| View previous topic :: View next topic |
| Author |
Message |
DemoKing700
Cheater
![]() Reputation: 0
Joined: 17 Dec 2014
Posts: 33
Location: 127.0.0.1
|
 Posted: Tue Sep 08, 2015 6:33 am Post subject: |
 |
|
| Zanzer wrote: | When you define a
label(_ammo)
you need to have the corresponding
_ammo:
in your code.
In memory viewer, to the left of the instruction are the number of bytes the instruction takes up.
To remove (NOP) the instruction, you need to replace each of those bytes with a hex 90.
That instruction uses 7 bytes, so the simplest code to remove it is:
| Code: | aobscan(ammo,XX XX XX)
ammo:
db 90 90 90 90 90 90 90 |
AOBSCAN creates and positions the label 'ammo' at your byte pattern.
You then use that label to position your injection at 'ammo'.
Finally, you tell CE to write the 7 hex 90 (NOP) bytes to that location.
By the way, I noticed your script used the Code Injection template instead of the AOB Injection template. |
@Zanzer u mean i dont need to put the label(_ammo) and registersymbol(_ammo)???????
and is there a simpler way u can explain when to use the label and register symbol and when not???  thanks a ton
_________________
AƖωαуѕ Ƈυяισυѕ |
|
| Back to top |
|
 |
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Tue Sep 08, 2015 10:46 am Post subject: |
|
|
In your original code, you should have replaced
"iw3sp.exe"+1BF454:
with the AOB scan label you created
ammo:
Now a lot of people seem to also create a new label, like _ammo, and place it directly under "ammo:"
I don't see the purpose of this. So no, you did not need _ammo at all.
You would, however, have needed
registersymbol(ammo)
in order to save your AOB scan label for the DISABLE section.
So the only time you need to create a new label is when you are going to reference it for something in the script.
Such as the starting injection location of your custom code (ammo).
The only time you need to register a symbol is when you want to reference it outside of the current section.
Such as when you want to undo the injection inside your DISABLE.
But this is the beauty of programming.
There are many ways to achieve the same result.
As long as it gets the job done, there are no wrong ways.
|
|
| Back to top |
|
|
DemoKing700
Cheater
![]() Reputation: 0
Joined: 17 Dec 2014
Posts: 33
Location: 127.0.0.1
|
| Posted: Tue Sep 08, 2015 11:52 am Post subject: |
|
|
| Zanzer wrote: | In your original code, you should have replaced
"iw3sp.exe"+1BF454:
with the AOB scan label you created
ammo:
Now a lot of people seem to also create a new label, like _ammo, and place it directly under "ammo:"
I don't see the purpose of this. So no, you did not need _ammo at all.
You would, however, have needed
registersymbol(ammo)
in order to save your AOB scan label for the DISABLE section.
So the only time you need to create a new label is when you are going to reference it for something in the script.
Such as the starting injection location of your custom code (ammo).
The only time you need to register a symbol is when you want to reference it outside of the current section.
Such as when you want to undo the injection inside your DISABLE.
But this is the beauty of programming.
There are many ways to achieve the same result.
As long as it gets the job done, there are no wrong ways. |
omg man i love you!!thanks
atlast did it succesfully!!! you da man!!!
_________________
AƖωαуѕ Ƈυяισυѕ |
|
| Back to top |
|
|
Rydian
Grandmaster Cheater Supreme
 Reputation: 31
Joined: 17 Sep 2012
Posts: 1358
|
| Posted: Wed Sep 16, 2015 12:26 am Post subject: |
|
|
Added a note that if you're manually overwriting bytes with the db stuff and junk that you need to make sure you're taking care of the same number of bytes.
_________________
|
|
| Back to top |
|
|
darkcheater93
How do I cheat?
![]() Reputation: 0
Joined: 07 Sep 2015
Posts: 2
Location: indonesia
|
| Posted: Fri Sep 25, 2015 7:40 pm Post subject: good |
|
|
Thanks man! 
|
|
| Back to top |
|
|
Stacktrace
Expert Cheater
 Reputation: 1
Joined: 04 Jul 2015
Posts: 105
|
| Posted: Tue Sep 29, 2015 3:15 pm Post subject: |
|
|
You can also use this rather easy way to edit memory:
[ENABLE]
Process.exe+123:
db 90 90 90 90 90 90
[DISABLE]
Process.exe+123:
db 14 12 11 11 49 00
|
|
| Back to top |
|
|
Rydian
Grandmaster Cheater Supreme
Reputation: 31
Joined: 17 Sep 2012
Posts: 1358
|
| Posted: Sun Oct 04, 2015 11:10 pm Post subject: |
|
|
Yeah but you lose the ability to have it last past updates, that doesn't work after restarts for most game code on newer games or anything in .NET or things like Unity, you can't reference the address in the table, and so on and so forth.
_________________
|
|
| Back to top |
|
|
lampuiho
Expert Cheater
![]() Reputation: 6
Joined: 16 Jan 2010
Posts: 122
|
| Posted: Sun Oct 11, 2015 12:31 pm Post subject: |
|
|
can the disable script be not static? I mean can cheatengine read a number of bytes from a certain address and save it somewhere in cheatengine's own memory then when the disable script is run, it writes those saved bytes back to the address registered?
I need to do this because I am overwriting an instruction that reads a static address but it changes when the game updates. I need the aob script to work after updates. Now it only finds the address correctly but not the static addresses.
For the enable part to work, it's the same except that I need to be able to calculate the address from the result of an aob scan and write the offset to the original instruction.
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Sun Oct 11, 2015 12:58 pm Post subject: |
|
|
| Code: | { ORIGINAL CODE:
"Calculator.exe"+199BA4: 48 83 EC 28 - sub rsp,28
"Calculator.exe"+199BA8: E8 9B 03 00 00 - call Calculator.exe+199F48
"Calculator.exe"+199BAD: 48 83 C4 28 - add rsp,28
}
[ENABLE]
aobscan(myaob,48 83 EC 28 E8 * * * * 48 83 C4 28)
// save the 5 bytes appearing at myaob+4
// myaob+4 takes us to the CALL instruction
// READMEM copies the specified number of bytes, whatever they are
alloc(myaob_backup,5)
myaob_backup:
readmem(myaob+4,5)
registersymbol(myaob_backup)
// NOP the CALL instruction
myaob+4:
db 90 90 90 90 90
registersymbol(myaob)
[DISABLE]
// rewrite the CALL instruction with whatever bytes we backed up
myaob+4:
readmem(myaob_backup,5)
unregistersymbol(myaob)
unregistersymbol(myaob_backup) |
|
|
| Back to top |
|
|
Rydian
Grandmaster Cheater Supreme
Reputation: 31
Joined: 17 Sep 2012
Posts: 1358
|
| Posted: Thu Oct 29, 2015 7:31 am Post subject: |
|
|
Updated the first post with some quick info on dealing with FSTP and such, since I apparently forgot to put that anywhere.
_________________
|
|
| Back to top |
|
|
IceDragon87
How do I cheat?
![]() Reputation: 0
Joined: 11 Dec 2015
Posts: 3
|
| Posted: Fri Dec 11, 2015 1:57 am Post subject: |
|
|
Hello
This is to Rydian
Im just going to put this out here i need help with this AOB Script from the thread: "Fable Anniversary [updated for build 832816]" (i can't post urls yet).
Im am absolutely no programmer, script writer or such. I am just curious if i need to edit anything to enable the cheats to work in game.
I tried to read through your tutorials but it really is confusing to me.
Would it be too much to ask for assistance?
|
|
| Back to top |
|
|
wlix32
Newbie cheater
![]() Reputation: 0
Joined: 01 Jan 2016
Posts: 12
|
| Posted: Sat Jan 02, 2016 12:57 pm Post subject: |
|
|
| Thanks a lot, all this values on cave story have base address, but when the value is on a floating point, firstly need I find the base address using the point scan or AOB have something to works with it?
|
|
| Back to top |
|
|
Rydian
Grandmaster Cheater Supreme
Reputation: 31
Joined: 17 Sep 2012
Posts: 1358
|
| Posted: Sat Jan 02, 2016 8:12 pm Post subject: |
|
|
I can't really do anything for games I don't have.
Whether the value is floating-point or not has no bearing on whether it's static or not.
_________________
|
|
| Back to top |
|
|
JohannesJoestar
Advanced Cheater
![]() Reputation: 0
Joined: 01 Nov 2015
Posts: 79
|
| Posted: Wed Feb 03, 2016 8:21 am Post subject: |
|
|
Hey!
I'm Brimsy Vincent from youtube who recently commented on one of your videos.
In Rouge Legacy I tried to make one hit kill with code injection. Although my attempt succeeded the script didn't work when I restarted the game. My next attempt succeeded however again , It didn't work when restarted. Looking at the codes I saw that each time the value I was manipulating via code injecting was being stored in a different register. One time its EAX and other time its EDI and so on.
Since you worked on that game before I thought it would be best to ask you.
Did you make one hit kill cheat yourself ? If so can you tell me how you did it ? Or maybe some kind of tutorial you can send me ?
Thanks in advance !
|
|
| Back to top |
|
|
Rydian
Grandmaster Cheater Supreme
Reputation: 31
Joined: 17 Sep 2012
Posts: 1358
|
| Posted: Wed Feb 03, 2016 3:12 pm Post subject: |
|
|
I had an infinite HP script that worked with...
mov [esi+00000118],edx
But I haven't played Rogue Legacy in a while (I don't even have it installed here) so that may have been constantly-run code or something.
So you attached to an enemy's HP and found what wrote it when it got damaged and it's just one main opcode but it's different each game run?
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
