View previous topic :: View next topic |
Author |
Message |
SER[G]ANT Expert Cheater Reputation: 10
Joined: 29 Dec 2005 Posts: 215 Location: Russia
|
Posted: Sun Jan 03, 2010 11:32 am Post subject: |
|
|
It would be good if was a option or plugin for convert the script in the POKE as in the TSearch.
For example:
CE SCRIPT
Code: |
[ENABLE]
006f5e61:
jmp 006f5e80
[DISABLE]
006f5e61:
je 006f5e80
|
2POKE
Code: |
[ENABLE]
6F5E61 EB 1D
//or
//06F5E61h 0EBh,01Dh
[DISABLE]
6F5E61 74 1D
//or
//06F5E61h 074h,01Dh
|
Last edited by SER[G]ANT on Tue Jan 05, 2010 10:33 am; edited 1 time in total |
|
Back to top |
|
|
smartz993 I post too much Reputation: 2
Joined: 20 Jun 2006 Posts: 2013 Location: USA
|
Posted: Sun Jan 03, 2010 12:32 pm Post subject: |
|
|
SER[G]ANT wrote: | It would be good if was a option or plugin for the translation of the script in the POKE as in the TSearch.
For example:
CE SCRIPT
Code: |
[ENABLE]
006f5e61:
jmp 006f5e80
[DISABLE]
006f5e61:
je 006f5e80
|
2POKE
Code: |
[ENABLE]
6F5E61 EB 1D
//or
//06F5E61h 0EBh,01Dh
[DISABLE]
6F5E61 74 1D
//or
//06F5E61h 074h,01Dh
|
|
Yea, it's called db.
Code: |
[ENABLE]
6F5E61:
db EB 1D
[DISABLE]
6F5E61:
db 74 1D
|
|
|
Back to top |
|
|
SER[G]ANT Expert Cheater Reputation: 10
Joined: 29 Dec 2005 Posts: 215 Location: Russia
|
Posted: Sun Jan 03, 2010 3:32 pm Post subject: |
|
|
smartz993 wrote: |
Yea, it's called db.
Code: |
[ENABLE]
6F5E61:
db EB 1D
[DISABLE]
6F5E61:
db 74 1D
|
|
U don't understood me.
I use CE for hacking game only. Compile trainer in masm32 & I need convert the AAScript in the hex-value for this. I Сan rewrite manually hex-values from CE Debugger or use another program to copy hex-value from game memory but is very long and tedious. So... I have to rewrite CE AAScript to TSearch Script in "EASYWRITE INTERPRETATOR" because it have Script2Poke convertor.
Would be good if this function was in my favorite CE too.
Sry for my english
Last edited by SER[G]ANT on Mon Jan 04, 2010 11:01 am; edited 1 time in total |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25291 Location: The netherlands
|
Posted: Sun Jan 03, 2010 4:11 pm Post subject: |
|
|
this is something you'll have to do manually
but a tip to mak it easier: use the hexview part. Go to the generated code, select it, press ctrl+c
Keep in mind that this will not work if the script uses memory allocation or interpretable addresses (something you just can't do with pokes alone) _________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
GH*master Expert Cheater Reputation: 8
Joined: 10 Jan 2008 Posts: 159
|
Posted: Tue Feb 15, 2011 3:33 am Post subject: |
|
|
My suggestion for CE 6.1.
It's woking by CE 5.6 Rus v 1.0 modificated. It's not woking for Free Pascal Compiler |
|
Back to top |
|
|
GH*master Expert Cheater Reputation: 8
Joined: 10 Jan 2008 Posts: 159
|
Posted: Fri Feb 25, 2011 5:49 am Post subject: |
|
|
My suggestion about user's labels and process's labels.
Example:
Code: | [ENABLE]
processRegistersymbol(labelname1)
userRegistersymbol(labelname2)
alloc(nemem) // default user's symbol
$auto_userRegistersymbol // directive
newmem: // if define $auto_userRegistersymbol OR not define $auto_userRegistersymbol
process.labelname1:
mov eax,ebx
labelname2:
mov eax,ebx
user.labelname3: //correct if define $auto_userRegistersymbol
mov eax,ebx
labelname4: // correct if define $auto_userRegistersymbol
mov eax,ebx
user.labelname5: // correct if define $auto_userRegistersymbol OR not define $auto_userRegistersymbol
mov eax,ebx
jmp labelname1 // error!
jmp process.labelname1 // YES!
jmp labelname2 // YES!
jmp user.labelname2 // YES!
jmp process.labelname2 // error!
[DISABLE]
processUnRegistersymbol(labelname1)
userUnRegistersymbol(labelname1) // error!
userUnRegistersymbol(labelname2) // YES!
dealloc(nemem)// YES!
dealloc(user.lnemem)// YES!
dealloc(process.nemem)// error! |
|
|
Back to top |
|
|
GH*master Expert Cheater Reputation: 8
Joined: 10 Jan 2008 Posts: 159
|
Posted: Fri Mar 11, 2011 2:01 am Post subject: |
|
|
My suggestion about some new datatype and some changes...
New datatype
1) Structure from tool "Dessect data/structure"
2) LUA execut code
3) LUA framework execut Functions
4) AA execut Functions
5) AA framework execut Functions
New LUA functions (very important for advanced debugging and autocodeInjected by LUA Engine):
1) Dissassemble(addres) - return text only Dissassemble instruction, exemple "mov [eax],ebx"
2) Dissassemble_LeftPiece(addres) - return "[eax]" in "mov [eax],ebx"
3) Dissassemble_RigthPiece(addres) - return "ebx" in "mov [eax],ebx"
4) Dissassemble_CodePiece(addres) - return "mov" in "mov [eax],ebx"
5) Dissassemble_LengthBytes(addres) - return size "mov [eax],ebx"
6) maybe more...
My comments in screenshot: |
|
Back to top |
|
|
GH*master Expert Cheater Reputation: 8
Joined: 10 Jan 2008 Posts: 159
|
Posted: Fri Apr 22, 2011 2:16 am Post subject: |
|
|
Hi, DB...
You can add new event functions in LUA Engine.
function OnLeftClickDissassembleLine(address string)
function OnDblLeftClickDissassembleLine(address string)
This would allow me to analyze and edit some instructions in the window "Disassembler" when I click left mouse button on line code in disassembler window.
For example: LUA code hook event click and edit jump "jz" to "jmp".
Thanks. |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25291 Location: The netherlands
|
Posted: Fri Apr 22, 2011 10:16 am Post subject: |
|
|
it is already possible in the svn (secretly) but I'll add something like that
for now: Get the memoryview form
In there search go through all components and look for the object with classname "TDisassemblerview"
Then call
getProperty(disassemblerview, "SelectedAddress") which will return the address as a decimal string
But yeah, i'll see about adding in some shortcuts _________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
SER[G]ANT Expert Cheater Reputation: 10
Joined: 29 Dec 2005 Posts: 215 Location: Russia
|
Posted: Mon Nov 14, 2011 3:16 am Post subject: |
|
|
Please add 1,2,8 Byte (dec) dispay types to hexview _________________
rzndsa |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25291 Location: The netherlands
|
Posted: Mon Nov 14, 2011 2:50 pm Post subject: |
|
|
I can add that, but just curious, what do you use those types for ? _________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
SER[G]ANT Expert Cheater Reputation: 10
Joined: 29 Dec 2005 Posts: 215 Location: Russia
|
Posted: Mon Nov 14, 2011 5:04 pm Post subject: |
|
|
Sometimes hexview much faster and conveniently for me than "Dissect structures" to find other necessary values in specific memory region.
Value changes highlighted by red in real time that also accelerate the search process. _________________
rzndsa |
|
Back to top |
|
|
Dark‮‮ Advanced Cheater Reputation: 5
Joined: 16 Jun 2011 Posts: 79 Location: <3
|
Posted: Wed Nov 16, 2011 12:42 am Post subject: |
|
|
Would it be possible to add, tabbed multiple cheat tables? |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25291 Location: The netherlands
|
Posted: Wed Nov 16, 2011 7:50 am Post subject: |
|
|
No, but you can have cheat tables under headers
But why different cheat tables? It's te same process anyhow. For different processes start ce a second time _________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
ablonevn Advanced Cheater Reputation: 1
Joined: 02 Oct 2011 Posts: 59
|
Posted: Tue Jan 08, 2013 2:56 am Post subject: Re: to-do list |
|
|
i think you could make group-scan more flexible by using currently address's style:
example struct: player=0x401000
[0x401000]=vtbl(a)=0x402000
[0x401000+4]=health structure=0x403000
[[player+4]+4]=[0x403000+4]=health current
[[player+4]+8]=[0x403000+8]=health min
[[player+4]+C]=[0x403000+C]=health max
so to scan for every object have player's health structure and health max is (float)1:
"4:0x402000 [[[f+4]+8]:0x3f8000"
f: is type of data want to search.
of course if you could make CE scan defined structures in "structure dissecret" is another good choice
one other thing to do with "vtbl" is searching for object constructor, as above example, these must be some where in program, at the constructor function have following code:
mov [esi],0x402000
or
mov [ecx],0x402000
....
but the value 0x402000 never change (in normal condition) |
|
Back to top |
|
|
|