Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[VB 2008] A Trainer of Some Sort

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
Kushie
How do I cheat?
Reputation: 0

Joined: 15 Feb 2010
Posts: 5
PostPosted: Mon Feb 15, 2010 3:00 am    Post subject: [VB 2008] A Trainer of Some Sort Reply with quote
What I usually do:
Open Cheat Engine.exe and attach to the game (RumbleFighter.exe). Click on Memory View and press CTRL+G and search for address 00455E99 and double click the Opcode to change mov byte ptr [esi+000006e5],01 to mov byte ptr [esi+000006e6],01

So, basically I want to change the Opcode of the address 00455E99 of RumbleFighter.exe from mov byte ptr [esi+000006e5],01 to mov byte ptr [esi+000006e6],01 in a click of a command button.

I'm learning how to program in VB 2008, so thanks in advance.

P.S. I think it would require WriteProcessMemory. Not quite sure though.
Back to top
View user's profile Send private message
smartz993
I post too much
Reputation: 2

Joined: 20 Jun 2006
Posts: 2013
Location: USA
PostPosted: Mon Feb 15, 2010 3:02 am    Post subject: Reply with quote
Your guess is correct.

WriteProcessMemory is the needed API.

Just grab the bytes at the location you are talking about, and replace them with WriteProcessMemory.
Back to top
View user's profile Send private message
Kushie
How do I cheat?
Reputation: 0

Joined: 15 Feb 2010
Posts: 5
PostPosted: Mon Feb 15, 2010 3:07 am    Post subject: Reply with quote
smartz993 wrote:
Your guess is correct.

WriteProcessMemory is the needed API.

Just grab the bytes at the location you are talking about, and replace them with WriteProcessMemory.


I'm going to need you to explain more in detail for a beginner like me to understand. You are talking to someone who just started VB 2008 about 2 weeks ago.

EDIT: Okay, I've done a bit of research and found that the Opcode is not even needed. What we want is the bytes (values left of the Opcode) in Cheat Engine and this is what I want:

c6 86 e5 06 00 00 01 to
c6 86 e6 06 00 00 01

EDIT: Did more research and now my code looks like this:

Code:
Imports System.Runtime.InteropServices

Public Class frmNamnuHack
    <DllImport("kernel32.dll")> _
    Public Shared Function WriteProcessMemory( _
    ByVal hProcess As IntPtr, _
    ByVal lpBaseAddress As IntPtr, _
    ByVal lpBuffer As Byte(), _
    ByVal nSize As UInt32, _
    ByRef lpNumberOfBytesWritten As UInt32 _
    ) As Boolean
    End Function

    Dim hProcess As Process() = Process.GetProcessesByName("Rumble Fighter")
    Dim en1 As Byte() = {0x90, 0x90, 0x00, 0xE8} 'mov byte ptr [esi+000006e4],01

    Private Sub cmdNamnuOn_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles cmdNamnuOn.Click
        WriteProcessMemory(hProcess(0).Handle, &H455E99, en1, 7, 0)
    End Sub
End Class


In en1, how do I convert mov byte ptr [esi+000006e4],01 into that format used in between the brackets {}? I mean, 0x90, etc, is not correct.

Basically, how do I convert "mov byte ptr [esi+000006e5],01", so that I can enter it into the byte array?

For example, from another forum:
jmp 00498f57 = {&HE9, &H31, &H9A, &HEC, &HFF}

What does:
mov byte ptr [esi+000006e5],0 = ?
Back to top
View user's profile Send private message
hcavolsdsadgadsg
I'm a spammer
Reputation: 26

Joined: 11 Jun 2007
Posts: 5801
PostPosted: Mon Feb 15, 2010 4:56 am    Post subject: Reply with quote
Quote:
there is no simple way to go directly from the string "mov byte ptr [esi+000006e5],01"

you're in for quite an interesting (read: tedious and boring) experience if you really want to try.


i just copy the byte array from whatever disassembler i'm using.
you can do this easily in cheat engine, for example and it goes through a magical process to make it happen.

ps:
mov byte ptr [esi+000006e5],00 - c6 86 e5 06 00 00 00

just cram the bytes into an array like you have in your post, and write that. you pretty much solved it yourself.
Back to top
View user's profile Send private message
Kushie
How do I cheat?
Reputation: 0

Joined: 15 Feb 2010
Posts: 5
PostPosted: Mon Feb 15, 2010 6:50 pm    Post subject: Reply with quote
slovach wrote:
Quote:
there is no simple way to go directly from the string "mov byte ptr [esi+000006e5],01"

you're in for quite an interesting (read: tedious and boring) experience if you really want to try.


i just copy the byte array from whatever disassembler i'm using.
you can do this easily in cheat engine, for example and it goes through a magical process to make it happen.

ps:
mov byte ptr [esi+000006e5],00 - c6 86 e5 06 00 00 00

just cram the bytes into an array like you have in your post, and write that. you pretty much solved it yourself.


So, something like this?

Dim en1 As Byte() = {&HC6, &H86, &HE5, &H6, &H0, &H0, &H1}

This is what I have:
Code:
Imports System.Runtime.InteropServices

Public Class frmNamnuHack
    <DllImport("kernel32.dll")> _
    Public Shared Function WriteProcessMemory( _
    ByVal hProcess As IntPtr, _
    ByVal lpBaseAddress As IntPtr, _
    ByVal lpBuffer As Byte(), _
    ByVal nSize As UInt32, _
    ByRef lpNumberOfBytesWritten As UInt32 _
    ) As Boolean
    End Function

    Dim hProcess As Process() = Process.GetProcessesByName("Rumble Fighter")
    Dim en1 As Byte() = {&HC6, &H86, &HE5, &H6, &H0, &H0, &H1}

    Private Sub cmdNamnuOn_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles cmdNamnuOn.Click
        WriteProcessMemory(hProcess(0).Handle, &H455E99, en1, 7, 0)
    End Sub
End Class


When I click the button, I get a "IndexOutOfRangeException" and a "A first chance exception of type 'System.IndexOutOfRangeException' occurred in WindowsApplication1.exe "when the program is loaded.
Back to top
View user's profile Send private message
hcavolsdsadgadsg
I'm a spammer
Reputation: 26

Joined: 11 Jun 2007
Posts: 5801
PostPosted: Mon Feb 15, 2010 8:05 pm    Post subject: Reply with quote
GetProcessByName couldn't find anything and thus your array was empty.
The result was you tried to access data that didn't exist. GetProcessByName expects the name of the exe, not the widow.

Check the length of the array first. hint: hProcess.Length
Back to top
View user's profile Send private message
Kushie
How do I cheat?
Reputation: 0

Joined: 15 Feb 2010
Posts: 5
PostPosted: Mon Feb 15, 2010 11:11 pm    Post subject: Reply with quote
slovach wrote:
GetProcessByName couldn't find anything and thus your array was empty.
The result was you tried to access data that didn't exist. GetProcessByName expects the name of the exe, not the widow.

Check the length of the array first. hint: hProcess.Length


Thank you very much. It works now.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites