| View previous topic :: View next topic |
| Author |
Message |
renomous
Advanced Cheater
![]() Reputation: 0
Joined: 15 Jul 2012
Posts: 86
|
 Posted: Mon Sep 17, 2012 6:14 am Post subject: debuger... assebme code help |
 |
|
i tried to change it at least 20 times
but when i use the skill my game crash
help me ?
imageshack.us/f/853/28195748.jpg/
look no idea to what to change it .......
mov [ecx+esi*4+000015E4],edx
add dword ptr [edi+eax*4+000015E4],FF
how to change it to be 0 cool time ?
|
|
| Back to top |
|
 |
Studio80
Advanced Cheater
![]() Reputation: 2
Joined: 12 Sep 2012
Posts: 83
|
| Posted: Mon Sep 17, 2012 8:38 pm Post subject: |
|
|
Look at the EXTRA INFO box. Your code is:
| Code: | | mov [ecx+esi*4+000015E4],edx |
I can see from the EXTRA INFO box, that the value of EDX = C8 (200 in decimal. So you want to change the value of 200 right? Then we need to write a permanent code, its very easy. Write this:
BTW I'm using 3E7 just as an example.
Im going to explain you what is going to happen. Use it with the Code Injection function, It will jump to the code cave, then it will write 999 into EDX, execute the orginal code (mov [ecx+esi*4+000015E4],edx) and then it will jump back. Code Injection in a nutshell lol. Please let me know if it worked.
Try to change the JG instruction to JMP or NOP it, the result might be suprising 
|
|
| Back to top |
|
|
renomous
Advanced Cheater
![]() Reputation: 0
Joined: 15 Jul 2012
Posts: 86
|
| Posted: Tue Sep 18, 2012 12:22 am Post subject: |
|
|
hey maybe you can add me skype ? renomous
indemical how do you calculate c8 is 200 ?
the cool time of the skill is 20 second yea
so i create my own script ?
and what mean 3E7 ?
i need to make the cool time to be 0 i want to spam the skill
really wanna make it
i thought i just need to change edx to ecx cuz ecx is 0 ...?
im watching the script of skill hack for Dekaron and he change just the edx to ecx and it work... idk
please add me skype: renomous
help me just a bit :angel
if i get it righti should make script ?
at place your code i should write
MOV EDX, 3E7
mov [ecx+esi*4+000015E4],edx
----------------------------------
[ENABLE]
alloc(newmem,1024)
label(returnhere)
label(originalcode)
label(exit)
006B6364:
jmp newmem
nop
returnhere:
newmem:
originalcode:
MOV EDX, 3E7
mov [ecx+esi*4+000015E4],edx
exit:
jmp returnhere
[DISABLE]
dealloc(newmem)
006B6364:
MOV EDX, 3E7
mov [ecx+esi*4+000015E4],edx
but i dc when i use this
|
|
| Back to top |
|
|
Studio80
Advanced Cheater
![]() Reputation: 2
Joined: 12 Sep 2012
Posts: 83
|
| Posted: Tue Sep 18, 2012 11:16 am Post subject: |
|
|
You need to know some basic ASM, I don;t know if I'm allowed to talk about this but you should look for some beginner cracking tutorials of Lena151.
For what you're trying to achieve you only need to know the basics of ASM. The values you see in CE are in HEX, what you see in the game and scan results are in decimal. You can simply use the Windows calculator to calculate hex to dec and dec to hex. Nothing special about it.
3E7 is a HEX value, in decimal its 999.
As you get this result:
| Quote: | | mov [ecx+esi*4+000015E4],edx |
The value of the timer is stored into EDX, if you want to write a new function, like you want EDX always to be 0. You write it as follow:
It will always write value 0 into EDX.
You cannot simply change EDX to ECX because it's zero, because if ECX holds an adress, so the 0 will change to adress, there is a big chance your game will crash. It might work, but it isn't safe. The method I showed you is the safest method (Code Injection).
Sorry I dont use skype.
|
|
| Back to top |
|
|
renomous
Advanced Cheater
![]() Reputation: 0
Joined: 15 Jul 2012
Posts: 86
|
| Posted: Tue Sep 18, 2012 12:36 pm Post subject: |
|
|
hmmmm thanks i will look at Lena151 tuts
ummm but where do i write
this mov edx, 0
at assemle code and then create script ?
code injection, i inject the code of the assebmle code (mov [ecx+esi*4+000015E4],edx)
and then where is the original code should look like
originalcode:
mov edx, 0
mov [ecx+esi*4+000015E4],edx
well i treid this as script yea there is no cool down
but when i want to use the skill its said coolding down
so its just like i just see there is no cool down but actuality there is and i have to wait again
what should i do now ?
|
|
| Back to top |
|
|
Studio80
Advanced Cheater
![]() Reputation: 2
Joined: 12 Sep 2012
Posts: 83
|
| Posted: Tue Sep 18, 2012 12:52 pm Post subject: |
|
|
Wait man I will do an universal Code Injection tutorial. Doing it in CE is good but if you want to use Trainer Maker Kit or your own template its better to do it with .. yeah im going to say it again .. OLLY!
I don;t know why many people on this board don't use Olly, it will make your life much easier. You need to get used to it, those Lena151 tutorials are cracking tutorials (abandon ware) so they're legal. As cracking and hacking are almost the same it will help you out.
No the orginal code should be:
mov [ecx+esi*4+000015E4],edx
I think you dont understand how code injection works. Im going to do a video tutorial about it and show some examples. When its done I'm going to post it on this board.
|
|
| Back to top |
|
|
renomous
Advanced Cheater
![]() Reputation: 0
Joined: 15 Jul 2012
Posts: 86
|
| Posted: Tue Sep 18, 2012 1:23 pm Post subject: |
|
|
imageshack.us/f/221/37994166.jpg/
do you have teamvier or facebook ?
somthing like this ?
youtube . com/ watch?v=zPrFupWqz_E
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
add [ecx+esi*4+000015E4],0
originalcode:
//mov [ecx+esi*4+000015E4],edx
exit:
jmp returnhere
006B62E4:
jmp newmem
nop
nop
returnhere:
|
|
| Back to top |
|
|
Studio80
Advanced Cheater
![]() Reputation: 2
Joined: 12 Sep 2012
Posts: 83
|
| Posted: Tue Sep 18, 2012 4:49 pm Post subject: |
|
|
I just have finished my tutorial Code Injection for beginners. I think you should watch it (its a video tutorial).
The last code you have posted wont work because you are adding 0 to the pointer. You need to move 0 into the pointer, so the value thats stored into the pointer will always be 0!
So try this instead:
| Quote: | alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov edx, 0
originalcode:
mov [ecx+esi*4+000015E4],edx
exit:
jmp returnhere
006B62E4:
jmp newmem
nop
nop
returnhere: |
The tutorial I have made will answer you question. I have posted it on this section go check it out.
|
|
| Back to top |
|
|
renomous
Advanced Cheater
![]() Reputation: 0
Joined: 15 Jul 2012
Posts: 86
|
| Posted: Tue Sep 18, 2012 10:55 pm Post subject: |
|
|
there should be more peapole like you let me check if this work
well yea it works but only visual
there is cool down but it shows there is no cool down
what now ?
give me somthing to contact with you please
hey bro
how can i use debugger on addresS?
same the way to find the assemble code
but now i want to use it on assemble code to check what ecx is
imageshack.us/f/708/39385284.jpg/
|
|
| Back to top |
|
|
Studio80
Advanced Cheater
![]() Reputation: 2
Joined: 12 Sep 2012
Posts: 83
|
| Posted: Thu Sep 20, 2012 1:33 pm Post subject: |
|
|
Is it an online game? I think the value is not in the client.exe but on the server. So its impossible to do it.
About the address you're talking about, you can place a breakpoint on it, it should break. Just like I did in my Olly tutorial. From there you can read the values of the registers.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
