| View previous topic :: View next topic |
| Author |
Message |
dick_traced
Newbie cheater
![]() Reputation: 0
Joined: 22 Sep 2011
Posts: 21
|
 Posted: Wed Oct 12, 2011 5:19 am Post subject: please explain the 'change eip' trick |
 |
|
Assume i want to change some opcodes in a program
the program has a crc check which i can't find
how can i change the eip to redirect to a memory region that isn't monitorised, and there put my modified instructions? and how to change back the eip to allow the program to continue from where i modified the opcode
or how's the trick of changing the eip?
how can this be accomplished with cheatengine?
practical example:
401234: sub eax,ecx
I want to patch to 'add eax,ecx' without failing the crc check
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
| Posted: Wed Oct 12, 2011 6:02 am Post subject: |
|
|
you allocate some memory
there you write:
| Code: |
add eax,ecx
jmp 401236
|
and then do a change eip on 401234 and set it to the allocated memory
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
sullx
Cheater
![]() Reputation: 0
Joined: 03 Jan 2013
Posts: 37
|
| Posted: Wed Jan 09, 2013 9:11 pm Post subject: |
|
|
Ok I have been experimenting all evening trying to change the eip to point to some code I have injected in to memory 'outside' the game memory. I believe I am understanding how to change eip (right click the memory address -> Change register at this location -> enter memory address where I allocated some memory for my code. But what I don't understand is how to allocate memory outside the game memory region (in other words, outside the space monitored by the crc/integrity check). I tried using cheat engine to allocate memory while attached to a different application, and then used the memory address for the eip when attached to the program of interest, but that did not work.
So, how does one allocate memory outside of the game's memory region in cheat engine and add code to that region for use with a change of the eip register? Thanks
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
| Posted: Thu Jan 10, 2013 5:06 am Post subject: |
|
|
You just use cheat engine to allocate the memory, but did you initialize the memory you allocated and jump back to the instruction AFTER your hook ?
Else it will be executing random code or will never return and crash then
e.g:
| Code: |
alloc(code, 1000)
code:
originalinstruction
yourcode
jmp addressyoudidchangeeip+sizeoforiginalinstruction
|
then when that is execute you will get the address of code, and then do a change register on breakpoint there.
Also, if a game has a integrity check, it often also has a debugger check. Are you sure that has been dealt with ? (Change register at breakpoint uses the debugger)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
sullx
Cheater
![]() Reputation: 0
Joined: 03 Jan 2013
Posts: 37
|
| Posted: Thu Jan 10, 2013 8:15 pm Post subject: |
|
|
| Thank you so much. This worked excellently. For whatever reason, the game has a CRC, but does not have a debugger check. Well I believe that it may, but for whatever reason, CE is not detected on 64 bit by this games anticheat protection.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
