 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
lolAnonymous
Expert Cheater
![]() Reputation: 1
Joined: 19 Jul 2015
Posts: 154
|
 Posted: Fri Jun 03, 2016 6:32 am Post subject: Help me understanding this C# Code |
 |
|
I was finding a tutorial to make trainer with C# and after few days I got a source code of a trainer, But I am having problem in understanding this code :-
| Code: | private int InitializeMoneyLock(CheckBox _myCheckBox)
{
moneyLock.applyCode = new byte[] { 0xC7, 0x45, 0x08, 0x00, 0x00, 0x00, 0x00, 0x66, 0x0F, 0xD6, 0x06, 0xD3, 0xCA, 0x2B, 0x55, 0x08, 0xC3 };
moneyLock.jmpOffset = 0x34F90E;
moneyLock.jmpStart = new byte[] { 0x50, 0xB8 };
moneyLock.jmpEnd = new byte[] { 0xFF, 0xD0, 0x58};
moneyLock.jmpRecovery = new byte[] { 0x66, 0x0F, 0xD6, 0x06, 0xD3, 0xCA, 0x2B, 0x55, 0x08 };
int ok;
if (_myCheckBox.IsChecked.Value == true)
{
ok = Helper.WriteCode(ref moneyLock);
if (ok <= 0) { _myCheckBox.IsChecked = false; }
}
else
{
ok = Helper.RecoveryCode(ref moneyLock);
}
return ok;
} |
I can't understand what is :
jmpoffset
jmpstart
jmpEnd
jmpRecovery
The auto assemble script I made is :-
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov [ebp+08],0
originalcode:
sub edx,[ebp+08]
rol edx,cl
exit:
jmp returnhere
"Asphalt8_w8.exe"+34F914:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"Asphalt8_w8.exe"+34F914:
sub edx,[ebp+08]
rol edx,cl
//Alt: db 2B 55 08 D3 C2 |
Note : I am a C language student and yeah I will have C# in the fourth module (after 8 months) , And I can't wait 8 months to make this code understand... So please Help me understanding this...
Thanks In Advance 
[EDITED]
As Cake-san helped me but I don't know why he/she removed his post.. 
Thanks a lot Cake-san
Do you have any idea that why He put the replace code in 3 different lines ?
| Code: | moneyLock.jmpStart = new byte[] { 0x50, 0xB8 };
moneyLock.jmpEnd = new byte[] { 0xFF, 0xD0, 0x58}; |
He can easily do this :-
| Code: | | moneyLock.jmpRecovery = new byte[] { 0x66, 0x0F, 0xD6, 0x06, 0xD3, 0xCA, 0x2B, 0x55, 0x08 }; |
and one more thing the jmpoffset must be the offset of 66 0F D6 06 ? Right?
Thanks In Advance
[/EDITED]
|
|
| Back to top |
|
 |
Cake-san
Grandmaster Cheater
 Reputation: 8
Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung
|
| Posted: Fri Jun 03, 2016 9:20 am Post subject: |
|
|
Sorry,there're something wrong in my post,that's why I deleted it. 
Here's my speculation,nothing more or less:
Originalcode:
| Code: |
0x34F907 - C7 45 08 00000000 - mov [ebp+08],00000000 { 0 }
0x34F90E - 66 0FD6 06 - movq [esi],xmm0
0x34F912 - D3 CA - ror edx,cl
0x34F914 - 2B 55 08 - sub edx,[ebp+08]
0x34F917 - C3 - ret
|
Injected:
| Code: |
0x34F907 - C7 45 08 00000000 - mov [ebp+08],00000000 { 0 }
0x34F90E - 50 - push eax
0x34F90F - B8 FFD058CA - mov eax,CA58D0FF { -900148993 }
0x34F914 - 2B 55 08 - sub edx,[ebp+08]
0x34F917 - C3 - ret
|
Like writing formal letter,maybe there're some formats that you need to follow ? 
_________________
... |
|
| Back to top |
|
|
lolAnonymous
Expert Cheater
![]() Reputation: 1
Joined: 19 Jul 2015
Posts: 154
|
| Posted: Fri Jun 03, 2016 9:31 am Post subject: |
|
|
| Thanks A lot Cake-san
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
