 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
procurar
How do I cheat?
![]() Reputation: 0
Joined: 20 Sep 2023
Posts: 7
|
 Posted: Sat Sep 30, 2023 7:12 am Post subject: How to add the changes from memory view to a cheat table? |
 |
|
Hello, I was able to make a hack using memory view and changing the register at the location, it is a long process to do every time I want to play, the address changes, so I need to do all the steps all the time to use the hack.
What I do:
I found an address
Search what writes the address
Change the register at the location in the memory view (PF, ZF etc.)
Hack works
how to move it to a cheat table?
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4718
|
| Posted: Sat Sep 30, 2023 10:26 am Post subject: |
|
|
You can find the instruction via aobscan, and I'd prefer to change the instruction over setting a breakpoint and changing flags.
e.g. let's say this is the instruction:
| Code: | | 0F8F FA000000 - jg FFFF0100 |
If you always want it to be taken, change it to an unconditional `jmp`:
| Code: | E9 FB000000 - jmp FFFF0100
90 - nop |
If you want it to never be taken, replace it with `nop`s:
| Code: | | 66 0F1F 44 00 00 - nop 6 |
If you really want to change registers, use Lua to set a breakpoint there and change EFLAGS accordingly. (EFLAGS is just an integer, use bitwise operations)
| Code: | debug_setBreakpoint(address, function()
EFLAGS = whatever
end) |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
procurar
How do I cheat?
![]() Reputation: 0
Joined: 20 Sep 2023
Posts: 7
|
| Posted: Mon Oct 02, 2023 10:52 am Post subject: |
|
|
| ParkourPenguin wrote: | You can find the instruction via aobscan, and I'd prefer to change the instruction over setting a breakpoint and changing flags.
e.g. let's say this is the instruction:
| Code: | | 0F8F FA000000 - jg FFFF0100 |
If you always want it to be taken, change it to an unconditional `jmp`:
| Code: | E9 FB000000 - jmp FFFF0100
90 - nop |
If you want it to never be taken, replace it with `nop`s:
| Code: | | 66 0F1F 44 00 00 - nop 6 |
If you really want to change registers, use Lua to set a breakpoint there and change EFLAGS accordingly. (EFLAGS is just an integer, use bitwise operations)
| Code: | debug_setBreakpoint(address, function()
EFLAGS = whatever
end) |
|
Thank you for your reply 
Im so sorry, im trying to learn assembly for the past days but I still don't know how to do it, if you could show me an example in one case I could reproduce in the other hacks:
clean code (just need to change register location PF [x][x] (2 clicks)
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
jp LifeTO-eTO_20230921v1.exe+16BCF5
fld dword ptr [esi+24]
exit:
jmp returnhere
"LifeTO-eTO_20230921v1.exe"+16BCCC:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"LifeTO-eTO_20230921v1.exe"+16BCCC:
jp LifeTO-eTO_20230921v1.exe+16BCF5
fld dword ptr [esi+24]
//Alt: db 7A 27 D9 46 24 |
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4718
|
| Posted: Mon Oct 02, 2023 11:39 am Post subject: |
|
|
If it's in a module and you don't want to do an aobscan for it, use the "full injection" template.
The template still looks like a lot, but you can remove most of the code for a simple cheat like this.
| Code: | define(address,"LifeTO-eTO_20230921v1.exe"+16BCCC)
define(bytes,7A 27) // shorten this too
[ENABLE]
assert(address,bytes)
address:
nop 2
[DISABLE]
address:
db bytes
{
original code here
} |
If you click PF twice, I'm pretty sure that means the parity flag should be unset. The `jp` instruction would then never jump since it's unset. Since that instruction should never jump, you can simply replace it with `nop`s and the behaviour would be the same.
If you wanted it to always jump, you could change the opcode from `jp rel8` (conditional jump) to `jmp rel8` (unconditional jump). `rel8` is how far away it should jump as an 8-bit signed value (i.e. the byte 27).
| Code: | ...
address:
db EB // jmp rel8
... |
See an instruction set reference manual for instructions and opcode values. Note all conditional jumps (e.g. jne, jg, jb, jp, etc.) are typically organized under a `jcc` mnemonic.
Include the original code in the comment at the bottom. If the game ever updates, it'll be useful for updating that script.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
