View previous topic :: View next topic |
Author |
Message |
13GB How do I cheat? Reputation: 0
Joined: 17 Nov 2014 Posts: 2
|
Posted: Mon Nov 17, 2014 8:37 pm Post subject: [request] Script that changes the register of an address? |
|
|
Can someone write me a simple script that changes the register of an address? Thanks.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25288 Location: The netherlands
|
Posted: Mon Nov 17, 2014 9:29 pm Post subject: |
|
|
using breakpoints or code injection ?
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
13GB How do I cheat? Reputation: 0
Joined: 17 Nov 2014 Posts: 2
|
Posted: Tue Nov 18, 2014 4:19 pm Post subject: |
|
|
thanks.
|
|
Back to top |
|
|
TheScripter How do I cheat? Reputation: 0
Joined: 18 Nov 2013 Posts: 4
|
Posted: Mon Nov 24, 2014 9:30 pm Post subject: |
|
|
Dark Byte wrote: | using breakpoints or code injection ? |
Using breakpoints how would I do this?
(Assuming it's breakpoints)
How I would do this manually is opening mem view and right clicking an address and clicking change register at this location and changing them.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25288 Location: The netherlands
|
Posted: Mon Nov 24, 2014 10:01 pm Post subject: |
|
|
I'd recommend using the plugin system of ce as that one exposes a low level version of this which is a lot faster
anyhow, in lua:
Code: |
function debugger_onBreakpoint()
if (RIP==0x12345678) then --replace with EIP if 32-bit
RAX=100 --or RIP=address of script
debug_continueFromBreakpoint(co_run)
return 0
end
end
debug_setBreakpoint(0x12345678)
|
you may need to call debugProcess to start the debugger as well
e.g:
Code: |
debugProcess(2) --veh debug
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
TheScripter How do I cheat? Reputation: 0
Joined: 18 Nov 2013 Posts: 4
|
Posted: Mon Nov 24, 2014 10:30 pm Post subject: |
|
|
Original Script
Code: |
function debugger_onBreakpoint()
if (RIP==0x12345678) then --replace with EIP if 32-bit
RAX=100 --or RIP=address of script
debug_continueFromBreakpoint(co_run)
return 0
end
end
debug_setBreakpoint(0x12345678)
|
So I'm attempting to change it up here a bit (don't laugh)
Code: |
function debugger_onBreakpoint()
if (RIP==0x12345678) then -- Running 32-Bit
-- RAX=100 --or RIP=address of script
RIP=Example.exe+00000000
debug_continueFromBreakpoint(co_run)
return 0
end
end
debug_setBreakpoint(0x12345678)
|
I need to call kernelmode debugger for what I'm doing.
I'm assuming you would change the number for the debugger but I wouldn't know where to reference that.
Code: |
debugProcess(2) --veh debug
|
I attempted to edit it a little bit from your notes I don't believe it's complete to what I'm trying to do yet tho.
Thank you immensely for replying and helping me by the way.
So what I'm trying to do is change a register of an address specified within the script.
I'm going to attempt to edit the script to do what I want it to below but I'm sure i'll throw in nonsense or dumb errors and then i'll try to explain it.
Code: |
debugProcess(3) -- Guessing on number for kernelmode debugger
function debugger_onBreakpoint()
RIP=Example.exe+00000000 -- Reffering the script to the address we're changing the register of
EAX=0x00000001 -- Trying to change EAX to 1
debug_continueFromBreakpoint(co_run)
return 0
end
debug_setBreakpoint(0x00000001) -- Set breakpoint to change eax to 1?
|
Sorry I haven't gotten into lua functions in CE.
I have worked with a sub version of lua tho.
Thanks again for helping.
_________________
ส็็็็็็็็็็็็็็็็็็็็็็็็็็ |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25288 Location: The netherlands
|
Posted: Tue Nov 25, 2014 1:19 am Post subject: |
|
|
main.lua contains a detailed documentation of the functions
kernelmode debug is debugProcess(3) (keep in mind that making trainers isn't going to be easy, and people will complain if you do because of bsod/freeze)
If your target is 32-bit, then you need to check EIP
debug_setBreakpoint needs the address where you want to change the register
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
|