 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
hacksign23
Master Cheater
![]() Reputation: 0
Joined: 26 Nov 2006
Posts: 404
|
 Posted: Thu Oct 25, 2007 11:48 pm Post subject: Minesweaper script help |
 |
|
NOTE: this is for minesweaper and is for time
I need help fixing this. when i freeze it, it crashes
oh and um...
i wanted to use those register symbol things where you change the value and it turns on.... lol
Start means start
stop means stop
reg.sym. OMG means the value u change
hax are the hacks....
wtf is the one that is used to check value is not 1
lol is the 0 value looper i think...
alloc OMG ... the value right?
rofl: jumper to hax
don't ask me why
i named them, they just were
(plus i was bored  )
Thx if u help
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(OMG,4)
label(lol)
label(rofl)
label(wtf)
label(Start)
label(Stop)
label(hax)
registersymbol(OMG)
OMG:
dd 0
Start:
mov [OMG],1
Stop:
mov [OMG],0
hax:
01003830:
dec [0100579c]
01002FF5:
nop
wtf:
cmp [OMG],0
je lol
lol:
rofl:
cmp [OMG],1
je hax
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
unregistersymbol(OMG)
01003830:
inc [0100579c]
01002FF5:
inc [0100579c]
dealloc(OMG)
|
_________________
|
|
| Back to top |
|
 |
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Fri Oct 26, 2007 12:57 am Post subject: |
|
|
Your script has issues because of what you are attempting to do, and some of it is just completely wrong.
Firstly:
Will not work. The instruction at 1002FF5 is:
inc [0100579C]
Which is 6 bytes long. You only nopped one. You would need:
| Code: | 01002FF5:
nop
nop
nop
nop
nop
nop |
Next:
| Code: | hax:
01003830:
dec [0100579c] |
No idea what you were trying to do there.. lol. Not to mention you should really name your symbols something understandable to others when posting for help. Anyway, my assumption from what you were trying to do with this is this:
Main time script:
| Code: | [ENABLE]
alloc(TimeFlag,4)
alloc(cave,256)
registersymbol(TimeFlag)
label(back)
// Our Time Cave
cave:
cmp [TimeFlag],1
jne back
inc [0100579C]
jmp back
// Create Cave And Jump For Main Time Inc
1002FF5:
jmp cave
nop
back:
// Disable Initial Time Tick
1003830:
nop
nop
nop
nop
nop
nop
[DISABLE]
// Restore Main Time Tick
1002FF5:
inc [0100579C]
// Restore Initial Time Tick
1003830:
inc [0100579C]
// Remove Our Defines
dealloc(cave)
dealloc(TimeCave)
unregistersymbol(TimeFlag) |
Add that to your table then tick it to enable it. Once its enabled, add a new address manually to the table. Name it Time Flag, and for the address put TimeFlag
That value should be 0 to start with. Change it to 1 to enable to the timer, and 0 to disable it while the script is active.
_________________
- Retired. |
|
| Back to top |
|
|
haha01haha01
Grandmaster Cheater Supreme
 Reputation: 0
Joined: 15 Jun 2007
Posts: 1233
Location: http://www.SaviourFagFails.com/
|
| Posted: Fri Oct 26, 2007 8:40 am Post subject: |
|
|
W-H-A-T-?
if u wanna hack minesweeper just search unknown value in CE, let some seconds go, then search increased value, then agian and again until u get 1 address then find the address writing to it, it will be something like "mov [eax+123],ebx" make a script that will change it to "mov [eax+123],0"
like:
| Code: | [enable]
label (yourcode)
label (exit)
yourcode:
xxxxxx:
mov [eax+123],0
jmp exit
exit:
jump yourcode
[disable]
xxxxxx:
mov [eax+123],ebx |
all u need to find is a pointer and u got the script.
|
|
| Back to top |
|
|
hacksign23
Master Cheater
![]() Reputation: 0
Joined: 26 Nov 2006
Posts: 404
|
| Posted: Fri Oct 26, 2007 3:28 pm Post subject: thx |
|
|
thx guys ....
but i never really used pointers cause i only use OllyDBG... sooo ya
_________________
|
|
| Back to top |
|
|
haha01haha01
Grandmaster Cheater Supreme
Reputation: 0
Joined: 15 Jun 2007
Posts: 1233
Location: http://www.SaviourFagFails.com/
|
| Posted: Sat Oct 27, 2007 4:25 am Post subject: Re: thx |
|
|
| hacksign23 wrote: | thx guys ....
but i never really used pointers cause i only use OllyDBG... sooo ya |
pointers in ollydbg are that "dword ptr ds:[xxxxx]" thingys.
to understand pointers perfectly u must hack softwares nonstop for some week. (using olly)
the thing with pointers is like this (shortly):
mov eax,dword ptr ds:[400000]
as u alredy know, every address has a value, that value is her command.
by doing the command up, u move into eax the value of address 400000
for example the value of "call" is e8. the value of "nop" is 90. the value of add byte ptr ds:[eax],al is 00.
when a program uses DMA, we use pointers in the folowing way:
1.we find an address writing to it. if ull look at the opcode writing to it, it will look like this:
mov dword ptr ds:[uraddress],blahblah
dword ptr ds is the pointer.
dword: an expression made out of 4 bytes
ptr:pointer
ds:means that u r writing to the address specified in the []
the sizes available on a cpu:
byte (1 byte=2 hexa numbers=8 bits)
word (2 bytes=4 hexa numbers=16 bits)
double word=dword (4 bytes=8 hexa numbers=32 bits)
quad word=qword (8 bytes=16 hexa numbers = 64 bits)
double quad word=dqword (16 bytes=32 hexa numbers=128 bits)
the ptr cannot be replaced.
the area declarations available:
ds: write to the address specified in the []
ss: write to stack address specified in the []
fs: write to the "data block of main thread" base+the number in the []
**data block of main thread is somewhere around 80000000 or 90000000
and i only saw it being used once, when installing seh chain, by pushing rva 0 of data block into stack. (dword ptr fs:[0])
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
