 |
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
magellenproject Advanced Cheater
Reputation: 0
Joined: 23 Nov 2011 Posts: 59
|
Posted: Wed Dec 21, 2016 9:46 am Post subject: ***UNIQUE FEATURE SUGGESTION FOR CE DONT IGNORE, TRUST ME*** |
|
|
After dabbling in Auto Assembler for sometime, it occurs to me that some kind of predictive guessing algorithm might help casual users.
something that will make suggestions after analyzing your code and tell you straight away at least basic things like reminding about the register to register rules, and maybe more useful things like explaining in a simplified form what your AA will do in the game.
CE doesn't need to be kept Elitist does it?
Or do the Forum members like the Elitism of CE.
I don't mean that negatively, Elitism I suppose can have its advantages.
Maybe Dark byte and the developers could implement something like that for CE, so that casual users/noobs who don't or haven't the time to spend every waking hour learning assembly. Can have the AA Predictive/contextual Guessing say things like:
Are you trying to do this, if so may I suggest, you try this opcode instead.
I mean just a friendly reminder that your cant do register to register, would be nice. There are people out there who dont even know the hotkeys for copy and paste( Ctrl+C, Ctrl+V Ctrl+X) what are they suppose to do?
|
|
Back to top |
|
 |
STN I post too much
Reputation: 43
Joined: 09 Nov 2005 Posts: 2676
|
Posted: Wed Dec 21, 2016 10:14 am Post subject: |
|
|
You know you can learn all this in less than an hour. The instructions are so simple, they're pretty much basic Engliish.
Anyhow what you're asking for requires Artificial intelligence and i don't think we have advanced that much yet. If it was possible, we might as well have trainers go and make themselves
_________________
|
|
Back to top |
|
 |
ParkourPenguin I post too much
Reputation: 152
Joined: 06 Jul 2014 Posts: 4695
|
Posted: Wed Dec 21, 2016 10:58 am Post subject: |
|
|
So... static code analysis.
First of all, you're delusional. It is virtually impossible to write a magic program that knows what the user wants done and can tell the user how to do it, and all the more so that CE can guess what a code injection will do to the target in terms of high-level concepts (e.g. this gives infinite ammo). It might be useful to know that overwriting executable memory will not end in the middle of an instruction (as is the case with the single-line assembler), but even that could give false positives and won't be completely comprehensive. Meager optimizations like "This register was set but is never used" would identify even less errors and would be more of an annoyance than it's worth IMO.
Errors are already handled sufficiently. If an instruction can't be assembled, CE will tell the user so and will point out which instruction it was. Any attempt to guess what the user intended would commonly result in failure and confusion for the ignorant. Higher-level analysis using the order instructions appear in doesn't make sense for a low-level language like assembly. Write instructions down, and the processor will execute them in the order they appear in. It's up to the user to know what the instructions do.
If you want to know what an instruction does and/or why an instruction can't be assembled, use a manual (see Intel's Software Developer's Manuals). There are also many basic instruction set references online you can find by using a search engine.
You don't need to spend that much time to learn assembly. Having no previous knowledge of assembly, I learned the basics by spending a couple hours a day studying it for a week. After that, I could easily make sense of the manual and learn everything else there is to know on an as-needed basis.
Someone who doesn't know the shortcuts for cut/copy/paste shouldn't be using the AA in the first place. It shows a lack of basic computer science knowledge in that the shortcuts are so commonplace that searching for it would immediately give you the answer. Ignorance is not an excuse. If you don't know how to do something, learn. There are many people here willing to help correct mistakes. For example, register-to-register operations are allowed for many instructions. It's memory-to-memory operations that aren't allowed.
Code: | // allowed
mov eax,ecx
sub ebx,esi
addss xmm0,xmm1
// not allowed
mov [eax],[ecx]
sub [0051D3E8],[edi]
addss [eax],[ebx] |
If you don't want to learn but still want something done, ask someone else to do it for you.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
 |
magellenproject Advanced Cheater
Reputation: 0
Joined: 23 Nov 2011 Posts: 59
|
Posted: Wed Dec 21, 2016 2:15 pm Post subject: Thankyou....but... |
|
|
Quote: | So... static code analysis. |
I Don't know what that is..
Quote: | First of all, you're delusional. It is virtually impossible to write a magic program that knows what the user wants done and can tell the user how to do it, and all the more so that CE can guess what a code injection will do to the target in terms of high-level concepts (e.g. this gives infinite ammo). |
If you say so.
Delusional, I must point out, implies some prior knowledge. This is something i thought I was communicating to you by, and was evident, in the kinds of questions i am asking. If I don't know about x am I ask whether x is possible then that's not "delusional".
To Reiterate to all Really Techie (everyone) Forum members...
**Ahem....cough...clears throat**
I Have No Idea What I'm doing
Quote: | It might be useful to know that overwriting executable memory will not end in the middle of an instruction (as is the case with the single-line assembler), but even that could give false positives and won't be completely comprehensive. Meager optimizations like "This register was set but is never used" would identify even less errors and would be more of an annoyance than it's worth IMO. |
I have NO idea what that means
Quote: | Errors are already handled sufficiently. If an instruction can't be assembled, CE will tell the user so and will point out which instruction it was. Any attempt to guess what the user intended would commonly result in failure and confusion for the ignorant. Higher-level analysis using the order instructions appear in doesn't make sense for a low-level language like assembly. Write instructions down, and the processor will execute them in the order they appear in. It's up to the user to know what the instructions do. |
^^That's a very good Point, thankyou.
Quote: | Someone who doesn't know the shortcuts for cut/copy/paste shouldn't be using the AA in the first place. It shows a lack of basic computer science knowledge in that the shortcuts are so commonplace that searching for it would immediately give you the answer. Ignorance is not an excuse. If you don't know how to do something, learn. There are many people here willing to help correct mistakes. For example, register-to-register operations are allowed for many instructions. It's memory-to-memory operations that aren't allowed. |
I was using an extreme example to prove a point by analogy.
|
|
Back to top |
|
 |
ParkourPenguin I post too much
Reputation: 152
Joined: 06 Jul 2014 Posts: 4695
|
Posted: Wed Dec 21, 2016 2:55 pm Post subject: |
|
|
Static code analysis refers to an examination of some code without executing it. This is what you were asking for in your request. It seemed like you didn't know the right term in the first post.
"Delusional" does not have to imply prior knowledge.
The part of my post you didn't understand was just two features that could potentially be useful but actually aren't. Users who know what they're doing have little need for them, and those that don't know what they're doing evidently won't know how to use that information.
I don't know what point you were trying to prove by asking what people who don't know the hotkeys for cut/copy/paste are suppose to do. If you don't know something, learn. You can find pretty much everything by searching for it nowadays. If you can't be bothered to learn, then either give up or get someone else to do it for you.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
 |
magellenproject Advanced Cheater
Reputation: 0
Joined: 23 Nov 2011 Posts: 59
|
Posted: Wed Dec 21, 2016 5:57 pm Post subject: Okay then. :) |
|
|
Fair enough ParkourPenguin.
I suppose that's true. Thankyou for your replies.
I appreciate the help a lot.
I just bloody realised I was using the wrong value in my script as ONE possible reason why it didn't work...see:
[esi+10] Is 2 NOT flipping 10 like i thought, i forget to note it down after I dissected it from the base [ESI].
I only realised later. Grrrrr i'm annoyed with myself for not doing that.
The values are floats in Mysteries Of the Sith, unlike the values i was working with for my Return to Castle Wolfenstein Script.
Which worked like Dream!!.
Do floats work differently from non-floats?
Code: | [ENABLE]
aobscanmodule(aobHealth,JKM.EXE,D8 64 24 1C 3B 35 A8 40 8D 00)
alloc(newmem,$2000)
label(onehitkill)
label(hurtsme)
label(playerCheck)
label(return)
newmem:
playerCheck:
push eax
mov eax,[esi+10] (2!!)
cmp eax,10 (2!!)
pop eax
jne onehitkill
jmp hurtsme
onehitkill:
mov [esi+0000013C],0
jmp return
hurtsme:
fstp dword ptr [esi+0000013C]
jmp return
aobHealth:
jmp playerCheck
nop
return:
registersymbol(onehitkill)
[DISABLE]
aobHealth:
db D8 64 24 1C 3B 35 A8 40 8D 00
unregistersymbol(aobHealth)
dealloc(newmem)
|
Basically I still don't know if the above will work on mysteries of the sith.
|
|
Back to top |
|
 |
ParkourPenguin I post too much
Reputation: 152
Joined: 06 Jul 2014 Posts: 4695
|
Posted: Wed Dec 21, 2016 6:42 pm Post subject: |
|
|
I'm not sure what you mean with 10 and 2: are you talking about the instruction mov eax[esi+10], or cmp eax,10? Is the value at [esi+10] a float, or were you only talking about [esi+13C]?
Yes, floats work differently from integers. However, due to the fact that single-precision floating point values take up a dword, you can move them as an immediate perfectly fine. CE can interpret a number as a float if it is prefixed by (float):
Code: | mov [ebx],10 // 10 is a 4-byte integer
mov [ebx],(float)10 // 10 is a float | In your case, this is unnecessary since 0 as an integer also translates to 0 as a float.
The problem is when eax is not equal to 10: nothing would be popped from the FPU stack, and it would be left unbalanced.
Code: | onehitkill:
fstp st(0)
mov [esi+0000013C],0
jmp return |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
 |
predprey Master Cheater
Reputation: 24
Joined: 08 Oct 2015 Posts: 486
|
Posted: Wed Dec 21, 2016 7:02 pm Post subject: |
|
|
nope. this feature is like intellisense for ASM, not something a single person can code in, and even if it were it would make better sense to patent it or something and sell it to other companies than put it into some open source software.
|
|
Back to top |
|
 |
magellenproject Advanced Cheater
Reputation: 0
Joined: 23 Nov 2011 Posts: 59
|
Posted: Thu Dec 22, 2016 5:10 am Post subject: Cheers all. :-) |
|
|
predprey wrote: | nope. this feature is like intellisense for ASM, not something a single person can code in, and even if it were it would make better sense to patent it or something and sell it to other companies than put it into some open source software.  |
That makes sense ....
I just figured out SOMETHING ELSE... damn there is so much to learn, AND remember.
If I make an aobscan for a symbol to register on my table and then use that symbol in my data dissect window(something i didn't know), then i can use plus AND(together) minus to find [ESI] in this particular context.
HEALTH+15-13C = [ESI]
^I had to use this jumbled formula because aobscan was having trouble finding any question-marked value that consistently stayed the same with out problems that gave me a pointer i could use.(through registersymbol)
aobscans are still the only reliable way i am able to make pointers.
It seems i find aobscans are more noob friendly.
Can I use as many plus and minuses as i want in data dissect then??
Quote: | However, due to the fact that single-precision floating point values take up a dword, you can move them as an immediate perfectly fine. CE can interpret a number as a float if it is prefixed by (float): |
I did not know that.
Why are they called single precision floating values?
Quote: |
Code:
mov [ebx],10 // 10 is a 4-byte integer
mov [ebx],(float)10 // 10 is a float
In your case, this is unnecessary since 0 as an integer also translates to 0 as a float. |
So are you saying because 10 has 0 in it, it is unnecessary?
Quote: | The problem is when eax is not equal to 10: nothing would be popped from the FPU stack, and it would be left unbalanced.
Code:
onehitkill:
fstp st(0)
mov [esi+0000013C],0
jmp return |
I didn't know that either..
|
|
Back to top |
|
 |
ParkourPenguin I post too much
Reputation: 152
Joined: 06 Jul 2014 Posts: 4695
|
Posted: Thu Dec 22, 2016 9:51 am Post subject: |
|
|
magellenproject wrote: | Can I use as many plus and minuses as i want in data dissect then?? |
If you want to, I suppose so. An alternative would be to simplify that expression. 15-13C = -127. Math still works even if you use numbers in a different base.
magellenproject wrote: | Why are they called single precision floating values? |
IEEE 754, a standard for floating point arithmetic, defines several binary floating-point formats. The two most commonly used ones are binary32 (aka single-precision floating point, single, or float) and binary64 (aka double-precision floating point or double). As their names imply, a double takes up twice as much memory as a float but offers more precision.
To answer your question exactly, the IEEE are responsible for the nomenclature of their standards. Setting the baseline at a 32-bit format made sense because it was a decent balance between its efficacy (i.e. precision & range) and overhead (i.e. CPU utilization & memory usage).
magellenproject wrote: | So are you saying because 10 has 0 in it, it is unnecessary? |
No. The code above that was just an example when the explicit distinction of (float) would make a difference.
In your case (i.e. mov [esi+0000013C],0), putting (float) before 0 won't make a difference.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
 |
magellenproject Advanced Cheater
Reputation: 0
Joined: 23 Nov 2011 Posts: 59
|
Posted: Fri Dec 23, 2016 9:41 am Post subject: This is all good to know. :) |
|
|
ParkourPenguin wrote: | I'm not sure what you mean with 10 and 2: are you talking about the instruction mov eax[esi+10], or cmp eax,10? Is the value at [esi+10] a float, or were you only talking about [esi+13C]?
I think it might be a byte. I think it might be, i could be wrong i will have to recheck.
I dissected a couple of times and forgot to decide what i should write down and what i should not write down. And then write it down.
I meant this in relation to the script i was trying to write for mysteries of the sith, a one hit kill. I started another thread about it. But as you asked i am mentioning it here. :/ Something allong the lines of:
aobscan(&&&&, && && && && &&)
label(&&&&&)
label(&&&&&)
label(&&&&&)
push eax
mov eax,2
cmp eax,[ESI+10]
jne killimperialtroops
killimperialtroops:
mov [esi+0000013C], 0 // I now know i don't have declare this as a float Thankyou Parkourpenguin. Learning is repetition though.
Yes, floats work differently from integers. However, due to the fact that single-precision floating point values take up a dword, you can move them as an immediate perfectly fine. CE can interpret a number as a float if it is prefixed by (float):
Code: | mov [ebx],10 // 10 is a 4-byte integer
mov [ebx],(float)10 // 10 is a float | In your case, this is unnecessary since 0 as an integer also translates to 0 as a float.
The problem is when eax is not equal to 10: nothing would be popped from the FPU stack, and it would be left unbalanced.
Code: | onehitkill:
fstp st(0)
mov [esi+0000013C],0
jmp return |
|
If a floating point number does not take up a dword, then i can move them as immediate perfectly fine. Or do you mean by implication that floating point numbers always take up a dword?
Is the FPU stack different from the regular stack?
My Goodness me. Doubles came up in my search results when i did a memory scan, that makes my head hurt. If you saying DOUBLES are 64bit(My OS is 32?) then why in blue yonder would i be getting DOUBLES.
Mysteries of the Sith is a game from the stone age, its probably 16bit, why would i be getting DOUBLES on a Twenty year old game. Why do computers always like to screw with my head.. LOL.
|
|
Back to top |
|
 |
mgr.inz.Player I post too much
Reputation: 222
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Fri Dec 23, 2016 11:09 am Post subject: |
|
|
You ain't seen nothing yet.
Few of floating type types:
- single, aka float, aka single-precision floating-point, is 32 bit floating point values,
- double, aka double-precision floating-point, is 64 bit floating point values,
- extended, aka double extended, aka long double, is 80 bit floating point values,
All of them were avaible before 64bit CPU (and 64bit OS) appeared.
_________________
|
|
Back to top |
|
 |
ParkourPenguin I post too much
Reputation: 152
Joined: 06 Jul 2014 Posts: 4695
|
Posted: Fri Dec 23, 2016 11:15 am Post subject: |
|
|
magellenproject wrote: | I think it might be a byte. I think it might be, i could be wrong i will have to recheck. |
I'm assuming "it" refers to the value at [eax+10]. +2 seems like a strange offset to have, so I'll also assume you mean the immediate 10 should have been 2. If so, this is what you should be doing:
Code: | ...
playerCheck:
cmp byte ptr[esi+10],2
je hurtsme
onehitkill:
... |
magellenproject wrote: | If a floating point number does not take up a dword, then i can move them as immediate perfectly fine. Or do you mean by implication that floating point numbers always take up a dword? |
There are 5 data types that are fundamental to x86 / x86-64 architectures. The only difference between them is how much memory they take up:
- Byte - 1 byte
- Word - 2 bytes
- DWord - 4 bytes
- QWord - 8 bytes
- DQWord - 16 bytes
The instructions used to modify these values determine the semantic value type of the value. They can be treated as generic data (mov), integers (add/sub), unsigned integers (mul,div), signed integers (imul, idiv), single-precision floating point values (addss), double-precision floating point values (addsd), and other less frequently used value types (e.g. bitfield, bcd, etc.).
When I said a float "takes up a dword," I meant a float has the same size as a dword: 4 bytes. A double, on the other hand, takes up twice as much memory as a float: 8 bytes, or a qword. When running 32-bit applications, it is easy to move anything that takes up a dword because it can fit into one of the general-purpose registers:
Code: | // say [ebx] contains a float
mov eax,[ebx] // moves the 4 bytes at the address ebx into eax
mov [edx],eax // moves the 4 bytes in eax into the value at the address edx |
However, to move a double in a 32-bit application, it would require twice as many memory accesses:
Code: | // now, say [ebx] contains a double
mov eax,[ebx] // move the first 4 bytes
mov [edx],eax
mov eax,[ebx+4] // move the last 4 bytes
mov [edx+4],eax |
This also applies to immediates.
Code: | mov [ebx],(float)7.7 // perfectly fine
mov [ebx],(double)7.7 // error: will only move the first 4 bytes
// to move a double, you must explicitly move the data 4 bytes at a time
mov [ebx],CCCCCCCD
mov [ebx+4],401ECCCC |
In a 64-bit application, this isn't necessary since there are 8-byte registers available for use (e.g. rax) and it is possible to encode 8-byte immediate values for some instructions (e.g. mov r64,imm64).
magellenproject wrote: | Is the FPU stack different from the regular stack? |
Yes. "The stack" is more or less the area in memory ESP points to. "The FPU stack" is really just a collection of 8 registers whose interface is that of a stack. In the FPU stack, st(0) represents the register at the top of the stack, st(1) represents the next register, and so on.
Regardless, the original code you overwrote in your code injection was fstp dword ptr [esi+0000013C]. The operation fstp basically means "Take the value at the top of the FPU stack, store it at this address, and remove it from the stack." Storing the value at the address isn't particularly important to the game, but popping the value from the FPU stack is. The game assumes that the value has been popped from the FPU stack. If that assumption is false, and the game tries to access the FPU stack as if a value was popped from it, the game may crash eventually. Thus, it is important to remove the value at the top of the FPU stack with fstp st(0) if you don't want to execute the original code.
magellenproject wrote: | My Goodness me. Doubles came up in my search results when i did a memory scan, that makes my head hurt. If you saying DOUBLES are 64bit(My OS is 32?) then why in blue yonder would i be getting DOUBLES.
Mysteries of the Sith is a game from the stone age, its probably 16bit, why would i be getting DOUBLES on a Twenty year old game. |
x87, a floating point-related instruction set extension, has always been able to work on floats and doubles even on 16-bit operating systems (e.g. the 8087 coprocessor). The fact that your OS is 32-bit has no correlation with its ability to work with doubles, nor should it be exceptionally surprising an old game uses doubles for something.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
 |
magellenproject Advanced Cheater
Reputation: 0
Joined: 23 Nov 2011 Posts: 59
|
Posted: Fri Dec 23, 2016 7:04 pm Post subject: I have bothered to try to learn! |
|
|
Quote: | I don't know what point you were trying to prove by asking what people who don't know the hotkeys for cut/copy/paste are suppose to do. If you don't know something, learn. You can find pretty much everything by searching for it nowadays. If you can't be bothered to learn, then either give up or get someone else to do it for you. |
I have read a lot of educational based reading on assembly language opcodes etc. I have not really written any programs in Assembler though. Or made any attempt to try and write any programs.
I'm assuming there are some people here who have written programs in assembly?
I have done the following:
[list=] Registered with this site http://www.tutorialspoint.com/
https://www.tutorialspoint.com/compile_assembly_online.php
(I did the first example, I can't remember if i did the 2nd)
DL and read the Tutorial PDF https://www.tutorialspoint.com//assembly_programming/index.htm
(I read it every now and then, when I cant sleep, or I'm bored, or I need something to sedate me..lol)
Skim read the first 40-90 pages of This: http://amzn.to/2ibemMg Allen Wyatt QUE ( I OWN IT)
Found an old epub scan of a 30 year old book somewhere..cant remember where I got it from.
[/list] ARG why doesn't LIST work?!
The point is, I have persevered when it comes to this stuff.
Obviously there is a big difference between me just persevering and me learning properly from actually writing programs.
I've only done the former.
|
|
Back to top |
|
 |
Zanzer I post too much
Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Fri Dec 23, 2016 7:56 pm Post subject: |
|
|
- For Me

|
|
Back to top |
|
 |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|