Difference between revisions of "Tutorial:CodeInjection Integers"

From Cheat Engine
Jump to navigation Jump to search
(Created page with '<!-- Tutorial:CodeInjection_Integers --> Category:Tutorial Category:Auto Assembler {{DISPLAYTITLE:Code Injection - Working with Integers}} This tutorial builds on the top…')
(No difference)

Revision as of 03:02, 7 May 2018

This tutorial builds on the topic of Code Injection:

Let's say you have an integer and some code that increases the value.

add [eax+10],ecx

What if what writes to the value is only a MOV. Try to find a spot above the write instruction that has an ADD (or a SUB depending on what you want to do).

add ecx,ebx
mov [eax+10],ecx

Hardcoded value

We could just hardcode a value for this.

add dword ptr [eax+10],(int)100 // #100 //// "#" is a short hand for integer

Editable value

We could use a label, giving it some memory. And optionally register it so the label can be used on the table as an address.

alloc(someMem, 0x400)
  mov ecx,[someSymbol]
  add [eax+10],ecx
  jmp return
    dd (int)100

Adding a Multiplier

We could add an editable value like above but use IMUL to add a multiplier to the script.

alloc(someMem, 0x400)
  imul ecx,[someSymbol]
  add [eax+10],ecx
  jmp return
    dd (int)10

Fractional Multiplier

But what if we wanted to be able to multiply by a fractional number (i.e.: "0.5"). Well this can take a bit more, but we can use CVTSI2SS and CVTSS2SI to convert the value form an integer to a float and back a gain. Then we can just use MULSS to do the multiplying, but we will need an XMM registry to work with. So we will need some extra memory and use MOVUPS to save and restore the XMM registry.

alloc(someMem, 0x400)
  movups [extraStuff],xmm0 //// save
  cvtsi2ss xmm0,ecx
  mulss xmm0,[someSymbol]
  cvtss2si ecx,xmm0
  movups xmm0,[extraStuff] //// restore
  jmp return
    dd (int)10
    dd 0 //// Data double-word (4 bytes)
    dd 0
    dq 0 //// Data quad-word (8 bytes)

Calculate a value for a Multiplier

Let's say we just can't find an ADD or a SUB, and all we have is a MOV.

mov [eax+10],ecx

We can just do some math in the script, to calculate a value for a multiplier.

alloc(someMem, 0x400)
  sub ecx,[eax+10]
  imul ecx,[someSymbol]
  add ecx,[eax+10]
  mov [eax+10],ecx
  jmp return
    dd (int)10

See Also