Difference between revisions of "Auto Assembler Example 2"

From Cheat Engine
Jump to navigation Jump to search
m
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
I found the following code that calls a function to set the player's
+
[[Category:Assembler]]
health when he is injured. The player's new health is in the ESI register:
+
I found the following code that calls a function to set the player's health when he is injured. The player's new health is in the ESI register:
 
<pre>
 
<pre>
 
00792B4C - 56                        - push esi
 
00792B4C - 56                        - push esi
Line 7: Line 7:
 
</pre>
 
</pre>
  
To keep the player at full health, I decided just to change the value
+
To keep the player at full health, I decided just to change the value of ESI to be 200. Here's a script that does several things on ENABLE:
of ESI to be 200. Here's a script that does several things on ENABLE:
 
  
# Allocate memory inside the open process for my code
+
# Allocate memory for my code inside the opened process
# Assemble my code into that allocated memory
+
# Assemble my code and write it into the allocated memory
# Replace code in the game with a jmp to my code
+
# Replace original code in the game with a jmp to my code
  
Note that since we're replacing those three instructions above with
+
Note that since we're replacing these three instructions above with the ''jmp'' instruction, we have to execute them in our code.
a jmp instruction, we have to execute those in our code.
 
  
 
<pre>
 
<pre>
 
[ENABLE]
 
[ENABLE]
 
alloc(GodCode,512)  // allocate memory for our injected code
 
alloc(GodCode,512)  // allocate memory for our injected code
label(GodReturn)    // where we will jump back to
+
label(GodReturn)    // GodReturn label is where we will jump back to
 
registersymbol(GodCode)
 
registersymbol(GodCode)
  
Line 42: Line 40:
 
</pre>
 
</pre>
  
When disabling, we just free the memory we allocated and assemble the
+
When disabling, we just free the memory we allocated and assemble the original instructions back into place:
original instructions back into place:
 
 
<pre>
 
<pre>
 
[DISABLE]
 
[DISABLE]

Latest revision as of 13:09, 17 July 2020

I found the following code that calls a function to set the player's health when he is injured. The player's new health is in the ESI register:

00792B4C - 56                         - push esi
00792B4D - 8B CF                      - mov ecx,edi
00792B4F - E8 AC782D00                - call 00A6A400

To keep the player at full health, I decided just to change the value of ESI to be 200. Here's a script that does several things on ENABLE:

  1. Allocate memory for my code inside the opened process
  2. Assemble my code and write it into the allocated memory
  3. Replace original code in the game with a jmp to my code

Note that since we're replacing these three instructions above with the jmp instruction, we have to execute them in our code.

[ENABLE]
alloc(GodCode,512)  // allocate memory for our injected code
label(GodReturn)    // GodReturn label is where we will jump back to
registersymbol(GodCode)

GodCode:     // start assembling into our allocated memory
mov esi, c8  // set the new health value to be 200

// this is the original code we over-wrote with "jmp GodCode"
push esi
mov ecx,edi
call 00A6A400

jmp GodReturn  // jump back to the following instruction

// now we start assembling at a new address, replacing instructions
// in Sam3.exe with a jump instruction that will call our code.
00792B4C:
jmp GodCode
db 78 2D 00 // original bytes

GodReturn:  // will be set to 792B54, where we want to jump back to

When disabling, we just free the memory we allocated and assemble the original instructions back into place:

[DISABLE]
// free our allocated memory
dealloc(GodCode)

// replace the jump instruction in Sam3.exe with the original code
00792B4C:
push esi
mov ecx,edi
call 00A6A400

Sam3God.png