 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Chase Payne
Grandmaster Cheater
 Reputation: 1
Joined: 20 Mar 2008
Posts: 533
|
 Posted: Thu May 01, 2008 2:30 pm Post subject: Is this correct? AA |
 |
|
| Code: | alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
registersymbol(Amount) //We want the user to control the amount of health lost per hit me
alloc(Amount,2)// We'll need 2 kilobytes for the space to do this command
00458E48:
jmp newmem
nop
returnhere:
newmem:
mov eax,tutorial.exe+5a3bc //This is not really needed, but practice makes perfect 8) (I know tutorial does not code shift.)
lea edi,[eax+68]// the instruction said mov [eax+68],edi so im guessing I lea edi correct?
lea eax,[ebx+310]// mov [ebx+310],eax so im guessing I lea eax, [eb+310] correct?
mov eax,[Amount]//user controls the amount of health lost judging what they put for ''Amount'
sub [ebx+310],eax
originalcode:
//sub [ebx+310],eax
exit:
jmp returnhere
|
Im trying mult level potiners with step 2 in cheat engine.
Since asm is backwards, I converted it into
| Code: | mov eax,tutorial.exe+5a3bc
lea edi,[eax+68]// the instruction said mov [eax+68],edi so im guessing I lea edi correct?
lea eax,[ebx+310]// mov [ebx+310],eax so im guessing I lea eax, [eb+310] correct? |
It worked for me... but can you guys test it so I can see if I figured otu the lea command
|
|
| Back to top |
|
 |
Labyrnth
Moderator
![]() Reputation: 10
Joined: 28 Nov 2006
Posts: 6301
|
| Posted: Thu May 01, 2008 3:00 pm Post subject: |
|
|
Your code cave needs to use the symbol as well if your going to use a script like that chase.
Those would defeat a codeshift  .
So the cave address needs to be .exe+ as well .
You are definitely getting there, so keep it up.
Take a look at the post i did a while back on insight to CE scripts.
This is but a few examples, but any number of combinations can come from them. *Scripts using code caves and not alloc are for CE 5.3 trainers.
I think DB fixed the alloc problem on release of CE 5.4.
[ENABLE]
label(back)
game.exe+360:
dec [game.exe+7C520]
jmp back
game.exe+686f6:
jmp game.exe+360
nop
back:
[DISABLE]
game.exe+686F6:
dec [game.exe+7C520]
|
|
| Back to top |
|
|
Chase Payne
Grandmaster Cheater
Reputation: 1
Joined: 20 Mar 2008
Posts: 533
|
| Posted: Thu May 01, 2008 4:12 pm Post subject: |
|
|
Well, my problem is it's not doing what I want it to do
| Code: | mov eax,tutorial.exe+5a3bc //This is not really needed, but practice makes perfect 8) (I know tutorial does not code shift.)
lea edi,[eax+68]// the instruction said mov [eax+68],edi so im guessing I lea edi correct?
lea eax,[ebx+31037373]
mov ecx,[tutorial.exe+5a3bc]
mov ecx,[Amount]// mov [ebx+310],eax so im guessing I lea eax, [eb+310] correct?
sub [ebx+310],ecx//user controls the a |
Clearly the lea's are wrong and it's still doing the code correct... how would I make a valid pointer in a asm script?
|
|
| Back to top |
|
|
Psy
Grandmaster Cheater Supreme
![]() Reputation: 1
Joined: 27 Mar 2008
Posts: 1366
|
| Posted: Thu May 01, 2008 4:57 pm Post subject: |
|
|
| Code: |
mov eax,tutorial.exe+5a3bc
|
Needs to be:
| Code: |
mov eax,[tutorial.exe+5a3bc]
|
So the value at tutorial.exe+5a3bc is moved into the eax register.
[eb+310] isn't a valid define. Unless it was a typo, it should be [ebx+310].
|
|
| Back to top |
|
|
Chase Payne
Grandmaster Cheater
Reputation: 1
Joined: 20 Mar 2008
Posts: 533
|
| Posted: Thu May 01, 2008 5:05 pm Post subject: |
|
|
| Code: | alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
registersymbol(Amount) //We want the user to control the amount of health lost per hit me
alloc(Amount,2)// We'll need 2 kilobytes for the space to do this command
00458E48:
jmp newmem
nop
returnhere:
newmem:
mov eax,[tutorial.exe+5a3bc] //This is not really needed, but practice makes perfect 8) (I know tutorial does not code shift.)
lea edi,[eax+68]// the instruction said mov [eax+68],edi so im guessing I lea edi correct?
lea eax,[ebx+310]// mov [ebx+310],eax so im guessing I lea eax, [eb+310] correct?
sub [ebx+310],eax//user controls the amount of health lost judging what they put for ''Amount'
originalcode:
//sub [ebx+310],eax
exit:
jmp returnhere |
My problem is, the script wont work with sub [ebx+310],eax
And because of
| Code: | mov eax,[tutorial.exe+5a3bc] //This is not really needed, but practice makes perfect 8) (I know tutorial does not code shift.)
lea edi,[eax+68]// the instruction said mov [eax+68],edi so im guessing I lea edi correct?
lea eax,[ebx+310]// |
how would I add to the pointer withotu the ''eax'' command, because if I used
I wouldn't need to sue the lea commands because the mov eax,[Amount] is doing ti itself, no need for anything... how would I do this with the lea commands?
| Code: | mov eax,[tutorial.exe+5a3bc] //This is not really needed, but practice makes perfect 8) (I know tutorial does not code shift.)
lea edi,[eax+68]// the instruction said mov [eax+68],edi so im guessing I lea edi correct?
lea eax,[ebx+310]// |
What I'm trying to do is make a pointer in AA, and how would I make one work correctly?
eb+310 was in the comment so it wont affect the script
|
|
| Back to top |
|
|
Psy
Grandmaster Cheater Supreme
![]() Reputation: 1
Joined: 27 Mar 2008
Posts: 1366
|
| Posted: Fri May 02, 2008 2:53 am Post subject: |
|
|
eb+310 was in the comment so it wont affect the script
^ Yeah I can see that  Just if you was gonna use it.
What are you trying to do here exactly??!
|
|
| Back to top |
|
|
Chase Payne
Grandmaster Cheater
Reputation: 1
Joined: 20 Mar 2008
Posts: 533
|
| Posted: Fri May 02, 2008 8:26 am Post subject: |
|
|
To be able to put a pointer in a asm script. (Multi level one) and then move the pointer by a specific value. For example .... mov [tutorial.exe+5a3bc],#5....
and 0045a3bc points to[ XXXXXXX]
[XXXXXXXX] is the pointed value and changes to five.
|
|
| Back to top |
|
|
Labyrnth
Moderator
![]() Reputation: 10
Joined: 28 Nov 2006
Posts: 6301
|
| Posted: Fri May 02, 2008 2:17 pm Post subject: |
|
|
I think your making it harder then it really is.
Just take the assembly you find and inspect the code above it even using breaks and stepping through the code to see how it works.
Then you can get a better idea of what you need to alter to make it do what you want.
Just because CE finds what writes,reads,access's in a certain instruction, doesnt mean you have to use that very one to alter the function.
You can intercept it before it gets to this instruction earlier in the assembly and route it to a cave and adjust it how you like then route it back.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
