Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


why isnt it (Custom Scan Type) working?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
MMM-304
Expert Cheater
Reputation: 0

Joined: 17 Aug 2020
Posts: 170
Location: Milkey Way
PostPosted: Sun Oct 04, 2020 11:18 am    Post subject: why isnt it (Custom Scan Type) working? Reply with quote
i found encryption in a game and this is the info:

1. the value i search for is to be multiplied with 36307ADD hex


this is custom scan i made but it has some issue, i dont know what it is so please help:

Code:
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(UsesFloat,1)
alloc(CallMethod,1)

TypeName:
db 'Ammo Scan',0

ByteSize:
dd 4

UsesFloat:
db 0 //Change to 1 if this custom type should be treated as a float

CallMethod:
db 1 //Remove or change to 0 for legacy call mechanism

//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: cdecl int ConvertRoutine(unsigned char *input, PTR_UINT address);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
//rdx=address
mov rax,[rcx] //eax now contains the bytes 'input' pointed to
push edi
mov edi,36307ADD
imul rax,edi
pop edi
//mov rax,rdi
ret
[/64-bit]

[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=address of input
//[ebp+c]=address
//example:
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov eax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value

push edi
mov edi,36307ADD
imul edi,eax
mov eax,edi
pop edi

//mov esp,ebp  //it wasnt here by default but i think it should be
pop ebp
ret
[/32-bit]

//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: cdecl void ConvertBackRoutine(int i, PTR_UINT address, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address
//r8=address of output
//example:
push rax
push rdi
mov rdi,36307ADD
idiv rdi//div rax/rdi and stores quotient in rax --i need right?
mov rcx,rax
pop rdi
pop rax
mov [r8],ecx //place the integer at the 4 bytes pointed to by r8

ret
[/64-bit]

[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address
//[ebp+10]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+10] //load the output address into ebx
push edx
mov edx,36307ADD
idiv edx //eax has output value right?
pop edx
mov [ebx],eax //write the value into the address
pop ebx
pop eax

//mov esp,ebp  //it wasnt here by default but i think it should be
pop ebp
ret
[/32-bit]


please try to pinpoint my mistake I want to learn it
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 471

Joined: 09 May 2003
Posts: 25840
Location: The netherlands
PostPosted: Sun Oct 04, 2020 3:23 pm    Post subject: Reply with quote
I can't test it right now, but that goes wrong?
Entering a value and then changing it in memory ? If so, ECX(RCX) contains the input value, but you're dividing RDX:RAX with 36307ADD
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
MMM-304
Expert Cheater
Reputation: 0

Joined: 17 Aug 2020
Posts: 170
Location: Milkey Way
PostPosted: Sun Oct 04, 2020 11:24 pm    Post subject: Reply with quote
First thanks Dark Byte for answer
Second, if I get you correctly then isnt idiv divides eax/rax with given mem/reg and stores quotient in eax/rax and remainder in rdx/edx so if the encryption is happenenig with imul (multiplication) then shouldnt decryption be happening with idiv or div
(division)

Like I said whatever value I enter is to be multiplied with 36307ADD and so the output is encrypted value.

This is my first Custom Scan Tab, so please help me

EDIT:
oh i figured something, its that it actually becomes 5 bytes long when given value is multiplied with this 36307ADD number as you can see:

36307ADD*3E7 (999) == D3772F746B
36307ADD*A (10) == 021DE4CCA2

but the game is 32-bit so i have no idea fow to take a 5byte value in a register that can only hold 4byted (you know e** registers)

i tried this:
Code:
ByteSize:
dd 5

but it isnt working
please guide me. I really want to pull this.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites