Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


.:[Beginner]:. Insight on CE Scripts
Goto page 1, 2, 3  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Labyrnth
Moderator
Reputation: 9

Joined: 28 Nov 2006
Posts: 6285

PostPosted: Fri Aug 03, 2007 4:15 pm    Post subject: .:[Beginner]:. Insight on CE Scripts Reply with quote

There has been numerous questions of how can i write scripts using CE.
But people dont realize that you can write them several ways. And do not know where to start to get one written.
1. Allocated Toggleable Scripts = Toggleable scripts used within CE.
2. Allocated Code Injection = Normal perminite injection during game play.
3. Manual/Non Allocated Code cave injected toggleable script *used for trainer options.
4. Also another script used to write bytes. Just like you would with TMK or VB trainers.
5. All of the above can be rewritten just a bit to handle code shifting and i will show this also.

Im going to show each one and explain a few things about each so you can get a basic grasp on when and why i would use them.
Needed:
Cheat Engine 5.3
MineSweeper.exe
--------------------------------------------------------------------------------------
Allocated Toggleable Script:
Here we have a basic code injection from CE that uses allocated caves.
You assign it to the cheat list and just toggle it from CE.
This script will not work on a trainer generated by CE.
These are good for making a release of a CT to pass out for people to use.
What it does:
This is the flags for minesweeper,you start with 10. The script makes you have 99.
This script moves hexadecimal 63 into EAX. The value of EAX is 99 in decimal. Use your windows calculator to find out 63 is 99 in decimal.
The end of this script when untoggled will write the original instructions back to the game so it will be normal again.
Code:
[ENABLE]
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)

0100346E:
jmp newmem
nop
returnhere:

newmem:
mov eax,63

originalcode:
add [01005194],eax

exit:
jmp returnhere

[DISABLE]
dealloc(newmem)
0100346E:
add [01005194],eax


Next we have a regular code injection:
This one is perminite while the game is up. It does the same thing as the above script but this one does not have a toggle to undo the changes.
Code:
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

0100346E:
jmp newmem
nop
returnhere:

newmem:
mov eax,63

originalcode:
add [01005194],eax

exit:
jmp returnhere


Next is a script you can use for trainers or a CT. It can be toggled just the same as the first script. But the difference is, this one has a manually found codecave and we are not using alloc/allocated memory for it. This script will work in trainers generated by CE.
*I will show how to look for caves later in this thread. It does the same as the above scripts.
Code:
[ENABLE]
label back

010002EC:
mov eax,63
add [01005194],eax
jmp back

0100346E:
jmp 010002EC
nop
back:

[DISABLE]
0100346E:
add [01005194],eax


Now for DB script, This script will also work for trainers. But you need a good understanding of hexadecimal and decimal to use this one.
It is basically just like TMK's "Poke" or writing to an address in VB.
DB does the same. Eg:
TMK
Code:
Poke 0100346E 01 05 94 51 00 01 63 90 90 90 90

VB
Code:
Private Sub Command1_Click()
Call LAB(&H0100346E, &H01)
Call LAB(&H0100346F, &H05)
Call LAB(&H01003470, &H94)
Call LAB(&H01003471, &H51)
Call LAB(&H01003472, &H00)
Call LAB(&H01003473, &H01)
Call LAB(&H01003474, &H63)
Call LAB(&H01003475, &H90)
Call LAB(&H01003476, &H90)
Call LAB(&H01003477, &H90)
Call LAB(&H01003478, &H90)
End Sub

These alter the bytes of memory representing the assembly instructions. OpCodes is another word for what they change.
Code:
*This script will crash Minesweeper, But it is just an example to show how it is used anyway. Also see the animated image. To see what it does.

[ENABLE]
0100346E:
db 01 05 94 51 00 01 63 90 90 90 90

[DISABLE]
0100346E:
db 01 05 94 51 00 01 E8 88 F3 FF FF


Here is a couple images showing on and off for the above script.
ON:/ENABLED


Off/DISABLED


Now we have examples of all these scripts shown and basic usage kind of explained. Now i will do some brief explaining about looking for a cave. And doing a script for code shifting. Also for you TMK users you can use memory view to look at the OpCodes and address's so you can use it in TMK. Writing down the address and the OpCodes for Cave,Jumps,and Injected code.
--------------------------------------------------------------------------------------
How to look for a code cave and use it.:
In the script here we have a non allocated injection.
The reason for this is so we can use it to make a trainer with Cheat Engine. Simple work around because we cant use alloc in a trainer by CE.
Code:
[ENABLE]
label back

010002EC:    <---- This is the code cave
mov eax,63    <--- This is our code we wrote to the cave
add [01005194],eax <--- Written to the cave as well
jmp back      <---- Jump back to the original game code from the cave

0100346E:   <------ original address found from "Find what writes to it"
jmp 010002EC    <--- jump to the cave when address V hits in the game code.
nop          <-- Cleaning up left over bytes
back:        <--- putting a return location. so we have somewhere to jump back to. After the cave has done it's work.

[DISABLE]
0100346E:          <--- original address
add [01005194],eax    <---- replaces removed code to original.


So we need the address we found in both views of memory.
This way we can see the base address and the module we are in.


To look for a cave you can use any code caver, But CE has one built in so we will use that.


Now we know what the base address by looking in memory view.
So we start our scan at that address, 256 in size should be plenty large enough.


Once it is finished we can choose one it found.
As you can see the cave is nothing but 0's This is empty space within the module we are scanning in. We can use this to inject any code we want.


Now, we want the flags to be 99.
1. So we write our first part of the script.
Code:
[ENABLE]

2. We need a label for the jumps.
Code:
 
[ENABLE]
label(back)


3. Now we put the cave address we found.
Code:
 
[ENABLE]
label(back)

010002EC:


4. Next we put the code we want/ this is written to our cave.
* If you use your windows calculator you can see that 63 is hexadecimal for 99 in decimal. This will give us 99 flags in minesweeper.
also we include the original instruction we had and we use the label to jump back to the game code "jmp back".
Code:
 
[ENABLE]
label(back)

010002EC:
mov eax,63
add [01005194],eax
jmp back


5. Next we add our original address. This will make the script jump to our code cave when it hits jmp 010002EC. Then it will execute mov eax,63 and then add [01005194],eax then, jmp back to the game code so the game doesnt crash. The trailing nop needs to be there to clean up any left over bytes that will cause problems. And back: is how it knows where to jump back to so the game code can continue.
Code:
 
[ENABLE]
label(back)

010002EC:
mov eax,63
add [01005194],eax
jmp back

0100346E:
jmp 010002EC
nop
back:


6. Last we will and [DISABLE] and the original instruction so it can undo the changes we made and turn off the cheat.
Code:
 
[ENABLE]
label(back)

010002EC:
mov eax,63
add [01005194],eax
jmp back

0100346E:
jmp 010002EC
nop
back:

[DISABLE]
0100346E:
add [01005194],eax


Thats all there is to it, to manually use a code cave and to complete a script to use in the Cheat Engine Trainer Builder.
--------------------------------------------------------------------------------------

_________________

Back to top
View user's profile Send private message
hacker_of_death
How do I cheat?
Reputation: 0

Joined: 31 Jul 2007
Posts: 9

PostPosted: Sat Aug 04, 2007 7:28 pm    Post subject: Reply with quote

cool, ty
_________________
LOL I JUST WASTED SOME OF YOUR TIME

Bringing Airsoft Downunder
Back to top
View user's profile Send private message
eNercha
Expert Cheater
Reputation: 0

Joined: 23 Aug 2007
Posts: 190

PostPosted: Thu Aug 23, 2007 7:41 pm    Post subject: Reply with quote

Thanks alot, very usefull.
Back to top
View user's profile Send private message
Smart
Grandmaster Cheater
Reputation: 0

Joined: 19 Jan 2007
Posts: 697
Location: New Zealand

PostPosted: Mon Sep 10, 2007 11:57 pm    Post subject: Reply with quote

GJ helped ALOT
_________________
Back to top
View user's profile Send private message
Zyphyr
Grandmaster Cheater
Reputation: 0

Joined: 04 May 2007
Posts: 731
Location: Boston

PostPosted: Mon Sep 17, 2007 5:35 pm    Post subject: Reply with quote

wow that made sense Very Happy
i think im going to try this now


ty!

_________________
Atheist for life.
Back to top
View user's profile Send private message AIM Address MSN Messenger
SeVeR
Expert Cheater
Reputation: 0

Joined: 22 Sep 2007
Posts: 126

PostPosted: Mon Oct 01, 2007 5:38 am    Post subject: Reply with quote

Keep up the good work Lab, your Tuts and guides are great.
Back to top
View user's profile Send private message
Noodlez
<3
Reputation: 1

Joined: 27 Oct 2007
Posts: 744
Location: Hyrule

PostPosted: Fri Nov 09, 2007 4:23 am    Post subject: Reply with quote

Thx So much U rock
Back to top
View user's profile Send private message Send e-mail
jeffjeff7
Expert Cheater
Reputation: 0

Joined: 29 Nov 2007
Posts: 189

PostPosted: Thu Nov 29, 2007 10:48 pm    Post subject: Reply with quote

ty helped alot
Back to top
View user's profile Send private message
crazyito
Newbie cheater
Reputation: 0

Joined: 20 Oct 2007
Posts: 15

PostPosted: Fri Dec 21, 2007 10:18 am    Post subject: Reply with quote

hi,

sorry, I have a question. I've changed the script and clicked write code. but when I viewed it on a new auto assemble window, it remained unchanged. may I know why is that happening?

fyi, I'm trying this on an online game w/o gameguard and not mineswepper.
Back to top
View user's profile Send private message MSN Messenger
Labyrnth
Moderator
Reputation: 9

Joined: 28 Nov 2006
Posts: 6285

PostPosted: Fri Dec 21, 2007 10:45 am    Post subject: Reply with quote

Well, the script was not for that mmo.
-------------------------------------------
But to save changed after you alter the change you have to click "File">"Assign to current cheat table", and give it a new name.
Then you will see it make a new one in the table.

_________________

Back to top
View user's profile Send private message
crazyito
Newbie cheater
Reputation: 0

Joined: 20 Oct 2007
Posts: 15

PostPosted: Sun Dec 23, 2007 9:25 am    Post subject: Reply with quote

does that mean I can't hack the mmo by altering the script? or it simply means I must do something else other than what you wrote here?

sorry again, by looking at my post count you can know that I'm still a newbie. Smile
Back to top
View user's profile Send private message MSN Messenger
Labyrnth
Moderator
Reputation: 9

Joined: 28 Nov 2006
Posts: 6285

PostPosted: Sun Dec 23, 2007 6:47 pm    Post subject: Reply with quote

98% sure you wont have luck on a mmo.
_________________

Back to top
View user's profile Send private message
crazyito
Newbie cheater
Reputation: 0

Joined: 20 Oct 2007
Posts: 15

PostPosted: Mon Dec 24, 2007 7:48 am    Post subject: Reply with quote

aww! sad to hear that. but mmo still can be hacked right? cos I still see some like those listed in this forum being hacked by others. nvm, I'll go for the 2%. thanks for the info.
Back to top
View user's profile Send private message MSN Messenger
Agu123
How do I cheat?
Reputation: 0

Joined: 21 Jun 2007
Posts: 4

PostPosted: Mon Dec 24, 2007 8:00 am    Post subject: Reply with quote

looks nice i like
_________________


Back to top
View user's profile Send private message
blade_best
Cheater
Reputation: 0

Joined: 08 Jun 2007
Posts: 29
Location: louisiana

PostPosted: Fri Dec 28, 2007 11:58 am    Post subject: Reply with quote

dumb question, but what is an mmo?
_________________
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Goto page 1, 2, 3  Next
Page 1 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites