Code Injection - Working with Integers

Section's for general approaches on hacking various options in games. No online-related discussions/posts OR warez!
Post Reply
User avatar
TheyCallMeTim13
Administration
Administration
Posts: 980
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 154
Contact:

Code Injection - Working with Integers

Post by TheyCallMeTim13 » Mon May 07, 2018 4:55 am

https://wiki.cheatengine.org/index.php? ... n_Integers
Code Injection - Working with Integers
This tutorial builds on the topic of Code Injection: Let's say you have an integer and some code that increases the value.

Code: Select all

add [eax+10],ecx
What if what writes to the value is only a MOV. Try to find a spot above the write instruction that has an ADD (or a SUB depending on what you want to do).

Code: Select all

add ecx,ebx
//...
mov [eax+10],ecx

Hardcoded value
We could just hardcode a value for this.

Code: Select all

add dword ptr [eax+10],(int)100 // #100 //// "#" is a short hand for integer

Editable value
We could use a label, giving it some memory. And optionally register it so the label can be used on the table as an address.

Code: Select all

//...
alloc(someMem, 0x400)
//...
label(someSymbol)
registerSymbol(someSymbol)
//...
someMem:
  //...
  mov ecx,[someSymbol]
  add [eax+10],ecx
  //...
  jmp return
  //...
  someSymbol:
    dd (int)100
//...

Adding a Multiplier
We could add an editable value like above but use IMUL to add a multiplier to the script.

Code: Select all

//...
alloc(someMem, 0x400)
//...
label(someSymbol)
registerSymbol(someSymbol)
//...
someMem:
  //...
  imul ecx,[someSymbol]
  add [eax+10],ecx
  //...
  jmp return
  //...
  someSymbol:
    dd (int)10
//...

Fractional Multiplier
But what if we wanted to be able to multiply by a fractional number (i.e.: "0.5"). Well this can take a bit more, but we can use CVTSI2SS and CVTSS2SI to convert the value form an integer to a float and back a gain. Then we can just use MULSS to do the multiplying, but we will need an XMM registry to work with. So we will need some extra memory and use MOVUPS to save and restore the XMM registry.

Code: Select all

//...
alloc(someMem, 0x400)
//...
label(someSymbol)
registerSymbol(someSymbol)
label(extraStuff)
//...
someMem:
  //...
  movups [extraStuff],xmm0 //// save
  cvtsi2ss xmm0,ecx
  mulss xmm0,[someSymbol]
  cvtss2si ecx,xmm0
  movups xmm0,[extraStuff] //// restore
  //...
  jmp return
  //...
  someSymbol:
    dd (int)10
  extraStuff:
    dd 0 //// Data double-word (4 bytes)
    dd 0
    dq 0 //// Data quad-word (8 bytes)
//...

Calculate a value for a Multiplier
Let's say we just can't find an ADD or a SUB, and all we have is a MOV.

Code: Select all

mov [eax+10],ecx
We can just do some math in the script, to calculate a value for a multiplier.

Code: Select all

//...
alloc(someMem, 0x400)
//...
label(someSymbol)
registerSymbol(someSymbol)
//...
someMem:
  //...
  sub ecx,[eax+10]
  imul ecx,[someSymbol]
  add ecx,[eax+10]
  mov [eax+10],ecx
  //...
  jmp return
  //...
  someSymbol:
    dd (int)10
//...

See Also
Last edited by TheyCallMeTim13 on Mon May 07, 2018 12:43 pm, edited 6 times in total.

Post Reply

Who is online

Users browsing this forum: No registered users