Help File:Auto Assembler help

From Cheat Engine
Revision as of 21:35, 6 March 2017 by TheyCallMeTim13 (talk | contribs) (Created page with '== Auto Assembler help == Auto assemble allows you to write assembler code at different locations using a script. It can be found in the 'memory view' part of cheat engine under…')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Auto Assembler help

Auto assemble allows you to write assembler code at different locations using a script. It can be found in the 'memory view' part of cheat engine under extra.

There are 3 special commands you can give it, ALLOC , LABEL and FULLACCESS. With LABEL you can give a address a name by declaring it before you use it. ALLOC is basicaly the same as LABEL but allocates some memory for you.

Usage:

LABEL(labelname) 
Enables the word labelname to be used as a address
ALLOC(allocname,sizeinbytes, preferedregion OPTIONAL) 
same as label, but allocates the memory it points to itself
DEALLOC(allocname) 
Deallocates a block of memory allocated with alloc. It always gets executed last, no matter where it is positioned in the code, and only actually frees the memory when all allocations have been freed. only usable in a script designed as cheattable. (e.g used for the disable cheat)
FULLACCESS(address,size)
makes a memory region at the specified address and at least "size" bytes readable, writable and executable
REGISTERSYMBOL(symboname) 
adds the symbol to the userdefined symbol list so cheattables and the memory browser can use that name instead of a address (The symbol has to be declared in the script when using it)
UNREGISTERSYMBOL(symbolname) 
removes the symbol from the userdefined symbol list. It won't give a error if it isn't found
DEFINE(name,whatever) 
Will replace all tokens with the specified name with the text of whatever
INCLUDE(filename) 
includes another auto assembler file at that spot
LOADBINARY(address,filename) 
Will load a binary file at the specified address
CREATETHREAD(address) 
Will spawn a thread in the process at the specified address
LOADLIBRARY(filename) 
Will inject the specified dll into the target process
READMEM(address,size) 
Will write the addresses at address at the location this instruction is placed
GLOBALALLOC(name,size) 
Will allocate a certain amount of memory and registers the specified name. Using GlobalAlloc in other scripts will then not allocate the memory again, but reuse the already existing memory. (Or allocate it anyhow if found it was not allocated yet)
ASSERT(address, array of byte) 
Will check the memory address for the given address. If the memory is not what is defined by the array of byte given, the auto assemble script will not execute.
AOBSCAN(name, array of byte) 
Will scan the memory for the given array of byte (Wildcards are supported) and replaces all tokens with the specified name with the address the array of byte was found. If it's not found, the auto assemble script will not execute
AOBSCANMODULE(name, modulename, array of byte) 
Will scan the specific module for the given AOB
AOBSCANREGION(name, startaddress, stopaddress, array of byte) 
Will scan the specific range for the given AOB


STRUCT / ENDSTRUCT 
With STRUCT you can define an internal structure in your auto assembler script. This can be used to keep your code clear.

Example:

 STRUCT stackview
 returnaddress: DD ?
 param1:
   DD ?
 param2: DB ? ? ? ?
 ENDSTRUCT
 
 mov eax,[EBP+stackview.param1]
 mov ebx,[EBP+param2]
{$LUA}/{$ASM} 
Code between {$LUA} and {$ASM} (separate lines) will execute that lua script. If it returns a string, the result will be handled as an auto assembler commands.

Note: The lua code is executed before anything else of the auto assembler is parsed.


Value notation: Normally everything is written as hexadecimal in auto assembler, but there are ways to override this so you can input decimal values, and even floating point values. for example, a integer value of 100 can be written in hex as 64, but you can also write it as #100, or as (int)100 for floating point value like 100.1 you can use (float)100.1
and for a double, you could use (double)100.1


Basic Example:

 00451029:
 jmp 00410000
 nop
 nop
 nop

00410000:

 mov [00580120],esi
 mov [esi+80],ebx
 xor eax,eax
 jmp 00451031

Example using LABEL:

 label(mylabel)
 00451029:
 jmp 00410000
 nop
 nop
 nop
 mylabel:
 00410000:
 mov [00580120],esi
 mov [esi+80],ebx
 xor eax,eax
 jmp mylabel

Example using ALLOC:

 alloc(memloc1,4)
 00451029:
 jmp 00410000
 nop
 nop
 nop
 00410000:
 mov [alloc1],esi
 mov [esi+80],ebx
 xor eax,eax
 jmp 00451031

Example using ALLOC and LABEL:

 alloc(alloc1,4)
 label(mylabel)
 00451029:
 jmp 00410000
 nop
 nop
 nop
 mylabel:
 00410000:
 mov [alloc1],esi
 mov [esi+80],ebx
 xor eax,eax
 jmp mylabel


Example using FULLACCESS:

 FULLACCESS(00400800,4) // 00400800 is usually read only non executable data, this makes it writeable and executable
 00451029:
 jmp 00410000
 nop
 nop
 nop
 00410000:
 mov [00400800],esi
 mov [esi+80],ebx
 xor eax,eax
 jmp 00451031

Example using DEFINE:

 DEFINE(clear_eax,xor eax,eax)
 00400500:
 clear_eax

ReadMem example:

 alloc(x,16)
 alloc(script,2048)
 script:
 mov eax,[x]
 mov edx,[x+c]
 ret
 x:
 readmem(00410000,16) // place the contents of address 00410000 at the address of X


The absolute best way to learn these is by practical use. So for a start, follow the tutorial program all the way through and then apply it to some games. The more you use it, the quicker and more capable you will become with it. It looks daunting at first sight (like a coding language), but if you're serious about gamehacking, this will soon become your new best friend!