 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
JohnDude
Newbie cheater
![]() Reputation: 0
Joined: 30 Aug 2013
Posts: 20
|
 Posted: Sun Aug 24, 2014 12:54 pm Post subject: CREATETHREAD Problem |
 |
|
Hi.Could anybody solve my problem?
I want to set my money to 9999 every 5s.
result:game crashes - (script below works depends on what I put in there e.g game doesnt crash if I insert.. mov [moneyaddress],500 inside
mycode: section )
my purpose's to loop code injection script.
| Code: | [enable]
alloc(mycode,4096)
CREATETHREAD(mycode);
label(mustend)
registersymbol(mustend)
mycode:
0045CD5E:
jmp 004001C5
nop
004001C5:
mov [ecx+00E208D4],9999
jmp 0045CD94
push #5000
call sleep
cmp [mustend],1
jne mycode
//ret
mustend:
dd 0
[disable]
mustend:
dd 1 |
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25296
Location: The netherlands
|
| Posted: Sun Aug 24, 2014 1:20 pm Post subject: |
|
|
How does ecx gets it's value?
Anyhow, don't use createthread, instead do a code injection at a spot that constantly reads out your money
In there call gettickcount and check if the return value is 5000 bigger than the last time, and if so, save that result and write the value #9999 to it
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
JohnDude
Newbie cheater
![]() Reputation: 0
Joined: 30 Aug 2013
Posts: 20
|
| Posted: Sun Aug 24, 2014 1:36 pm Post subject: |
|
|
| Dark Byte wrote: | How does ecx gets it's value?
Anyhow, don't use createthread, instead do a code injection at a spot that constantly reads out your money
In there call gettickcount and check if the return value is 5000 bigger than the last time, and if so, save that result and write the value #9999 to it |
Indeed I didnt thing about ecx thing
thanks for clue but how do I use gettickcount can u give ma an example>
|
|
| Back to top |
|
|
jgoemat
Master Cheater
![]() Reputation: 22
Joined: 25 Sep 2011
Posts: 252
|
| Posted: Sun Aug 24, 2014 5:26 pm Post subject: |
|
|
I think your "mycode:" is in the wrong place. When AA sees "mycode:" it changes the location it will assemble at to your newly allocated memory. The problem is that you immediately move that pointer to 0045CD5E: and begin assembling in what I assume is the game EXE. Later you move the pointer to 004001C5 and assemble some more, then it looks like your code you want to run in the thread starts with "push #5000", but that will be assembled immediately after jmp 0045CD94. Register mycode as a symbol and disassemble there and you will see a bunch of 0s so when you create the thread there it will crash of course.
Here's a sample section from my rogue legacy table that shows using GetTickCount:
| Code: | // first we need to see if enough time has passed since the last kill
push ebp // save EBP
mov ebp,esp // save stack pointer
sub esp,4 // room for current GetTickCount result
pushad // save all registers
call GetTickCount
mov [ebp-4],eax // GetTickCount result - save
popad // restore all registers
mov eax,[ebp-4] // load GetTickCount result
mov esp,ebp // restore stack pointer
pop ebp // restore EBP
cmp eax,[iNextTriggerTime] // is it time yet?
jna done
// ok, we need to kill it, store last kill time and set health to 0
add eax,[iMsBetweenTriggers] // add delay to current GetTickCount
mov [iNextTriggerTime],eax // set next time we need to activate
mov dword ptr [ebx+00000118],0 // this is where you would set the value to 9999
jmp done |
And here's where I declare the variables:
| Code: | iNextTriggerTime:
dd 0
iMsBetweenTriggers:
dd 100 // you would set to 5000 |
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
