| View previous topic :: View next topic |
| Author |
Message |
Twistedfate
Expert Cheater
 Reputation: 1
Joined: 11 Mar 2016
Posts: 231
|
 Posted: Fri Mar 11, 2016 3:24 am Post subject: find out what addresses this instruction accesses help !! |
 |
|
(warning bad English): I found one address in the memory that access many addresses : i mean when i opened the dissembler after following an address i found this address
fmul dword ptr [esi+1C] after that right click and find out what addresses this instruction accesses
i found about more than 50 addresses .
theses addresses are for players seletion for example address no 1 is player one is selected ( or you can imagine the address for all payers speed or health etc ....
the question is how can i found the pointer or the green vlaue of all the 50 address that are accessed by my instruction fmul dword ptr [esi+1C]
_______________________________________________________________
iam not fully under stand but all the address accessed by this
fmul dword ptr [esi+1C] are given by this value 1061158912 but when i change this value to
4290772992
i can select the player with out moving the mouse in him
___________________________________________________________
so i need help at theses things :
1- how can i tell fmul dword ptr [esi+1C] to give this value to the addresses 4290772992 instead of 1061158912
2- how can i scan for all these addresses without attaching the debugger every time or how can i found the main pointer ..
___________________________________________________________
dont be harmful iam very biggner ty
|
|
| Back to top |
|
 |
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Fri Mar 11, 2016 12:28 pm Post subject: |
|
|
Use the automatic AOB Injection template to create a script.
Replace: fmul dword ptr [esi+1C]
with: mov dword ptr [esi+1C],4290772992
|
|
| Back to top |
|
|
Twistedfate
Expert Cheater
Reputation: 1
Joined: 11 Mar 2016
Posts: 231
|
| Posted: Fri Mar 11, 2016 3:21 pm Post subject: Worked ^^ |
|
|
thank you very much u solved huge problem really i love you man ^^
i replaced fmul dword ptr [esi+1C]
with: mov dword ptr [esi+1C],#4290772992
didn't know the diffidence between decimal and hex didn't work at the begin
another question only how did you know its mov instead of fmul
is there any tut for theses changes in code injection or i could learn all ASM ?
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Fri Mar 11, 2016 4:05 pm Post subject: |
|
|
FMUL is actually multiplying the value on the FPU stack by [esi+1C].
So instead of multiplying, you are free to simply move (MOV) a static value.
You can read up on any individual assembly instruction.
http://x86.renejeschke.de/html/file_module_x86_id_104.html
Sorry, I forgot the '#'. 
|
|
| Back to top |
|
|
Twistedfate
Expert Cheater
Reputation: 1
Joined: 11 Mar 2016
Posts: 231
|
| Posted: Fri Mar 11, 2016 4:18 pm Post subject: |
|
|
| Zanzer wrote: | Use the automatic AOB Injection template to create a script.
Replace: fmul dword ptr [esi+1C]
with: mov dword ptr [esi+1C],4290772992 |
_____________________________
code:[ENABLE]
aobscanmodule(INJECT,RoleView.dll,D8 4E 1C DC 35 80 F3 01 10) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
mov dword ptr [esi+1C],#4290772992
fdiv qword ptr [RoleView.dll+1F380]
jmp return
INJECT:
jmp code
nop
nop
nop
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db D8 4E 1C DC 35 80 F3 01 10
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "RoleView.dll"+2023
"RoleView.dll"+2003: D9 55 FC - fst dword ptr [ebp-04]
"RoleView.dll"+2006: D9 55 F4 - fst dword ptr [ebp-0C]
"RoleView.dll"+2009: D9 55 F0 - fst dword ptr [ebp-10]
"RoleView.dll"+200C: D9 55 EC - fst dword ptr [ebp-14]
"RoleView.dll"+200F: D9 5D E8 - fstp dword ptr [ebp-18]
"RoleView.dll"+2012: FF 15 E8 F1 01 10 - call dword ptr [RoleView.dll+1F1E8]
"RoleView.dll"+2018: DB 46 20 - fild dword ptr [esi+20]
"RoleView.dll"+201B: 83 EC 0C - sub esp,0C
"RoleView.dll"+201E: 85 C0 - test eax,eax
"RoleView.dll"+2020: 8D 45 24 - lea eax,[ebp+24]
// ---------- INJECTING HERE ----------
"RoleView.dll"+2023: D8 4E 1C - fmul dword ptr [esi+1C]
"RoleView.dll"+2026: DC 35 80 F3 01 10 - fdiv qword ptr [RoleView.dll+1F380]
// ---------- DONE INJECTING ----------
"RoleView.dll"+202C: 0F 84 99 00 00 00 - je RoleView.dll+20CB
"RoleView.dll"+2032: D9 5D 64 - fstp dword ptr [ebp+64]
"RoleView.dll"+2035: D9 45 64 - fld dword ptr [ebp+64]
"RoleView.dll"+2038: D9 5C 24 08 - fstp dword ptr [esp+08]
"RoleView.dll"+203C: D9 45 64 - fld dword ptr [ebp+64]
"RoleView.dll"+203F: D9 5C 24 04 - fstp dword ptr [esp+04]
"RoleView.dll"+2043: D9 45 64 - fld dword ptr [ebp+64]
"RoleView.dll"+2046: D9 1C 24 - fstp dword ptr [esp]
"RoleView.dll"+2049: 50 - push eax
"RoleView.dll"+204A: FF 15 F8 F1 01 10 - call dword ptr [RoleView.dll+1F1F8]
}
________________________________________
when i unfreez it doesnot back to normal state what is the wrong here ?
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Fri Mar 11, 2016 4:46 pm Post subject: |
|
|
Disabling the script only causes the script to remove the injection.
It is not going to revert all of those addresses back to what they were.
I suppose you could create a second script that used:
| Code: | | mov dword ptr [esi+1C],#1061158912 |
|
|
| Back to top |
|
|
Twistedfate
Expert Cheater
Reputation: 1
Joined: 11 Mar 2016
Posts: 231
|
| Posted: Sat Mar 12, 2016 1:02 am Post subject: how to use mov |
|
|
[quote="Zanzer"]FMUL i
___________________________________________________
sorry for many questions i just seen this
but what do u mean with free to move what could i change ?
i made fast video : before changing the value i click right nothing attacked after changing the values it attacks them ...
youtu .be/zwQuCeqL1Ks
remove the space i cannot post urls yet
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
