 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Franc[e]sco
Expert Cheater
![]() Reputation: 0
Joined: 22 Mar 2008
Posts: 190
|
 Posted: Wed Jun 24, 2009 5:17 am Post subject: Translating Auto Assembler to Assembler |
 |
|
Hey, i'm trying to translate to regular assembler an auto assembler script, but it's driving me mad cause i don't know assembly syntax very well... can someone explain me how i translate this:
| Code: | [enable]
//Updated By RolfAdolf
//0.53 EMS
Alloc(filter,124)
label(ifreject)
label(end)
label(skip)
Alloc(iftable,512)
label(ifexit)
filter:
push ebx
push esi
xor ebx, ebx
mov esi,iftable
ifreject:
cmp eax,[esi]
je skip
cmp [esi],ebx
je end
add esi,4
jmp ifreject
skip:
mov eax,00
end:
pop esi
pop ebx
mov [edi+34], eax
mov edi, [ebp-14]
jmp ifexit
///////////////////////////////////////////////////////////////////
// Credits: //
// Nuclear (Changing values into hex and adding them to the list) //
// Uzeil (Item Filter Script) //
// http://global.hidden-street.net (Non-retarded Item Lists) //
// http://www.sauna.gibbed.us (Item values) //
///////////////////////////////////////////////////////////////////
iftable:
dd C350
dd a
//Usable Items
dd 1F6EE0 //Arrow for Bow
dd 1F72C8 //Arrow for Crossbow
dd 1F6EE1 //Bronze Arrow for Bow
dd 1F72C9 //Bronze Arrow for Crossbow
//Mini-Game Items
dd 3D7E3C //Monster Card
//----------------------------------------
dd 3D7E3D //Bloctopus Omok Piece
dd 3D7E31 //Mushroom Omok Piece
dd 3D7E3A //Octopus Omok Piece
dd 3D7E39 //Omok Table
dd 3D7E3F //Panda Teddy Omok Piece
dd 3D7E3B //Pig Omok Piece
dd 3D7E3E //Pink Teddy Omok Piece
dd 3D7E30 //Slime Omok Piece
dd 3D7E40 //Trixter Omok Piece
dd 00
004A4867: // 89 47 34 8B 7D EC 8B CE E8 DD 66 F7 FF 89 47 24
jmp filter
nop
ifexit:
[disable]
004A4867: // 89 47 34 8B 7D EC 8B CE E8 DD 66 F7 FF 89 47 24
mov [edi+34], eax
mov edi, [ebp-14]
dealloc(filter,124)
dealloc(iftable,512) |
|
|
| Back to top |
|
 |
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
| Posted: Wed Jun 24, 2009 5:57 am Post subject: |
|
|
in the address you'd like to change it's bytes to jmp code you need to calculate the bytes to jump
formula goes like: destination address - source address - 5 = bytes to jump
so if we'd like to change the address 004A4867 to jump to filter we'll do the following:
| Code: |
mov eax,004A4867h // eax is now pointing to our address
mov byte ptr [eax],E9h // the first byte at the address means jmp (e9)
//start calculating bytes to jmp
mov ebx,filter // filter is a label defined somewhere at the code it has it's own address
mov edx,eax
sub ebx,edx
sub ebx,5
mov dword ptr [eax+1h],ebx // now the other 4 bytes at the address are the bytes to jump
add eax,5
mov byte ptr [eax],0x90 // nop
|
after you jump to filter it suppose to be written the same i guess
i just didn't check the whole code
|
|
| Back to top |
|
|
Franc[e]sco
Expert Cheater
![]() Reputation: 0
Joined: 22 Mar 2008
Posts: 190
|
| Posted: Wed Jun 24, 2009 6:43 am Post subject: |
|
|
| What about the DD's? They all give me error :/
|
|
| Back to top |
|
|
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
| Posted: Wed Jun 24, 2009 7:03 am Post subject: |
|
|
you can't define them inside your code segment
that's why you have data segment for variables definition
it usually depends on what assembler you use to compile your code
or you try to use inline assembly at C++?!
dd means Define Double (Double Word)
so basically you write the value you defined into the address
lets say eax hold the address of "iftable"
so it should goes like:
| Code: |
// program format is for nasm compiler
SECTION .DATA // the data section
dd var1 1234h // and all other values
SECTION .TEXT // the code segment
lea eax,iftable // should move the effective address of iftable to eax
mov eax,dword ptr ds:[var1]
|
remember to increment eax every time you insert the value into the address
|
|
| Back to top |
|
|
Franc[e]sco
Expert Cheater
![]() Reputation: 0
Joined: 22 Mar 2008
Posts: 190
|
| Posted: Wed Jun 24, 2009 7:09 am Post subject: |
|
|
I'm trying to use inline assembly, cause scripts like these are complicated to translate to pure c++ for me, cause im not that good at Auto Assembler 
|
|
| Back to top |
|
|
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
| Posted: Wed Jun 24, 2009 7:12 am Post subject: |
|
|
so instead just define all the dd's outside of the asm code and use it like this
| Code: |
DWORD var1 = 0x1234;
__asm
{
lea eax,iftable
mov eax,dword ptr ds:[var1]
add eax,4
}
|
that should be something like that
|
|
| Back to top |
|
|
Franc[e]sco
Expert Cheater
![]() Reputation: 0
Joined: 22 Mar 2008
Posts: 190
|
| Posted: Wed Jun 24, 2009 7:51 am Post subject: |
|
|
So i could even do it directly like this:
| Code: | lea eax,iftable
mov eax,C350h
add eax,2
// mov eax,a <-- wtf?
mov eax,1F6EE0h // Arrow For Bow
add eax,3
mov eax,00h
add eax,1 |
And by the way, what is that "dd a" in the auto assembler code? it doesnt look like hex :/ how should i translate it?
|
|
| Back to top |
|
|
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
| Posted: Wed Jun 24, 2009 10:13 am Post subject: |
|
|
well i guess it means A0 which means 160 decimal or 0A which means 10
try both ways and see what's good
|
|
| Back to top |
|
|
Franc[e]sco
Expert Cheater
![]() Reputation: 0
Joined: 22 Mar 2008
Posts: 190
|
| Posted: Wed Jun 24, 2009 1:48 pm Post subject: |
|
|
This is what i came up with but i believe all the jumps are wrong i just dont get assembly, sorry. Btw it gives error on lines like this one "mov byte ptr [esi],E9h"
| Code: | filter:
push ebx
push esi
xor ebx, ebx
mov esi,iftable
ifreject:
cmp eax,[esi]
je skip
cmp [esi],ebx
je end
add esi,4
mov byte ptr [esi],E9h
mov ebx,ifreject
mov edx,esi
sub ebx,edx
sub ebx,5
mov dword ptr [esi+1h],ebx
skip:
mov eax,00h
end:
pop esi
pop ebx
mov [edi+34], eax
mov edi, [ebp-14]
mov byte ptr [eax],E9h
mov ebx,ifexit
mov edx,eax
sub ebx,edx
sub ebx,5
mov dword ptr [eax+1h],ebx
lea eax,iftable
mov eax,C350h
add eax,2
mov eax,a
// Arrows
mov eax,1F6EE0h // Arrow For Bow
add eax,3
mov eax,1F72C8h //Arrow for Crossbow
add eax,3
mov eax,1F6EE1h //Bronze Arrow for Bow
add eax,3
mov eax,1F72C9h //Bronze Arrow for Crossbow
add eax,3
// Mini-Game Items
mov eax,3D7E3Ch //Monster Card
add eax,3
// ----------------------------------------------
mov eax,3D7E3Dh //Bloctopus Omok Piece
add eax,3
mov eax,3D7E31h //Mushroom Omok Piece
add eax,3
mov eax,3D7E3Ah //Octopus Omok Piece
add eax,3
mov eax,3D7E39h //Omok Table
add eax,3
mov eax,3D7E3Fh //Panda Teddy Omok Piece
add eax,3
mov eax,3D7E3Bh //Pig Omok Piece
add eax,3
mov eax,3D7E3Eh //Pink Teddy Omok Piece
add eax,3
mov eax,3D7E30h //Slime Omok Piece
add eax,3
mov eax,3D7E40h //Trixter Omok Piece
add eax,3
mov eax,00h
add eax,1
mov eax,aSuperTubi
mov byte ptr [eax],E9h
mov ebx,filter
mov edx,eax
sub ebx,edx
sub ebx,5
mov dword ptr [eax+1h],ebx
add eax,5
mov byte ptr [eax],0x90
ifexit: |
|
|
| Back to top |
|
|
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
| Posted: Wed Jun 24, 2009 2:06 pm Post subject: |
|
|
| in which assembler you use?
|
|
| Back to top |
|
|
Franc[e]sco
Expert Cheater
![]() Reputation: 0
Joined: 22 Mar 2008
Posts: 190
|
| Posted: Wed Jun 24, 2009 2:12 pm Post subject: |
|
|
| inline c++ assembler
|
|
| Back to top |
|
|
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
| Posted: Wed Jun 24, 2009 2:13 pm Post subject: |
|
|
oh right lol i forgot XDDD
wait i'll check it out and edit msg
edit 1:
you shouldn't write 'h' at the end of hexadecimal number
in C++ hexadecimal are written with 0x before the number
like:
| Code: |
mov byte ptr [esi],0xE9
|
edit 2:
now that i know it's inline asm you want to translate to
it should be written other way.
first, to calculate the jump bytes you can use easier way
add that macro to the top of your code
| Code: |
#define JMP(frm,to) (((int)to - (int)frm) - 5
|
now when you want to change the bytes to jump to your code cave (that is 'filter')
just use it like
| Code: |
DWORD Address = 0x004A4867;
*(BYTE*)Address = 0xE9;
*(DWORD*)(Address + 1) = JMP(Address,filterCodeCave); // filterCodeCave will be naked function that will be defined b4
__declspec(naked) void filterCodeCave (void)
{
__asm
{
// code cave's code goes here
// at the end of your code you should return to original address so
jmp dword ptr ds:[Address + 5]
}
}
|
|
|
| Back to top |
|
|
Franc[e]sco
Expert Cheater
![]() Reputation: 0
Joined: 22 Mar 2008
Posts: 190
|
| Posted: Wed Jun 24, 2009 3:14 pm Post subject: |
|
|
Is this right? And im starting to get it, i saw similar stuff in Kitterz Trainer Source 
Btw the compiler says that label iftable is not defined, and its not a label x_x. If im not wrong it should be an array of bytes?
| Code: | void __declspec(naked) __stdcall FilterCC()
{
__asm
{
push ebx
push esi
xor ebx, ebx
mov esi,iftable
}
}
void ItemFilter(bool active) // Item Filter
{
DWORD d[2];
VirtualProtect((PVOID)aItemFilter,124,PAGE_EXECUTE_READWRITE,&d[0]);
switch(active)
{
case true:
__asm
{
ifreject:
cmp eax,[esi]
je skip
cmp [esi],ebx
je end
add esi,4
jmp ifreject
skip:
mov eax,0x00
end:
pop esi
pop ebx
mov [edi+34], eax
mov edi, [ebp-14]
jmp ifexit
lea eax,iftable
mov eax,0xC350
add eax,2
mov eax,0xA0
// Arrows
mov eax,0x1F6EE0 // Arrow For Bow
add eax,3
mov eax,0x1F72C8 //Arrow for Crossbow
add eax,3
mov eax,0x1F6EE1 //Bronze Arrow for Bow
add eax,3
mov eax,0x1F72C9 //Bronze Arrow for Crossbow
add eax,3
// Mini-Game Items
mov eax,0x3D7E3C //Monster Card
add eax,3
// ----------------------------------------------
mov eax,0x3D7E3D //Bloctopus Omok Piece
add eax,3
mov eax,0x3D7E31 //Mushroom Omok Piece
add eax,3
mov eax,0x3D7E3A //Octopus Omok Piece
add eax,3
mov eax,0x3D7E39 //Omok Table
add eax,3
mov eax,0x3D7E3F //Panda Teddy Omok Piece
add eax,3
mov eax,0x3D7E3B //Pig Omok Piece
add eax,3
mov eax,0x3D7E3E //Pink Teddy Omok Piece
add eax,3
mov eax,0x3D7E30 //Slime Omok Piece
add eax,3
mov eax,0x3D7E40 //Trixter Omok Piece
add eax,3
mov eax,0x00
add eax,1
}
*(BYTE*)aItemFilter = 0xE9;
*(DWORD*)(aItemFilter + 1) = JMP(aItemFilter,FilterCC); // Jump to the CodeCave
break;
case false:
__asm
{
mov eax,aItemFilter
mov [edi+34], eax
mov edi, [ebp-14]
}
break;
}
VirtualProtect((PVOID)aItemFilter,124,d[0],&d[1]);
} |
|
|
| Back to top |
|
|
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
| Posted: Wed Jun 24, 2009 3:27 pm Post subject: |
|
|
first what you did is wrong
look what you have done
lets look at the Arrows part
you moved the value of arrow for bow to eax which means eax points to the address - 0x1F6EE0 (the value of arrows)
and right after that you add eax 3 and repeat that
that's wrong cuz the values means bytes inside the address
so you should write the values to the address and not set eax to point to the address
so instead doing:
| Code: |
mov eax,0x1F6EE0
add eax,3
|
it should go like
| Code: |
mov [eax],0x1F6EE0
add eax,3
|
in that way it will add the value that contains the address that pointed by eax the value of arrows
and after that eax will point to the address + 3
i'll look for other mistakes
edit:
ok take a look at this
i tried to convert it all well almost all you'll add the values later it's too much
but one thing about the bytes organization
they should be written backwards.
| Code: |
#include <windows.h>
#define JMP(frm,to) (((int)to - (int)frm) - 5)
DWORD Address = 0x004A4867;
__declspec(naked) void FilterCC (void)
{
__asm
{
push ebx
push esi
xor ebx,ebx
mov esi,iftable
ifreject:
cmp eax,[esi]
je skip
cmp [esi],ebx
je end
add esi,4
jmp ifreject
skip:
xor eax,eax
end:
pop esi
pop ebx
mov [edi+0x34],eax
mov edi,[ebp-14]
jmp dword ptr ds:[Address + 5]
iftable:
mov [edx],0xE06E1F
add edx,4
mov [edx],0xC8721F
add edx,4
mov [edx],0xE16E1F
add edx,4
mov [edx],0xC9721F
add edx,4
// etc . .
}
}
BOOL __stdcall DllMain (__in HMODULE hModule, __in DWORD ul_reason_for_call, __in LPVOID lpvReserved)
{
switch (ul_reason_for_call) {
case DLL_PROCESS_ATTACH:
DWORD Old;
VirtualProtect((LPVOID)Address,5,PAGE_EXECUTE_READWRITE,&Old);
*(BYTE*)Address = 0xE9;
*(DWORD*)(Address + 1) = JMP(Address,FilterCC);
break;
}
return TRUE;
}
|
i did it on dll project so just ignore it (DllMain and all) it could be done in executable as well just notice to what i'v done.
there's might a bit of a chance that it won't work fine, lets hope not
but i guess it make sense
Last edited by Stylo on Wed Jun 24, 2009 3:46 pm; edited 1 time in total |
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Wed Jun 24, 2009 3:45 pm Post subject: |
|
|
Haha this is the exact way I do my item filter lol.
I declare a table with VirtualAlloc and copy the contents there.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
