 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Rajinn
I post too much
 Reputation: 0
Joined: 02 Aug 2006
Posts: 3072
|
 Posted: Mon Oct 16, 2006 1:36 am Post subject: |
 |
|
| RAKO wrote: | i meant what does the
oh and is there a way to make asm change the debug register? |
no. there isnt  the debug register is controlled through the debugger. not the assembly
_________________
|
|
| Back to top |
|
 |
RAKO
Master Cheater
 Reputation: 0
Joined: 26 Jun 2006
Posts: 454
|
| Posted: Mon Oct 16, 2006 1:46 am Post subject: |
|
|
ok thanks a lot
_________________
| Dark Byte wrote: | | Who knows, perhaps i'm a maple gm!!!! |
|
|
| Back to top |
|
|
FaaF
Expert Cheater
![]() Reputation: 0
Joined: 06 Mar 2006
Posts: 104
|
| Posted: Mon Oct 16, 2006 5:56 am Post subject: |
|
|
| Quote: | | Code: | Code:
[ENABLE]
registersymbol(Godmode)
alloc(Godmode, 1024)
Godmode:
mov edi, [755a4c]
cmp [edi+18], 00
je 614ff7
jmp 6558ad
mov eax, [-99999]
[DISABLE]
unregistersymbol(Godmode)
dealloc(Godmode) |
On the other hand, if the people scanner’s value is not equal to zero, it jumps to 6558ad (the SSEAX Y address), and puts the value of EAX as -99999, causing me to DC. |
I am confused..
After jmp to 6558ad, how come the next line mov eax,[-99999] will be execute?
|
|
| Back to top |
|
|
ChaosUltima
Master Cheater
 Reputation: 0
Joined: 12 Jul 2006
Posts: 319
|
| Posted: Mon Oct 16, 2006 8:06 am Post subject: |
|
|
xD i started learning assembly not long ago...and im now trying to attempt modifying dupex (that superb one by linosal where you change dupex mode on CT.) His still requires memview, so im trying to write a script where theres no need to use it.
However, theres loads of difficulties, of course
can anyone tell me when i cant move something to eip or push or pop it?
heres a section of his code:
| Code: |
DX:
push eax
push ebx
push ecx
push edx
mov ebx,[DXType]
cmp ebx, 00 // 0 = Do Nothing
je NoDupe
cmp ebx, 01 // 1 = Populate ListOffset
je DXFindChar |
i try adding
| Code: | jmp 644165 //Dupex address for MSea
mov eip,DXType |
inside after the mov ebx,[DXType]
does not work.
so it might be cuz i didnt freeze it
| Code: | jmp 644165 //Dupex address for MSea
push eip
mov eip,DXType
pop eip |
does not work. i tried with eax (for sake of trying), and i can do the instruction. anyone know why? (sorry if this sounds noob, but im working on AA =(
|
|
| Back to top |
|
|
Deine Mutter
Expert Cheater
 Reputation: 1
Joined: 05 Apr 2006
Posts: 181
|
| Posted: Mon Oct 16, 2006 8:18 am Post subject: |
|
|
Shouldnt this code d/cs me?
| Code: | [ENABLE]
registersymbol(dcme)
alloc(dcme, 1024)
dcme:
jmp 6558ad
mov eax, [-99999]
[DISABLE]
unregistersymbol(dcme)
dealloc(dcme) |
I just ask, because it doesnt :/
_________________
|
|
| Back to top |
|
|
clanner
Master Cheater
![]() Reputation: 0
Joined: 26 Jul 2006
Posts: 290
|
| Posted: Mon Oct 16, 2006 8:59 am Post subject: |
|
|
| FaaF wrote: | | Quote: | | Code: | Code:
[ENABLE]
registersymbol(Godmode)
alloc(Godmode, 1024)
Godmode:
mov edi, [755a4c]
cmp [edi+18], 00
je 614ff7
jmp 6558ad
mov eax, [-99999]
[DISABLE]
unregistersymbol(Godmode)
dealloc(Godmode) |
On the other hand, if the people scanner’s value is not equal to zero, it jumps to 6558ad (the SSEAX Y address), and puts the value of EAX as -99999, causing me to DC. |
I am confused..
After jmp to 6558ad, how come the next line mov eax,[-99999] will be execute? |
is there a way to make it just turn off without making you d/c? because once the people pointer thingy turns to one it activates sseax and puts in -99999
| Code: |
[ENABLE]
registersymbol(Godmode)
alloc(Godmode, 1024)
Godmode:
mov edi, [729148]
cmp [edi+18], 00
je 614ff7
jmp 5f3bd5
[DISABLE]
unregistersymbol(Godmode)
dealloc(Godmode)
|
is it possible to do it like that?
the jmp 5f3bd5
is below the godmode address so if the people pointer goes up it just jumps to the address below godmode. 
|
|
| Back to top |
|
|
bahblah
Grandmaster Cheater
![]() Reputation: 0
Joined: 27 Sep 2005
Posts: 633
|
| Posted: Mon Oct 16, 2006 3:14 pm Post subject: |
|
|
| RAKO wrote: | great tut i just have 1 question what does add do?
e.g.
DXListOffset:
add [eax],al
add [eax],al |
The bytes for add [eax], al is two 00's.
Two add [eax], al = 00 00 00 00.
If you look at it as a dword it's = 00000000
So it sets DXListOffset to 0.
I personally use dd/b/w value for variables.
dd = dword
db = byte
dw = word
For example:
DXListOffset:
dd 0
|
|
| Back to top |
|
|
TheSorc3r3r
I post too much
 Reputation: 0
Joined: 06 Sep 2006
Posts: 2404
|
| Posted: Mon Oct 16, 2006 3:58 pm Post subject: |
|
|
| bahblah wrote: | | Hmm I think your stack explanation sucks but other than that. |
I know it does. Rajinn explained it a little more blandly (and wisely, I guess)
"a variable needs to be on the stack to be used"
And clanner, your script will work.
_________________
Don't laugh, I'm still learning photoshop! |
|
| Back to top |
|
|
clanner
Master Cheater
![]() Reputation: 0
Joined: 26 Jul 2006
Posts: 290
|
| Posted: Mon Oct 16, 2006 10:04 pm Post subject: ok |
|
|
ok and can you show me how to work it? 
when i insert the script it give me a value thingymajigy. godmode:#######
what do i do with that?
|
|
| Back to top |
|
|
mr pink
Advanced Cheater
 Reputation: 0
Joined: 13 Sep 2006
Posts: 77
|
| Posted: Sun Oct 22, 2006 4:36 pm Post subject: |
|
|
since i dont have the current people scanner i used CSeax Y
| Code: | Code:
[ENABLE]
registersymbol(gm)
alloc(gm, 1024)
gm:
mov edi, [75b51c]
cmp [edi+E60], 00
je 629d10
jmp 65c655
mov eax, [50]
[DISABLE]
unregistersymbol(gm)
dealloc(gm) |
so shouldnt this make the (client side) Y screen go to 50 when the attack is greater then 0? if not then what am i doing wrong? i tried it and nothing happened 
|
|
| Back to top |
|
|
me
Grandmaster Cheater
 Reputation: 2
Joined: 24 Jun 2004
Posts: 733
Location: location location
|
| Posted: Mon Oct 23, 2006 2:08 am Post subject: |
|
|
| FaaF wrote: | | Quote: | | Code: | Code:
[ENABLE]
registersymbol(Godmode)
alloc(Godmode, 1024)
Godmode:
mov edi, [755a4c]
cmp [edi+18], 00
je 614ff7
jmp 6558ad
mov eax, [-99999]
[DISABLE]
unregistersymbol(Godmode)
dealloc(Godmode) |
On the other hand, if the people scanner’s value is not equal to zero, it jumps to 6558ad (the SSEAX Y address), and puts the value of EAX as -99999, causing me to DC. |
I am confused..
After jmp to 6558ad, how come the next line mov eax,[-99999] will be execute? |
the script is read as a whole and loaded into memory,
the game just follows the instructions from there and steps through it like you would expect,
I can understand how the script can be a bit confusing if your thinking of how code is usually stepped through, catches me out now and then,
anyway think of it in terms of a compiler, everything is looked at as a whole unit when your compiling a program, all the parts are put in place with all the includes ect and turned into code and data,
_________________
|
|
| Back to top |
|
|
yodaman
Master Cheater
 Reputation: 0
Joined: 15 Oct 2006
Posts: 454
Location: United States
|
| Posted: Tue Oct 24, 2006 7:31 am Post subject: |
|
|
Very very nice tutorial - it explained a LOT of questions I had on Assembly. Yeah the Google tuts suck - this is much better 
_________________
| hacker4maple wrote: | | ...hold on is GM ppl or program? |
|
|
| Back to top |
|
|
nako
Master Cheater
 Reputation: 0
Joined: 30 Jun 2006
Posts: 490
Location: Michigan
|
| Posted: Sun Oct 29, 2006 3:03 pm Post subject: |
|
|
I wanna know if I can figure out what's wrong with the code and If I'm doing well at all.
| Code: |
alloc(Compare, 11)
alloc(Jumpin, 11)
alloc(BunnyBreed,1024)
label(Compare)
label(Jumpin)
label(BunnyBreed)
Compare:
push eax
Mov eax,Brownbunny
cmp eax,[bunny]
pop eax
jne [Jumpin]
je [BunnyBreed]
Jumpin:
push ecx
mov ecx,[bunny]
mov ecx,[gun]
pop ecx
xor ecx,ecx
BunnyBreed:
push eax
Mov eax,[bunnyMale]
Mov eax,[bunnyFemale]
pop eax
inc eax
inc eax
inc eax |
Tell me if I missed anything please, I'd like to know what else I missed, or if I got anything wrong.
_________________
- TheSorc3r3r
- trogdor0071
- Uligor
- Idogears
- appalsap
- Noodles
|
|
| Back to top |
|
|
rengood
How do I cheat?
![]() Reputation: 0
Joined: 10 Oct 2006
Posts: 8
|
| Posted: Mon Oct 30, 2006 10:27 pm Post subject: |
|
|
| me wrote: | | FaaF wrote: | | Quote: | | Code: | Code:
[ENABLE]
registersymbol(Godmode)
alloc(Godmode, 1024)
Godmode:
mov edi, [755a4c]
cmp [edi+18], 00
je 614ff7
jmp 6558ad
mov eax, [-99999]
[DISABLE]
unregistersymbol(Godmode)
dealloc(Godmode) |
On the other hand, if the people scanner’s value is not equal to zero, it jumps to 6558ad (the SSEAX Y address), and puts the value of EAX as -99999, causing me to DC. |
I am confused..
After jmp to 6558ad, how come the next line mov eax,[-99999] will be execute? |
|
I think the assembly 'mov eax,[-99999]' under 'jmp 6558ad' won't work for ever either.
|
|
| Back to top |
|
|
Uzeil
Moderator
 Reputation: 6
Joined: 21 Oct 2006
Posts: 2411
|
| Posted: Tue Oct 31, 2006 12:34 am Post subject: |
|
|
in SSEAX Y, you're changing the EAX value to change where you end up on the map. and since its server sided, then when you go way offmap, you're getting DC'd
if you do:
| Code: | | jmp (sseax Y address) |
then now the next command is going to affect that address.
you then have the ling
meaning move -999999 into the value of EAX in the address that you specified after the jump
so now you've hcanged your Y in sseax Y to the point of being so off of the map that you're just going to DC.
i believe thats why that line is there  (to place you in a spot thatll DC you)
now heres my question:
looking at the old vac code
| Code: | alloc(FindCharacterAddress, 1024)
alloc(ListOffset, 4)
alloc(ESIList, 1024)
alloc(DupeXVac, 1024)
alloc(EDIValue, 4)
label(EndSearch)
label(CompareOffset)
label(StoreESI)
label(DoNormal)
FindCharacterAddress:
mov [esi+114],edi
push eax
push ebx
push ecx
push edx
mov eax,0
mov ebx,ListOffset
mov ecx,ESIList
mov edx,EDIValue
CompareOffset:
cmp eax,[ebx]
je StoreESI
cmp esi,[ecx+eax*4]
je EndSearch
inc eax
jmp CompareOffset
StoreESI:
mov [ecx+eax*4],esi
inc eax
mov [ebx],eax
mov [edx],edi
EndSearch:
pop edx
pop ecx
pop ebx
pop eax
jmp 6584E7
DupeXVac:
push eax
push ebx
push ecx
mov ebx,[ListOffset]
dec ebx
mov ecx,ESIList
mov eax,[ecx+ebx*4]
cmp esi,eax
je DoNormal
mov edi,[EDIValue]
DoNormal:
mov [esi+114],edi
pop eax
pop ebx
pop ecx
jmp 6584E7 |
well right here
| Code: | mov ebx,ListOffset
mov ecx,ESIList
mov edx,EDIValue |
what exactly is happening right there. i know its moving listoffset into ebx, esilist into ecx, and edivalue into edx
but it then compares eax (which has become 0) to the value of ebx, which is listoffset
well how is it that it knows the value of listoffset? im guessing its something abtou the definition of listoffset that is the reason i dont know it.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
