 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
JohannesJoestar
Advanced Cheater
![]() Reputation: 0
Joined: 01 Nov 2015
Posts: 79
|
 Posted: Wed Feb 03, 2016 4:34 pm Post subject: [Help] cmp opcode doesn't work ? |
 |
|
Hello!
I'm trying to make an one hit kill cheat using code injection.
In this game there are total of 8 possible players.
I'm using Player 1 and Player 3
With "find what writes to this address" function of Cheat Engine , I was able to generate a script that subtract some high value instead of normal damage value.
Here is the script :
| Code: | { Game : game.exe
Version:
Date : 2016-02-03
Author : VINCENT
This script does blah blah blah
}
[ENABLE]
aobscanmodule(LUFFY,game.exe,00 01 14 85 * * * * 8B 84 BE 94 01 00 00 29 88 FC 02 00 00)
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
sub [eax+000002FC],61A8
jmp return
LUFFY+0F:
jmp code
nop
return:
registersymbol(LUFFY)
[DISABLE]
LUFFY+0F:
db 29 88 FC 02 00 00
unregistersymbol(LUFFY)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "game.exe"+2E95C
"game.exe"+2E92B: 8B 84 BE 94 01 00 00 - mov eax,[esi+edi*4+00000194]
"game.exe"+2E932: 8B 80 44 03 00 00 - mov eax,[eax+00000344]
"game.exe"+2E938: 85 C0 - test eax,eax
"game.exe"+2E93A: 7E 19 - jle lf2.exe+2E955
"game.exe"+2E93C: 83 F8 03 - cmp eax,03
"game.exe"+2E93F: 7D 14 - jnl lf2.exe+2E955
"game.exe"+2E941: 8B 84 BE 94 01 00 00 - mov eax,[esi+edi*4+00000194]
"game.exe"+2E948: 8B 80 44 03 00 00 - mov eax,[eax+00000344]
"game.exe"+2E94E: 01 14 85 60 1B 45 00 - add [eax*4+lf2.exe+51B60],edx
"game.exe"+2E955: 8B 84 BE 94 01 00 00 - mov eax,[esi+edi*4+00000194]
// ---------- INJECTING HERE ----------
"game.exe"+2E95C: 29 88 FC 02 00 00 - sub [eax+000002FC],ecx
// ---------- DONE INJECTING ----------
"game.exe"+2E962: B8 55 55 55 55 - mov eax,55555555
"game.exe"+2E967: F7 E9 - imul ecx
"game.exe"+2E969: 2B D1 - sub edx,ecx
"game.exe"+2E96B: D1 FA - sar edx,1
"game.exe"+2E96D: 8B C2 - mov eax,edx
"game.exe"+2E96F: C1 E8 1F - shr eax,1F
"game.exe"+2E972: 03 C2 - add eax,edx
"game.exe"+2E974: 8B D0 - mov edx,eax
"game.exe"+2E976: 8B 84 BE 94 01 00 00 - mov eax,[esi+edi*4+00000194]
"game.exe"+2E97D: 01 90 00 03 00 00 - add [eax+00000300],edx
} |
Like I said , 8 possible players and I'm using 1 & 3.
In a "versus" mode I ran this script and we were both able to one hit kill each other rather than one of us.
So I compared each players structure and found an offset that is different for each player. The offset is +0BB8. And for Player 1 , it's value is 30 and for Player 3 it's value is 80.
So I wrote a comparison for Player 3 , when eax+0BB8 is 80 it wouldn't decrease my health.
Here is the script :
| Code: | { Game : game.exe
Version:
Date : 2016-02-03
Author : VINCENT
This script does blah blah blah
}
[ENABLE]
aobscanmodule(LUFFY,game.exe,00 01 14 85 * * * * 8B 84 BE 94 01 00 00 29 88 FC 02 00 00)
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
cmp dword [eax+0BB8],50
je return
sub [eax+000002FC],61A8
jmp return
LUFFY+0F:
jmp code
nop
return:
registersymbol(LUFFY)
[DISABLE]
LUFFY+0F:
db 29 88 FC 02 00 00
unregistersymbol(LUFFY)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "game.exe"+2E95C
"game.exe"+2E92B: 8B 84 BE 94 01 00 00 - mov eax,[esi+edi*4+00000194]
"game.exe"+2E932: 8B 80 44 03 00 00 - mov eax,[eax+00000344]
"game.exe"+2E938: 85 C0 - test eax,eax
"game.exe"+2E93A: 7E 19 - jle lf2.exe+2E955
"game.exe"+2E93C: 83 F8 03 - cmp eax,03
"game.exe"+2E93F: 7D 14 - jnl lf2.exe+2E955
"game.exe"+2E941: 8B 84 BE 94 01 00 00 - mov eax,[esi+edi*4+00000194]
"game.exe"+2E948: 8B 80 44 03 00 00 - mov eax,[eax+00000344]
"game.exe"+2E94E: 01 14 85 60 1B 45 00 - add [eax*4+lf2.exe+51B60],edx
"game.exe"+2E955: 8B 84 BE 94 01 00 00 - mov eax,[esi+edi*4+00000194]
// ---------- INJECTING HERE ----------
"game.exe"+2E95C: 29 88 FC 02 00 00 - sub [eax+000002FC],ecx
// ---------- DONE INJECTING ----------
"game.exe"+2E962: B8 55 55 55 55 - mov eax,55555555
"game.exe"+2E967: F7 E9 - imul ecx
"game.exe"+2E969: 2B D1 - sub edx,ecx
"game.exe"+2E96B: D1 FA - sar edx,1
"game.exe"+2E96D: 8B C2 - mov eax,edx
"game.exe"+2E96F: C1 E8 1F - shr eax,1F
"game.exe"+2E972: 03 C2 - add eax,edx
"game.exe"+2E974: 8B D0 - mov edx,eax
"game.exe"+2E976: 8B 84 BE 94 01 00 00 - mov eax,[esi+edi*4+00000194]
"game.exe"+2E97D: 01 90 00 03 00 00 - add [eax+00000300],edx
} |
I ran the script again ... results were same. We were still able to one hit kill each other rather than only one of us being able to do so.
I have no idea what the problem is. Can anyone help ?
Thanks in advance!
|
|
| Back to top |
|
 |
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Wed Feb 03, 2016 5:06 pm Post subject: |
|
|
The value has probably changed. That, or you weren't seeing it as a 4 byte value when you checked the structure.
You can check your filter inside of memory viewer by following your jump and right-clicking to see what addresses it accesses (or, set a breakpoint).
| Code: | code:
cmp dword [eax+0BB8],50
je test
jmp originalcode
test:
sub [eax+000002FC],ecx //Check if filter is good here.
jmp return
originalcode:
sub [eax+000002FC],ecx
jmp return |
|
|
| Back to top |
|
|
JohannesJoestar
Advanced Cheater
![]() Reputation: 0
Joined: 01 Nov 2015
Posts: 79
|
| Posted: Thu Feb 04, 2016 3:25 am Post subject: |
|
|
| ++METHOS wrote: | The value has probably changed. That, or you weren't seeing it as a 4 byte value when you checked the structure.
You can check your filter inside of memory viewer by following your jump and right-clicking to see what addresses it accesses (or, set a breakpoint).
| Code: | code:
cmp dword [eax+0BB8],50
je test
jmp originalcode
test:
sub [eax+000002FC],ecx //Check if filter is good here.
jmp return
originalcode:
sub [eax+000002FC],ecx
jmp return |
|
Hello , thank you so much for your reply! The value I was comparing was indeed not 4 bytes.
Now I have another problem though.
Since I wrote the script to skip sub [eax+000002FC],ecx section , my health doesn't decrease. So It's like godmode+one hit kill.
I only want one hit kill so what's the way around this ?
Thanks!
|
|
| Back to top |
|
|
hhhuut
Grandmaster Cheater
 Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Thu Feb 04, 2016 3:47 am Post subject: |
|
|
Taking your script from above:
| Code: | { Game : game.exe
Version:
Date : 2016-02-03
Author : VINCENT
This script does blah blah blah
}
[ENABLE]
aobscanmodule(LUFFY,game.exe,00 01 14 85 * * * * 8B 84 BE 94 01 00 00 29 88 FC 02 00 00)
alloc(newmem,$1000)
label(code)
label(return)
newmem:
cmp dword [eax+0BB8],50 //your comparison
je code
mov ecx,61A8
code:
sub [eax+000002FC],ecx //Original instruction
jmp return
LUFFY+0F:
jmp newmem
nop
return:
registersymbol(LUFFY)
[DISABLE]
LUFFY+0F:
db 29 88 FC 02 00 00
unregistersymbol(LUFFY)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "game.exe"+2E95C
"game.exe"+2E92B: 8B 84 BE 94 01 00 00 - mov eax,[esi+edi*4+00000194]
"game.exe"+2E932: 8B 80 44 03 00 00 - mov eax,[eax+00000344]
"game.exe"+2E938: 85 C0 - test eax,eax
"game.exe"+2E93A: 7E 19 - jle lf2.exe+2E955
"game.exe"+2E93C: 83 F8 03 - cmp eax,03
"game.exe"+2E93F: 7D 14 - jnl lf2.exe+2E955
"game.exe"+2E941: 8B 84 BE 94 01 00 00 - mov eax,[esi+edi*4+00000194]
"game.exe"+2E948: 8B 80 44 03 00 00 - mov eax,[eax+00000344]
"game.exe"+2E94E: 01 14 85 60 1B 45 00 - add [eax*4+lf2.exe+51B60],edx
"game.exe"+2E955: 8B 84 BE 94 01 00 00 - mov eax,[esi+edi*4+00000194]
// ---------- INJECTING HERE ----------
"game.exe"+2E95C: 29 88 FC 02 00 00 - sub [eax+000002FC],ecx
// ---------- DONE INJECTING ----------
"game.exe"+2E962: B8 55 55 55 55 - mov eax,55555555
"game.exe"+2E967: F7 E9 - imul ecx
"game.exe"+2E969: 2B D1 - sub edx,ecx
"game.exe"+2E96B: D1 FA - sar edx,1
"game.exe"+2E96D: 8B C2 - mov eax,edx
"game.exe"+2E96F: C1 E8 1F - shr eax,1F
"game.exe"+2E972: 03 C2 - add eax,edx
"game.exe"+2E974: 8B D0 - mov edx,eax
"game.exe"+2E976: 8B 84 BE 94 01 00 00 - mov eax,[esi+edi*4+00000194]
"game.exe"+2E97D: 01 90 00 03 00 00 - add [eax+00000300],edx
} |
|
|
| Back to top |
|
|
JohannesJoestar
Advanced Cheater
![]() Reputation: 0
Joined: 01 Nov 2015
Posts: 79
|
| Posted: Thu Feb 04, 2016 4:39 am Post subject: |
|
|
| hhhuut wrote: | Taking your script from above:
| Code: | { Game : game.exe
Version:
Date : 2016-02-03
Author : VINCENT
This script does blah blah blah
}
[ENABLE]
aobscanmodule(LUFFY,game.exe,00 01 14 85 * * * * 8B 84 BE 94 01 00 00 29 88 FC 02 00 00)
alloc(newmem,$1000)
label(code)
label(return)
newmem:
cmp dword [eax+0BB8],50 //your comparison
je code
mov ecx,61A8
code:
sub [eax+000002FC],ecx //Original instruction
jmp return
LUFFY+0F:
jmp newmem
nop
return:
registersymbol(LUFFY)
[DISABLE]
LUFFY+0F:
db 29 88 FC 02 00 00
unregistersymbol(LUFFY)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "game.exe"+2E95C
"game.exe"+2E92B: 8B 84 BE 94 01 00 00 - mov eax,[esi+edi*4+00000194]
"game.exe"+2E932: 8B 80 44 03 00 00 - mov eax,[eax+00000344]
"game.exe"+2E938: 85 C0 - test eax,eax
"game.exe"+2E93A: 7E 19 - jle lf2.exe+2E955
"game.exe"+2E93C: 83 F8 03 - cmp eax,03
"game.exe"+2E93F: 7D 14 - jnl lf2.exe+2E955
"game.exe"+2E941: 8B 84 BE 94 01 00 00 - mov eax,[esi+edi*4+00000194]
"game.exe"+2E948: 8B 80 44 03 00 00 - mov eax,[eax+00000344]
"game.exe"+2E94E: 01 14 85 60 1B 45 00 - add [eax*4+lf2.exe+51B60],edx
"game.exe"+2E955: 8B 84 BE 94 01 00 00 - mov eax,[esi+edi*4+00000194]
// ---------- INJECTING HERE ----------
"game.exe"+2E95C: 29 88 FC 02 00 00 - sub [eax+000002FC],ecx
// ---------- DONE INJECTING ----------
"game.exe"+2E962: B8 55 55 55 55 - mov eax,55555555
"game.exe"+2E967: F7 E9 - imul ecx
"game.exe"+2E969: 2B D1 - sub edx,ecx
"game.exe"+2E96B: D1 FA - sar edx,1
"game.exe"+2E96D: 8B C2 - mov eax,edx
"game.exe"+2E96F: C1 E8 1F - shr eax,1F
"game.exe"+2E972: 03 C2 - add eax,edx
"game.exe"+2E974: 8B D0 - mov edx,eax
"game.exe"+2E976: 8B 84 BE 94 01 00 00 - mov eax,[esi+edi*4+00000194]
"game.exe"+2E97D: 01 90 00 03 00 00 - add [eax+00000300],edx
} |
|
Oh , I see. Thanks!
Now I have an even more annoying problem ! ;D
So what I'm trying to do is have seperate 1 Hit kill scripts for each player.
Let's play adventure mode with Player 1 , Player 3 and now with Player 2 as well.
Adventure mode has 8 stages and each stage has 10 or so waves.
Each wave a set of enemies is sent for fighting our Players.
Well here is the thing , enemies are players as well.
Enemies in this game are actually hidden "players" in this game.
Kinda like our player's evil versions. Though their HP's are altered to
fit the adventure gameplay style of the game every other behavior of them are exactly like players. Which I believe is going to cause me lots of problems later on.
I activate Player 2's one hit kill script and it works.
But here is the problem , while enemies deal normal damage to Player 2 ... Player 1 and Player 3 gets one hit killed by them.
Any way around this ? Thanks !
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Thu Feb 04, 2016 8:46 am Post subject: |
|
|
| Aleynacombi wrote: | | Any way around this ? |
-Yes...improve your filter.
|
|
| Back to top |
|
|
JohannesJoestar
Advanced Cheater
![]() Reputation: 0
Joined: 01 Nov 2015
Posts: 79
|
| Posted: Thu Feb 04, 2016 9:47 am Post subject: |
|
|
| ++METHOS wrote: | | Aleynacombi wrote: | | Any way around this ? |
-Yes...improve your filter. |
What do you mean by "filter" ?
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Thu Feb 04, 2016 10:05 am Post subject: |
|
|
You have a conditional jump in your script based on a compare that you perform. Why do you have that? To filter out addresses. That compare checks the value of an address. Improve that check by comparing against a more reliable address/value, or, by expanding on it.
Your filter is no good (or, not good enough) because you are not filtering out 'impostor enemies'. You need to find something better to compare against, or, expand on your filter so that enemies and impostor enemies are filtered out (or whatever you want).
|
|
| Back to top |
|
|
JohannesJoestar
Advanced Cheater
![]() Reputation: 0
Joined: 01 Nov 2015
Posts: 79
|
| Posted: Thu Feb 04, 2016 12:35 pm Post subject: |
|
|
| ++METHOS wrote: | You have a conditional jump in your script based on a compare that you perform. Why do you have that? To filter out addresses. That compare checks the value of an address. Improve that check by comparing against a more reliable address/value, or, by expanding on it.
Your filter is no good (or, not good enough) because you are not filtering out 'impostor enemies'. You need to find something better to compare against, or, expand on your filter so that enemies and impostor enemies are filtered out (or whatever you want). |
Oh English is not my main soo... now I understand though.
I'm currently working on that but this game is basically like players vs players so I'm having a hard time but I'm pretty sure I'll find something.
Thanks for the reply.
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Thu Feb 04, 2016 4:26 pm Post subject: |
 |
|
There are other things that you can try.
- You can use a pointer address for your filter, inside of your script, for the value that you are trying to manipulate.
- You can use pointer trees inside of the data structure to find something viable.
- You can shift the data structure (+ or -) and/or expand its size to find something useful.
- You can use the structure spider to find workable strings and/or for comparative analysis.
- You can check the register values by attaching the debugger or setting a breakpoint to see if something can be used for your filter.
- You can check to see if there are any instructions that are exclusive to the address/value that you are trying to manipulate and store the address for your filter by creating a second injection point.
- You can check to see if there are any instructions that are exclusive to any other address/value inside of the data structure for the address/value that you are trying to manipulate and store the address for your filter by creating a second injection point.
- You can analyze assembly code to see if an identifier is being checked or assigned somewhere.
- Et al.
|
|
| Back to top |
|
|
JohannesJoestar
Advanced Cheater
![]() Reputation: 0
Joined: 01 Nov 2015
Posts: 79
|
| Posted: Fri Feb 05, 2016 3:43 am Post subject: |
|
|
| ++METHOS wrote: | There are other things that you can try.
- You can use a pointer address for your filter, inside of your script, for the value that you are trying to manipulate.
- You can use pointer trees inside of the data structure to find something viable.
- You can shift the data structure (+ or -) and/or expand its size to find something useful.
- You can use the structure spider to find workable strings and/or for comparative analysis.
- You can check the register values by attaching the debugger or setting a breakpoint to see if something can be used for your filter.
- You can check to see if there are any instructions that are exclusive to the address/value that you are trying to manipulate and store the address for your filter by creating a second injection point.
- You can check to see if there are any instructions that are exclusive to any other address/value inside of the data structure for the address/value that you are trying to manipulate and store the address for your filter by creating a second injection point.
- You can analyze assembly code to see if an identifier is being checked or assigned somewhere.
- Et al.
|
Thanks! Will try them!
Also in another game (Rouge Legacy) I'm making a godmode cheat which basically skips the code that writes my health value.
I have 2 scripts here and only the first one works. Can you check the second one ? I don't know why that one doesn't work.
First one :
| Code: | [ENABLE]
aobscan(KUMA,89 96 18 01 00 00 8B 9E)
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
cmp byte [esi],A8 //check if player
je return
mov [esi+00000118],edx //code that writes my health
jmp return
KUMA:
jmp code
nop
return:
registersymbol(KUMA)
[DISABLE]
KUMA:
db 89 96 18 01 00 00
unregistersymbol(KUMA)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 054D306F
054D3052: 33 3F - xor edi,[edi]
054D3054: 00 00 - add [eax],al
054D3056: 00 00 - add [eax],al
054D3058: 14 BE - adc al,-42
054D305A: C0 04 00 00 - rol byte ptr [eax+eax],00
054D305E: 00 00 - add [eax],al
054D3060: 30 BE C0 04 08 0D - xor [esi+0D0804C0],bh
054D3066: 39 05 55 8B EC 56 - cmp [56EC8B55],eax
054D306C: 53 - push ebx
054D306D: 8B F1 - mov esi,ecx
// ---------- INJECTING HERE ----------
054D306F: 89 96 18 01 00 00 - mov [esi+00000118],edx
// ---------- DONE INJECTING ----------
054D3075: 8B 9E 18 01 00 00 - mov ebx,[esi+00000118]
054D307B: 8B CE - mov ecx,esi
054D307D: 8B 01 - mov eax,[ecx]
054D307F: 8B 40 64 - mov eax,[eax+64]
054D3082: FF 50 0C - call dword ptr [eax+0C]
054D3085: 3B D8 - cmp ebx,eax
054D3087: 7E 10 - jle 054D3099
054D3089: 8B CE - mov ecx,esi
054D308B: 8B 01 - mov eax,[ecx]
054D308D: 8B 40 64 - mov eax,[eax+64]
} |
Second one :
| Code: | [ENABLE]
aobscan(KUMA,89 96 18 01 00 00 8B 9E)
alloc(newmem,$1000)
label(code)
label(return)
newmem:
cmp byte [esi],A8
je return
jmp code
code:
mov [esi+00000118],edx
jmp return
KUMA:
jmp code
nop
return:
registersymbol(KUMA)
[DISABLE]
KUMA:
db 89 96 18 01 00 00
unregistersymbol(KUMA)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 054D306F
054D3052: 33 3F - xor edi,[edi]
054D3054: 00 00 - add [eax],al
054D3056: 00 00 - add [eax],al
054D3058: 14 BE - adc al,-42
054D305A: C0 04 00 00 - rol byte ptr [eax+eax],00
054D305E: 00 00 - add [eax],al
054D3060: 30 BE C0 04 08 0D - xor [esi+0D0804C0],bh
054D3066: 39 05 55 8B EC 56 - cmp [56EC8B55],eax
054D306C: 53 - push ebx
054D306D: 8B F1 - mov esi,ecx
// ---------- INJECTING HERE ----------
054D306F: 89 96 18 01 00 00 - mov [esi+00000118],edx
// ---------- DONE INJECTING ----------
054D3075: 8B 9E 18 01 00 00 - mov ebx,[esi+00000118]
054D307B: 8B CE - mov ecx,esi
054D307D: 8B 01 - mov eax,[ecx]
054D307F: 8B 40 64 - mov eax,[eax+64]
054D3082: FF 50 0C - call dword ptr [eax+0C]
054D3085: 3B D8 - cmp ebx,eax
054D3087: 7E 10 - jle 054D3099
054D3089: 8B CE - mov ecx,esi
054D308B: 8B 01 - mov eax,[ecx]
054D308D: 8B 40 64 - mov eax,[eax+64]
} |
Thanks!
|
|
| Back to top |
|
|
hhhuut
Grandmaster Cheater
Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Fri Feb 05, 2016 3:50 am Post subject: |
|
|
The problem goes with
| Code: | KUMA:
jmp code
nop
return: |
You're jumping directly to the "code"-label although you want to execute the "newmem" block too. So just change your jump to newmem and you should be fine
| Code: | KUMA:
jmp newmem
nop
return: |
By the way: The instruction at the end of the "newmem"-block is unnecessary, since every code that follows will be executed automatically.
|
|
| Back to top |
|
|
JohannesJoestar
Advanced Cheater
![]() Reputation: 0
Joined: 01 Nov 2015
Posts: 79
|
| Posted: Fri Feb 05, 2016 5:17 am Post subject: |
|
|
| hhhuut wrote: | The problem goes with
| Code: | KUMA:
jmp code
nop
return: |
You're jumping directly to the "code"-label although you want to execute the "newmem" block too. So just change your jump to newmem and you should be fine
| Code: | KUMA:
jmp newmem
nop
return: |
By the way: The instruction at the end of the "newmem"-block is unnecessary, since every code that follows will be executed automatically. |
Oh okay I thought they were like "blocks" of code that I needed to jump when I want to execute them. I didn't know they followed when a jump isn't implemented.
Thanks to you guys I've finalized my script which allows users to chose 1hit , godmode or both.
| Code: | [ENABLE]
aobscan(KUMA,89 96 18 01 00 00 8B 9E)
alloc(newmem,$1000)
globalalloc(ohk,4)
globalalloc(god,4)
label(code)
label(return)
label(checkplayer1)
label(checkplayer2)
label(onehitcheck)
label(onehit)
newmem:
cmp [god],1
je checkplayer1
jmp checkplayer2
checkplayer1:
cmp byte [esi],A8
je return
jmp onehitcheck
checkplayer2:
cmp byte [esi],A8
je code
onehitcheck:
cmp dword [ohk],1
je onehit
jmp code
onehit:
mov [esi+00000118],0
jmp return
code:
mov [esi+00000118],edx
jmp return
KUMA:
jmp newmem
nop
return:
registersymbol(KUMA)
[DISABLE]
KUMA:
db 89 96 18 01 00 00
unregistersymbol(KUMA)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 054D306F
054D3052: 33 3F - xor edi,[edi]
054D3054: 00 00 - add [eax],al
054D3056: 00 00 - add [eax],al
054D3058: 14 BE - adc al,-42
054D305A: C0 04 00 00 - rol byte ptr [eax+eax],00
054D305E: 00 00 - add [eax],al
054D3060: 30 BE C0 04 08 0D - xor [esi+0D0804C0],bh
054D3066: 39 05 55 8B EC 56 - cmp [56EC8B55],eax
054D306C: 53 - push ebx
054D306D: 8B F1 - mov esi,ecx
// ---------- INJECTING HERE ----------
054D306F: 89 96 18 01 00 00 - mov [esi+00000118],edx
// ---------- DONE INJECTING ----------
054D3075: 8B 9E 18 01 00 00 - mov ebx,[esi+00000118]
054D307B: 8B CE - mov ecx,esi
054D307D: 8B 01 - mov eax,[ecx]
054D307F: 8B 40 64 - mov eax,[eax+64]
054D3082: FF 50 0C - call dword ptr [eax+0C]
054D3085: 3B D8 - cmp ebx,eax
054D3087: 7E 10 - jle 054D3099
054D3089: 8B CE - mov ecx,esi
054D308B: 8B 01 - mov eax,[ecx]
054D308D: 8B 40 64 - mov eax,[eax+64]
} |
If you guys can improve my code and give a few tips that would be great, thanks ![/code]
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Fri Feb 05, 2016 9:49 am Post subject: |
|
|
| hhhuut wrote: | | You're jumping directly to the "code"-label although you want to execute the "newmem" |
-Yeah, I don't know why DB changed that. I still catch myself missing that sometimes.
|
|
| Back to top |
|
|
hhhuut
Grandmaster Cheater
Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Fri Feb 05, 2016 10:13 am Post subject: |
|
|
| Yeah, me too ...
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
