Difference between revisions of "Cheat Engine:Auto Assembler"

From Cheat Engine
Jump to navigation Jump to search
(Cleaned up page)
Line 25: Line 25:
 
Auto assemble allows you to write assembler code at different locations using a script. It can be found in the memory view part of cheat engine under extra.
 
Auto assemble allows you to write assembler code at different locations using a script. It can be found in the memory view part of cheat engine under extra.
  
There are 3 special commands you can give it, ALLOC , LABEL and FULLACCESS. With LABEL you can give a address a name by declaring it before you use it. ALLOC is basicly the same as LABEL but allocates some memory for you.<br>
+
{| class="gallery" style="background-color:#f4f4f4"
Usage: <br>
+
|+ Auto Assembler Commands
LABEL(labelname) //Enables the word labelname to be used as a address<br>
+
! Command !! Description
ALLOC(allocname,sizeinbytes) //same as label, but allocates the memory it points to itself<br>
+
|-
DEALLOC(allocname) //Deallocates a block of memory allocated with alloc. It always gets executed last, no matter where it is positioned in the code, and only actually frees the memory when all allocations have been freed. only usable in a script designed as cheattable. (e.g used for the disable cheat)<br>
+
| AOBSCAN(name, xx xx xx xx xx) || Scans the memory for the given array of byte and sets the result to the symbol named "name"
FULLACCESS(address,size) //makes a memory region at the specified address and at least "size" bytes readable, writable and executable<br>
+
|-
<br>
+
| AOBSCANMODULE(name, moduleName, xx xx xx xx xx) || Scans the memory of a specific module for the given array of byte and sets the result to the symbol names "name"
REGISTERSYMBOL(symboname) //adds the symbol to the userdefined symbol list so cheattables and the memory browser can use that name instead of a address (The symbol has to be declared in the script when using it)<br>
+
|-
UNREGISTERSYMBOL(symbolname) //removes the symbol from the userdefined symbol list. It won't give a error if it isn't found<br>
+
| ALLOC(allocName, sizeInBytes) || Allocates a certain amount of memory and registers the specified name.
 +
|-
 +
| CREATETHREAD(address) || Will spawn a thread in the process at the specified address
 +
|-
 +
| DEALLOC(allocName) || Deallocates a block of memory allocated with Alloc. It always gets executed last, no matter where it is positioned in the code, and only actually frees the memory when all allocations have been freed. Only usable in a script designed as a cheat table. (e.g used for the disable cheat)
 +
|-
 +
| DEFINE(name,whatever) || Creates a token with the specified name that will be replaced with the text of whatever
 +
|-
 +
| FULLACCESS(address,size) || Makes a memory region at the specified address and at least "size" bytes readable, writable and executable
 +
|-
 +
| GLOBALALLOC(name,size) || Allocates a certain amount of memory and registers the specified name. Using GlobalAlloc in other scripts will then not allocate the memory again, but reuse the already existing memory. (Or allocate it anyhow if found it wasn't allocated yet)
 +
|-
 +
| INCLUDE(filename) || Includes another auto assembler file at that spot
 +
|-
 +
| LABEL(labelName) || Enables the word labelName to be used as a address
 +
|-
 +
| LOADBINARY(address,filename) || Loads a binary file at the specified address
 +
|-
 +
| LOADLIBRARY(filename) || Injects the specified DLL into the target process
 +
|-
 +
| READMEM(address,size) || Writes the memory at the specified address with the specified size to the current location
 +
|-
 +
| REGISTERSYMBOL(symbolName) || Adds a symbol to the user-defined symbol list so cheat tables and the memory browser can use that name instead of a address (The symbol has to be declared in the script when using it)
 +
|-
 +
| UNREGISTERSYMBOL(symbolName) || Removes a symbol from the user-defined symbol list. No error will occur if the symbol doesn't exist.
 +
|}
  
 +
== Basic Example ==
 +
<pre>
 +
00451029:
 +
jmp 00410000
 +
nop
 +
nop
 +
nop
  
DEFINE(name,whatever) :Will replace all tokens with the specified name with the text of whatever<br>
+
00410000:
INCLUDE(filename) :includes another auto assembler file at that spot<br>
+
mov [00580120],esi
LOADBINARY(address,filename) :Will load a binary file at the specified address<br>
+
mov [esi+80],ebx
CREATETHREAD(address) :Will spawn a thread in the process at the specified address<br>
+
xor eax,eax
LOADLIBRARY(filename) :Will inject the specified dll into the target process<br>
+
jmp 00451031
READMEM(address,size) :Will write the addresses at address at the location this instruction is placed<br>
+
</pre>
  
AOBSCAN(name, xx xx xx xx xx) : Will scan the memory for the given array of byte and sets the result to the symbol named "name"<br>
+
== Example using LABEL ==
AOBSCANMODULE(name, modulename, xx xx xx xx xx) : Will scan the memory of a specific module for the given array of byte and sets the result to the symbol names "name"<br>
+
<pre>
 +
label(mylabel)
  
 +
00451029:
 +
jmp 00410000
 +
nop
 +
nop
 +
nop
 +
mylabel:
  
GLOBALALLOC(name,size) : Will allocate a certain amount of memory and registers the specified name. Using GlobalAlloc in other scripts will then not allocate the memory again, but reuse the already existing memory. (Or allocate it anyhow if found it wasn't allocated yet)
+
00410000:
 +
mov [00580120],esi
 +
mov [esi+80],ebx
 +
xor eax,eax
 +
jmp mylabel
 +
</pre>
  
Basic Example:<br>
+
== Example using ALLOC ==
00451029:<br>
+
<pre>
jmp 00410000<br>
+
alloc(memloc1,4)
nop<br>
 
nop<br>
 
nop<br>
 
<br>
 
00410000:<br>
 
mov [00580120],esi<br>
 
mov [esi+80],ebx<br>
 
xor eax,eax<br>
 
jmp 00451031<br>
 
<br>
 
Example using LABEL:<br>
 
label(mylabel)<br>
 
<br>
 
00451029:<br>
 
jmp 00410000<br>
 
nop<br>
 
nop<br>
 
nop<br>
 
mylabel:<br>
 
<br>
 
00410000:<br>
 
mov [00580120],esi<br>
 
mov [esi+80],ebx<br>
 
xor eax,eax<br>
 
jmp mylabel<br>
 
<br>
 
Example using ALLOC:<br>
 
alloc(memloc1,4)<br>
 
<br>
 
00451029:<br>
 
jmp 00410000<br>
 
nop<br>
 
nop<br>
 
nop<br>
 
<br>
 
00410000:<br>
 
mov [alloc1],esi<br>
 
mov [esi+80],ebx<br>
 
xor eax,eax<br>
 
jmp 00451031<br>
 
<br>
 
Example using ALLOC and LABEL<br>
 
alloc(alloc1,4)<br>
 
label(mylabel)<br>
 
<br>
 
00451029:<br>
 
jmp 00410000<br>
 
nop<br>
 
nop<br>
 
nop<br>
 
mylabel:<br>
 
<br>
 
00410000:<br>
 
mov [alloc1],esi<br>
 
mov [esi+80],ebx<br>
 
xor eax,eax<br>
 
jmp mylabel<br>
 
  
 +
00451029:
 +
jmp 00410000
 +
nop
 +
nop
 +
nop
  
Example using FULLACCESS<br>
+
00410000:
FULLACCESS(00400800,4) //00400800 is usually read only non executable data, this makes it writeable and executable<br>
+
mov [alloc1],esi
00451029:<br>
+
mov [esi+80],ebx
jmp 00410000<br>
+
xor eax,eax
nop<br>
+
jmp 00451031
nop<br>
+
</pre>
nop<br>
 
  
00410000:<br>
+
== Example using ALLOC and LABEL ==
mov [00400800],esi<br>
+
<pre>
mov [esi+80],ebx<br>
+
alloc(alloc1,4)
xor eax,eax<br>
+
label(mylabel)
jmp 00451031<br>
 
  
Example using DEFINE<br>
+
00451029:
DEFINE(clear_eax,xor eax,eax)<br>
+
jmp 00410000
00400500:<br>
+
nop
clear_eax<br>
+
nop
 +
nop
 +
mylabel:
  
ReadMem example<br>
+
00410000:
alloc(x,16)<br>
+
mov [alloc1],esi
alloc(script,2048)<br>
+
mov [esi+80],ebx
 +
xor eax,eax
 +
jmp mylabel
 +
</pre>
  
script:<br>
+
== Example using FULLACCESS ==
mov eax,[x]<br>
+
<pre>
mov edx,[x+c]<br>
+
FULLACCESS(00400800,4) //00400800 is usually read only non executable data, this makes it writeable and executable
ret<br>
+
00451029:
 +
jmp 00410000
 +
nop
 +
nop
 +
nop
  
x:<br>
+
00410000:
readmem(00410000,16) //place the contents of address 00410000 at the address of X<br>
+
mov [00400800],esi
 +
mov [esi+80],ebx
 +
xor eax,eax
 +
jmp 00451031
 +
</pre>
 +
 
 +
== Example using DEFINE ==
 +
<pre>
 +
DEFINE(clear_eax,xor eax,eax)
 +
00400500:
 +
clear_eax
 +
</pre>
 +
 
 +
== Example using READMEM ==
 +
<pre>
 +
alloc(x,16)
 +
alloc(script,2048)
 +
 
 +
script:
 +
mov eax,[x]
 +
mov edx,[x+c]
 +
ret
 +
 
 +
x:
 +
readmem(00410000,16) //place the contents of address 00410000 at the address of X
 +
</pre>

Revision as of 13:35, 21 May 2014

Template:cleanup

Writing a Script

You need to have the Memory Viewer window open and go to "Tools->Auto Assemble" or hit CTRL+A to open the Auto assemble window. When you click "Execute" the code is not actually executed, but assembled into machine code. The code is actually executed when you overwrite existing game code and the game executes it in the normal course of playing or when you call CREATETHREAD.

Writing an address or label followed by a colon will do one of two opposite things. If the label is known, i.e. it is an address or if there is a defined symbol or memory has been allocated with that name, the assembler will move to that address for assembling the following code. If the label is unknown, it must have been passed to LABEL(name) (or you will get an error) and the value of that label will be set to the current position where code is set to be assembled.

Simple Example - Example showing ALLOC, LABEL, REGISTERSYMBOL and CREATETHREAD.

Assigning a Script to a CheatTable

Scripts assigned to cheat tables usually have two sections, "[ENABLE]" and "[DISABLE]". Code before "[ENABLE]" will be assembled every time the script is enabled OR disabled. The code in the "[ENABLE]" section will be assembled (not executed) when the entry is checked and the code in the "[DISABLE]" section will be assembled when the entry is unchecked.

You will generally alloc memory in [ENABLE] and overwrite existing instructions inside the process you have opened to jump to your code where you can modify values and jump back. You will then dealloc the memory and put the original instructions back when disabling.

To assign it to your cheat table, click on "File->Assign to current cheat table" and close the window because to edit the table script you have to double-click on the "<script>" value in your table.

Serious Sam 3 BFE Example - Example showing ENABLE and DISABLE

Injecting a DLL

loadlibrary(name) can be used to load a dll and register it's symbols for use by your assembly code. Note that you should not put quotes around the DLL name. Here's an examle:

LoadLibrary Example

General Information

Auto assemble allows you to write assembler code at different locations using a script. It can be found in the memory view part of cheat engine under extra.

Basic Example

00451029:
jmp 00410000
nop
nop
nop

00410000:
mov [00580120],esi
mov [esi+80],ebx
xor eax,eax
jmp 00451031

Example using LABEL

label(mylabel)

00451029:
jmp 00410000
nop
nop
nop
mylabel:

00410000:
mov [00580120],esi
mov [esi+80],ebx
xor eax,eax
jmp mylabel

Example using ALLOC

alloc(memloc1,4)

00451029:
jmp 00410000
nop
nop
nop

00410000:
mov [alloc1],esi
mov [esi+80],ebx
xor eax,eax
jmp 00451031

Example using ALLOC and LABEL

alloc(alloc1,4)
label(mylabel)

00451029:
jmp 00410000
nop
nop
nop
mylabel:

00410000:
mov [alloc1],esi
mov [esi+80],ebx
xor eax,eax
jmp mylabel

Example using FULLACCESS

FULLACCESS(00400800,4) //00400800 is usually read only non executable data, this makes it writeable and executable
00451029:
jmp 00410000
nop
nop
nop

00410000:
mov [00400800],esi
mov [esi+80],ebx
xor eax,eax
jmp 00451031

Example using DEFINE

DEFINE(clear_eax,xor eax,eax)
00400500:
clear_eax

Example using READMEM

alloc(x,16)
alloc(script,2048)

script:
mov eax,[x]
mov edx,[x+c]
ret

x:
readmem(00410000,16) //place the contents of address 00410000 at the address of X