Cheat Engine:Auto Assembler

From Cheat Engine
Revision as of 18:40, 26 June 2013 by Dark Byte (talk | contribs)
Jump to navigation Jump to search

Template:cleanup

Writing a Script

You need to have the Memory Viewer window open and go to "Tools->Auto Assemble" or hit CTRL+A to open the Auto assemble window. When you click "Execute" the code is not actually executed, but assembled into machine code. The code is actually executed when you overwrite existing game code and the game executes it in the normal course of playing or when you call CREATETHREAD.

Writing an address or label followed by a colon will do one of two opposite things. If the label is known, i.e. it is an address or if there is a defined symbol or memory has been allocated with that name, the assembler will move to that address for assembling the following code. If the label is unknown, it must have been passed to LABEL(name) (or you will get an error) and the value of that label will be set to the current position where code is set to be assembled.

Simple Example - Example showing ALLOC, LABEL, REGISTERSYMBOL and CREATETHREAD.

Assigning a Script to a CheatTable

Scripts assigned to cheat tables usually have two sections, "[ENABLE]" and "[DISABLE]". Code before "[ENABLE]" will be assembled every time the script is enabled OR disabled. The code in the "[ENABLE]" section will be assembled (not executed) when the entry is checked and the code in the "[DISABLE]" section will be assembled when the entry is unchecked.

You will generally alloc memory in [ENABLE] and overwrite existing instructions inside the process you have opened to jump to your code where you can modify values and jump back. You will then dealloc the memory and put the original instructions back when disabling.

To assign it to your cheat table, click on "File->Assign to current cheat table" and close the window because to edit the table script you have to double-click on the "<script>" value in your table.

Serious Sam 3 BFE Example - Example showing ENABLE and DISABLE

Injecting a DLL

loadlibrary(name) can be used to load a dll and register it's symbols for use by your assembly code. Note that you should not put quotes around the DLL name. Here's an examle:

LoadLibrary Example

General Information

Auto assemble allows you to write assembler code at different locations using a script. It can be found in the memory view part of cheat engine under extra.

There are 3 special commands you can give it, ALLOC , LABEL and FULLACCESS. With LABEL you can give a address a name by declaring it before you use it. ALLOC is basicly the same as LABEL but allocates some memory for you.
Usage:
LABEL(labelname) //Enables the word labelname to be used as a address
ALLOC(allocname,sizeinbytes) //same as label, but allocates the memory it points to itself
DEALLOC(allocname) //Deallocates a block of memory allocated with alloc. It always gets executed last, no matter where it is positioned in the code, and only actually frees the memory when all allocations have been freed. only usable in a script designed as cheattable. (e.g used for the disable cheat)
FULLACCESS(address,size) //makes a memory region at the specified address and at least "size" bytes readable, writable and executable

REGISTERSYMBOL(symboname) //adds the symbol to the userdefined symbol list so cheattables and the memory browser can use that name instead of a address (The symbol has to be declared in the script when using it)
UNREGISTERSYMBOL(symbolname) //removes the symbol from the userdefined symbol list. It won't give a error if it isn't found


DEFINE(name,whatever) :Will replace all tokens with the specified name with the text of whatever
INCLUDE(filename) :includes another auto assembler file at that spot
LOADBINARY(address,filename) :Will load a binary file at the specified address
CREATETHREAD(address) :Will spawn a thread in the process at the specified address
LOADLIBRARY(filename) :Will inject the specified dll into the target process
READMEM(address,size) :Will write the addresses at address at the location this instruction is placed

AOBSCAN(name, xx xx xx xx xx) : Will scan the memory for the given array of byte and sets the result to the symbol named "name"
AOBSCANMODULE(name, modulename, xx xx xx xx xx) : Will scan the memory of a specific module for the given array of byte and sets the result to the symbol names "name"


GLOBALALLOC(name,size) : Will allocate a certain amount of memory and registers the specified name. Using GlobalAlloc in other scripts will then not allocate the memory again, but reuse the already existing memory. (Or allocate it anyhow if found it wasn't allocated yet)

Basic Example:
00451029:
jmp 00410000
nop
nop
nop

00410000:
mov [00580120],esi
mov [esi+80],ebx
xor eax,eax
jmp 00451031

Example using LABEL:
label(mylabel)

00451029:
jmp 00410000
nop
nop
nop
mylabel:

00410000:
mov [00580120],esi
mov [esi+80],ebx
xor eax,eax
jmp mylabel

Example using ALLOC:
alloc(memloc1,4)

00451029:
jmp 00410000
nop
nop
nop

00410000:
mov [alloc1],esi
mov [esi+80],ebx
xor eax,eax
jmp 00451031

Example using ALLOC and LABEL
alloc(alloc1,4)
label(mylabel)

00451029:
jmp 00410000
nop
nop
nop
mylabel:

00410000:
mov [alloc1],esi
mov [esi+80],ebx
xor eax,eax
jmp mylabel


Example using FULLACCESS
FULLACCESS(00400800,4) //00400800 is usually read only non executable data, this makes it writeable and executable
00451029:
jmp 00410000
nop
nop
nop

00410000:
mov [00400800],esi
mov [esi+80],ebx
xor eax,eax
jmp 00451031

Example using DEFINE
DEFINE(clear_eax,xor eax,eax)
00400500:
clear_eax

ReadMem example
alloc(x,16)
alloc(script,2048)

script:
mov eax,[x]
mov edx,[x+c]
ret

x:
readmem(00410000,16) //place the contents of address 00410000 at the address of X