| View previous topic :: View next topic |
| Author |
Message |
CJtheTiger
How do I cheat?
![]() Reputation: 0
Joined: 09 Apr 2015
Posts: 3
|
 Posted: Sat Mar 04, 2017 9:57 am Post subject: trouble with injection |
 |
|
I'm trying to make an injection in a game, but I'm having trouble finding the problem in my script.
At some point, the value of AL is moved into a specific address. Before that happens I want to change the value of AL to a value I can define in the table. I'm having trouble encapsulating this value into a symbol and using it correctly. Can someone point me in the right direction?
This is my current code:
| Code: | define(RarityMod_InjectAddress,"disgaea2.exe"+205A7)
[ENABLE]
alloc(RarityMod,2048)
label(RarityMod_Execute)
label(RarityMod_Exit)
label(RarityMod_DesiredRarity)
registersymbol(RarityMod_DesiredRarity)
RarityMod:
// Initialize RarityMod_DesiredRarity with value 3. Is this even the right way to do so?
RarityMod_DesiredRarity:
db 3
// Code that should execute at the point of injection.
RarityMod_Execute:
mov al,[RarityMod_DesiredRarity] // I'm not sure whether it's correct to get the value of the symbol using the [] brackets.
jmp RarityMod_Exit
RarityMod_InjectAddress:
jmp RarityMod_Execute
RarityMod_Exit:
[DISABLE]
dealloc(RarityMod)
unregistersymbol(RarityMod_DesiredRarity)
// Restore the original code.
RarityMod_InjectAddress:
mov [esi+0000009A],al
//Alt: db 88 86 9A 00 00 00 |
The injected code is then:
| Code: | add esp,[eax+RarityMod_DesiredRarity]
jmp disgaea2.exe+205AC |
which is of course not modifying AL at all, but rather crashes the game. But why is this the code that it is?
Setting the value without a symbol with the value defined in code works, but is not what I'd like to upload in a table. The user needs to be able to change the value without modifying the code.
I don't think I need to tell you that I'm rather new to ASM, so I'm kinda learning on the go here. I'm missing something very rudamentary I think.
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25807
Location: The netherlands
|
| Posted: Sat Mar 04, 2017 10:11 am Post subject: |
|
|
easier is alloc(RarityMod_DesiredRarity,1)
then you don't have to worry about label positions so much
anyhow, your original code is mov [esi+0000009A],al
but your injection never sets esi+9a to the value of al (or 3)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
CJtheTiger
How do I cheat?
![]() Reputation: 0
Joined: 09 Apr 2015
Posts: 3
|
| Posted: Sat Mar 04, 2017 11:16 am Post subject: |
|
|
Thanks a lot for that suggestion!
So after the injection the injected code looks fine, but the calling routine is messed up. The next command right after the jmp command starts with 00 which it didn't do before. The original command before the jmp took over (mov [esi+9A],al) used six bytes, while the injected jmp command takes up only five bytes, so I fill in the missing one with the nop. Is that correct? Is that how it's supposed to be done?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25807
Location: The netherlands
|
| Posted: Sat Mar 04, 2017 11:47 am Post subject: |
|
|
yes
and if unsure select the address and then in autoassembler window use template->code injection
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
