 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Dr.Disrespect
Grandmaster Cheater
![]() Reputation: 3
Joined: 17 Feb 2016
Posts: 526
|
 Posted: Thu Jun 09, 2016 1:56 am Post subject: Code Injection in Auto Assemble. |
 |
|
The "Code Injection" function often picks more than one line of assembly code, for example:
| Code: |
originalcode:
game.exe+00000001 mov eax,ebx
game.exe+00000002 mov ecx,edx
|
Is it possible to manually pick just one line of assembly code? Using the same example:
| Code: |
originalcode:
game.exe+00000001 mov eax,ebx
//I do not want "game.exe+00000002 mov ecx,edx" to be included in the originalcode
|
|
|
| Back to top |
|
 |
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Thu Jun 09, 2016 2:37 am Post subject: |
|
|
Using the injection templates allow you to reroute your code to a code cave so that you do not have any size restrictions or overlapping of existing, functional code. That being the case, when you establish a jump to your code cave, it will require so many bytes for the jump. Depending on the size of the original instruction, your new jump code may require more bytes than what the original instruction needed...so, instead of overlapping existing code, which would most probably cause a crash, CE will NOP all of the bytes for both instructions, and just relocate them both so that there are no issues that might cause the target to crash.
Why do you not want to include them both inside your originalcode? If doing so causes problems (e.g. because of a jump to that location), you can fix this problem by injection at a different location. Remember, your access to certain values is not only by way of the same sub-routine or section of code, but also via other values that occur within that same data structure...so you have a lot of options.
|
|
| Back to top |
|
|
Dr.Disrespect
Grandmaster Cheater
![]() Reputation: 3
Joined: 17 Feb 2016
Posts: 526
|
| Posted: Thu Jun 09, 2016 8:47 am Post subject: |
|
|
| ++METHOS wrote: | Using the injection templates allow you to reroute your code to a code cave so that you do not have any size restrictions or overlapping of existing, functional code. That being the case, when you establish a jump to your code cave, it will require so many bytes for the jump. Depending on the size of the original instruction, your new jump code may require more bytes than what the original instruction needed...so, instead of overlapping existing code, which would most probably cause a crash, CE will NOP all of the bytes for both instructions, and just relocate them both so that there are no issues that might cause the target to crash.
Why do you not want to include them both inside your originalcode? If doing so causes problems (e.g. because of a jump to that location), you can fix this problem by injection at a different location. Remember, your access to certain values is not only by way of the same sub-routine or section of code, but also via other values that occur within that same data structure...so you have a lot of options. |
Thanks, ++METHOS. I do not want to include both lines because one of them is associated with a jmp instruction, which if I inject there, there would be a crash. Just like last time.
I will try to find another location to inject the code, I couldn't find one last night, but I may be able to do it with a fresh mind today. 
Last edited by Dr.Disrespect on Thu Jun 09, 2016 8:55 am; edited 1 time in total |
|
| Back to top |
|
|
hhhuut
Grandmaster Cheater
 Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Thu Jun 09, 2016 8:51 am Post subject: |
|
|
That's because the jump CE uses to execute the injected code is exactly 5 bytes long.
The command "cmp edx,esi" only consists of 2 bytes, the "jne ..." command adds another 2 bytes so we've still one byte less than we need.
That's why CE also takes the third instruction "push 05" into its calculation, so that we've got 6 bytes in sum of which 5 bytes will contain the jump and one will be a "nop" (stands for no operation).
|
|
| Back to top |
|
|
Dr.Disrespect
Grandmaster Cheater
![]() Reputation: 3
Joined: 17 Feb 2016
Posts: 526
|
| Posted: Thu Jun 09, 2016 8:56 am Post subject: |
|
|
| hhhuut wrote: | That's because the jump CE uses to execute the injected code is exactly 5 bytes long.
The command "cmp edx,esi" only consists of 2 bytes, the "jne ..." command adds another 2 bytes so we've still one byte less than we need.
That's why CE also takes the third instruction "push 05" into its calculation, so that we've got 6 bytes in sum of which 5 bytes will contain the jump and one will be a "nop" (stands for no operation). |
Thanks for the reply. I just figured that out by counting the bytes.
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Thu Jun 09, 2016 10:05 am Post subject: |
|
|
By the way, if all you're wanting to do is NOP the instruction in question, then you do not need to jump to a code cave at all...which would eliminate your problem, entirely. You can still write a script for this and assign hotkeys for it as well.
If you're just wanting to change the value, store it or whatever...then you do not need to inject at that instruction either...you can probably injection 10 instructions above/below and still be able to manipulate that value however you like (depending on the size of the sub-routine and where that address is being set etc.).
If there are no viable, alternative instructions that access the value that you're trying to manipulate, you can look at the data structure for the value in question, and inject your code by hooking one of the instructions that access any of the other values within that same data structure, because the offset of your target value will remain relative. Just be sure to use the correct offset for your target value, based on the offset that the new instruction happens to be using. It's not very common, but you may find that a different base address is used at one of the other instructions...but that shouldn't matter much since your target value will always be the same distance away from whatever value you decide to use for your injection point.
|
|
| Back to top |
|
|
Dr.Disrespect
Grandmaster Cheater
![]() Reputation: 3
Joined: 17 Feb 2016
Posts: 526
|
| Posted: Thu Jun 09, 2016 5:29 pm Post subject: |
|
|
| ++METHOS wrote: | By the way, if all you're wanting to do is NOP the instruction in question, then you do not need to jump to a code cave at all...which would eliminate your problem, entirely. You can still write a script for this and assign hotkeys for it as well.
If you're just wanting to change the value, store it or whatever...then you do not need to inject at that instruction either...you can probably injection 10 instructions above/below and still be able to manipulate that value however you like (depending on the size of the sub-routine and where that address is being set etc.).
If there are no viable, alternative instructions that access the value that you're trying to manipulate, you can look at the data structure for the value in question, and inject your code by hooking one of the instructions that access any of the other values within that same data structure, because the offset of your target value will remain relative. Just be sure to use the correct offset for your target value, based on the offset that the new instruction happens to be using. It's not very common, but you may find that a different base address is used at one of the other instructions...but that shouldn't matter much since your target value will always be the same distance away from whatever value you decide to use for your injection point. |
Thanks ++METHOS. I fixed the problem by injecting three lines above the original place.
BTW, I am not very familiar with data structure, do you mean the data structure function in the memory viewer? I am still trying to absorb what you have posted.
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Thu Jun 09, 2016 7:19 pm Post subject: |
|
|
| Yes. If you've completed the CE tutorial, the last step will show you how to use the dissect data structure feature in order to find an ID for filtering out unwanted addresses. The data structure feature is very useful for many reasons - if you haven't used it yet, you should definitely learn how.
|
|
| Back to top |
|
|
Dr.Disrespect
Grandmaster Cheater
![]() Reputation: 3
Joined: 17 Feb 2016
Posts: 526
|
| Posted: Thu Jun 09, 2016 8:41 pm Post subject: |
|
|
| ++METHOS wrote: | | Yes. If you've completed the CE tutorial, the last step will show you how to use the dissect data structure feature in order to find an ID for filtering out unwanted addresses. The data structure feature is very useful for many reasons - if you haven't used it yet, you should definitely learn how. |
I think I have used it before to compare something, which I forgot what they were. There are different colored text to show the difference between something, which, again, I forgot why I compared them. 
I will try to pick it up, and thanks for the advice.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
