Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Using CE with VBA

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions
View previous topic :: View next topic  
Author Message
mrhussain0334
How do I cheat?
Reputation: 0

Joined: 16 Feb 2021
Posts: 2
PostPosted: Tue Feb 16, 2021 1:05 pm    Post subject: Using CE with VBA Reply with quote
So I am trying to hack a game called Golden Sun and create an EXP Multiplier for fun.

Well that fun now has become an obsession to complete it.

So here is what I am trying to do, I am trying to inject code inside the game. The code is single line code.

Very easy nothing so difficult.

But the game crashes :*(

Here is the target code:
Code:

00428E4C - 89 5C 05 00  - mov [ebp+eax+00],ebx

Here is one liner inject code:
Code:

imul ebx,2 (simply multiplying the ebx value by 2)

Here is the full Script
Code:

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
imul ebx,2

originalcode:
mov [ebp+eax+00],ebx
add esp,0C

exit:
jmp returnhere

"VisualBoyAdvance.exe"+28E4C:
jmp newmem
nop 2
returnhere:


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"VisualBoyAdvance.exe"+28E4C:
mov [ebp+eax+00],ebx
add esp,0C
//Alt: db 89 5C 05 00 83 C4 0C


When I enable it Crashes

I tried this with Byte codes also same thing.

So what am I doing wrong?


Here is my AOB Injection code:
Code:

{
Game   : VisualBoyAdvance.exe
  Version:
  Date   : 2021-02-16

  This script does blah blah blah
}

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

 
 
aobscanmodule(INJECT,VisualBoyAdvance.exe,89 5C 05 00 83 C4 0C 5B 5D C3 8D) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:
  imul ebx,2
code:
  mov [ebp+eax+00],ebx
  add esp,0C
  jmp return

INJECT:
  jmp newmem
  nop 2
return:
registersymbol(INJECT)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT:
  db 89 5C 05 00 83 C4 0C

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: VisualBoyAdvance.exe+28E4C

VisualBoyAdvance.exe+28E2A: 83 C4 0C              - add esp,0C
VisualBoyAdvance.exe+28E2D: 5B                    - pop ebx
VisualBoyAdvance.exe+28E2E: 5D                    - pop ebp
VisualBoyAdvance.exe+28E2F: C3                    - ret
VisualBoyAdvance.exe+28E30: 81 E5 FC 7F 00 00     - and ebp,00007FFC
VisualBoyAdvance.exe+28E36: A1 54 8F 5A 00        - mov eax,[VisualBoyAdvance.exe+1A8F54]
VisualBoyAdvance.exe+28E3B: 89 5C 05 00           - mov [ebp+eax+00],ebx
VisualBoyAdvance.exe+28E3F: EB 0F                 - jmp VisualBoyAdvance.exe+28E50
VisualBoyAdvance.exe+28E41: 81 E5 FC FF 03 00     - and ebp,0003FFFC
VisualBoyAdvance.exe+28E47: A1 50 8F 5A 00        - mov eax,[VisualBoyAdvance.exe+1A8F50]
// ---------- INJECTING HERE ----------
VisualBoyAdvance.exe+28E4C: 89 5C 05 00           - mov [ebp+eax+00],ebx
// ---------- DONE INJECTING  ----------
VisualBoyAdvance.exe+28E50: 83 C4 0C              - add esp,0C
VisualBoyAdvance.exe+28E53: 5B                    - pop ebx
VisualBoyAdvance.exe+28E54: 5D                    - pop ebp
VisualBoyAdvance.exe+28E55: C3                    - ret
VisualBoyAdvance.exe+28E56: 8D 76 00              - lea esi,[esi+00]
VisualBoyAdvance.exe+28E59: 8D BC 27 00 00 00 00  - lea edi,[edi+00000000]
VisualBoyAdvance.exe+28E60: 83 EC 0C              - sub esp,0C
VisualBoyAdvance.exe+28E63: 8B 54 24 10           - mov edx,[esp+10]
VisualBoyAdvance.exe+28E67: 8B C2                 - mov eax,edx
VisualBoyAdvance.exe+28E69: C1 E8 18              - shr eax,18
}


Which crashes also[/code]
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 468

Joined: 09 May 2003
Posts: 25719
Location: The netherlands
PostPosted: Tue Feb 16, 2021 1:19 pm    Post subject: Reply with quote
It's very likely this code also accesses other addresses.
you need to add checks so that it only affects the address you're interested in

e.g check if EBP is a certain value, and if so, multiply ebx by 2 (shl ebx,1 also works)


Also, change your injection point. Look at this line:
Code:

VisualBoyAdvance.exe+28E3F: EB 0F                 - jmp VisualBoyAdvance.exe+28E50

that is going to cause an issue in the destination address

I would pick
Code:

VisualBoyAdvance.exe+28E47: A1 50 8F 5A 00        - mov eax,[VisualBoyAdvance.exe+1A8F50]

as it's close enough, and ebx is correct there as well
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
mrhussain0334
How do I cheat?
Reputation: 0

Joined: 16 Feb 2021
Posts: 2
PostPosted: Tue Feb 16, 2021 1:44 pm    Post subject: Thanks for the reply Reply with quote
First of all thanks for the reply.

I am a complete noob.

I did try your way, and the game still crashes lol but atleast the vba doesn't crash and I can reset from a save (after I have disabled the cheat)

Code:

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here
imul ebx,2
originalcode:
mov eax,[VisualBoyAdvance.exe+1A8F50]

exit:
jmp returnhere

"VisualBoyAdvance.exe"+28E47:
jmp newmem
returnhere:


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"VisualBoyAdvance.exe"+28E47:
mov eax,[VisualBoyAdvance.exe+1A8F50]
//Alt: db A1 50 8F 5A 00
Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252
PostPosted: Tue Feb 16, 2021 2:19 pm    Post subject: Reply with quote
You did one thing db recommended but not both.

Important thing about emulators is to think about what they do and how the memory works. The original system might have different memory spaces for graphics, audio, working ram and other things.

Most emulators have a small number of instructions that read or write data to those memory spaces.

For that reason they usually have a 2 variable pointer. One variable, eax in your case, will be the base address on your computer for that memory space. The other, ebp, will be the offset within that memory space. Once you have the base address for the working ram memory space you can basically just look up cheat codes online and use those as offsets from the base address. Remember the offset is ebp in your case so you can test ebp to see if it matches the offset you are looking for.

The other thing to remember is this instruction could also access other memory spaces though it looks from the jumps in the code that it may not. If it does you would also need to do a check to make sure the address you are looking at is not only the correct offset (ebp) but also the correct memory space (eax).
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites