View previous topic :: View next topic |
Author |
Message |
vask0to How do I cheat? Reputation: 0
Joined: 30 Nov 2013 Posts: 3
|
Posted: Sat Jan 06, 2018 4:49 pm Post subject: Find something to compare in dissected structure |
|
|
So I have dissected a structure and got to the point where I could change life of the unit. The thing is that the function is responsible for changing every unit/building life too. So I want to check if the unit has 555 power, and if it has to change its life to some other value otherwise to act normal.
Lets say that the function is rcx+30
So I am asking how to get in to the tree of the structure to get the offsets
Code: | > 0000 something
> 0008 something2
> 0010 something3
> 0018 something4
> 0000 somethingelse
> 0008 somethingelse2
> 0010 somethingelse3
> 0018 somethingelse4
...
01E0 power --> 555
0030 life --> 4567
|
What I want to do is change life if power equals 555
What I've tried is this, but the compare doesn't work. I've tried to find a way to get the offset right but no success...
Code: | code:
pushf
cmp [rcx+??],1E // 1E to be the value of rcx+?? ... I am looking for the ??
jne originalcode
popf
mov [rcx+30],FF //unit to be changed to FF lifepoints
jmp return
originalcode:
popf
mov [rcx+30],edx
mov rdx,[rbp+10]
jmp return |
I am kinda new to assembly, so please don't judge too hard :) |
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Sat Jan 06, 2018 4:56 pm Post subject: |
|
|
Code: |
> 0018 something4
> 01E0 power --> 555
> 0030 life --> 4567 |
Code: |
code:
pushfq
push rsi
mov rsi,[rcx+18]
test rsi,rsi
jz originalcode
cmp [rsi+1E0],1E // 1E to be the value of rcx+?? ... I am looking for the ??
jne originalcode
pop rsi
popfq
mov [rcx+30],FF //unit to be changed to FF lifepoints
jmp return
originalcode:
pop rsi
popfq
mov [rcx+30],edx
mov rdx,[rbp+10]
jmp return |
_________________
|
|
Back to top |
|
|
vask0to How do I cheat? Reputation: 0
Joined: 30 Nov 2013 Posts: 3
|
Posted: Sat Jan 06, 2018 5:09 pm Post subject: |
|
|
Thank you a lot. It worked like a charm |
|
Back to top |
|
|
|