| View previous topic :: View next topic |
| Author |
Message |
predro
Newbie cheater
![]() Reputation: 0
Joined: 13 Feb 2012
Posts: 10
|
 Posted: Mon May 26, 2014 7:14 am Post subject: raise values |
 |
|
Hey guys,
i read this tutorial: hxxp://forum.cheatengine.org/viewtopic.php?t=570083 by rydian which made me understand some basics.
i managed a value not to be changed any more for testing, but thats not what i want to achieve.
Because other than in the example i want a value to raise or to immediatly set it to a high value like 9999;
how do i have to change the code in the attached JPG to achieve that?
THX
| Description: |
|
| Filesize: |
62.37 KB |
| Viewed: |
6482 Time(s) |
|
|
|
| Back to top |
|
 |
Redouane
Master Cheater
![]() Reputation: 3
Joined: 05 Sep 2013
Posts: 363
Location: Algeria
|
| Posted: Mon May 26, 2014 7:58 am Post subject: Re: raise values |
|
|
| predro wrote: | Hey guys,
i read this tutorial: hxxp://forum.cheatengine.org/viewtopic.php?t=570083 by rydian which made me understand some basics.
i managed a value not to be changed any more for testing, but thats not what i want to achieve.
Because other than in the example i want a value to raise or to immediatly set it to a high value like 9999;
how do i have to change the code in the attached JPG to achieve that?
THX |
This should work to set the value to 9999
| Code: | [enable]
alloc(mem,1024)
label(return)
mem:
dq (double)9999 // The value you want to write
push eax
mov eax,[mem]
mov [esi+C8],eax
mov eax,[mem+4]
mov [esi+C8+4],eax
pop eax
jmp return
08BF5B70:
jmp mem+8
db 90 90 90
return:
[disable]
dealloc(mem)
08BF5B70:
db 66 0F D6 86 C8 00 00 00 |
You are trying to hack a flash game,aren't you?this script won't work if you reload the game because the code is in the data section,you'll need to use AOB scans if you want to make a hack that always works.[/code]
|
|
| Back to top |
|
|
predro
Newbie cheater
![]() Reputation: 0
Joined: 13 Feb 2012
Posts: 10
|
| Posted: Mon May 26, 2014 8:11 am Post subject: |
|
|
yep, flashgame!
Yes i know about the AOB scan, just wanted to know how to change the code at all before doing the scan.
first i want to understand what you´re doing there:
- you create a new variable "mem"
- set it to 9999
- set eax to mem -> 9999
...
ok ... i dont really get whats following .... why are all these actions necessary?
|
|
| Back to top |
|
|
Redouane
Master Cheater
![]() Reputation: 3
Joined: 05 Sep 2013
Posts: 363
Location: Algeria
|
| Posted: Mon May 26, 2014 8:33 am Post subject: |
|
|
| predro wrote: | yep, flashgame!
Yes i know about the AOB scan, just wanted to know how to change the code at all before doing the scan.
first i want to understand what you´re doing there:
- you create a new variable "mem"
- set it to 9999
- set eax to mem -> 9999
...
ok ... i dont really get whats following .... why are all these actions necessary? |
You are dealing with a double value,see it like 8 bytes,so the value you want to modify starts at [esi+C8] and ends at [esi+C8+8],the mov opcode can copy 4 bytes,and the dq opcode can initialize a memory region with a quadword,so,in order to write the double value 9999 to [esi+C8],you move the first 4 bytes of 9999 to [esi+C8],and the 4 other bytes to [esi+C8+4],you use push/pop to avoid crashing the program because it may need the content of eax after that,reading the content of an uninitialized memory region or jumping to one would cause a crash.
|
|
| Back to top |
|
|
predro
Newbie cheater
![]() Reputation: 0
Joined: 13 Feb 2012
Posts: 10
|
| Posted: Mon May 26, 2014 9:18 am Post subject: |
|
|
Ok thanx alot for the explanation, i´m used to simple script languages 
|
|
| Back to top |
|
|
predro
Newbie cheater
![]() Reputation: 0
Joined: 13 Feb 2012
Posts: 10
|
| Posted: Tue May 27, 2014 4:57 am Post subject: |
|
|
Now i tried to combine it with the aob-scan ... but there is no effect.
Is there an error or is the scan not good?
how can i debug and see if the scan finds something or not?
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscan(energy,66 0F D6 86 ?? ?? ?? ?? F3 0F 7E 86 ?? ?? ?? ?? 66 0F D6 85 ?? ?? ?? ?? 8B BE ?? ?? ?? ?? 83 FF 04)
label(_energy)
registersymbol(_energy)
//
alloc(mem,1024)
label(return)
mem:
dq (double)9999 // The value you want to write
push eax
mov eax,[mem]
mov [esi+C8],eax
mov eax,[mem+4]
mov [esi+C8+4],eax
pop eax
jmp return
_energy:
jmp mem+8
db 90 90 90
return:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(mem)
_energy:
db 66 0F D6 86 C8 00 00 00
unregistersymbol(energy) |
|
|
| Back to top |
|
|
NanoByte
Expert Cheater
![]() Reputation: 1
Joined: 13 Sep 2013
Posts: 222
|
| Posted: Tue May 27, 2014 8:26 am Post subject: |
|
|
| Code: | mem:
dq (double)9999 // The value you want to write
push eax
mov eax,[mem]
mov [esi+C8],eax
mov eax,[mem+4]
mov [esi+C8+4],eax
pop eax
jmp return //delete this line <=========D
_energy:
jmp mem+8
db 90 90 90
return: |
|
|
| Back to top |
|
|
predro
Newbie cheater
![]() Reputation: 0
Joined: 13 Feb 2012
Posts: 10
|
| Posted: Tue May 27, 2014 9:01 am Post subject: |
|
|
| NanoByte wrote: | | Code: | mem:
dq (double)9999 // The value you want to write
push eax
mov eax,[mem]
mov [esi+C8],eax
mov eax,[mem+4]
mov [esi+C8+4],eax
pop eax
jmp return //delete this line <=========D
_energy:
jmp mem+8
db 90 90 90
return: |
|
deleted the line, but still nothing happens
UPDATE:
It seems that the AOB is fine.
I tested it with a simpler script that erases the function. That works!
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscan(energy,66 0F D6 86 ?? ?? ?? ?? F3 0F 7E 86 ?? ?? ?? ?? 66 0F D6 85 ?? ?? ?? ?? 8B BE ?? ?? ?? ?? 83 FF 04 )
label(_energy)
registersymbol(_energy)
energy:
_energy:
db 90 90 90 90 90 90 90 90
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
_energy:
db 66 0F D6 86 C8 00 00 00
unregistersymbol(_energy) |
Seems the error is in the replacement code 
Any hints?
|
|
| Back to top |
|
|
NanoByte
Expert Cheater
![]() Reputation: 1
Joined: 13 Sep 2013
Posts: 222
|
| Posted: Tue May 27, 2014 1:04 pm Post subject: |
|
|
do a clean script and let cheat engine build up the code with enable and codeinjection
then just add this in the newmem section
see if it works
| Code: |
mov [esi+C8],(float)1234 // replace 1234 with a value u want
jmp exit |
|
|
| Back to top |
|
|
Redouane
Master Cheater
![]() Reputation: 3
Joined: 05 Sep 2013
Posts: 363
Location: Algeria
|
| Posted: Tue May 27, 2014 3:35 pm Post subject: |
|
|
| NanoByte wrote: | do a clean script and let cheat engine build up the code with enable and codeinjection
then just add this in the newmem section
see if it works
| Code: |
mov [esi+C8],(float)1234 // replace 1234 with a value u want
jmp exit |
|
From my experience with gamehacking,this is a double value,not a float,movq stays for 'move quadword',float values are 4-byte long,they are handled with fpu operations (fld,fstp etc.).
| NanoByte wrote: | | how can i debug and see if the scan finds something or not? |
In the main CE window,change the value type to 'Array of Bytes' then make the 'Writable' checkbox grayed,then type or past your AOB in the value box,press 'first scan'.
Remember that the aobscan command will always pick the first result (if there are many results,it'll take the one on top).
Try this:
| Code: | [ENABLE]
alloc(mem,1024)
aobscan(energy,66 0F D6 86 ?? ?? ?? ?? F3 0F 7E 86 ?? ?? ?? ?? 66 0F D6 85 ?? ?? ?? ?? 8B BE ?? ?? ?? ?? 83 FF 04 ) // This MUST be a good AOB
label(return)
label(_energy)
registersymbol(_energy)
mem:
dq (double)9999 // The value you want to write
push eax
mov eax,[mem]
mov [esi+C8],eax
mov eax,[mem+4]
mov [esi+C8+4],eax
pop eax
jmp return // You could remplace this with jmp _energy+8
energy:
_energy:
jmp mem+8
db 90 90 90
return:
[DISABLE]
dealloc(mem)
_energy:
db 66 0F D6 86 C8 00 00 00
unregistersymbol(_energy) |
|
|
| Back to top |
|
|
predro
Newbie cheater
![]() Reputation: 0
Joined: 13 Feb 2012
Posts: 10
|
| Posted: Wed May 28, 2014 5:24 am Post subject: |
|
|
| Redone wrote: |
| Code: | [ENABLE]
alloc(mem,1024)
aobscan(energy,66 0F D6 86 ?? ?? ?? ?? F3 0F 7E 86 ?? ?? ?? ?? 66 0F D6 85 ?? ?? ?? ?? 8B BE ?? ?? ?? ?? 83 FF 04 ) // This MUST be a good AOB
label(return)
label(_energy)
registersymbol(_energy)
mem:
dq (double)9999 // The value you want to write
push eax
mov eax,[mem]
mov [esi+C8],eax
mov eax,[mem+4]
mov [esi+C8+4],eax
pop eax
jmp return // You could remplace this with jmp _energy+8
energy:
_energy:
jmp mem+8
db 90 90 90
return:
[DISABLE]
dealloc(mem)
_energy:
db 66 0F D6 86 C8 00 00 00
unregistersymbol(_energy) |
|
COOL, this one works!!
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
