Auto Assembler - Example 1

From Cheat Engine

Jump to: navigation, search


Let's look at that the following example.

define(someValue, (int)100) alloc(someMemory, 512) label(someCode) label(someData) registerSymbol(someMemory) registerSymbol(someData) someMemory: someCode: mov eax,[00400000] mov [someData],eax mov [someData+4],123 mov [someData+8],$123 mov [someData+C],#123 mov [someData+10],(int)123 mov [someData+14],(float)123 mov [someData+18],someValue mov [someData+1C],'Hey!' mov byte ptr [someData+20],0 ret someData: createThread(someCode) // End of script


So let's brack this script down.


define(someValue, (int)100)

define
This allows use to define a constant of sorts.
someValue
This will be the name or symbol, so any where this name is used it will be replaced with the value.
(int)100
This is the value, here tell it that the value is 100 in decimal (base 10) format (by default all numbers are hexadecimal).


alloc(someMemory, 512)

alloc
This allocates memory in the attached process.
someMemory
This will be the name or symbol, it can be used as an address.
512
This is the number of bytes to be allocated in decimal format, so we are allocating 512 bytes, this is one of the few places that a number is seen as decimal by default.


label(someCode)

label
This allows us to declare a label of a location, but we will still need to place the label to assign it to an address in memory.
someCode
This will be the name or symbol of the label.
label(someData)
Same as before just with the symbol 'someData'.


registerSymbol(someMemory)

registerSymbol
This allow use to register (add a symbol to the user defined symbols list), this will allow use to use the symbol in other scripts and in the address list.
someMemory
This is the symbol to be registered.
registerSymbol(someData)
Same as before just with the symbol 'someData'.


someMemory:
This tells auto assembler to start assembling at where 'someMemory' was allocated.
someCode:
This is how we place the label (assign it's address), here we place it at the start of the assembled memory. This is not needed, 'someMemory' will be the same address as 'someCode'.


mov eax,[00400000]

mov
This is assembly, it allows use to move or assign a value to anther location. Here we are moving the value at the address of '00400000'.
eax
This is the destination operand, this is where the value will be moved to, here we are moving the value to the EAX register.
[00400000]
This is the source operand, this is where the value will come from, here we are moving the value at the address of '00400000'. The square brackets ('[', ']') designates that we want to use the value of an address.
mov [someData+4],123
Same as before except that we are moving the value '123' in hex to the address of 'someData+4'.
mov [someData+8],$123
Same as before except that we are moving the value '123' in hex, denoted by the '$', to the address of 'someData+8'.
mov [someData+C],#123
Same as before except that we are moving the value '123' in decimal, denoted by the '#', to the address of 'someData+C'.
mov [someData+10],(int)123
Same as before except that we are moving the value '123' in decimal, denoted by '(int)', to the address of 'someData+10'.
mov [someData+14],(float)123
Same as before except that we are moving the value '123' as a float, denoted by '(float)', to the address of 'someData+14'.
mov [someData+18],someValue
Same as before except that we are moving the value of the symbol 'someValue' to the address of 'someData+18'.
mov [someData+1C],'Hey!'
Same as before except that we are moving the value of a string 'Hey!', denoted by the quotations (both single and double work), to the address of 'someData+20'.
mov byte ptr [someData+20],0
Same as before except that we are moving a single byte of zero, denoted by 'byte ptr', to the address of 'someData+20'. This is to add a null character to the end of the string.


ret
This is a return for a call.


someData:
This is how we place the label (assign it's address), and here we place it at the end of the assembled memory.


createThread(someCode)

createThread
This allows us to create a thread in the attached process, and CALLs the given address or symbol. A ret is required to release the thread.
someCode
This is the address or symbol to call with the created thread.


// End of script
This is a comment, denoted by the '//', they are not interpreted or executed.


This is how the script is assembled in the process's memory.

someMemory   - A1 00004000                - mov eax,[00400000]          :  [00905A4D]
00200005     - A3 5B002000                - mov [someData],eax          :  [77]
0020000A     - C7 05 5F002000 23010000    - mov [0020005F],00000123     :  [35]
00200014     - C7 05 63002000 23010000    - mov [00200063],00000123     :  [35]
0020001E     - C7 05 67002000 7B000000    - mov [00200067],0000007B     :  [123]
00200028     - C7 05 6B002000 7B000000    - mov [0020006B],0000007B     :  [123]
00200032     - C7 05 6F002000 0000F642    - mov [0020006F],42F60000     :  [0]
0020003C     - C7 05 73002000 64000000    - mov [00200073],00000064     :  [100]
00200046     - C7 05 77002000 48657921    - mov [00200077],21796548     :  ["Hey!"]
00200050     - C7 05 7B002000 00000000    - mov [0020007B],00000000     :  [0]
0020005A     - C3                         - ret
someData     - 4D 5A 90 00
someData+4   - 23 01 00 00
someData+8   - 23 01 00 00
someData+C   - 7B 00 00 00
someData+10  - 7B 00 00 00
someData+14  - 00 00 F6 42
someData+18  - 64 00 00 00
someData+1C  - 48 65 79 21
someData+20  - 00 00 00 00


You can add the addresses for someData manually, see How to add addresses to the address list for details.

Or you can just copy the XML code below and paste it in the address list of a table to add the addresses for 'someData'.

<?xml version="1.0" encoding="utf-8"?> <CheatTable> <CheatEntries> <CheatEntry> <ID>0</ID> <Description>"someMemory"</Description> <LastState Value="" RealAddress="00000000"/> <VariableType>Array of byte</VariableType> <ByteLength>0</ByteLength> <Address>someMemory</Address> </CheatEntry> <CheatEntry> <ID>1</ID> <Description>"someData"</Description> <ShowAsHex>1</ShowAsHex> <VariableType>Array of byte</VariableType> <ByteLength>4</ByteLength> <Address>someData</Address> </CheatEntry> <CheatEntry> <ID>5</ID> <Description>"someData+4"</Description> <VariableType>4 Bytes</VariableType> <Address>someData+4</Address> </CheatEntry> <CheatEntry> <ID>4</ID> <Description>"someData+8"</Description> <VariableType>4 Bytes</VariableType> <Address>someData+8</Address> </CheatEntry> <CheatEntry> <ID>3</ID> <Description>"someData+C"</Description> <VariableType>4 Bytes</VariableType> <Address>someData+C</Address> </CheatEntry> <CheatEntry> <ID>2</ID> <Description>"someData+10"</Description> <VariableType>4 Bytes</VariableType> <Address>someData+10</Address> </CheatEntry> <CheatEntry> <ID>6</ID> <Description>"someData+14"</Description> <VariableType>Float</VariableType> <Address>someData+14</Address> </CheatEntry> <CheatEntry> <ID>7</ID> <Description>"someData+18"</Description> <VariableType>4 Bytes</VariableType> <Address>someData+18</Address> </CheatEntry> <CheatEntry> <ID>8</ID> <Description>"someData+1C"</Description> <VariableType>String</VariableType> <Length>60</Length> <Unicode>0</Unicode> <ZeroTerminate>1</ZeroTerminate> <Address>someData+1C</Address> </CheatEntry> </CheatEntries> </CheatTable>


If you execute the script and add the address to the address list, you should see some thing like this.


[edit] See also

[edit] Syntax Highlighter

Personal tools
Toolbox