| View previous topic :: View next topic |
| Author |
Message |
Renken
How do I cheat?
![]() Reputation: 0
Joined: 06 Aug 2018
Posts: 3
|
 Posted: Mon Aug 06, 2018 12:27 pm Post subject: C++ asm |
 |
|
Hi i want to code cheatengine script to c++ asm
here what i have
| Code: |
[ENABLE]
alloc(newmem,2048)
label(returnhere)
newmem:
mov [eax+00000118],(float)1
fstp dword ptr [eax+00000118]
jmp returnhere
"FOut2.exe"+8F3BC1:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
"FOut2.exe"+8F3BC1:
fld dword ptr [eax+00000118]
|
i tried to do the same in c++ like that
| Code: |
_declspec(naked) void test(void)
{
_asm
{
mov [eax+00000118],1
fld dword ptr[eax + 0x00000118]
jmp Test_Back
}
}
_declspec(naked) void test2(void)
{
_asm
{
mov eax, [Test_ID]
mov [eax+00000118],eax
fld dword ptr[eax + 0x00000118]
jmp Test_Back
}
}
|
then use memcpy to change the value
memcpy((unsigned long*)(&Test_ID + 0x118), (float*)&floatvalue, sizeof(float));
but game crash
any idea where did wrong !
|
|
| Back to top |
|
 |
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1587
|
| Posted: Mon Aug 06, 2018 12:50 pm Post subject: |
|
|
ill assume you have allocated virtual memory inside target process and unlocked memory region, but im not sure about memcpy. (i think memcpy used for string or any block inside your process)
you probably need writeprocessmemory.
edit:
and you probably need to calculate the bytes and replace original instruction with a jump to the new allocated memory.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 199
Joined: 25 Jan 2006
Posts: 8518
Location: 127.0.0.1
|
| Posted: Mon Aug 06, 2018 2:29 pm Post subject: |
|
|
There is a lot of code missing that could be the cause of your problems. Such as how you are applying the jump to your cave, how you are handling setting Test_ID's value / where it comes from, how you are handling and calculating the Test_Back jump and so on.
There is too little info given to attempt to help you on why it crashes.
_________________
- Retired. |
|
| Back to top |
|
|
Renken
How do I cheat?
![]() Reputation: 0
Joined: 06 Aug 2018
Posts: 3
|
| Posted: Mon Aug 06, 2018 4:39 pm Post subject: |
|
|
| OldCheatEngineUser wrote: | ill assume you have allocated virtual memory inside target process and unlocked memory region, but im not sure about memcpy. (i think memcpy used for string or any block inside your process)
you probably need writeprocessmemory.
edit:
and you probably need to calculate the bytes and replace original instruction with a jump to the new allocated memory. |
| atom0s wrote: | There is a lot of code missing that could be the cause of your problems. Such as how you are applying the jump to your cave, how you are handling setting Test_ID's value / where it comes from, how you are handling and calculating the Test_Back jump and so on.
There is too little info given to attempt to help you on why it crashes. |
sorry here is my full code
| Code: |
unsigned long Test_ID;
float floatvalue = 10;
unsigned long Test_Back;
DWORD dwBaseAddr = (DWORD)GetModuleHandle(0);
DWORD Addy = dwBaseAddr + 0x11FA35A;
Test_Back = Addy + 0x6;
DetourCreate((BYTE*)Addy, (BYTE*)test2, 0x6);
|
| Code: |
VOID *DetourCreate(BYTE *src, CONST BYTE *dst, CONST INT len)
{
DWORD dwback;
BYTE * jmp = (BYTE*)malloc(len + 5);
VirtualProtect(src, len, PAGE_READWRITE, &dwback);
memcpy(jmp, src, len);
jmp += len;
jmp[0] = 0xE9;
*(DWORD*)(jmp + 1) = (DWORD)(src + len - jmp) - 5;
memset(src, 0x90, len);
src[0] = 0xE9;
*(DWORD*)(src + 1) = (DWORD)(dst - src) - 5;
VirtualProtect(src, len, dwback, 0);
return (jmp - len);
}
|
Edit change test2 to
| Code: |
_declspec(naked) void test2(void)
{
_asm
{
mov [Test_ID], eax
mov [eax+00000118],eax
fld dword ptr[eax + 0x00000118]
jmp Test_Back
}
}
|
worked but it just set a random value and can't change it
| Description: |
|
| Filesize: |
12.96 KB |
| Viewed: |
4853 Time(s) |
|
| Description: |
|
| Filesize: |
2.39 KB |
| Viewed: |
4855 Time(s) |
|
| Description: |
|
| Filesize: |
19.13 KB |
| Viewed: |
4857 Time(s) |
|
|
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1587
|
| Posted: Mon Aug 06, 2018 6:13 pm Post subject: |
|
|
your cheat engine script is different than the one in your cpp program, what are you trying to do?
for your information you are moving register-base into memory location.
and with
you are loading register-base into fpu st0 register, so yeah what do you expect!
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
Renken
How do I cheat?
![]() Reputation: 0
Joined: 06 Aug 2018
Posts: 3
|
| Posted: Mon Aug 06, 2018 6:57 pm Post subject: |
|
|
| OldCheatEngineUser wrote: | your cheat engine script is different than the one in your cpp program, what are you trying to do?
for your information you are moving register-base into memory location.
and with
you are loading register-base into fpu st0 register, so yeah what do you expect! |
yes it's because i trying on fld [eax+118] right now but it's the same problem
same code what i am trying to do is edit a hp bar value as you can see in cheatengine just have to mov [eax+118],(float)value
what i am trying to do in cpp is set mov [eax+118],(float)value
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 199
Joined: 25 Jan 2006
Posts: 8518
Location: 127.0.0.1
|
| Posted: Mon Aug 06, 2018 7:36 pm Post subject: |
|
|
You're doing mov [eax+118], 1 which is not the same as what 1 means as a float. A float with the value of 1 has the actual 4 byte value of: 0x3f800000
So you need to make sure that you are properly setting the value based on that. A work around to this would be to read the value from a float into an integer:
| Code: |
float fvalue = 9999999.0f;
unsigned int ivalue = *(unsigned int*)&fvalue;
|
Then you can use ivalue to write to the memory location with the proper float value.
_________________
- Retired. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
