| View previous topic :: View next topic |
| Author |
Message |
guy960915
Expert Cheater
 Reputation: 2
Joined: 17 Sep 2007
Posts: 168
|
 Posted: Mon Apr 28, 2008 3:17 am Post subject: how to combine to assembly script |
 |
|
I have these two assebly script, how do you combine this two and put this on a CODE CAVE
Code Cave is : 004002C8
first:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
amrts.exe+22C483:
jmp newmem
nop
nop
nop
nop
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp [esi+4],3F800000
jne originalcode
fld dword ptr [0066a420]
originalcode:
fst dword ptr [esi+54]
fcomp dword ptr [0066a420]
exit:
jmp returnhere
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
amrts.exe+22C483:
fst dword ptr [esi+54]
fcomp dword ptr [0066a420]
Second:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
amrts.exe+22D671:
jmp newmem
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
fld dword ptr [ecx+54]
fcomp dword ptr [ecx+54]
jne exit
fld dword ptr [0066a420]
fst dword ptr [ecx+4]
ret
nop
exit:
jmp returnhere
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
amrts.exe+22D671:
fld dword ptr [ecx+54]
ret
nop
|
|
| Back to top |
|
 |
Psy
Grandmaster Cheater Supreme
![]() Reputation: 1
Joined: 27 Mar 2008
Posts: 1366
|
| Posted: Mon Apr 28, 2008 4:17 am Post subject: |
|
|
Well your newmem (ie. your injection is missing for the second code, so I can't complete it for you...but basically it would go together like the following.
You can use the same code cave that you allocated, just make the second code jump to a later part of the cave, 2kb is massive for your needs here, so you have a lot of freedom with it.
I have defined extra labels, which we will need as we are doing extra code, so we need to tell CE that we are going to be jumping to the right places.
| Code: |
[ENABLE]
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(returnhere2)
label(originalcode)
label(originalcode2)
label(exit)
label(exit2)
amrts.exe+22C483:
jmp newmem
nop
nop
nop
nop
returnhere:
amrts.exe+22D671:
jmp newmem+1024
returnhere2:
newmem:
cmp [esi+4],3F800000
jne originalcode
fld dword ptr [0066a420]
newmem+1024:
/* Place it here */
originalcode:
fst dword ptr [esi+54]
fcomp dword ptr [0066a420]
exit:
jmp returnhere
originalcode2:
fld dword ptr [ecx+54]
fcomp dword ptr [ecx+54]
jne exit2
fld dword ptr [0066a420]
fst dword ptr [ecx+4]
ret
nop
exit2:
jmp returnhere2
[DISABLE]
dealloc(newmem)
amrts.exe+22C483:
fst dword ptr [esi+54]
fcomp dword ptr [0066a420]
amrts.exe+22D671:
fld dword ptr [ecx+54]
ret
nop
|
Post the code in its completion. Do both the cheats as seperate injections first, that second one to me doesn't look complete, then post them and I can help you further, and explain.
~Psych 
|
|
| Back to top |
|
|
guy960915
Expert Cheater
Reputation: 2
Joined: 17 Sep 2007
Posts: 168
|
| Posted: Mon Apr 28, 2008 8:10 pm Post subject: |
|
|
thanks a lot for the help, i tried to combine this my self sort of trial and error but it keeps crashing,
"your injection is missing for the second code" - pls specify were exactly is missing, cause i copied all codes from the assembly and pasted it here. (i used ctrl-a then ctrl-c)
EDIT: now i get it pls see below
i think its all the codes are in there but i have a question with this part
newmem+1024:
/* Place it here */ ---------------------> place what here?
EDIT: now i get it pls see below
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
-------------------------------------------------> maybe you mean the code here , the code i inserted is below
originalcode:
fld dword ptr [ecx+54]
fcomp dword ptr [ecx+54] ---------------> these part is the code
jne exit -----------------------------------------------> i inserted
fld dword ptr [0066a420] ----------------------------------------> this too
fst dword ptr [ecx+4] ------------------------------------------> this too
ret
nop --------------------------------------------------> is this needed?
exit:
jmp returnhere
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem) -----------------------------------> what is the correct form is it dealloc(newmem,2048)?
amrts.exe+22D671:
fld dword ptr [ecx+54]
ret
nop
|
|
| Back to top |
|
|
Psy
Grandmaster Cheater Supreme
![]() Reputation: 1
Joined: 27 Mar 2008
Posts: 1366
|
| Posted: Tue Apr 29, 2008 2:59 am Post subject: |
|
|
Not not the original code.
You have an injection missing altogether for the second jump out.
What code do you want to alter at the cave?
The first jump out is dealth with with this:
| Code: |
newmem:
cmp [esi+4],3F800000
jne originalcode
fld dword ptr [0066a420]
amrts.exe+22C483:
jmp newmem
nop
nop
nop
nop
returnhere:
|
But then you have a jmp out here with no cave to go to (technically its all in the same cave, but when it jumps out, there is no code to run and bingo! Crash:
| Code: |
newmem+1024:
/* NOTHING HERE!!! :( */
amrts.exe+22D671:
jmp newmem+1024
returnhere2:
|
See ^ jumping to the newmem+1024 but not doing anything...
And no, dealloc doesn't need a size. Dealloc then the cave name will tear down the whole cave, you don't need to specify size.
Like I put for you here:
..Is fine.
Notice I didn't allocate a seperate cave for you, because the cave is huge anyway, I just made an offset to half way through the current cave with "+1024" which will offset us to that location.
So when we deallocate the cave, we take down the whole lot, thus needing just the one command 
|
|
| Back to top |
|
|
guy960915
Expert Cheater
Reputation: 2
Joined: 17 Sep 2007
Posts: 168
|
| Posted: Tue Apr 29, 2008 7:45 am Post subject: |
|
|
i got it working now , thanks very much ' '
changed some, heres what i did
[ENABLE]
label(newmem)
label(returnhere)
label(returnhere2)
label(originalcode)
label(exit)
label(exit2)
amrts.exe+22C483:
jmp 004002C8
nop
nop
nop
nop
returnhere:
amrts.exe+22D671:
jmp newmem
returnhere2:
004002C8: ------------------------------------>my code cave
cmp [esi+4],3F800000
jne originalcode
fld dword ptr [0066a420]
originalcode:
fst dword ptr [esi+54]
fcomp dword ptr [0066a420]
exit:
jmp returnhere
newmem:
fld dword ptr [ecx+54]
fcomp dword ptr [ecx+54]
jne exit2
fld dword ptr [0066a420]
fst dword ptr [ecx+4]
exit2:
ret
nop
jmp returnhere2
[DISABLE]
dealloc(newmem)
amrts.exe+22C483:
fst dword ptr [esi+54]
fcomp dword ptr [0066a420]
amrts.exe+22D671:
fld dword ptr [ecx+54]
ret
Last edited by guy960915 on Tue Apr 29, 2008 7:57 am; edited 1 time in total |
|
| Back to top |
|
|
Psy
Grandmaster Cheater Supreme
![]() Reputation: 1
Joined: 27 Mar 2008
Posts: 1366
|
| Posted: Tue Apr 29, 2008 7:52 am Post subject: |
|
|
Yeah your using CE's allocated cave (newmem) along with your own found cave @ 4002c8, which is a good enough distinction I guess. Good 
|
|
| Back to top |
|
|
guy960915
Expert Cheater
Reputation: 2
Joined: 17 Sep 2007
Posts: 168
|
| Posted: Tue Apr 29, 2008 8:03 am Post subject: |
|
|
a quick question?
[ENABLE]
label(newmem) -----------------------> since i changed this to label instead of alloc
label(returnhere)
label(returnhere2)
...
...
...
jmp returnhere2
[DISABLE]
dealloc(newmem) --------------------------> is this needed?
amrts.exe+22C483:
fst dword ptr [esi+54]
fcomp dword ptr [0066a420]
|
|
| Back to top |
|
|
Chase Payne
Grandmaster Cheater
 Reputation: 1
Joined: 20 Mar 2008
Posts: 533
|
| Posted: Tue Apr 29, 2008 8:20 am Post subject: |
|
|
Yes, without it on trainers you wouldn't be able to disable it. What its doing is
[ENABLE] enablign the code... and [DISABLE] is disabling the code.
Dont scew with allocs, trust me I've done it in the past... you need it to be aloc not label... labels are for jumps and etc.
|
|
| Back to top |
|
|
marine7000
How do I cheat?
![]() Reputation: 0
Joined: 26 Apr 2008
Posts: 9
|
| Posted: Tue Apr 29, 2008 8:23 am Post subject: |
|
|
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
00D0EBA8:
jmp newmem
nop
nop
nop
nop
nop
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
pop edi
add [eax],al
add [ebx+ebp*8+1453ff30],ch
exit:
jmp returnhere
how do i make it from decreasing by 1 to increasing by 2
|
|
| Back to top |
|
|
Chase Payne
Grandmaster Cheater
Reputation: 1
Joined: 20 Mar 2008
Posts: 533
|
| Posted: Tue Apr 29, 2008 8:25 am Post subject: |
|
|
right above add [eax],al
try
add al,1
add [eax],al
This may not work, as I;ve never seen al before but it's worth a shot.
|
|
| Back to top |
|
|
marine7000
How do I cheat?
![]() Reputation: 0
Joined: 26 Apr 2008
Posts: 9
|
| Posted: Tue Apr 29, 2008 8:25 am Post subject: |
|
|
| ty
|
|
| Back to top |
|
|
Chase Payne
Grandmaster Cheater
Reputation: 1
Joined: 20 Mar 2008
Posts: 533
|
| Posted: Tue Apr 29, 2008 8:26 am Post subject: |
|
|
| It worked?
|
|
| Back to top |
|
|
Psy
Grandmaster Cheater Supreme
![]() Reputation: 1
Joined: 27 Mar 2008
Posts: 1366
|
| Posted: Tue Apr 29, 2008 8:36 am Post subject: |
|
|
All your doing is adding 1 to al, then add'ing al further to the pointer in [eax].
Do "add [eax],2" or whatever value you want, its a cleaner solution.
Al is a register and stores a byte of data. Don't let it put you off guys.
|
|
| Back to top |
|
|
marine7000
How do I cheat?
![]() Reputation: 0
Joined: 26 Apr 2008
Posts: 9
|
| Posted: Tue Apr 29, 2008 11:57 am Post subject: |
|
|
| thanx u guys ill try that now
|
|
| Back to top |
|
|
guy960915
Expert Cheater
Reputation: 2
Joined: 17 Sep 2007
Posts: 168
|
| Posted: Tue Apr 29, 2008 8:33 pm Post subject: |
|
|
i just want to clarify some things ?, to help me better understant auto assembly
[ENABLE]
label(newmem) ---------------> first: if i'm not wrong, if u use alloc it will allocated a memory for your code but Label will not, right?
label(returnhere)
label(returnhere2)
label(originalcode)
label(exit)
label(exit2)
amrts.exe+22C483:
jmp 004002C8
nop
nop
nop
nop
returnhere:
amrts.exe+22D671:
jmp newmem
returnhere2:
004002C8: ---------------------------> second: since i did not allocate a memomry and used a code cave, do i need to dealloc this?
cmp [esi+4],3F800000
jne originalcode
fld dword ptr [0066a420]
originalcode:
fst dword ptr [esi+54]
fcomp dword ptr [0066a420]
exit:
jmp returnhere
newmem:
fld dword ptr [ecx+54]
fcomp dword ptr [ecx+54]
jne exit2
fld dword ptr [0066a420]
fst dword ptr [ecx+4]
exit2:
ret
nop
jmp returnhere2
[DISABLE]
dealloc(newmem) ---------------- third: this part here is what i'm clarifying, is this needed? or what is the correct format for this?
amrts.exe+22C483:
fst dword ptr [esi+54]
fcomp dword ptr [0066a420]
amrts.exe+22D671:
fld dword ptr [ecx+54]
ret
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
