Difference between revisions of "Tutorials:Auto Assembler:Injection full"

From Cheat Engine
Jump to navigation Jump to search
(Created page with 'So in most game to really do any thing cool, you will want or need to use code injection. Now there are different types of injection, the most common methods are DLL injection a…')
 
 
(10 intermediate revisions by the same user not shown)
Line 1: Line 1:
So in most game to really do any thing cool, you will want or need to use code injection.
+
[[Category:Tutorial]]
 +
[[Category:Auto Assembler]]
 +
[[Category:Code Injection]]
 +
{{DISPLAYTITLE:Code Injection - Full}}
 +
So in most games to really do any thing cool, you will want or need to use code injection.
  
 
Now there are different types of injection, the most common methods are DLL injection and assembly injection.  
 
Now there are different types of injection, the most common methods are DLL injection and assembly injection.  
Line 15: Line 19:
  
 
== Finding the injection point ==
 
== Finding the injection point ==
After you have found the addresses of the score and time then we can find the injection point.  
+
After you have found the address of the score then we can find the injection point.  
 
Where this is depends on what we want to do so in ''Windows Solitaire'' the score decreases over timer,  
 
Where this is depends on what we want to do so in ''Windows Solitaire'' the score decreases over timer,  
 
lets make it increase the score.
 
lets make it increase the score.
Line 23: Line 27:
 
'''right-click and select ''find out what writes to this address'''''.
 
'''right-click and select ''find out what writes to this address'''''.
  
[[File:CEForm.AutoAssembler.CodeInjection.01.png]]
+
[[File:CEForm.AutoAssembler.CodeInjection.01.png|border]]
  
 
A message window will tell you ''this will attach the debugger of Cheat Engine to the current process. Continue?''.
 
A message window will tell you ''this will attach the debugger of Cheat Engine to the current process. Continue?''.
Line 35: Line 39:
 
  FF8396CC - 41 83 43 14 FE - add dword ptr [r11+14],-02
 
  FF8396CC - 41 83 43 14 FE - add dword ptr [r11+14],-02
  
[[File:CEForm.AutoAssembler.CodeInjection.02.png]]
+
[[File:CEForm.AutoAssembler.CodeInjection.02.png|border]]
  
 
Once some code comes up you can '''click the ''stop'' button'''.
 
Once some code comes up you can '''click the ''stop'' button'''.
  
[[File:CEForm.AutoAssembler.CodeInjection.03.png]]
+
[[File:CEForm.AutoAssembler.CodeInjection.03.png|border]]
  
 
Then '''click on the line of code''', this should enable the buttons,  
 
Then '''click on the line of code''', this should enable the buttons,  
 
now '''click the ''show disassembler'' button'''.
 
now '''click the ''show disassembler'' button'''.
  
[[File:CEForm.AutoAssembler.CodeInjection.04.png]]
+
[[File:CEForm.AutoAssembler.CodeInjection.04.png|border]]
  
 
This will bring up the disassembler / memory view form.
 
This will bring up the disassembler / memory view form.
  
[[File:CEForm.AutoAssembler.CodeInjection.disassembler.01.png]]
+
[[File:CEForm.AutoAssembler.CodeInjection.disassembler.01.png|border]]
  
 
=== Step 3 ===
 
=== Step 3 ===
Line 54: Line 58:
 
'''right-click and select ''find out what addresses this instruction accesses'''''.
 
'''right-click and select ''find out what addresses this instruction accesses'''''.
  
[[File:CEForm.AutoAssembler.CodeInjection.disassembler.02.png]]
+
[[File:CEForm.AutoAssembler.CodeInjection.disassembler.02.png|border]]
  
 
=== Step 4 ===
 
=== Step 4 ===
Line 62: Line 66:
 
So we are '''looking to see that this only accesses the score address'''.
 
So we are '''looking to see that this only accesses the score address'''.
  
[[File:CEForm.AutoAssembler.CodeInjection.disassembler.03.png]]
+
[[File:CEForm.AutoAssembler.CodeInjection.disassembler.03.png|border]]
  
 
So if only the address we want (the score) comes up then we can '''close the window''',  
 
So if only the address we want (the score) comes up then we can '''close the window''',  
Line 71: Line 75:
 
or just press ''Ctrl+A''.
 
or just press ''Ctrl+A''.
  
[[File:CEForm.AutoAssembler.CodeInjection.disassembler.04.png]]
+
[[File:CEForm.AutoAssembler.CodeInjection.disassembler.04.png|border]]
  
  
 
== Writing the injection code ==
 
== Writing the injection code ==
Will setup a script to enable and disable the injection.
+
We'll setup a script to enable and disable the injection.
  
 
=== Step 1 ===
 
=== Step 1 ===
Line 81: Line 85:
 
so on the form's menu '''click ''template'' then click ''cheat table framework code'''''.
 
so on the form's menu '''click ''template'' then click ''cheat table framework code'''''.
  
[[File:CEForm.AutoAssembler.CodeInjection.autoAssembler.01.png]]
+
[[File:Tutorials.AddScriptToTable.AssignToTable.Template-CTFramework.01.png|border]]
  
 
This will give you the base code needed to add a script to the table.
 
This will give you the base code needed to add a script to the table.
  
[[File:CEForm.AutoAssembler.CodeInjection.autoAssembler.02.png]]
+
[[File:CEForm.AutoAssembler.CodeInjection.autoAssembler.02.png|border]]
  
 
=== Step 2 ===
 
=== Step 2 ===
 
So now on the form's menu '''click ''template'' then click ''full injection'''''.
 
So now on the form's menu '''click ''template'' then click ''full injection'''''.
  
[[File:CEForm.AutoAssembler.CodeInjection.autoAssembler.03.png]]
+
[[File:CEForm.AutoAssembler.CodeInjection.autoAssembler.03.png|border]]
  
 
You will be prompted for the address if you haven't changed the selected code in the memory view form,  
 
You will be prompted for the address if you haven't changed the selected code in the memory view form,  
 
then '''click the ''ok'' button'''.
 
then '''click the ''ok'' button'''.
  
[[File:CEForm.AutoAssembler.CodeInjection.autoAssembler.04.png]]
+
[[File:CEForm.AutoAssembler.CodeInjection.autoAssembler.04.png|border]]
  
 
This will give you the base code needed for a full injection.
 
This will give you the base code needed for a full injection.
  
[[File:CEForm.AutoAssembler.CodeInjection.autoAssembler.05.png]]
+
[[File:CEForm.AutoAssembler.CodeInjection.autoAssembler.05.png|border]]
  
 
=== Step 3 ===
 
=== Step 3 ===
Now the easiest thing to do here, since the code already adds is to just make the number positive.
+
Now the easiest thing to do here, since the code already adds is to just '''make the number positive'''.
  
 
:Note the ''yellow'' lines, these mark code changes on that line.
 
:Note the ''yellow'' lines, these mark code changes on that line.
::so here line 26 is showing that it have changed.
+
::so here line 26 is showing that it has changed.
  
[[File:CEForm.AutoAssembler.CodeInjection.autoAssembler.2.01.png]]
+
[[File:CEForm.AutoAssembler.CodeInjection.autoAssembler.2.01.png|border]]
  
 
=== Step 3 ===
 
=== Step 3 ===
 
Now we can add this to the table, so on the form's menu '''click ''file'' then click ''assign to current cheat table'''''.
 
Now we can add this to the table, so on the form's menu '''click ''file'' then click ''assign to current cheat table'''''.
  
[[File:CEForm.AutoAssembler.CodeInjection.autoAssembler.08.png]]
+
[[File:Tutorials.AddScriptToTable.AssignToTable.01.png|border]]
  
 
This should create a memory record in the tables address list.
 
This should create a memory record in the tables address list.
  
[[File:CEForm.AutoAssembler.CodeInjection.addrLst.script.01.png]]
+
[[File:Tutorials.AddScriptToTable.AssignToTable.CTScript.01.png|border]]
 
 
  
 
== Testing the injection code ==
 
== Testing the injection code ==
Line 126: Line 129:
 
'''enable the script''' (click the box or with it selected press the space bar).
 
'''enable the script''' (click the box or with it selected press the space bar).
  
[[File:CEForm.AutoAssembler.CodeInjection.addrLst.script.02.png]]
+
[[File:CEForm.AutoAssembler.CodeInjection.addrLst.script.02.png|border]]
  
 
You should see a red X in the enabler box, a jump command, and the same code as before the injection on the next line,  
 
You should see a red X in the enabler box, a jump command, and the same code as before the injection on the next line,  
 
if all went as planed.
 
if all went as planed.
  
[[File:CEForm.AutoAssembler.CodeInjection.autoAssembler.2.02.png]]
+
[[File:CEForm.AutoAssembler.CodeInjection.autoAssembler.2.02.png|border]]
  
 
Now '''check that the score gets increased'''.
 
Now '''check that the score gets increased'''.
Line 139: Line 142:
 
and the red X should be gone and the original code should be injected back.
 
and the red X should be gone and the original code should be injected back.
  
[[File:CEForm.AutoAssembler.CodeInjection.addrLst.script.04.png]]
+
[[File:CEForm.AutoAssembler.CodeInjection.addrLst.script.04.png|border]]
  
 
Now '''check that the score gets decreased'''.
 
Now '''check that the score gets decreased'''.
Line 146: Line 149:
 
And that's that basics of assembly injection with Cheat Engine.
 
And that's that basics of assembly injection with Cheat Engine.
  
 
+
{{Template:CodeInjectionSeeAlso}}
== See also ==
 
* [[Code_injection]]
 
* [[Tutorials]]
 
 
 
=== Related Tutorials ===
 
* [[Tutorials:AttachToProcess|Attach to a process]]
 
* [[Tutorials:Finding values:Integers|Finding values - Integers]]
 
* [[Tutorials:Finding values:Floats|Finding values - Floats]]
 
* [[Tutorials:Auto_Assembler:Injection_basic|Code Injection Basic]]
 
  
 
== External links ==
 
== External links ==

Latest revision as of 20:26, 22 April 2018


So in most games to really do any thing cool, you will want or need to use code injection.

Now there are different types of injection, the most common methods are DLL injection and assembly injection. We will be going over assembly injection.

Specifically what's called a full assembly injection.


Any game will work but I will be using Windows Solitaire.

First you will need to find the score.

If unsure how to find values see: Finding values - Integers


Finding the injection point[edit]

After you have found the address of the score then we can find the injection point. Where this is depends on what we want to do so in Windows Solitaire the score decreases over timer, lets make it increase the score.

Step 1[edit]

First we need to find the code we want so select the address of the score in the address list, right-click and select find out what writes to this address.

CEForm.AutoAssembler.CodeInjection.01.png

A message window will tell you this will attach the debugger of Cheat Engine to the current process. Continue?. click the yes button.

If you are having trouble try changing the debugger settings.

Now we wait for the score to decrease.

Step 2[edit]

Then you should see some code come up in the debugger window, with the number of times it as written to the address:

FF8396CC - 41 83 43 14 FE - add dword ptr [r11+14],-02

CEForm.AutoAssembler.CodeInjection.02.png

Once some code comes up you can click the stop button.

CEForm.AutoAssembler.CodeInjection.03.png

Then click on the line of code, this should enable the buttons, now click the show disassembler button.

CEForm.AutoAssembler.CodeInjection.04.png

This will bring up the disassembler / memory view form.

CEForm.AutoAssembler.CodeInjection.disassembler.01.png

Step 3[edit]

With the disassembler / memory view form open, on the highlighted line of code right-click and select find out what addresses this instruction accesses.

CEForm.AutoAssembler.CodeInjection.disassembler.02.png

Step 4[edit]

Now let it run for a while, make some moves, and see what comes up. In most games this is a good thing to do because many functions deal with multiple addresses.

So we are looking to see that this only accesses the score address.

CEForm.AutoAssembler.CodeInjection.disassembler.03.png

So if only the address we want (the score) comes up then we can close the window, click the form close button or click the stop button then it becomes a close button and just click it again.

Step 5[edit]

Now on the memory view form menu select tools then select auto assemble, or just press Ctrl+A.

CEForm.AutoAssembler.CodeInjection.disassembler.04.png


Writing the injection code[edit]

We'll setup a script to enable and disable the injection.

Step 1[edit]

The easiest way to do this is with templates, so on the form's menu click template then click cheat table framework code.

Tutorials.AddScriptToTable.AssignToTable.Template-CTFramework.01.png

This will give you the base code needed to add a script to the table.

CEForm.AutoAssembler.CodeInjection.autoAssembler.02.png

Step 2[edit]

So now on the form's menu click template then click full injection.

CEForm.AutoAssembler.CodeInjection.autoAssembler.03.png

You will be prompted for the address if you haven't changed the selected code in the memory view form, then click the ok button.

CEForm.AutoAssembler.CodeInjection.autoAssembler.04.png

This will give you the base code needed for a full injection.

CEForm.AutoAssembler.CodeInjection.autoAssembler.05.png

Step 3[edit]

Now the easiest thing to do here, since the code already adds is to just make the number positive.

Note the yellow lines, these mark code changes on that line.
so here line 26 is showing that it has changed.

CEForm.AutoAssembler.CodeInjection.autoAssembler.2.01.png

Step 3[edit]

Now we can add this to the table, so on the form's menu click file then click assign to current cheat table.

Tutorials.AddScriptToTable.AssignToTable.01.png

This should create a memory record in the tables address list.

Tutorials.AddScriptToTable.AssignToTable.CTScript.01.png

Testing the injection code[edit]

Now we are ready to test the code.

Enable[edit]

With the memory view form visible, looking at the injection line, enable the script (click the box or with it selected press the space bar).

CEForm.AutoAssembler.CodeInjection.addrLst.script.02.png

You should see a red X in the enabler box, a jump command, and the same code as before the injection on the next line, if all went as planed.

CEForm.AutoAssembler.CodeInjection.autoAssembler.2.02.png

Now check that the score gets increased.

Disable[edit]

Now disable the script, same steps as enabling, and the red X should be gone and the original code should be injected back.

CEForm.AutoAssembler.CodeInjection.addrLst.script.04.png

Now check that the score gets decreased.


And that's that basics of assembly injection with Cheat Engine.

See also[edit]

External links[edit]