| View previous topic :: View next topic |
| Author |
Message |
LeglessQuasimodo
Newbie cheater
![]() Reputation: 0
Joined: 01 Jun 2015
Posts: 18
Location: Amerika
|
 Posted: Fri Sep 18, 2015 7:06 pm Post subject: [edx+ecx] |
 |
|
Hello having some problems here,I am practicing my skills on a easy game this time,last time I did with MGSGZ and had success,now I am trying again with another game,so far the approach is the same
this is the script for MGS for unlimited ammo (which works)
| Code: |
newmem:
mov [r11],esi
mov esi,[r11+0000004]
originalcode:
mov [r11],esi
sub esi,r9d
|
my approach for this new game is the same,get hp value,dissect data
what I have is 0001 for current hp and and 005E for max hp,but I always get a crash
this is the code (does not work,insta crash)
| Code: |
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov [edx+ecx],ax
mov ax,[edx+ecx+000005E]
originalcode:
mov [edx+ecx],ax
add esp,08
|
Will appreciate some light here (teach me like i'm 5) 
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25813
Location: The netherlands
|
| Posted: Fri Sep 18, 2015 7:12 pm Post subject: |
|
|
does it crash if you remove your custom code between newmem and originalcode?
if so, your hook code may be wrong (e. g a nop too much or too little) or the originalcode is wrong (try the alternate methid and use the db xx xx xx xx code instead)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
LeglessQuasimodo
Newbie cheater
![]() Reputation: 0
Joined: 01 Jun 2015
Posts: 18
Location: Amerika
|
| Posted: Fri Sep 18, 2015 7:58 pm Post subject: |
|
|
| Dark Byte wrote: | does it crash if you remove your custom code between newmem and originalcode?
if so, your hook code may be wrong (e. g a nop too much or too little) or the originalcode is wrong (try the alternate methid and use the db xx xx xx xx code instead) |
haven't tried freezing the script before,but just as you said I gave it a shot,and guess what? crash.
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Fri Sep 18, 2015 8:13 pm Post subject: |
|
|
Just a guess, but it looks like you might be near the end of the function.
There may be a JMP within that jumps directly to the instruction: add esp,08
Your injection, of course, replaced those bytes so it is now jumping into the middle of your replacement.
Try your injections 1 or 2 instructions above your current.
|
|
| Back to top |
|
|
LeglessQuasimodo
Newbie cheater
![]() Reputation: 0
Joined: 01 Jun 2015
Posts: 18
Location: Amerika
|
| Posted: Fri Sep 18, 2015 8:29 pm Post subject: |
|
|
| Zanzer wrote: | Just a guess, but it looks like you might be near the end of the function.
There may be a JMP within that jumps directly to the instruction: add esp,08
Your injection, of course, replaced those bytes so it is now jumping into the middle of your replacement.
Try your injections 1 or 2 instructions above your current. |
| Code: |
VisualBoyAdvance.exe+35970 - jae VisualBoyAdvance.exe+359AC
VisualBoyAdvance.exe+35972 - and edx,000003FE
VisualBoyAdvance.exe+35978 - mov [esp],edx
VisualBoyAdvance.exe+3597B - mov [esp+04],ax
VisualBoyAdvance.exe+35980 - call VisualBoyAdvance.exe+345B0
VisualBoyAdvance.exe+35985 - add esp,08
VisualBoyAdvance.exe+35988 - pop ebx
VisualBoyAdvance.exe+35989 - ret
VisualBoyAdvance.exe+3598A - and edx,00007FFE
VisualBoyAdvance.exe+35990 - mov ecx,[VisualBoyAdvance.CxImageJPG::`vftable'+18254]
VisualBoyAdvance.exe+35996 - mov [edx+ecx],ax
VisualBoyAdvance.exe+3599A - jmp VisualBoyAdvance.exe+359AC
VisualBoyAdvance.exe+3599C - and edx,0003FFFE
VisualBoyAdvance.exe+359A2 - mov
ecx,[VisualBoyAdvance.CxImageJPG::`vftable'+18250]
my current instruct
VisualBoyAdvance.exe+359A8 - mov [edx+ecx],ax
VisualBoyAdvance.exe+359AC - add esp,08
|
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Fri Sep 18, 2015 8:39 pm Post subject: |
|
|
| So I was right. That first instruction jumps in the middle of your injection.
|
|
| Back to top |
|
|
LeglessQuasimodo
Newbie cheater
![]() Reputation: 0
Joined: 01 Jun 2015
Posts: 18
Location: Amerika
|
| Posted: Fri Sep 18, 2015 8:53 pm Post subject: |
|
|
| Zanzer wrote: | | So I was right. That first instruction jumps in the middle of your injection. |
I do understand your tip,but I still need an adult to hold my hand and guide me like I'm five remember? :p
so could you please tell me which instruction I should choose? because i already sick of those crashes..
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Fri Sep 18, 2015 9:08 pm Post subject: |
|
|
If you're lucky
| Code: | [ENABLE]
alloc(newmem,2048,VisualBoyAdvance.exe+359A2)
label(returnhere)
label(originalcode)
label(exit)
label(health_backup)
newmem:
originalcode:
health_backup
reassemble(VisualBoyAdvance.exe+359A2)
mov ax,[edx+ecx+000005E]
exit:
jmp returnhere
VisualBoyAdvance.exe+359A2:
jmp newmem
nop
returnhere:
registersymbol(health_backup)
[DISABLE]
VisualBoyAdvance.exe+359A2:
reassemble(health_backup)
dealloc(newmem) |
|
|
| Back to top |
|
|
LeglessQuasimodo
Newbie cheater
![]() Reputation: 0
Joined: 01 Jun 2015
Posts: 18
Location: Amerika
|
| Posted: Sat Sep 19, 2015 7:59 am Post subject: |
|
|
| Zanzer wrote: | If you're lucky
| Code: | [ENABLE]
alloc(newmem,2048,VisualBoyAdvance.exe+359A2)
label(returnhere)
label(originalcode)
label(exit)
label(health_backup)
newmem:
originalcode:
health_backup
reassemble(VisualBoyAdvance.exe+359A2)
mov ax,[edx+ecx+000005E]
exit:
jmp returnhere
VisualBoyAdvance.exe+359A2:
jmp newmem
nop
returnhere:
registersymbol(health_backup)
[DISABLE]
VisualBoyAdvance.exe+359A2:
reassemble(health_backup)
dealloc(newmem) |
|
was able to enable it w/o any crash,but the game glitched and as soon I disabled it the game crashed :/
could you please give me more help with this game,if so the possibility to download it? is a small game
I'm using a GBA emulator called VisualBoyAdvance size is 1.929KB and the rom is called 1986 - Pokemon Emerald (U)(TrashMan) with a size of 16.384KB
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
