 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Mon-keigh
Newbie cheater
![]() Reputation: 0
Joined: 28 Sep 2012
Posts: 12
|
 Posted: Mon Apr 13, 2015 8:22 am Post subject: Looking for some help regarding a teleport script. |
 |
|
This script will be for Terraria. When the script hotkey is pressed, the current player coordinates will be saved before teleporting the player to the spawn.
When the hotkey is pressed again, it will teleport the player back to the saved coordinates. This cycle will repeat.
I have some pseudocode here:
| Code: | (press hotkey)
cmp eax,0
jne gotopos
gotospawn:
mov ebx, posx
mov ecx, posy
mov posx, spwnx
mov posy, spwny
mov eax,1
jmp ret
gotopos:
mov posx, ebx
mov posy, ecx
mov eax,0
jmp ret
ret:
nop |
I do not really know how registers or register offsets work. How do ebx and ecx get saved? Also, will eax be 0 to begin with? Basically, I am looking for feedback on my pseudocode and an explanation on how registers work.
|
|
| Back to top |
|
 |
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
| Posted: Mon Apr 13, 2015 9:35 am Post subject: |
|
|
Registers are just normal variables.
like in C++ eax would be:
| Code: | //C++
int eax = 10
Intel syntax x86 assembly:
mov eax,0A |
Why not just do a store pos / restore pos ( like everybody would do it )
Have numpad 1, 2, 3 save positions 1, 2, 3
and numpad 7, 8, 9 restore positions 1, 2, 3 accordingly ?
Doing that it would ease you like a lot:
| Code: | //Here's some pseudo code:
declare variables: save1,2,3 restore1,2,3 position1,2,3
code injection start:
is variable (save1) active ?
if yes (position1 = current player position; deactivate variable (save1))
//same goes for (save2 and 3)
is variable (restore1) active ?
if yes (current player position = position1; deactivate variable (restore1))
//same goes for (restore2 and 3)
return to original code
|
here's one of my old scripts for Painkiller Black Edition:
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
label(movZp)
label(movZm)
label(movXp)
label(movXm)
label(movYp)
label(movYm)
label(moovment)
label(savedX)
label(savedY)
label(savedZ)
label(savedMX)
label(savedMY)
label(nextCheck0)
label(nextCheck1)
label(nextCheck2)
label(nextCheck3)
label(nextCheck4)
label(nextCheck5)
label(nextCheck6)
label(save)
label(saveit)
label(saveitM)
label(restore)
label(aimcode)
label(aimcodeGO)
label(returnaim)
registersymbol(save)
registersymbol(restore)
registersymbol(moovment)
registersymbol(movZp)
registersymbol(movZm)
registersymbol(movXp)
registersymbol(movXm)
registersymbol(movYp)
registersymbol(movYm)
newmem: //this is allocated memory, you have read,write,execute access
mov [edi+30],edx
//place your code here
pushfd
cmp [restore],2
jne saveit
mov [restore],1
cmp dword [savedX],0
je saveit
cmp dword [savedY],0
je saveit
cmp dword [savedZ],0
je saveit
fld dword [savedX]
fstp dword [edi+30]
fld dword [savedZ]
fstp dword [edi+34]
fld dword [savedY]
fstp dword [edi+38]
jmp nextCheck0
saveit:
cmp [save],2
jne nextCheck0
mov [save], 1
fld dword [edi+30]
fstp dword [savedX]
fld dword [edi+34]
fstp dword [savedZ]
fld dword [edi+38]
fstp dword [savedY]
nextCheck0:
fld dword [edi+30]
cmp [movXp],1
jne nextCheck1
fadd [moovment]
mov [movXp],0
jmp nextCheck2
nextCheck1:
cmp [movXm],1
jne nextCheck2
fsub [moovment]
mov [movXm],0
nextCheck2:
fstp dword [edi+30]
fld dword [edi+34]
cmp [movZp],1
jne nextCheck3
fadd [moovment]
mov [movZp],0
jmp nextCheck4
nextCheck3:
cmp [movZm],1
jne nextCheck4
fsub [moovment]
mov [movZm],0
nextCheck4:
fstp dword [edi+34]
fld dword [edi+38]
cmp [movYp],1
jne nextCheck5
fadd [moovment]
mov [movYp],0
jmp nextCheck6
nextCheck5:
cmp [movYm],1
jne nextCheck6
fsub [moovment]
mov [movYm],0
nextCheck6:
fstp dword [edi+38]
originalcode:
//mov [edi+30],edx
mov eax,[esi+000000B4]
exit:
popfd
jmp returnhere
aimcode: //this is allocated memory, you have read,write,execute access
//place your code here
/*orgcode*/
mov [ecx],edx
mov edx,[esp+14]
mov [ecx+4],eax
/*orgcode*/
pushfd
cmp [restore],1
jne saveitM
mov [restore],0
fld dword [savedMX]
fstp dword [ecx]
fld dword [savedMY]
fstp dword [ecx+4]
jmp aimcodeGO
saveitM:
cmp [save],1
jne aimcodeGO
mov [save],0
fld dword [ecx]
fstp dword [savedMX]
fld dword [ecx+4]
fstp dword [savedMY]
aimcodeGO:
popfd
jmp returnaim
movZp:
db 00 00 00 00
movZm:
db 00 00 00 00
movXp:
db 00 00 00 00
movXm:
db 00 00 00 00
movYp:
db 00 00 00 00
movYm:
db 00 00 00 00
moovment:
dd 40A00000 // 5 in float
savedX:
db 00 00 00 00
savedY:
db 00 00 00 00
savedZ:
db 00 00 00 00
savedMX:
db 00 00 00 00
savedMY:
db 00 00 00 00
save:
db 00 00 00 00
restore:
db 00 00 00 00
"Engine.dll"+204FD1:
jmp newmem
nop
nop
nop
nop
returnhere:
"Engine.dll"+140D73:
jmp aimcode
nop
nop
nop
nop
returnaim:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
unregistersymbol(movZp)
unregistersymbol(movZm)
unregistersymbol(movXp)
unregistersymbol(movXm)
unregistersymbol(movYp)
unregistersymbol(movYm)
unregistersymbol(moovment)
unregistersymbol(save)
unregistersymbol(restore)
"Engine.dll"+204FD1:
mov [edi+30],edx
mov eax,[esi+000000B4]
//Alt: db 89 57 30 8B 86 B4 00 00 00
"Engine.dll"+140D73:
mov [ecx],edx
mov edx,[esp+14]
mov [ecx+4],eax
//Alt: db 89 11 8B 54 24 14 89 41 04 |
_________________
... Fresco |
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Mon Apr 13, 2015 1:09 pm Post subject: |
|
|
| Fresco wrote: | Registers are just normal variables.
like in C++ eax would be:
| Code: | //C++
int eax = 10
Intel syntax x86 assembly:
mov eax,0A |
|
Just to ensure people do not get confused, this is not at all how you would set the 'EAX' registers value. They are not just variables like this.
_________________
- Retired. |
|
| Back to top |
|
|
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
| Posted: Mon Apr 13, 2015 1:16 pm Post subject: |
|
|
Yes indeed.
| Code: | //C++
int eax = 10;
//would transform in assembly like:
// either
push 0A
// or
sub esp, 4
mov [esp], 0A |
I just said that to simplify things a little.
_________________
... Fresco |
|
| Back to top |
|
|
Mon-keigh
Newbie cheater
![]() Reputation: 0
Joined: 28 Sep 2012
Posts: 12
|
| Posted: Tue Apr 14, 2015 10:48 am Post subject: |
|
|
My programming experience is limited to simple CE AA scripts and some C language tutorials.
From what I understand, the CPU copies variables from RAM and places them in registers where they can be processed. After this happens, the RAM is updated.
Variables are active when in a register, else they are inactive. Correct?
I am not really sure what the stack and heap are. Do I need to push eax, ebx and ecx? In essence, will my code work? I would be grateful if somebody could write some code fragments for my AA script. Otherwise I will eventually figure it out by analysing other teleport scripts.
| Fresco wrote: | | Why not just do a store pos / restore pos ( like everybody would do it ) |
Having a single hotkey for the script would make it simpler from an end-user perspective. I will also probably learn more this way.
I found your pseudocode confusing. It resembles a higher level language and I do not know how to implement it in assembly. Your Painkiller script is useful but has a lot of vague labels.
|
|
| Back to top |
|
|
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
| Posted: Tue Apr 14, 2015 6:27 pm Post subject: |
|
|
| Mon-keigh wrote: | From what I understand, the CPU copies variables from RAM and places them in registers where they can be processed. After this happens, the RAM is updated.
Variables are active when in a register, else they are inactive. Correct? |
Not really.
"addy" is called a variable in a high level language.
like "int addy;"
The code above effectively modifies the value at address addy by replacing it with 3, all of this without modifying any register.
Instead of RAM, call it Virtual Memory or just memory.
Variables in a high level language like C or C++ are just memory locations.
Registers are used to perform calculations while memory is used to remember those calculations.
e.g. If you have to solve an equation you do 2 things: to solve (registers) and to write down (memory). You solve the equation piece by piece while writing down the pieces of solved equation back on paper.
You don't really write all the middle variables that you used ( in your brain ) on paper.
So the paper is the memory (variable/s) which is used to remember pieces of equation already solved.
And the brain is the registers. So to calculate 4+5*10 you don' really need to write all the numbers down, you just do it in your mind and then write the result. For instance the result of 5*10 which is 50, doesn't have a variable, instead 50 will be stored in one of the general purpose registers ( eax, eax, ...) and then to that register, you'll add 4, to get the final result 54 and store that 54.
| Mon-keigh wrote: | | I am not really sure what the stack and heap are. |
The stack and the heap are usually the same thing although sometimes they're a different thing but work in a similar way.
EBP and ESP are 2 registers which work ( so to speak ) with the stack.
The stack is just a memory location, and EBP holds the (base address) of the stack. The stack grows downwards. ESP holds the top of the stack memory address. ESP is always smaller or equal to EBP
So if you have EBP = 14 and ESP = 11, pushing something onto the stack would modify ESP to value 10 (in this example 1 = 4 bytes)
| Mon-keigh wrote: | | Do I need to push eax, ebx and ecx? |
Assuming you're trying to inject some custom code (which you are), yes. however there's a simpler instruction that pushes all the registers at once on the stack, that is: pushad, also you might want to also pushfd which effectively stores on the stack the state of the EFLAGS register.
| Mon-keigh wrote: | | In essence, will my code work? I would be grateful if somebody could write some code fragments for my AA script. Otherwise I will eventually figure it out by analysing other teleport scripts. |
You're usually on your own, but people here in the forum are so nice, that sometimes you might find your work done by others. However you need to provide enough information to help us help you.
| Mon-keigh wrote: | | Having a single hotkey for the script would make it simpler from an end-user perspective. I will also probably learn more this way. |
Totally agree.
| Mon-keigh wrote: | | I found your pseudocode confusing. It resembles a higher level language and I do not know how to implement it in assembly. Your Painkiller script is useful but has a lot of vague labels. |
Indeed my script is not commented at all, since it was never intended for anybody other than me.
As for the pseudocode. Well, it's called pseudocode for a reason!
| Mon-keigh wrote: | | My programming experience is limited to simple CE AA scripts and some C language tutorials. |
Write your code in C first, then you'll see how easy is is to translate in in Asm. However you're welcome to post you C code here to get some insights. But don't expect any members to just start from scratch and do your work.
_________________
... Fresco |
|
| Back to top |
|
|
Mon-keigh
Newbie cheater
![]() Reputation: 0
Joined: 28 Sep 2012
Posts: 12
|
| Posted: Wed Apr 15, 2015 1:35 am Post subject: |
|
|
Cheers, your post was very helpful. I will continue working on my script in my free time and get back to you when I have made some progress.
Writing the code in C sounds like a good start.
|
|
| Back to top |
|
|
Mon-keigh
Newbie cheater
![]() Reputation: 0
Joined: 28 Sep 2012
Posts: 12
|
| Posted: Wed Jun 03, 2015 2:11 pm Post subject: |
|
|
I have created the following C/AA hybrid script.
| Code: | [X] Instant Recall
[ ] Go to spawn and back
//"Instant Recall"
[ENABLE]
float pos-x = AOBSCAN;
float pos-y = AOBSCAN;
float spawn-x = AOBSCAN;
float spawn-y = AOBSCAN;
float save-x;
float save-y;
return;
[DISABLE]
return;
//"Go to spawn and back"
[ENABLE]
save-x = pos-x;
save-y = pos-y;
pos-x = spawn-x;
pos-y = spawn-y;
return;
[DISABLE]
pos-x = save-x;
pos-y = save-y;
return; |
I think I need to allocate some space for the two new variables, correct? Feedback is appreciated.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
