View previous topic :: View next topic |
Author |
Message |
Labyrnth Moderator Reputation: 9
Joined: 28 Nov 2006 Posts: 6285
|
Posted: Fri Aug 03, 2007 4:15 pm Post subject: .:[Beginner]:. Insight on CE Scripts |
|
|
There has been numerous questions of how can i write scripts using CE.
But people dont realize that you can write them several ways. And do not know where to start to get one written.
1. Allocated Toggleable Scripts = Toggleable scripts used within CE.
2. Allocated Code Injection = Normal perminite injection during game play.
3. Manual/Non Allocated Code cave injected toggleable script *used for trainer options.
4. Also another script used to write bytes. Just like you would with TMK or VB trainers.
5. All of the above can be rewritten just a bit to handle code shifting and i will show this also.
Im going to show each one and explain a few things about each so you can get a basic grasp on when and why i would use them.
Needed:
Cheat Engine 5.3
MineSweeper.exe
--------------------------------------------------------------------------------------
Allocated Toggleable Script:
Here we have a basic code injection from CE that uses allocated caves.
You assign it to the cheat list and just toggle it from CE.
This script will not work on a trainer generated by CE.
These are good for making a release of a CT to pass out for people to use.
What it does:
This is the flags for minesweeper,you start with 10. The script makes you have 99.
This script moves hexadecimal 63 into EAX. The value of EAX is 99 in decimal. Use your windows calculator to find out 63 is 99 in decimal.
The end of this script when untoggled will write the original instructions back to the game so it will be normal again.
Code: | [ENABLE]
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
0100346E:
jmp newmem
nop
returnhere:
newmem:
mov eax,63
originalcode:
add [01005194],eax
exit:
jmp returnhere
[DISABLE]
dealloc(newmem)
0100346E:
add [01005194],eax |
Next we have a regular code injection:
This one is perminite while the game is up. It does the same thing as the above script but this one does not have a toggle to undo the changes.
Code: | alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
0100346E:
jmp newmem
nop
returnhere:
newmem:
mov eax,63
originalcode:
add [01005194],eax
exit:
jmp returnhere |
Next is a script you can use for trainers or a CT. It can be toggled just the same as the first script. But the difference is, this one has a manually found codecave and we are not using alloc/allocated memory for it. This script will work in trainers generated by CE.
*I will show how to look for caves later in this thread. It does the same as the above scripts.
Code: | [ENABLE]
label back
010002EC:
mov eax,63
add [01005194],eax
jmp back
0100346E:
jmp 010002EC
nop
back:
[DISABLE]
0100346E:
add [01005194],eax |
Now for DB script, This script will also work for trainers. But you need a good understanding of hexadecimal and decimal to use this one.
It is basically just like TMK's "Poke" or writing to an address in VB.
DB does the same. Eg:
TMK Code: | Poke 0100346E 01 05 94 51 00 01 63 90 90 90 90 |
VB Code: | Private Sub Command1_Click()
Call LAB(&H0100346E, &H01)
Call LAB(&H0100346F, &H05)
Call LAB(&H01003470, &H94)
Call LAB(&H01003471, &H51)
Call LAB(&H01003472, &H00)
Call LAB(&H01003473, &H01)
Call LAB(&H01003474, &H63)
Call LAB(&H01003475, &H90)
Call LAB(&H01003476, &H90)
Call LAB(&H01003477, &H90)
Call LAB(&H01003478, &H90)
End Sub |
These alter the bytes of memory representing the assembly instructions. OpCodes is another word for what they change.
Code: | *This script will crash Minesweeper, But it is just an example to show how it is used anyway. Also see the animated image. To see what it does.
[ENABLE]
0100346E:
db 01 05 94 51 00 01 63 90 90 90 90
[DISABLE]
0100346E:
db 01 05 94 51 00 01 E8 88 F3 FF FF |
Here is a couple images showing on and off for the above script.
ON:/ENABLED
Off/DISABLED
Now we have examples of all these scripts shown and basic usage kind of explained. Now i will do some brief explaining about looking for a cave. And doing a script for code shifting. Also for you TMK users you can use memory view to look at the OpCodes and address's so you can use it in TMK. Writing down the address and the OpCodes for Cave,Jumps,and Injected code.
--------------------------------------------------------------------------------------
How to look for a code cave and use it.:
In the script here we have a non allocated injection.
The reason for this is so we can use it to make a trainer with Cheat Engine. Simple work around because we cant use alloc in a trainer by CE.
Code: | [ENABLE]
label back
010002EC: <---- This is the code cave
mov eax,63 <--- This is our code we wrote to the cave
add [01005194],eax <--- Written to the cave as well
jmp back <---- Jump back to the original game code from the cave
0100346E: <------ original address found from "Find what writes to it"
jmp 010002EC <--- jump to the cave when address V hits in the game code.
nop <-- Cleaning up left over bytes
back: <--- putting a return location. so we have somewhere to jump back to. After the cave has done it's work.
[DISABLE]
0100346E: <--- original address
add [01005194],eax <---- replaces removed code to original. |
So we need the address we found in both views of memory.
This way we can see the base address and the module we are in.
To look for a cave you can use any code caver, But CE has one built in so we will use that.
Now we know what the base address by looking in memory view.
So we start our scan at that address, 256 in size should be plenty large enough.
Once it is finished we can choose one it found.
As you can see the cave is nothing but 0's This is empty space within the module we are scanning in. We can use this to inject any code we want.
Now, we want the flags to be 99.
1. So we write our first part of the script.
2. We need a label for the jumps.
Code: |
[ENABLE]
label(back)
|
3. Now we put the cave address we found.
Code: |
[ENABLE]
label(back)
010002EC:
|
4. Next we put the code we want/ this is written to our cave.
* If you use your windows calculator you can see that 63 is hexadecimal for 99 in decimal. This will give us 99 flags in minesweeper.
also we include the original instruction we had and we use the label to jump back to the game code "jmp back".
Code: |
[ENABLE]
label(back)
010002EC:
mov eax,63
add [01005194],eax
jmp back
|
5. Next we add our original address. This will make the script jump to our code cave when it hits jmp 010002EC. Then it will execute mov eax,63 and then add [01005194],eax then, jmp back to the game code so the game doesnt crash. The trailing nop needs to be there to clean up any left over bytes that will cause problems. And back: is how it knows where to jump back to so the game code can continue.
Code: |
[ENABLE]
label(back)
010002EC:
mov eax,63
add [01005194],eax
jmp back
0100346E:
jmp 010002EC
nop
back:
|
6. Last we will and [DISABLE] and the original instruction so it can undo the changes we made and turn off the cheat.
Code: |
[ENABLE]
label(back)
010002EC:
mov eax,63
add [01005194],eax
jmp back
0100346E:
jmp 010002EC
nop
back:
[DISABLE]
0100346E:
add [01005194],eax
|
Thats all there is to it, to manually use a code cave and to complete a script to use in the Cheat Engine Trainer Builder.
-------------------------------------------------------------------------------------- _________________
|
|
Back to top |
|
|
hacker_of_death How do I cheat? Reputation: 0
Joined: 31 Jul 2007 Posts: 9
|
Posted: Sat Aug 04, 2007 7:28 pm Post subject: |
|
|
cool, ty _________________
LOL I JUST WASTED SOME OF YOUR TIME
Bringing Airsoft Downunder
|
|
Back to top |
|
|
eNercha Expert Cheater Reputation: 0
Joined: 23 Aug 2007 Posts: 190
|
Posted: Thu Aug 23, 2007 7:41 pm Post subject: |
|
|
Thanks alot, very usefull. |
|
Back to top |
|
|
Smart Grandmaster Cheater Reputation: 0
Joined: 19 Jan 2007 Posts: 697 Location: New Zealand
|
Posted: Mon Sep 10, 2007 11:57 pm Post subject: |
|
|
GJ helped ALOT _________________
|
|
Back to top |
|
|
Zyphyr Grandmaster Cheater Reputation: 0
Joined: 04 May 2007 Posts: 731 Location: Boston
|
|
Back to top |
|
|
SeVeR Expert Cheater Reputation: 0
Joined: 22 Sep 2007 Posts: 126
|
Posted: Mon Oct 01, 2007 5:38 am Post subject: |
|
|
Keep up the good work Lab, your Tuts and guides are great. |
|
Back to top |
|
|
Noodlez <3 Reputation: 1
Joined: 27 Oct 2007 Posts: 744 Location: Hyrule
|
Posted: Fri Nov 09, 2007 4:23 am Post subject: |
|
|
Thx So much U rock |
|
Back to top |
|
|
jeffjeff7 Expert Cheater Reputation: 0
Joined: 29 Nov 2007 Posts: 189
|
Posted: Thu Nov 29, 2007 10:48 pm Post subject: |
|
|
ty helped alot |
|
Back to top |
|
|
crazyito Newbie cheater Reputation: 0
Joined: 20 Oct 2007 Posts: 15
|
Posted: Fri Dec 21, 2007 10:18 am Post subject: |
|
|
hi,
sorry, I have a question. I've changed the script and clicked write code. but when I viewed it on a new auto assemble window, it remained unchanged. may I know why is that happening?
fyi, I'm trying this on an online game w/o gameguard and not mineswepper. |
|
Back to top |
|
|
Labyrnth Moderator Reputation: 9
Joined: 28 Nov 2006 Posts: 6285
|
Posted: Fri Dec 21, 2007 10:45 am Post subject: |
|
|
Well, the script was not for that mmo.
-------------------------------------------
But to save changed after you alter the change you have to click "File">"Assign to current cheat table", and give it a new name.
Then you will see it make a new one in the table. _________________
|
|
Back to top |
|
|
crazyito Newbie cheater Reputation: 0
Joined: 20 Oct 2007 Posts: 15
|
Posted: Sun Dec 23, 2007 9:25 am Post subject: |
|
|
does that mean I can't hack the mmo by altering the script? or it simply means I must do something else other than what you wrote here?
sorry again, by looking at my post count you can know that I'm still a newbie. |
|
Back to top |
|
|
Labyrnth Moderator Reputation: 9
Joined: 28 Nov 2006 Posts: 6285
|
Posted: Sun Dec 23, 2007 6:47 pm Post subject: |
|
|
98% sure you wont have luck on a mmo. _________________
|
|
Back to top |
|
|
crazyito Newbie cheater Reputation: 0
Joined: 20 Oct 2007 Posts: 15
|
Posted: Mon Dec 24, 2007 7:48 am Post subject: |
|
|
aww! sad to hear that. but mmo still can be hacked right? cos I still see some like those listed in this forum being hacked by others. nvm, I'll go for the 2%. thanks for the info. |
|
Back to top |
|
|
Agu123 How do I cheat? Reputation: 0
Joined: 21 Jun 2007 Posts: 4
|
Posted: Mon Dec 24, 2007 8:00 am Post subject: |
|
|
looks nice i like _________________
|
|
Back to top |
|
|
blade_best Cheater Reputation: 0
Joined: 08 Jun 2007 Posts: 29 Location: louisiana
|
Posted: Fri Dec 28, 2007 11:58 am Post subject: |
|
|
dumb question, but what is an mmo? _________________
|
|
Back to top |
|
|
|