|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Modify_inc How do I cheat? Reputation: 0
Joined: 19 Jun 2018 Posts: 2
|
Posted: Fri Aug 14, 2020 12:46 pm Post subject: How is the following code executed when it is Jumped over? |
|
|
How is the "Tutorial-i386.exe"+275E3: line of code that is near the bottom executed in this injection if the line of code directly before it is a direct jump to returnhere:(meaning a jump with no conditions)? Notice, this is the Injection code template default for testing Step 7 in Cheat Engine. Just trying to make sense of how the code is parsed and interpreted as it executes.
Is there something in the inject code that inherently calls this code? Because I don't see how it can be executed with the jump code that precedes it. And I see no other references to it in the injection code.
Obviously, this code is executed, because any changes I make there are reflected in the program, though usually with poor results because I'm still learning.
Code: | alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
sub dword ptr [ebx+000004A4],01
exit:
jmp returnhere
"Tutorial-i386.exe"+275E3:
jmp newmem
nop 2
returnhere:
|
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4300
|
Posted: Fri Aug 14, 2020 1:38 pm Post subject: |
|
|
CE doesn't execute that code- it just changes and adds code in the game.
Code: | alloc(newmem,2048)
newmem:
sub dword ptr [ebx+000004A4],01
jmp returnhere
| This allocates some memory in the target process and writes a couple instructions into that memory. It doesn't actually execute those instructions at all.
Code: | "Tutorial-i386.exe"+275E3:
jmp newmem
nop 2
returnhere: | This changes the game's memory from whatever it was originally to a jump instruction and a couple nop instructions for padding. Again, CE doesn't execute anything, it just changes the game's code. When a thread does go to execute the code at that address, then it will:
- Jump to newmem
- Execute the code in newmem
- Jump back to the instruction after the first jump (label returnhere)
You generally don't control when a thread executes your code injection- it just happens whenever the game was suppose to execute the original code at that address. e.g. every time you click a button, use an item, or just periodically.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Modify_inc How do I cheat? Reputation: 0
Joined: 19 Jun 2018 Posts: 2
|
Posted: Fri Aug 14, 2020 3:16 pm Post subject: |
|
|
ParkourPenguin wrote: |
Code: | "Tutorial-i386.exe"+275E3:
jmp newmem
nop 2
returnhere: | This changes the game's memory from whatever it was originally to a jump instruction and a couple nop instructions for padding. Again, CE doesn't execute anything, it just changes the game's code. When a thread does go to execute the code at that address, then it will:
- Jump to newmem
- Execute the code in newmem
- Jump back to the instruction after the first jump (label returnhere)
You generally don't control when a thread executes your code injection- it just happens whenever the game was suppose to execute the original code at that address. e.g. every time you click a button, use an item, or just periodically. |
So the "Tutorial-i386.exe"+275E3: code is read or applied first, even though it's at the end of the injection script, which then jumps to the new allocated memory space, where the remaining injection code is placed, ending with a jump back to the original instruction after the first jump (label returnhere).
Is this correct?
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4300
|
Posted: Fri Aug 14, 2020 7:10 pm Post subject: |
|
|
I'm pretty sure CE writes instructions to memory in the order you list them: the sub/jmp instructions get written to newmem before the jmp/nop instructions get written at the injection point (i.e. "Tutorial-i386.exe"+275E3).
That's predominantly a pedantic, unnecessary detail. It almost certainly won't make any difference if it were the other way around.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|