Difference between revisions of "Scripting:Asm"

From Cheat Engine
Jump to navigation Jump to search
(Created page with 'Category:Scripting ==Values & Address== {{Template:Asm:ValuesWithoutPointers}} {{Template:Asm:AddressesWithoutPointers}}')
 
m (Reverted edits by This content is not available (Talk) to last revision by OldCheatEngineUser)
 
(5 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
[[Category:Scripting]]
 
[[Category:Scripting]]
  
==Values & Address==
+
==Getting Values & Address==
 +
''who needs a pointer anymore?''
  
 
{{Template:Asm:ValuesWithoutPointers}}
 
{{Template:Asm:ValuesWithoutPointers}}
 
{{Template:Asm:AddressesWithoutPointers}}
 
{{Template:Asm:AddressesWithoutPointers}}
 +
 +
==Loading Pointers==
 +
''pointers are useful!''
 +
 +
{{Template:Asm:LoadPtrsToRegisters}}
 +
{{Template:Asm:LoadPtrsFromDissectToRegisters}}
 +
 +
==Custom Regeneration==
 +
''your game does not support health or mana regeneration?'' .. ''here is the solution!''
 +
 +
{{Template:Asm:CustomRegenUsingAnO}}
 +
{{Template:Asm:CustomRegenUsingPtrs}}
 +
 +
==See Also==
 +
 +
* [[Cheat_Engine:Auto Assembler|Auto Assembler]]
 +
* [[Auto_Assembler:Commands|Auto Assembler Commands]]

Latest revision as of 19:08, 18 March 2019


Getting Values & Address[edit]

who needs a pointer anymore?

Get Values Without Pointers[edit]

cant find pointers?, pointer scanner takes so long?. use this and change the requirements, dont forget to add VALUE as an address to your address-list.

[enable]


aobscan(symbol,01 23 45 67 89 AB CD EF)

alloc(newmem,$1000)

registersymbol(symbol)

registersymbol(value)


label(value)

label(originalcode)

label(exit)


newmem:

mov eax,[edx+110]

mov [value],eax


originalcode:

mov eax,[edx+110]

jmp exit


value:

dd 00


symbol:

jmp newmem

nop


exit:


[disable]


unregistersymbol(value)

dealloc(newmem)


symbol:

mov eax,[edx+110]


unregistersymbol(symbol)

Get Addresses Without Pointers[edit]

cant find pointers?, pointer scanner takes so long?. use this and change the requirements, dont forget to add ADDRESS as an address to your address-list and change diplay type to HEXADECIMAL.

[enable]


aobscan(symbol,01 23 45 67 89 AB CD EF)

alloc(newmem,$1000)

registersymbol(symbol)

registersymbol(address)


label(address)

label(originalcode)

label(exit)


newmem:

lea eax,[edx+110]

mov [address],eax


originalcode:

mov eax,[edx+110]

jmp exit


address:

dd 00


symbol:

jmp newmem

nop


exit:


[disable]


unregistersymbol(address)

dealloc(newmem)


symbol:

mov eax,[edx+110]


unregistersymbol(symbol)

Loading Pointers[edit]

pointers are useful!

Load Pointers Into Registers[edit]

in some cases you might need to load a pointer into a register, here how its done.

[enable]


aobscan(symbol,01 23 45 67 89 AB CD EF)

alloc(newmem,$1000)

registersymbol(symbol)


label(originalcode)

label(exit)


newmem:

lea eax,[[[[[["Executable.exe"+00123ABC]+4]+56]+0]+789]+DEF]

// do some stuff here


originalcode:

mov eax,[edx+110]

jmp exit


symbol:

jmp newmem

nop


exit:


[disable]


dealloc(newmem)


symbol:

mov eax,[edx+110]


unregistersymbol(symbol)

Load Pointers From Dissect Data / Structures[edit]

sometimes you find valid compare points under pointers, but how to use pointers from dissect data / structures?.

say: mov [ebx+04],eax is writing to your health address as well as your enemy, in dissect d/s CE shows at offset '54' there is a pointer. and when expanding that pointer, shows at offset '10' there is a value we can build our compare on.

[enable]


aobscan(symbol,01 23 45 67 89 AB CD EF)

alloc(newmem,$1000)

registersymbol(symbol)


label(originalcode)

label(exit)


newmem:

push eax

mov eax,[ebx+54] // moving the pointer into eax

cmp byte ptr [eax+10],01 // comparing pointer address + 10 with value of '1' which stands for player team

pop eax

jz exit


originalcode:

mov [ebx+04],eax

jmp exit


symbol:

jmp newmem

nop


exit:


[disable]


dealloc(newmem)


symbol:

mov [ebx+04],eax


unregistersymbol(symbol)

Custom Regeneration[edit]

your game does not support health or mana regeneration? .. here is the solution!

Using Address & Offset[edit]

this script requires you to get the address & the offset from another script, dont forget to globally allocate them or at least register them as a symbol. the script might not be injected in 32 bit processes example: [edx+110]

mov [address],edx

mov [offset],110


[enable]


alloc(ReGen,$100)

registersymbol(ReGen)

createthread(ReGen)


label(return)

label(exit)

registersymbol(exit)


ReGen:

push 03E8

call Kernel32.Sleep

cmp byte ptr [exit],00 // add exit to your address list, default is '1' change it to '0' if you want to stop the regeneration.

jz return


mov edx,[address]

add edx,[offset]

cmp dword ptr [edx],64 // say your health limit is 4-byte '100' once your health goes below '100' it will regenerate health

jz ReGen


add [edx],01

jmp ReGen


return:

ret


exit:

db 01


[disable]


dealloc(ReGen)

unregistersymbol(ReGen)

unregistersymbol(exit)

Using Pointers[edit]

we all love pointers, they have multiple uses. note that the script might not be injected in 32 bit processes, unless you remove push 03E8 and call Kernel32.Sleep. keep in mind you need to specify the data type if your value is a floating point value, add [edx],01 is not the same as add [edx],(float)1.0.


[enable]


alloc(ReGen,$100)

registersymbol(ReGen)

createthread(ReGen)


label(return)

label(exit)

registersymbol(exit)


ReGen:

push 03E8

call Kernel32.Sleep

cmp byte ptr [exit],00 // add exit to your address list, default is '1' change it to '0' if you want to stop the regeneration.

jz return


lea edx,[[[[[["Executable.exe"+00123ABC]+4]+56]+0]+789]+DEF]

cmp dword ptr [edx],64 // say your health limit is 4-byte '100' once your health goes below '100' it will regenerate health

jz ReGen


add [edx],01

jmp ReGen


return:

ret


exit:

db 01


[disable]


dealloc(ReGen)

unregistersymbol(ReGen)

unregistersymbol(exit)

See Also[edit]