| View previous topic :: View next topic | 
	
	
		| Author | Message | 
	
		| renomous Advanced Cheater
 
 ![]() Reputation: 0 
 Joined: 15 Jul 2012
 Posts: 86
 
 
 | 
			
				|  Posted: Mon Sep 17, 2012 6:14 am    Post subject: debuger... assebme code help |   |  
				| 
 |  
				| i tried to change it at least 20 times but when i use the skill my game crash
 
 help me ?
 imageshack.us/f/853/28195748.jpg/
 
 look no idea to what to change it .......
 
 
 mov [ecx+esi*4+000015E4],edx
 
 add dword ptr [edi+eax*4+000015E4],FF
 
 
 how to change it to be 0 cool time ?
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| Studio80 Advanced Cheater
 
 ![]() Reputation: 2 
 Joined: 12 Sep 2012
 Posts: 83
 
 
 | 
			
				|  Posted: Mon Sep 17, 2012 8:38 pm    Post subject: |   |  
				| 
 |  
				| Look at the EXTRA INFO box. Your code is: 
 
  	  | Code: |  	  | mov [ecx+esi*4+000015E4],edx | 
 
 I can see from the EXTRA INFO box, that the value of EDX = C8 (200 in decimal. So you want to change the value of 200 right? Then we need to write a permanent code, its very easy. Write this:
 
 
 
 BTW I'm using 3E7 just as an example.
 
 Im going to explain you what is going to happen. Use it with the Code Injection function, It will jump to the code cave, then it will write 999 into EDX, execute the orginal code (mov [ecx+esi*4+000015E4],edx) and then it will jump back. Code Injection in a nutshell lol. Please let me know if it worked.
 
 Try to change the JG instruction to JMP or NOP it, the result might be suprising
   |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| renomous Advanced Cheater
 
 ![]() Reputation: 0 
 Joined: 15 Jul 2012
 Posts: 86
 
 
 | 
			
				|  Posted: Tue Sep 18, 2012 12:22 am    Post subject: |   |  
				| 
 |  
				| hey maybe you can add me skype ?  renomous 
 indemical how do you calculate c8 is 200 ?
 the cool time of the skill is 20 second yea
 
 so i create my own script ?
 and what mean 3E7 ?
 i need to make the cool time to be 0  i want to spam the skill
   
 really wanna make it
 i thought i just need to change edx to ecx cuz ecx is 0 ...?
 im watching the script of skill hack for Dekaron  and he change just the edx to ecx and it work... idk
 please add me skype: renomous
 help me just a bit :angel
 
 if i get it righti  should make script ?
 
 at place your code i should write
 MOV EDX, 3E7
 mov [ecx+esi*4+000015E4],edx
 
 
 
 
 
 
 
 
 
 
 
 
 
 ----------------------------------
 
 
 
 
 [ENABLE]
 alloc(newmem,1024)
 label(returnhere)
 label(originalcode)
 label(exit)
 
 006B6364:
 jmp newmem
 nop
 
 returnhere:
 
 newmem:
 
 originalcode:
 MOV EDX, 3E7
 mov [ecx+esi*4+000015E4],edx
 
 exit:
 jmp returnhere
 
 [DISABLE]
 dealloc(newmem)
 
 006B6364:
 MOV EDX, 3E7
 mov [ecx+esi*4+000015E4],edx
 
 
 
 but i dc when i use this
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| Studio80 Advanced Cheater
 
 ![]() Reputation: 2 
 Joined: 12 Sep 2012
 Posts: 83
 
 
 | 
			
				|  Posted: Tue Sep 18, 2012 11:16 am    Post subject: |   |  
				| 
 |  
				| You need to know some basic ASM, I don;t know if I'm allowed to talk about this but you should look for some beginner cracking tutorials of Lena151. 
 For what you're trying to achieve you only need to know the basics of ASM. The values you see in CE are in HEX, what you see in the game and scan results are in decimal. You can simply use the Windows calculator to calculate hex to dec and dec to hex. Nothing special about it.
 
 3E7 is a HEX value, in decimal its 999.
 
 As you get this result:
 
 
  	  | Quote: |  	  | mov [ecx+esi*4+000015E4],edx | 
 
 The value of the timer is stored into EDX, if you want to write a new function, like you want EDX always to be 0. You write it as follow:
 
 
 
 It will always write value 0 into EDX.
 
 You cannot simply change EDX to ECX because it's zero, because if ECX holds an adress, so the 0 will change to adress, there is a big chance your game will crash. It might work, but it isn't safe. The method I showed you is the safest method (Code Injection).
 
 Sorry I dont use skype.
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| renomous Advanced Cheater
 
 ![]() Reputation: 0 
 Joined: 15 Jul 2012
 Posts: 86
 
 
 | 
			
				|  Posted: Tue Sep 18, 2012 12:36 pm    Post subject: |   |  
				| 
 |  
				| hmmmm thanks i will look at Lena151 tuts 
 ummm but where do i write
 this mov edx, 0
 
 at assemle code  and then create script ?
 
 code injection, i  inject the code of the assebmle code (mov [ecx+esi*4+000015E4],edx)
 
 
 and then where is the original code should look like
 
 originalcode:
 mov edx, 0
 mov [ecx+esi*4+000015E4],edx
 
 
 well i treid this as script yea there is no cool down
 but when i want to use the skill its said coolding down
 so its just like i just see there is no cool down but actuality there is and i have to wait again
 
 what should i do now ?
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| Studio80 Advanced Cheater
 
 ![]() Reputation: 2 
 Joined: 12 Sep 2012
 Posts: 83
 
 
 | 
			
				|  Posted: Tue Sep 18, 2012 12:52 pm    Post subject: |   |  
				| 
 |  
				| Wait man I will do an universal Code Injection tutorial. Doing it in CE is good but if you want to use Trainer Maker Kit or your own template its better to do it with .. yeah im going to say it again .. OLLY!   
 I don;t know why many people on this board don't use Olly, it will make your life much easier. You need to get used to it, those Lena151 tutorials are cracking tutorials (abandon ware) so they're legal. As cracking and hacking are almost the same it will help you out.
 
 No the orginal code should be:
 mov [ecx+esi*4+000015E4],edx
 
 I think you dont understand how code injection works. Im going to do a video tutorial about it and show some examples. When its done I'm going to post it on this board.
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| renomous Advanced Cheater
 
 ![]() Reputation: 0 
 Joined: 15 Jul 2012
 Posts: 86
 
 
 | 
			
				|  Posted: Tue Sep 18, 2012 1:23 pm    Post subject: |   |  
				| 
 |  
				| imageshack.us/f/221/37994166.jpg/ 
 
 do you have teamvier or  facebook ?
 
 
 somthing like this ?
 youtube       .     com/             watch?v=zPrFupWqz_E
 
 
 
 
 alloc(newmem,2048) //2kb should be enough
 label(returnhere)
 label(originalcode)
 label(exit)
 
 newmem: //this is allocated memory, you have read,write,execute access
 //place your code here
 add [ecx+esi*4+000015E4],0
 originalcode:
 //mov [ecx+esi*4+000015E4],edx
 
 exit:
 jmp returnhere
 
 006B62E4:
 jmp newmem
 nop
 nop
 returnhere:
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| Studio80 Advanced Cheater
 
 ![]() Reputation: 2 
 Joined: 12 Sep 2012
 Posts: 83
 
 
 | 
			
				|  Posted: Tue Sep 18, 2012 4:49 pm    Post subject: |   |  
				| 
 |  
				| I just have finished my tutorial Code Injection for beginners. I think you should watch it (its a video tutorial). 
 The last code you have posted wont work because you are adding 0 to the pointer. You need to move 0 into the pointer, so the value thats stored into the pointer will always be 0!
 
 So try this instead:
 
 
  	  | Quote: |  	  | alloc(newmem,2048) //2kb should be enough label(returnhere)
 label(originalcode)
 label(exit)
 
 newmem: //this is allocated memory, you have read,write,execute access
 //place your code here
 mov edx, 0
 originalcode:
 mov [ecx+esi*4+000015E4],edx
 
 exit:
 jmp returnhere
 
 006B62E4:
 jmp newmem
 nop
 nop
 returnhere:
 | 
 
 
 The tutorial I have made will answer you question. I have posted it on this section go check it out.
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| renomous Advanced Cheater
 
 ![]() Reputation: 0 
 Joined: 15 Jul 2012
 Posts: 86
 
 
 | 
			
				|  Posted: Tue Sep 18, 2012 10:55 pm    Post subject: |   |  
				| 
 |  
				| there should be more peapole like you let me check if this work 
 
 well yea it works  but only visual
 there is cool down but it shows there is no cool down
 what now ?
 give me somthing to contact with you please
 
 
 hey bro
 
 how can i use debugger on addresS?
 
 same the way to find the assemble code
 but now i want to use it on assemble code to check what ecx is
 
 
 
 
 imageshack.us/f/708/39385284.jpg/
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| Studio80 Advanced Cheater
 
 ![]() Reputation: 2 
 Joined: 12 Sep 2012
 Posts: 83
 
 
 | 
			
				|  Posted: Thu Sep 20, 2012 1:33 pm    Post subject: |   |  
				| 
 |  
				| Is it  an online game? I think the value is not in the client.exe but on the server. So its impossible to do it. 
 About the address you're talking about, you can place a breakpoint on it, it should break. Just like I did in my Olly tutorial. From there you can read the values of the registers.
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		|  |