Talk:Tutorial:Mono:Basic
Jump to navigation
Jump to search
Basic mono cheat Workflow[edit]
The workflow to create a script with this tutorial seems a bit odd.
I am not an expert, but hopefully this will help someone, for me the creation of a simple script goes like this:
- 1.-Turn on mono
- 2.-Search for desired address to edit.
- 3.-attach debugger to look what is accessing the address.
- 4.-right Click the accessing address in the debugger to dissemble(in the dissembler, instead of an addresses it should show the monoclass and method[or you screwed up and mono is not enabled]).
- 5.-search upward for the instruction that is modifying the value that is supplied to the desired address (often an inc, dec, add or sub to a register).
- 6.-in the dissembler select the address with the instruction you wish to edit.
- 7.-Select copy to clipboard-> Addresses only
- 8.-open script editor (ctl+alt+A) and select Template->Full injection
- 9.-in the address prompt paste the address from the disassembler(it should consist of monoClass:monoMethod+hexoffset)
- 10.-insert the text below between [ENABLE] and assert(address,bytes).
{$lua}
if syntaxcheck then return end
if LaunchMonoDataCollector() ~= 0 then
local mId = mono_findMethod('Assembly-CSharp', 'monoClass', 'monoMethod')
mono_compile_method(mId)
end
{$asm}
- 11.-edit the monoClass and monoMethod values in mono_findMethod('Assembly-CSharp', 'monoClass', 'monoMethod')(to JIT the method).
- 12.-Edit the code in the code section of the template to the new instructions you desire.
- 13.-Click save->assign to current table.
- 14.-Close editor and activate cheat.
- 15.-The final product should look like this(As can be observed in the code dump from the template, the instruction that saves to the original address is +40 or mov [rax+60],ecx and i went a bit above and changed +3a add ecx,[rbp-10] for mov ecx,FFFFFF [This ignores the calculated value and inserts a constant]):
{$STRICT}
define(address,scene_manager:increaseMoney+3a )
define(bytes,03 4D F0 83 38 00)
[ENABLE]
{$lua}
if syntaxcheck then return end
if LaunchMonoDataCollector() ~= 0 then
local mId = mono_findMethod('Assembly-CSharp', 'scene_manager', 'increaseMoney')
mono_compile_method(mId)
end
{$asm}
assert(address,bytes)
alloc(newmem,$1000,scene_manager:increaseMoney+3a )
label(code)
label(return)
newmem:
code:
mov ecx,FFFFFF
cmp dword ptr [rax],00
jmp return
address:
jmp newmem
nop
return:
[DISABLE]
address:
db bytes
// add ecx,[rbp-10]
// cmp dword ptr [rax],00
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: scene_manager:increaseMoney+3a
scene_manager:increaseMoney+13: 48 8B 40 18 - mov rax,[rax+18]
scene_manager:increaseMoney+17: 48 8B C8 - mov rcx,rax
scene_manager:increaseMoney+1a: 48 89 4D E8 - mov [rbp-18],rcx
scene_manager:increaseMoney+1e: 48 8B C8 - mov rcx,rax
scene_manager:increaseMoney+21: 83 38 00 - cmp dword ptr [rax],00
scene_manager:increaseMoney+24: 66 90 - nop 2
scene_manager:increaseMoney+26: 49 BB C0 92 F3 FF 4F 01 00 00 - mov r11,CharacterStats:get_Money
scene_manager:increaseMoney+30: 41 FF D3 - call r11
scene_manager:increaseMoney+33: 48 8B C8 - mov rcx,rax
scene_manager:increaseMoney+36: 48 8B 45 E8 - mov rax,[rbp-18]
// ---------- INJECTING HERE ----------
scene_manager:increaseMoney+3a: 03 4D F0 - add ecx,[rbp-10]
// ---------- DONE INJECTING ----------
scene_manager:increaseMoney+3d: 83 38 00 - cmp dword ptr [rax],00
scene_manager:increaseMoney+40: 48 8B 40 18 - mov rax,[rax+18]
scene_manager:increaseMoney+44: 89 48 60 - mov [rax+60],ecx
scene_manager:increaseMoney+47: 48 8D 65 00 - lea rsp,[rbp+00]
scene_manager:increaseMoney+4b: 5D - pop rbp
scene_manager:increaseMoney+4c: C3 - ret
14FFFFC80FD: 00 00 - add [rax],al
14FFFFC80FF: 00 01 - add [rcx],al
14FFFFC8101: 04 02 - add al,02
14FFFFC8103: 05 04 03 01 50 - add eax,50010304
}
