Difference between revisions of "Auto Assembler Example 1"

From Cheat Engine
Jump to navigation Jump to search
(Replaced content with '<span style="font-size:25px;color:red">Sorry! Content not available.</span>')
m (Reverted edits by This content is not available (Talk) to last revision by TheyCallMeTim13)
Line 1: Line 1:
<span style="font-size:25px;color:red">Sorry! Content not available.</span>
+
[[Category:Assembler]]
 +
Take the following simple example:
 +
<pre>
 +
alloc(MyCode, 512) // allocate 512 bytes inside open process and store address in MyCode
 +
label(MyData)      // MyData is defined later, set value when assembler hits it
 +
registersymbol(MyCode) // make MyCode available everywhere
 +
registersymbol(MyData) // make MyData available everywhere
 +
 
 +
MyCode:       // start assembling in allocated memory
 +
mov eax, [400000]
 +
mov [MyData], eax
 +
mov [MyData+4], 12345678
 +
ret
 +
 
 +
MyData:       // value will be set to address after ret
 +
 
 +
CreateThread(MyCode) // create new thread in open process
 +
</pre>
 +
 
 +
This allocates 512 bytes and assigns the label MyCode to it.  It then lets the assembler know that MyData is used as a label later, and the autoassembler should set it's value to wherever it left off assembling code (the byte after ret).  It then registers MyCode and MyData as symbols, letting you enter them when you "Goto address" in the Memory Viewer window, or you can use an address of "MyData" or "MyData+4" for example in your cheat table.
 +
 
 +
It then assembles the code into the memory pointed to by MyCode (5F60000) and sets MyData to point to the address after it assembles the ret instruction (5F60016).  Finally CreateThread creates a new thread inside the process and starts executing code at the MyCode address.  The results are here, notice the 4 bytes after the ret are the 4 bytes at 4000000 inside the process and the 4 bytes after that are 78 56 34 12 from the second mov:
 +
<pre>
 +
MyCode - A1 00004000                  - mov eax,[00400000] : [00905A4D]
 +
05F60005 - 89 05 1600F605            - mov [MyData],eax
 +
05F6000B - C7 05 1A00F605 78563412    - mov [05F6001A],12345678
 +
05F60015 - C3                        - ret
 +
MyData - 4D                          - dec ebp
 +
05F60017 - 5A                        - pop edx
 +
05F60018 - 90                        - nop
 +
05F60019 - 00 78 56                  - add [eax+56],bh
 +
05F6001C - 34 12                      - xor al,12
 +
</pre>
 +
 
 +
When you click the "Add Address Manually" button on the main Cheat Engine form (just above the table on the right below the scan info), you can use MyData as the address because we registered the symbol:
 +
 
 +
[[File:Aa_simple_ct1.png]]
 +
 
 +
And it will show in the table:
 +
 
 +
[[File:Aa_simple_ct2.png]]

Revision as of 19:09, 18 March 2019

Take the following simple example:

alloc(MyCode, 512) // allocate 512 bytes inside open process and store address in MyCode
label(MyData)      // MyData is defined later, set value when assembler hits it
registersymbol(MyCode) // make MyCode available everywhere
registersymbol(MyData) // make MyData available everywhere

MyCode:       // start assembling in allocated memory
mov eax, [400000]
mov [MyData], eax
mov [MyData+4], 12345678
ret

MyData:       // value will be set to address after ret

CreateThread(MyCode) // create new thread in open process

This allocates 512 bytes and assigns the label MyCode to it. It then lets the assembler know that MyData is used as a label later, and the autoassembler should set it's value to wherever it left off assembling code (the byte after ret). It then registers MyCode and MyData as symbols, letting you enter them when you "Goto address" in the Memory Viewer window, or you can use an address of "MyData" or "MyData+4" for example in your cheat table.

It then assembles the code into the memory pointed to by MyCode (5F60000) and sets MyData to point to the address after it assembles the ret instruction (5F60016). Finally CreateThread creates a new thread inside the process and starts executing code at the MyCode address. The results are here, notice the 4 bytes after the ret are the 4 bytes at 4000000 inside the process and the 4 bytes after that are 78 56 34 12 from the second mov:

MyCode - A1 00004000                  - mov eax,[00400000] : [00905A4D]
05F60005 - 89 05 1600F605             - mov [MyData],eax
05F6000B - C7 05 1A00F605 78563412    - mov [05F6001A],12345678
05F60015 - C3                         - ret 
MyData - 4D                           - dec ebp
05F60017 - 5A                         - pop edx
05F60018 - 90                         - nop 
05F60019 - 00 78 56                   - add [eax+56],bh
05F6001C - 34 12                      - xor al,12

When you click the "Add Address Manually" button on the main Cheat Engine form (just above the table on the right below the scan info), you can use MyData as the address because we registered the symbol:

Aa simple ct1.png

And it will show in the table:

Aa simple ct2.png