 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
zim4ik
How do I cheat?
![]() Reputation: 0
Joined: 06 Jan 2024
Posts: 5
|
 Posted: Mon Jan 22, 2024 3:51 pm Post subject: hello, please help me write a script that changes gold |
 |
|
I found the address where I change the value.
Then I found an instruction that records looks like this
| Code: | | F81AA86B - 89 08 - mov [eax],ecx |
started auto assembler and aob scanner
| Code: | [ENABLE]
aobscan(INJECT,89 08 81 7D 14 00 00 00 00) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
mov [eax],ecx
cmp [ebp+14],00000000
jmp return
INJECT:
jmp newmem
nop 4
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 89 08 81 7D 14 00 00 00 00
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: F81AA86B
F81AA84D: F7 55 E4 - not [ebp-1C]
F81AA850: 8B 4D E4 - mov ecx,[ebp-1C]
F81AA853: 89 4D E0 - mov [ebp-20],ecx
F81AA856: 8B 4D 14 - mov ecx,[ebp+14]
F81AA859: 01 4D E0 - add [ebp-20],ecx
F81AA85C: 8B 4D E0 - mov ecx,[ebp-20]
F81AA85F: 89 4D DC - mov [ebp-24],ecx
F81AA862: F7 55 DC - not [ebp-24]
F81AA865: 8B 45 F4 - mov eax,[ebp-0C]
F81AA868: 8B 4D DC - mov ecx,[ebp-24]
// ---------- INJECTING HERE ----------
F81AA86B: 89 08 - mov [eax],ecx
// ---------- DONE INJECTING ----------
F81AA86D: 81 7D 14 00 00 00 00 - cmp [ebp+14],00000000
F81AA874: 0F 8D 05 00 00 00 - jnl F81AA87F
F81AA87A: E9 05 00 00 00 - jmp F81AA884
F81AA87F: E9 8B 00 00 00 - jmp F81AA90F
F81AA884: 8D 0D 10 00 26 FB - lea ecx,[FB260010]
F81AA88A: B8 FC 78 12 00 - mov eax,001278FC
F81AA88F: F7 65 0C - mul [ebp+0C]
F81AA892: 03 C8 - add ecx,eax
F81AA894: 89 4D D8 - mov [ebp-28],ecx
F81AA897: 8B 4D D8 - mov ecx,[ebp-28]
} |
Please help how to edit it |
|
| Back to top |
|
 |
LeFiXER
Grandmaster Cheater Supreme
![]() Reputation: 20
Joined: 02 Sep 2011
Posts: 1055
Location: 0x90
|
| Posted: Mon Jan 22, 2024 9:14 pm Post subject: |
|
|
Assuming that ECX holds the gold value:
| Code: |
newmem:
mov ecx,(int)9999
|
|
|
| Back to top |
|
|
zim4ik
How do I cheat?
![]() Reputation: 0
Joined: 06 Jan 2024
Posts: 5
|
| Posted: Tue Jan 23, 2024 3:41 am Post subject: |
|
|
| LeFiXER wrote: | Assuming that ECX holds the gold value:
| Code: |
newmem:
mov ecx,(int)9999
|
|
| Code: | [ENABLE]
aobscan(INJECT,89 08 81 7D 14 00 00 00 00) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
mov ecx,(int)4293967295
code:
mov [eax],ecx
cmp [ebp+14],00000000
jmp return
INJECT:
jmp newmem
nop 4
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 89 08 81 7D 14 00 00 00 00
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: F81AA86B
F81AA84D: F7 55 E4 - not [ebp-1C]
F81AA850: 8B 4D E4 - mov ecx,[ebp-1C]
F81AA853: 89 4D E0 - mov [ebp-20],ecx
F81AA856: 8B 4D 14 - mov ecx,[ebp+14]
F81AA859: 01 4D E0 - add [ebp-20],ecx
F81AA85C: 8B 4D E0 - mov ecx,[ebp-20]
F81AA85F: 89 4D DC - mov [ebp-24],ecx
F81AA862: F7 55 DC - not [ebp-24]
F81AA865: 8B 45 F4 - mov eax,[ebp-0C]
F81AA868: 8B 4D DC - mov ecx,[ebp-24]
// ---------- INJECTING HERE ----------
F81AA86B: 89 08 - mov [eax],ecx
// ---------- DONE INJECTING ----------
F81AA86D: 81 7D 14 00 00 00 00 - cmp [ebp+14],00000000
F81AA874: 0F 8D 05 00 00 00 - jnl F81AA87F
F81AA87A: E9 05 00 00 00 - jmp F81AA884
F81AA87F: E9 8B 00 00 00 - jmp F81AA90F
F81AA884: 8D 0D 10 00 26 FB - lea ecx,[FB260010]
F81AA88A: B8 FC 78 12 00 - mov eax,001278FC
F81AA88F: F7 65 0C - mul [ebp+0C]
F81AA892: 03 C8 - add ecx,eax
F81AA894: 89 4D D8 - mov [ebp-28],ecx
F81AA897: 8B 4D D8 - mov ecx,[ebp-28]
} |
thanks for the reply, that's how it works.
as it turned out, this instruction. controls all resources, not just gold.
how to make it so that it only changed gold? |
|
| Back to top |
|
|
LeFiXER
Grandmaster Cheater Supreme
![]() Reputation: 20
Joined: 02 Sep 2011
Posts: 1055
Location: 0x90
|
| Posted: Tue Jan 23, 2024 9:55 am Post subject: |
|
|
You will have to scan for commonalities between the addresses of each resource by adding gold to group one and the addresses of other resources to group two. From there you can deduce an offset that you can compare against to alter the respective value. Say for example that when you scan for commonalities between the addresses you see the offset column has 2A and the value for the gold address is 1, the value for wood is 2, the value for stone is 3. You can compare like this:
| Code: |
...
label(gold)
newmem:
cmp byte ptr [eax+2A],1 // where 2A is the offset for the value which is used to determine the correct address and 1 is the value held at that offset
je gold
jmp originalcode
gold:
mov eax,(int)4293967295
jmp originalcode
...
|
The offset will be different, I just used 2A as an example to demonstrate how you conduct a comparison within a script. You may have to scan for commonalities more than once until you find a reliable one. I also set the comparison type to byte, but this is not something that you have to do. I do so for simplicity. |
|
| Back to top |
|
|
zim4ik
How do I cheat?
![]() Reputation: 0
Joined: 06 Jan 2024
Posts: 5
|
| Posted: Tue Jan 23, 2024 3:32 pm Post subject: |
|
|
| LeFiXER wrote: | You will have to scan for commonalities between the addresses of each resource by adding gold to group one and the addresses of other resources to group two. From there you can deduce an offset that you can compare against to alter the respective value. Say for example that when you scan for commonalities between the addresses you see the offset column has 2A and the value for the gold address is 1, the value for wood is 2, the value for stone is 3. You can compare like this:
| Code: |
...
label(gold)
newmem:
cmp byte ptr [eax+2A],1 // where 2A is the offset for the value which is used to determine the correct address and 1 is the value held at that offset
je gold
jmp originalcode
gold:
mov eax,(int)4293967295
jmp originalcode
...
|
The offset will be different, I just used 2A as an example to demonstrate how you conduct a comparison within a script. You may have to scan for commonalities more than once until you find a reliable one. I also set the comparison type to byte, but this is not something that you have to do. I do so for simplicity. |
very very thanks |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
