Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Which Assembly is Correct?
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
limau
Newbie cheater
Reputation: 0

Joined: 18 Jun 2014
Posts: 21

PostPosted: Wed Jul 02, 2014 6:20 am    Post subject: Which Assembly is Correct? Reply with quote

Hi all,

I have some question here regarding CE. I am using SWF Decompiler and here is the function in question.

Code:
        private function updateNeedTime() : void
        {
            var _loc_1:* = _productionGrid.data as StructureShopItemData;
            if (resCon.time_txt != null && _loc_1 != null)
            {
                resCon.time_txt.text = _sNeedTime + DateTime.timeDurationDay(_loc_1.iTime * (_numberSetter.iCurrentValue / 10));
            }
            return;
        }// end function


Now, I want to set the value "_loc_1.iTime" into 0 to remove the time element.

Now, inside the SWF Decompiler, here's what I got.

Code:
_as3_getlex framecore.structure.views.windows.machine:MachineWindow::_sNeedTime
//60 85 1b
_as3_getlex framecore.structure.views.themepanel.isometric.tools::DateTime
//d1
_as3_getlocal <1>
//66 f4 05
_as3_getproperty iTime
//60 db 39
_as3_getlex framecore.structure.views.windows.machine:MachineWindow::_numberSetter
//66 8f 3a
_as3_getproperty iCurrentValue
//24 0a
_as3_pushbyte 10
//a3
_as3_divide
//73
_as3_convert_i
//a2
_as3_multiply
//46 ee 32 01
_as3_callproperty timeDurationDay(param count:1)
//a0
_as3_add
//61 89 3a
_as3_setproperty text
//47


See the Image to see the CE Memory Viewer.

Which is correct? How do I rectify it?



2.JPG
 Description:
 Filesize:  98.32 KB
 Viewed:  13619 Time(s)

2.JPG


Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25806
Location: The netherlands

PostPosted: Wed Jul 02, 2014 6:44 am    Post subject: Reply with quote

Cheat engine interprets it as x86 code, which this is not
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
limau
Newbie cheater
Reputation: 0

Joined: 18 Jun 2014
Posts: 21

PostPosted: Wed Jul 02, 2014 7:51 am    Post subject: Reply with quote

Then how do I modify the machine code if I cannot see what the assembly do and which register it uses?
Back to top
View user's profile Send private message
STN
I post too much
Reputation: 43

Joined: 09 Nov 2005
Posts: 2676

PostPosted: Wed Jul 02, 2014 12:07 pm    Post subject: Reply with quote

Are you sure this is code. If it is data which it looks like it then it never gets executed and hence all that gibberish.

You can also intentionally mess up a disassembler's displaying of code by throwing garbage opcodes (common with malware/anti-debug apps) or even sometimes unintentionally. I don't think this is that though.

You can modify it as usual. Double click on it and modify or add it as address (array of bytes) and modify the bytes directly or modify the bytes in hex viewer below.

_________________
Cheat Requests/Tables- Fearless Cheat Engine
https://fearlessrevolution.com
Back to top
View user's profile Send private message
daspamer
Grandmaster Cheater Supreme
Reputation: 54

Joined: 13 Sep 2011
Posts: 1588

PostPosted: Wed Jul 02, 2014 12:26 pm    Post subject: Reply with quote

Check where iTime is being set.
Post back the function as AS and as RAW.

_________________
I'm rusty and getting older, help me re-learn lua.
Back to top
View user's profile Send private message Visit poster's website
cashd
Cheater
Reputation: 0

Joined: 25 Nov 2012
Posts: 25

PostPosted: Wed Jul 02, 2014 3:49 pm    Post subject: Reply with quote

the thing you got from the SWF decompiler is flash bytecode
you can patch directly byte code of flash
but to know exactly how to change them, you need to look on action script manual, the problem with that method, you have limit to change only the same amount of bytes and not more
if you just want to nop this function you can insert 02 on all the opcodes and replace them
02 is nop in flash bytecode Very Happy

the second way to patch flash is to patch the translated x86 code, ive done it for candy crush when i wanted to do unlimit steps.
but the problem with that, you cant find the AoB unless you really use that function.
you must first load the level before it translated to x86
Back to top
View user's profile Send private message
limau
Newbie cheater
Reputation: 0

Joined: 18 Jun 2014
Posts: 21

PostPosted: Wed Jul 02, 2014 11:23 pm    Post subject: Reply with quote

Thanks guys.. You are right, it is coded in action script 3 as3 format and it's not the same as assembly x86. That's why it doesn't make sense in CE.. So in this case I can only use CE as a hex editor.

Anyone has the complete instruction table byte code for AS3 language for flash?

@DaSpamer, instead I could change the code to
Code:
 resCon.time_txt.text = _sNeedTime

and the modification will be much easier?
Back to top
View user's profile Send private message
daspamer
Grandmaster Cheater Supreme
Reputation: 54

Joined: 13 Sep 2011
Posts: 1588

PostPosted: Thu Jul 03, 2014 1:39 pm    Post subject: Reply with quote

That won't help,
The function only displays the time, so if you change it to
Code:
resCon.time_txt.text = _sNeedTime

You're just editing time visaully.
It's better to modify where _sNeedTime is being set.

_________________
I'm rusty and getting older, help me re-learn lua.
Back to top
View user's profile Send private message Visit poster's website
cashd
Cheater
Reputation: 0

Joined: 25 Nov 2012
Posts: 25

PostPosted: Thu Jul 03, 2014 4:14 pm    Post subject: Reply with quote

if you want to remove that function overwrite it with 02 as i said
There is all the action script 3 bytecode in adobe website
http://wwwimages.adobe.com/content/dam/Adobe/en/devnet/actionscript/articles/avm2overview.pdf

qoute from google
"There is no AVM3. ActionScript3 runs on AVM2."
Back to top
View user's profile Send private message
daspamer
Grandmaster Cheater Supreme
Reputation: 54

Joined: 13 Sep 2011
Posts: 1588

PostPosted: Thu Jul 03, 2014 5:34 pm    Post subject: Reply with quote

cashd wrote:
if you want to remove that function overwrite it with 02 as i said
There is all the action script 3 bytecode in adobe website
http://wwwimages.adobe.com/content/dam/Adobe/en/devnet/actionscript/articles/avm2overview.pdf

qoute from google
"There is no AVM3. ActionScript3 runs on AVM2."

That won't help to achieve what he wants.
He wants to modify the iTime value.
Quote:
Now, I want to set the value "_loc_1.iTime" into 0 to remove the time element.


Overriding the function with 02, will simply disable the function actions, it will not modify the iTime value nor the text object.

_________________
I'm rusty and getting older, help me re-learn lua.
Back to top
View user's profile Send private message Visit poster's website
cashd
Cheater
Reputation: 0

Joined: 25 Nov 2012
Posts: 25

PostPosted: Thu Jul 03, 2014 5:50 pm    Post subject: Reply with quote

he can do it by change the code where the time is set.
i said use 02 if he want to remove the function
if he want to modify the function he may use the action script bytecode and change it there and it possible
ive found in some game once a way to load same level all the times
by change the byte code
so it possible.
he can search the following tool developed by CyberShadow (my mate Razz)

https://github.com/CyberShadow/RABCDAsm

qoutes
"RABCDAsm is a collection of utilities including an ActionScript 3 assembler/disassembler, and a few tools to manipulate SWF files. These are:"
Back to top
View user's profile Send private message
daspamer
Grandmaster Cheater Supreme
Reputation: 54

Joined: 13 Sep 2011
Posts: 1588

PostPosted: Thu Jul 03, 2014 6:58 pm    Post subject: Reply with quote

cashd wrote:
he can do it by change the code where the time is set.
i said use 02 if he want to remove the function
if he want to modify the function he may use the action script bytecode and change it there and it possible
ive found in some game once a way to load same level all the times
by change the byte code
so it possible.
he can search the following tool developed by CyberShadow (my mate Razz)

https://github.com/CyberShadow/RABCDAsm

qoutes
"RABCDAsm is a collection of utilities including an ActionScript 3 assembler/disassembler, and a few tools to manipulate SWF files. These are:"

But then you'll have to remap to your modified SWF instead of getting the original one.

_________________
I'm rusty and getting older, help me re-learn lua.
Back to top
View user's profile Send private message Visit poster's website
limau
Newbie cheater
Reputation: 0

Joined: 18 Jun 2014
Posts: 21

PostPosted: Fri Jul 04, 2014 1:46 am    Post subject: Reply with quote

Code:
resCon.time_txt.text = _sNeedTime + DateTime.timeDurationDay(_loc_1.iTime * (_numberSetter.iCurrentValue / 10));


You guys are right. This function seems to be the displaying function.
sNeedTime is a string type, displaying the text while _numberSetter.iCurrentValue is holding the amount put in while _loc_1.iTime hold the time needed for 1 item to be completed.

So, to make it work, _loc_1.iTime need to be set to a small value or zero.

By the way, I am seeing alot of _loc_2.* in the code or _loc_*.*.
loc stands for local variable?

AS function
Code:
        private function updateNeedTime() : void
        {
            var _loc_1:* = _productionGrid.data as StructureShopItemData;
            if (resCon.time_txt != null && _loc_1 != null)
            {
                resCon.time_txt.text = _sNeedTime + DateTime.timeDurationDay(_loc_1.iTime * (_numberSetter.iCurrentValue / 10));
            }
            return;
        }// end function



Raw Data
Code:

        private function updateNeedTime() : void
        {
//d0
_as3_getlocal <0>
//30
_as3_pushscope
//60 e2 39
_as3_getlex framecore.structure.views.windows.machine:MachineWindow::_productionGrid
//66 93 01
_as3_getproperty data
//60 81 08
_as3_getlex framecore.structure.moudle.structure::StructureShopItemData
//87
_as3_astypelate
//80 81 08
_as3_coerce framecore.structure.moudle.structure::StructureShopItemData
//d5
_as3_setlocal <1>
//60 ce 0c
_as3_getlex framecore.structure.views.windows.exchangetask:AbstractPop::resCon
//66 8b 3a
_as3_getproperty time_txt
//20
_as3_pushnull
//ab
_as3_equals
//96
_as3_not
//2a
_as3_dup
//12 05 00 00
_as3_iffalse offset: 5
//29
_as3_pop
//d1
_as3_getlocal <1>
//20
_as3_pushnull
//ab
_as3_equals
//96
_as3_not
//12 23 00 00
_as3_iffalse offset: 35
//60 ce 0c
_as3_getlex framecore.structure.views.windows.exchangetask:AbstractPop::resCon
//66 8b 3a
_as3_getproperty time_txt
//60 fa 39
_as3_getlex framecore.structure.views.windows.machine:MachineWindow::_sNeedTime
//60 85 1b
_as3_getlex framecore.structure.views.themepanel.isometric.tools::DateTime
//d1
_as3_getlocal <1>
//66 f4 05
_as3_getproperty iTime
//60 db 39
_as3_getlex framecore.structure.views.windows.machine:MachineWindow::_numberSetter
//66 8f 3a
_as3_getproperty iCurrentValue
//24 0a
_as3_pushbyte 10
//a3
_as3_divide
//73
_as3_convert_i
//a2
_as3_multiply
//46 ee 32 01
_as3_callproperty timeDurationDay(param count:1)
//a0
_as3_add
//61 89 3a
_as3_setproperty text
//47
_as3_returnvoid
        }// end function



"StructureShopItemData" seems to hold the value of _loc_1.iTime.
How do I find this structure?
Back to top
View user's profile Send private message
daspamer
Grandmaster Cheater Supreme
Reputation: 54

Joined: 13 Sep 2011
Posts: 1588

PostPosted: Fri Jul 04, 2014 9:40 am    Post subject: Reply with quote

Yes loc stands for local variable.
Easiest way to find where iTime is being set, is to either search for
iTime
or search for
iTime =
(Hopefully it's being set there).

_________________
I'm rusty and getting older, help me re-learn lua.
Back to top
View user's profile Send private message Visit poster's website
limau
Newbie cheater
Reputation: 0

Joined: 18 Jun 2014
Posts: 21

PostPosted: Fri Jul 04, 2014 11:00 am    Post subject: Reply with quote

There is too many variable with "iTime =", however I did able to find "StructureShopItemData"

Code:
package framecore.structure.moudle.structure
{
    import __AS3__.vec.*;
    import flash.display.*;
    import flash.utils.*;
    import framecore.structure.moudle.expand.data.*;
    import framecore.structure.views.themepanel.isometric.data.floral.*;

    public class StructureShopItemData extends Object
    {
        private var _iSellCash:int;
        private var _iType:int;
        private var _iPos:int;
        private var _iExp:int;
        private var _iCash:int;
        private var _iLevel:int;
        private var _iSize:int;
        private var _iSizeX:int;
        private var _iSizeY:int;
        private var _iId:int;
        private var _sName:String;
        private var _iIndex:int;
        private var _bIsGold:Boolean;
        private var _currencyType:int;
        private var _iLuxury:int;
        private var _iSex:int;
        private var _iTime:int;
        private var _iSecTime:int;
        private var _iOutput:int;
           *
           *
           *


Below, there is this function


Code:

           *
           *
           *
        public function get iTime() : int
        {
            return _iTime;
        }// end function

        public function set iTime(param1:int) : void
        {
            _iTime = param1;
            return;
        }// end function
           *
           *
           *


Therefore, why not return 0 instead of return _iTime?

Code:
        public function get iTime() : int
        {
//d0
_as3_getlocal <0>
//30
_as3_pushscope
//60 d6 19
_as3_getlex framecore.structure.moudle.structure:StructureShopItemData::_iTime
//48
_as3_returnvalue
        }// end function


Code:
d0 30 60 d6 19 48
d0 24 00 02 02 48


Initially when the game is already running, it didn't do anything.
When I loaded the game 98%, replace the code, then run it, the flash screen turn white and blank..
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites