Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How to remove some flash bytecodes?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
LtO
Advanced Cheater
Reputation: 0

Joined: 09 Mar 2015
Posts: 71

PostPosted: Wed Mar 07, 2018 6:48 am    Post subject: How to remove some flash bytecodes? Reply with quote

I was looking to solve something that is in my way in a game, and I know exactly what codes I want/need to remove. But I can't do this by 'replace this with code that does nothing' (nop), cause it also affects other code then which I do need and so the game crashes... What's the best way to do this? Also sometimes I don't have to remove the whole string that I search for because sometimes I need to remove let's say code 62 0a 96, but it will find that aob a lot so I need to add more bytes to search for, but only delete that (to make sure I only deleted that particular 62 0a 96 array in memory)... It's quite a bit of code that I need to remove, but I can still do it manually but was wondering what is the best way?
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Wed Mar 07, 2018 7:21 am    Post subject: Reply with quote

presumably find the equivalent of 0x90 aka nop. Find some pcode that is 1 or 3 bytes long which effectively does nothing. There are a ton of things that do nothing, adding 0, multiplying by 1, oring by 0, anding by -1, add 1 and then subtract 1, storing a value in a variable that will never get used again, etc.

Alternatively, figure out how jumping / branching works in pcode and see if you can write one in 1-3 bytes to skip to the pcode instruction you want.

_________________
https://github.com/FreeER/ has a few CE related repos
Back to top
View user's profile Send private message
LtO
Advanced Cheater
Reputation: 0

Joined: 09 Mar 2015
Posts: 71

PostPosted: Wed Mar 07, 2018 8:09 am    Post subject: Reply with quote

Ok, well here is the code that I need to change, and 2nd to how the code should look without that part of it (with just a few minor different aobs):

Code:
pushstring "!"
; ab
equals
; 62 0b
getlocal 11
; 11 0f 03 00
iftrue ofs03cf
; 2a
dup
; 62 0b
getlocal 11
; 96
not
; 12 45 03 00
iffalse ofs040d
; 12 27 00 00
iffalse ofs00f3
; 62 0a
getlocal 10
; 96
not
; 11 eb 02 00
iftrue ofs03be
; 29
pop
; 62 0b
getlocal 11
; 96
not
; 12 7a 04 00
iffalse ofs0555
; 60 4d
getlex Qname(PackageNamespace(""),"OWUser")
; 46 82 01 00
callproperty Qname(PackageNamespace(""),"GetUser") 0
; 46 83 19 00
callproperty Qname(PackageNamespace(""),"GetIsDeveloper") 0
; 62 0a
getlocal 10
; 96
not
; 11 07 00 00
iftrue ofs00f3
; 76
convert_b
; 62 0a
getlocal 10
; 12 ef 01 00
iffalse ofs02e2
; 12 91 02 00
ofs00f3:iffalse ofs0388
; 62 0b
getlocal 11
; 96
not
; 12 17 00 00
iffalse ofs0115
; d1
getlocal_1
; 62 0b
getlocal 11
; 96
not
; 12 8c 01 00
iffalse ofs0292
; 85
coerce_s
; 62 0b
getlocal 11
; 96
not
; 12 07 01 00
iffalse ofs0215
; d6
setlocal_2
; 62 0a
getlocal 10
; 12 c5 01 00
iffalse ofs02da
; 62 0a
ofs0115:getlocal 10
; 11 12 00 00
iftrue ofs012d
; 62 09
getlocal 9
; 62 05
getlocal 5
; 62 06
getlocal 6
; 08 09
kill 9
; 08 05
kill 5
; 08 06
kill 6
; 63 06
setlocal 6
; 63 05
setlocal 5
; 63 09
setlocal 9
; 27
ofs012d:pushfalse
; 62 0b
getlocal 11
; 11 9b 02 00
iftrue ofs03cf
; 63 06
setlocal 6
; 62 0b
getlocal 11
; 96
not
; 12 bf 03 00
iffalse ofs04fc
; 62 0b
getlocal 11
; 12 39 00 00
iffalse ofs017c
; d1
getlocal_1
; 62 09
getlocal 9
; 62 09
getlocal 9
; 08 01
kill 1
; 08 09
kill 9
; 08 09
kill 9
; 63 09
setlocal 9
; 63 09
setlocal 9
; d5
setlocal_1
; 09
ofs0153:label
; 27
pushfalse
; 62 0b
getlocal 11
; 96
not
; 12 bb 02 00
iffalse ofs0417
; 63 08
setlocal 8
; 62 0b
getlocal 11
; 11 31 03 00
iftrue ofs0495
; 62 0a
getlocal 10
; 11 37 00 00
iftrue ofs01a1
; 62 07
getlocal 7
; 62 0a
getlocal 10
; 62 08
getlocal 8
; 08 07
kill 7
; 08 0a
kill 10
; 08 08
kill 8
; 63 08
setlocal 8
; 63 0a
setlocal 10
; 63 07
setlocal 7
; 27
ofs017c:pushfalse
; 62 0a
getlocal 10
; 96
not
; 11 ab 02 00
iftrue ofs042f
; 63 07
setlocal 7
; 62 0a
getlocal 10
; 96
not
; 11 cd 00 00
iftrue ofs025a
; 62 0a
getlocal 10
; 11 c0 ff ff
iftrue ofs0153
; d0
getlocal_0
; d3
getlocal_3
; 62 04
getlocal 4
; 08 00
kill 0
; 08 03
kill 3
; 08 04
kill 4
; 63 04
setlocal 4
; d7
setlocal_3
; d4
setlocal_0
; d2
ofs01a1:getlocal_2
; 62 0a
getlocal 10
; 96
not
; 11 6c 00 00
iftrue ofs0215
; 2c f6 22


And how it should be:
Code:
pushstring "!"
; ab
equals
; 2a
dup
; 12 0c 00 00
iffalse ofs0060
; 29
pop
; 60 0a
getlex Qname(PackageNamespace(""),"OWUser")
; 46 b9 01 00
callproperty Qname(PackageNamespace(""),"GetUser") 0
; 46 c8 08 00
callproperty Qname(PackageNamespace(""),"GetIsDeveloper") 0
; 76
convert_b
; 12 73 00 00
ofs0060:iffalse ofs00d7
; d1
getlocal_1
; 85
coerce_s
; d6
setlocal_2
; 27
pushfalse
; 63 06
setlocal 6
; 27
pushfalse
; 63 07
setlocal 7
; 27
pushfalse
; 63 08
setlocal 8
; d2
getlocal_2
; 2c d2 5a


I'm also learning actionscript now to understand the code better, but I thought just removing the extra, which must be some kind of protection, should be the most easy way, I've tried to change some things already in-game but it freezes or won't let me do anything...
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Wed Mar 07, 2018 9:56 am    Post subject: Reply with quote

(disclaimer I don't really know pcode very well so...most of what I say could be wrong lol)


well here you seem to have removed what it's comparing against but haven't replaced it with anything... there's a dup but since that was in the original code as well you're probably messing stuff up just as if you had removed a push instruction in x86 assembly. If you want to make it compare against itself you should probably add another dup or simply change it to not do a compare and change the "iftrue" to whatever the equivalent of x86's unconditional "jmp" is.

If you're using the "edit source" option know that it doesn't always work well from what I've heard (and my limited experience), you're probably better off learning the pcode and editing that directly. The simplest way would probably be to analyze the code and see which path you want it to follow and then make it jmp from the start straight there, often check functions like this appears to be end up just returning a true/false value so you can often just do that as well pushtrue or pushfalse and returnvalue.

_________________
https://github.com/FreeER/ has a few CE related repos
Back to top
View user's profile Send private message
LtO
Advanced Cheater
Reputation: 0

Joined: 09 Mar 2015
Posts: 71

PostPosted: Wed Mar 07, 2018 10:38 am    Post subject: Reply with quote

FreeER wrote:
(disclaimer I don't really know pcode very well so...most of what I say could be wrong lol)


well here you seem to have removed what it's comparing against but haven't replaced it with anything... there's a dup but since that was in the original code as well you're probably messing stuff up just as if you had removed a push instruction in x86 assembly. If you want to make it compare against itself you should probably add another dup or simply change it to not do a compare and change the "iftrue" to whatever the equivalent of x86's unconditional "jmp" is.

If you're using the "edit source" option know that it doesn't always work well from what I've heard (and my limited experience), you're probably better off learning the pcode and editing that directly. The simplest way would probably be to analyze the code and see which path you want it to follow and then make it jmp from the start straight there, often check functions like this appears to be end up just returning a true/false value so you can often just do that as well pushtrue or pushfalse and returnvalue.


Thanks, no that 'old', original code is fine because it used to be like that and should've been working... The updated code is a lot newer and should have extra protections since that command isn't working anymore (I am still logged on as 'developper' but it also checks cookies I believe and then the chatbox just ignores my command). Now I still have 2 more questions:

1) I noticed I could still search for long aob strings of those packets of code that were added, and then just disable that part of the code, I see 02 is the hex for nop, should it work if I change all the bytes that I don't need in 02? (and so the space the code uses in memory stays the same)

2) Would the memory/game stay intact if I replace code which contains less or more bytes than original...
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Wed Mar 07, 2018 11:21 am    Post subject: Reply with quote

1. presumably since that's exactly what I originally suggested....
2. probably not if you write more, after all those extra bytes have to go somewhere and that's probably overwriting some other code, same as with x86 assembly, if you need to add more code then you'd need some way to jump to some free memory that you could write the new code at and then jump back. As for less, possibly, it depends on how jumps and calls etc. are encoded, if they say "jump address xxx" then probably not since removing bytes will change what address the later bytes are at, if it's just "jump x bytes forward" then possibly as long as it wasn't trying to jump to some bytes that were removed and now jumping to something completely different that could cause unexpected results...a lot of questions like this have no definite answer outside of specific scenarios, it might work in code that has no jumps but fail if there's any jumps at all or only if those jumps come after the bytes that were removed etc. It's not random, it just depends on exactly how things are implemented and how those changes cause things to happen afterwards and I don't know enough about how it's implemented to really even attempt to say for sure when it'd work and when it wouldn't.

_________________
https://github.com/FreeER/ has a few CE related repos
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites