 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
careca777
Expert Cheater
![]() Reputation: 0
Joined: 27 Jul 2013
Posts: 121
|
 Posted: Mon Mar 21, 2016 8:01 pm Post subject: routine changes location |
 |
|
Hi. So i got this routine with a SUB where any item used from inventory goes thru, if i NOP it i keep the items. Problem is that this is different from pointer scan where you change a value. Ive done teleports and many code injection, but cant inject to a changing code location.
Best regards
|
|
| Back to top |
|
 |
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Mon Mar 21, 2016 9:13 pm Post subject: |
|
|
| Not sure what you mean. Use an AOB Injection?
|
|
| Back to top |
|
|
careca777
Expert Cheater
![]() Reputation: 0
Joined: 27 Jul 2013
Posts: 121
|
| Posted: Tue Mar 22, 2016 1:11 am Post subject: |
|
|
Well from what i've been reading around, it seems to be code shifting.
This is what it looks like:
mov eax,[ebp+08]
mov ecx,[eax+0C]
sub ecx,[ebp+0C]
mov [eax+0C],ecx
mov eax,00000001
It changes it's location everytime,
and the base address + the offset - whatever
, is making me confused.
What is the AOB Injection? Gotta read on that.
Thanks in advance
|
|
| Back to top |
|
|
hhhuut
Grandmaster Cheater
 Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Tue Mar 22, 2016 2:50 am Post subject: |
|
|
| Select the template "AOB Injection" instead of "Code Injection" in the auto assembler window ...
|
|
| Back to top |
|
|
careca777
Expert Cheater
![]() Reputation: 0
Joined: 27 Jul 2013
Posts: 121
|
| Posted: Tue Mar 22, 2016 3:08 pm Post subject: |
|
|
Thanks everyone, after some searching i noticed that byte pattern search thing is a recent introduction, and i read some tutorials, managed to do it like this:
| Code: | { Game : TheForest.exe
Version:
Date : 2016-03-22
Author : careca
This script does blah blah blah
}
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscan(INVENTORYITEMS,8B 48 0C 2B 4D 0C 89 48 0C B8 01 00 00 00) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
mov ecx,[eax+0C]
mov ecx,(int)10
jmp return
INVENTORYITEMS:
jmp code
nop
return:
registersymbol(INVENTORYITEMS)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INVENTORYITEMS:
db 8B 48 0C 2B 4D 0C
unregistersymbol(INVENTORYITEMS)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 83FF3306
83FF32EE: 00 00 - add [eax],al
83FF32F0: 55 - push ebp
83FF32F1: 8B EC - mov ebp,esp
83FF32F3: 83 EC 08 - sub esp,08
83FF32F6: 8B 45 08 - mov eax,[ebp+08]
83FF32F9: 8B 40 0C - mov eax,[eax+0C]
83FF32FC: 2B 45 0C - sub eax,[ebp+0C]
83FF32FF: 85 C0 - test eax,eax
83FF3301: 7C 13 - jnge 83FF3316
83FF3303: 8B 45 08 - mov eax,[ebp+08]
// ---------- INJECTING HERE ----------
83FF3306: 8B 48 0C - mov ecx,[eax+0C]
83FF3309: 2B 4D 0C - sub ecx,[ebp+0C]
// ---------- DONE INJECTING ----------
83FF330C: 89 48 0C - mov [eax+0C],ecx
83FF330F: B8 01 00 00 00 - mov eax,00000001
83FF3314: EB 02 - jmp 83FF3318
83FF3316: 33 C0 - xor eax,eax
83FF3318: C9 - leave
83FF3319: C3 - ret
83FF331A: 00 00 - add [eax],al
83FF331C: 00 00 - add [eax],al
83FF331E: 00 00 - add [eax],al
83FF3320: 55 - push ebp
} |
Thanks all, best regards, and thank you Dark Byte for this amazing tool!
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
