 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
brisingr
Cheater
![]() Reputation: 0
Joined: 23 Jan 2016
Posts: 39
|
 Posted: Wed Sep 20, 2017 2:30 am Post subject: Hacking a online flashplayer game |
 |
|
Hey there,
I'm trying to hack an online game, I've found the opcode that writes to the address, but I don't know how to write the right script.
Here the automatic generate aob injection
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscan(INJECT,46 89 1C 8B C3) // should be unique
alloc(newmem,$1000,20998936B4D)
label(code)
label(return)
newmem:
code:
mov [rbx+r9*4],r11d
ret
jmp return
INJECT:
jmp code
return:
registersymbol(INJECT)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT:
db 46 89 1C 8B C3
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 20998936B4D
20998936B21: 49 C1 EB 20 - shr r11,20
20998936B25: 4C 8B 62 17 - mov r12,[rdx+17]
20998936B29: 41 F6 44 24 37 08 - test byte ptr [r12+37],08
20998936B2F: 0F 85 1D 00 00 00 - jne 20998936B52
20998936B35: 4C 63 62 3B - movsxd r12,dword ptr [rdx+3B]
20998936B39: 4D 39 E1 - cmp r9,r12
20998936B3C: 0F 83 10 00 00 00 - jae 20998936B52
20998936B42: 49 8B 58 17 - mov rbx,[r8+17]
20998936B46: 49 8B 50 0F - mov rdx,[r8+0F]
20998936B4A: 48 03 DA - add rbx,rdx
// ---------- INJECTING HERE ----------
20998936B4D: 46 89 1C 8B - mov [rbx+r9*4],r11d
20998936B51: C3 - ret
// ---------- DONE INJECTING ----------
20998936B52: 57 - push rdi
20998936B53: 53 - push rbx
20998936B54: 52 - push rdx
20998936B55: 51 - push rcx
20998936B56: FF 74 24 20 - push [rsp+20]
20998936B5A: 48 89 44 24 28 - mov [rsp+28],rax
20998936B5F: B8 05 00 00 00 - mov eax,00000005
20998936B64: 48 BB 3C F5 D6 C5 FE 07 00 00 - mov rbx,chrome_child.dll+2AF53C
20998936B6E: E9 8D DC 7C F7 - jmp 20990104800
20998936B73: 48 83 EC 08 - sub rsp,08
} |
Please help me |
|
| Back to top |
|
 |
cooleko
Grandmaster Cheater
![]() Reputation: 11
Joined: 04 May 2016
Posts: 717
|
| Posted: Wed Sep 20, 2017 1:22 pm Post subject: |
|
|
We wont help you with online games. But if you do want help, don't tell us it is online, and tell us more about the value you are changing.
it looks like you need to use a MOV if you want to do anything. |
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Wed Sep 20, 2017 1:28 pm Post subject: |
|
|
| cooleko wrote: | We wont help you with online games. But if you do want help, don't tell us it is online, and tell us more about the value you are changing.
it looks like you need to use a MOV if you want to do anything. |
As long as people do not mention the name of the game or post info that can be easily linked to a game (ie. the exe name, a DLL name etc.) then it is fine. Even if they say its online, it can be discussed as long as no direct info connecting it to a game is posted with it.
_________________
- Retired. |
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Wed Sep 20, 2017 2:41 pm Post subject: |
|
|
you can move an immediate number to that location in memory, or might also wish to move an extended register (32-bit register) like eax,ebx,ecx,edx or any dword length value.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
brisingr
Cheater
![]() Reputation: 0
Joined: 23 Jan 2016
Posts: 39
|
| Posted: Thu Sep 21, 2017 9:11 am Post subject: |
|
|
| Thanks for replies, this opcode is connected to the lifepoints, it's activating when enemies attack, I've tried to replace with a code that does nothing but game crashes. How to freeze the lifepoints value? |
|
| Back to top |
|
|
cooleko
Grandmaster Cheater
![]() Reputation: 11
Joined: 04 May 2016
Posts: 717
|
| Posted: Fri Sep 22, 2017 10:49 am Post subject: |
|
|
so is it the HP value or is the the damage value?
if it is HP, then just move some large number into r11d
if it is damage mov 0 into r11d
do the mov before the original instruction.
optionally, you can look at the end of the instruction and just reset your hp to max there, or find where the damage is subtracted and turn damage to 0. |
|
| Back to top |
|
|
brisingr
Cheater
![]() Reputation: 0
Joined: 23 Jan 2016
Posts: 39
|
| Posted: Mon Sep 25, 2017 2:45 pm Post subject: |
|
|
I tried this:
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscan(INJECT,46 89 1C 8B C3) // should be unique
alloc(newmem,$1000,20998936B4D)
label(code)
label(return)
newmem:
mov r11d,0
code:
mov [rbx+r9*4],r11d
ret
jmp return
INJECT:
jmp newmem
return:
registersymbol(INJECT)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT:
db 46 89 1C 8B C3
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 20998936B4D
20998936B21: 49 C1 EB 20 - shr r11,20
20998936B25: 4C 8B 62 17 - mov r12,[rdx+17]
20998936B29: 41 F6 44 24 37 08 - test byte ptr [r12+37],08
20998936B2F: 0F 85 1D 00 00 00 - jne 20998936B52
20998936B35: 4C 63 62 3B - movsxd r12,dword ptr [rdx+3B]
20998936B39: 4D 39 E1 - cmp r9,r12
20998936B3C: 0F 83 10 00 00 00 - jae 20998936B52
20998936B42: 49 8B 58 17 - mov rbx,[r8+17]
20998936B46: 49 8B 50 0F - mov rdx,[r8+0F]
20998936B4A: 48 03 DA - add rbx,rdx
// ---------- INJECTING HERE ----------
20998936B4D: 46 89 1C 8B - mov [rbx+r9*4],r11d
20998936B51: C3 - ret
// ---------- DONE INJECTING ----------
20998936B52: 57 - push rdi
20998936B53: 53 - push rbx
20998936B54: 52 - push rdx
20998936B55: 51 - push rcx
20998936B56: FF 74 24 20 - push [rsp+20]
20998936B5A: 48 89 44 24 28 - mov [rsp+28],rax
20998936B5F: B8 05 00 00 00 - mov eax,00000005
20998936B64: 48 BB 3C F5 D6 C5 FE 07 00 00 - mov rbx,chrome_child.dll+2AF53C
20998936B6E: E9 8D DC 7C F7 - jmp 20990104800
20998936B73: 48 83 EC 08 - sub rsp,08
} |
Unfortunately the game crashes.
I also tried to change manually the health value, but it doesn't work (The value freezes, but I loose with full health), probably there is another code controlling it.
I don't know what to do help! |
|
| Back to top |
|
|
pimpmyname
Newbie cheater
![]() Reputation: 0
Joined: 16 May 2012
Posts: 20
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
|
| Back to top |
|
|
anonsgost93
How do I cheat?
![]() Reputation: 0
Joined: 05 Nov 2017
Posts: 2
|
| Posted: Sun Nov 05, 2017 3:00 pm Post subject: |
|
|
| OldCheatEngineUser wrote: | | you can move an immediate number to that location in memory, or might also wish to move an extended register (32-bit register) like eax,ebx,ecx,edx or any dword length value. |
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
