 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Kushie
How do I cheat?
![]() Reputation: 0
Joined: 15 Feb 2010
Posts: 5
|
 Posted: Mon Feb 15, 2010 3:00 am Post subject: [VB 2008] A Trainer of Some Sort |
 |
|
What I usually do:
Open Cheat Engine.exe and attach to the game (RumbleFighter.exe). Click on Memory View and press CTRL+G and search for address 00455E99 and double click the Opcode to change mov byte ptr [esi+000006e5],01 to mov byte ptr [esi+000006e6],01
So, basically I want to change the Opcode of the address 00455E99 of RumbleFighter.exe from mov byte ptr [esi+000006e5],01 to mov byte ptr [esi+000006e6],01 in a click of a command button.
I'm learning how to program in VB 2008, so thanks in advance.
P.S. I think it would require WriteProcessMemory. Not quite sure though.
|
|
| Back to top |
|
 |
smartz993
I post too much
 Reputation: 2
Joined: 20 Jun 2006
Posts: 2013
Location: USA
|
| Posted: Mon Feb 15, 2010 3:02 am Post subject: |
|
|
Your guess is correct.
WriteProcessMemory is the needed API.
Just grab the bytes at the location you are talking about, and replace them with WriteProcessMemory.
|
|
| Back to top |
|
|
Kushie
How do I cheat?
![]() Reputation: 0
Joined: 15 Feb 2010
Posts: 5
|
| Posted: Mon Feb 15, 2010 3:07 am Post subject: |
|
|
| smartz993 wrote: | Your guess is correct.
WriteProcessMemory is the needed API.
Just grab the bytes at the location you are talking about, and replace them with WriteProcessMemory. |
I'm going to need you to explain more in detail for a beginner like me to understand. You are talking to someone who just started VB 2008 about 2 weeks ago.
EDIT: Okay, I've done a bit of research and found that the Opcode is not even needed. What we want is the bytes (values left of the Opcode) in Cheat Engine and this is what I want:
c6 86 e5 06 00 00 01 to
c6 86 e6 06 00 00 01
EDIT: Did more research and now my code looks like this:
| Code: | Imports System.Runtime.InteropServices
Public Class frmNamnuHack
<DllImport("kernel32.dll")> _
Public Shared Function WriteProcessMemory( _
ByVal hProcess As IntPtr, _
ByVal lpBaseAddress As IntPtr, _
ByVal lpBuffer As Byte(), _
ByVal nSize As UInt32, _
ByRef lpNumberOfBytesWritten As UInt32 _
) As Boolean
End Function
Dim hProcess As Process() = Process.GetProcessesByName("Rumble Fighter")
Dim en1 As Byte() = {0x90, 0x90, 0x00, 0xE8} 'mov byte ptr [esi+000006e4],01
Private Sub cmdNamnuOn_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles cmdNamnuOn.Click
WriteProcessMemory(hProcess(0).Handle, &H455E99, en1, 7, 0)
End Sub
End Class |
In en1, how do I convert mov byte ptr [esi+000006e4],01 into that format used in between the brackets {}? I mean, 0x90, etc, is not correct.
Basically, how do I convert "mov byte ptr [esi+000006e5],01", so that I can enter it into the byte array?
For example, from another forum:
jmp 00498f57 = {&HE9, &H31, &H9A, &HEC, &HFF}
What does:
mov byte ptr [esi+000006e5],0 = ?
|
|
| Back to top |
|
|
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
| Posted: Mon Feb 15, 2010 4:56 am Post subject: |
|
|
| Quote: | there is no simple way to go directly from the string "mov byte ptr [esi+000006e5],01"
you're in for quite an interesting (read: tedious and boring) experience if you really want to try. |
i just copy the byte array from whatever disassembler i'm using.
you can do this easily in cheat engine, for example and it goes through a magical process to make it happen.
ps:
mov byte ptr [esi+000006e5],00 - c6 86 e5 06 00 00 00
just cram the bytes into an array like you have in your post, and write that. you pretty much solved it yourself.
|
|
| Back to top |
|
|
Kushie
How do I cheat?
![]() Reputation: 0
Joined: 15 Feb 2010
Posts: 5
|
| Posted: Mon Feb 15, 2010 6:50 pm Post subject: |
|
|
| slovach wrote: | | Quote: | there is no simple way to go directly from the string "mov byte ptr [esi+000006e5],01"
you're in for quite an interesting (read: tedious and boring) experience if you really want to try. |
i just copy the byte array from whatever disassembler i'm using.
you can do this easily in cheat engine, for example and it goes through a magical process to make it happen.
ps:
mov byte ptr [esi+000006e5],00 - c6 86 e5 06 00 00 00
just cram the bytes into an array like you have in your post, and write that. you pretty much solved it yourself. |
So, something like this?
Dim en1 As Byte() = {&HC6, &H86, &HE5, &H6, &H0, &H0, &H1}
This is what I have:
| Code: | Imports System.Runtime.InteropServices
Public Class frmNamnuHack
<DllImport("kernel32.dll")> _
Public Shared Function WriteProcessMemory( _
ByVal hProcess As IntPtr, _
ByVal lpBaseAddress As IntPtr, _
ByVal lpBuffer As Byte(), _
ByVal nSize As UInt32, _
ByRef lpNumberOfBytesWritten As UInt32 _
) As Boolean
End Function
Dim hProcess As Process() = Process.GetProcessesByName("Rumble Fighter")
Dim en1 As Byte() = {&HC6, &H86, &HE5, &H6, &H0, &H0, &H1}
Private Sub cmdNamnuOn_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles cmdNamnuOn.Click
WriteProcessMemory(hProcess(0).Handle, &H455E99, en1, 7, 0)
End Sub
End Class
|
When I click the button, I get a "IndexOutOfRangeException" and a "A first chance exception of type 'System.IndexOutOfRangeException' occurred in WindowsApplication1.exe "when the program is loaded.
|
|
| Back to top |
|
|
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
| Posted: Mon Feb 15, 2010 8:05 pm Post subject: |
|
|
GetProcessByName couldn't find anything and thus your array was empty.
The result was you tried to access data that didn't exist. GetProcessByName expects the name of the exe, not the widow.
Check the length of the array first. hint: hProcess.Length
|
|
| Back to top |
|
|
Kushie
How do I cheat?
![]() Reputation: 0
Joined: 15 Feb 2010
Posts: 5
|
| Posted: Mon Feb 15, 2010 11:11 pm Post subject: |
|
|
| slovach wrote: | GetProcessByName couldn't find anything and thus your array was empty.
The result was you tried to access data that didn't exist. GetProcessByName expects the name of the exe, not the widow.
Check the length of the array first. hint: hProcess.Length |
Thank you very much. It works now.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
