Scripting:Asm

From Cheat Engine
Revision as of 07:42, 3 February 2018 by OldCheatEngineUser (talk | contribs)
Jump to navigation Jump to search


Getting Values & Address

who needs a pointer anymore?

Get Values Without Pointers

cant find pointers?, pointer scanner takes so long?. use this and change the requirements, dont forget to add VALUE as an address to your address-list.

[enable]


aobscan(symbol,01 23 45 67 89 AB CD EF)

alloc(newmem,$1000)

registersymbol(symbol)

registersymbol(value)


label(value)

label(originalcode)

label(exit)


newmem:

mov eax,[edx+110]

mov [value],eax


originalcode:

mov eax,[edx+110]

jmp exit


value:

dd 00


symbol:

jmp newmem

nop


exit:


[disable]


unregistersymbol(value)

dealloc(newmem)


symbol:

mov eax,[edx+110]


unregistersymbol(symbol)

Get Addresses Without Pointers

cant find pointers?, pointer scanner takes so long?. use this and change the requirements, dont forget to add ADDRESS as an address to your address-list and change diplay type to HEXADECIMAL.

[enable]


aobscan(symbol,01 23 45 67 89 AB CD EF)

alloc(newmem,$1000)

registersymbol(symbol)

registersymbol(address)


label(address)

label(originalcode)

label(exit)


newmem:

lea eax,[edx+110]

mov [address],eax


originalcode:

mov eax,[edx+110]

jmp exit


address:

dd 00


symbol:

jmp newmem

nop


exit:


[disable]


unregistersymbol(address)

dealloc(newmem)


symbol:

mov eax,[edx+110]


unregistersymbol(symbol)

Loading Pointers Into Registers

pointers are useful!

Load Pointers Into Registers

in some cases you might need to load a pointer into a register, here how its done.

[enable]


aobscan(symbol,01 23 45 67 89 AB CD EF)

alloc(newmem,$1000)

registersymbol(symbol)


label(originalcode)

label(exit)


newmem:

lea eax,[[[[[["Executable.exe"+00123ABC]+4]+56]+0]+789]+DEF]

// do some stuff here


originalcode:

mov eax,[edx+110]

jmp exit


symbol:

jmp newmem

nop


exit:


[disable]


dealloc(newmem)


symbol:

mov eax,[edx+110]


unregistersymbol(symbol)

Load Pointers From Dissect Data / Structures

sometimes you find valid compare points under pointers, but how to use pointers from dissect data / structures?.

say: mov [ebx+04],eax is writing to your health address as well as your enemy, in dissect d/s CE shows at offset '54' there is a pointer. and when expanding that pointer, shows at offset '10' there is a value we can build our compare on.

[enable]


aobscan(symbol,01 23 45 67 89 AB CD EF)

alloc(newmem,$1000)

registersymbol(symbol)


label(originalcode)

label(exit)


newmem:

push eax

mov eax,[ebx+54] // moving the pointer into eax

cmp byte ptr [eax+10],01 // comparing pointer address + 10 with value of '1' which stands for player team

pop eax

jz exit


originalcode:

mov [ebx+04],eax

jmp exit


symbol:

jmp newmem

nop


exit:


[disable]


dealloc(newmem)


symbol:

mov [ebx+04],eax


unregistersymbol(symbol)

Custom Regeneration

your game does not support health or mana regeneration? .. here is the solution!

Using Address & Offset

this script requires you to get the address & the offset from another script, dont forget to globally allocate them or at least register them as a symbol. the script might not be injected in 32 bit processes example: [edx+110]

mov [address],edx

mov [offset],110


[enable]


alloc(ReGen,$100)

registersymbol(ReGen)

createthread(ReGen)


label(return)

label(exit)

registersymbol(exit)


ReGen:

push 03E8

call Kernel32.Sleep

cmp byte ptr [exit],00 // add exit to your address list, default is '1' change it to '0' if you want to stop the regeneration.

jz return


mov edx,[address]

add edx,[offset]

cmp dword ptr [edx],64 // say your health limit is 4-byte '100' once your health goes below '100' it will regenerate health

jz ReGen


add [edx],01

jmp ReGen


return:

ret


exit:

db 01


[disable]


dealloc(ReGen)

unregistersymbol(ReGen)

unregistersymbol(exit)

Using Pointers

we all love pointers, they have multiple uses. note that the script might not be injected in 32 bit processes, unless you remove push 03E8 and call Kernel32.Sleep. keep in mind you need to specify the data type if your value is a floating point value, add [edx],01 is not the same as add [edx],(float)1.0.


[enable]


alloc(ReGen,$100)

registersymbol(ReGen)

createthread(ReGen)


label(return)

label(exit)

registersymbol(exit)


ReGen:

push 03E8

call Kernel32.Sleep

cmp byte ptr [exit],00 // add exit to your address list, default is '1' change it to '0' if you want to stop the regeneration.

jz return


lea edx,[[[[[["Executable.exe"+00123ABC]+4]+56]+0]+789]+DEF]

cmp dword ptr [edx],64 // say your health limit is 4-byte '100' once your health goes below '100' it will regenerate health

jz ReGen


add [edx],01

jmp ReGen


return:

ret


exit:

db 01


[disable]


dealloc(ReGen)

unregistersymbol(ReGen)

unregistersymbol(exit)

See Also