Hello a newbie here approaching making tables!

Memory scanning, code injection, debugger internals and other gamemodding related discussion
Post Reply
LegendZero88
Novice Cheater
Novice Cheater
Posts: 16
Joined: Wed Apr 19, 2017 8:23 am
Reputation: 0

Hello a newbie here approaching making tables!

Post by LegendZero88 » Mon Jul 17, 2017 12:52 pm

Hiii to all i have some points to discuss with everyone here and hope someone can help.
I'm trying to hack a game followed some tutorial and now i'm here.
I''m trying to find mana.
1)find the address.
2)see what access this value and move around a bit, use mana.
3) there are multiple fld instruction, on esi+30 and one fstp instruction on esi+30.
4)check the value of the register esi
5)open memory viewer ctrl+d and dissect the structure with register address.
6)the dissect is successful, i see my offset (30) and others that point to max etc.

Now that is the problem... what i have to do from here?
I know i'm nob but... i don't really understand what to do now.

Squall8
Expert Cheater
Expert Cheater
Posts: 109
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 29

Re: Hello a newbie here approaching making tables!

Post by Squall8 » Mon Jul 17, 2017 5:09 pm

That depends. If you want to simply stop the value from decreasing, debug with 'what writes' and nop the instruction that pops up when you use some mana.

If you want to make a pointer, you're better off finding an instruction that constantly updates. That way as soon as you activate your script your pointers will populate.

Also make sure your instruction is exclusive to the player, meaning no other addresses access the instruction. You can right-click in the debugger window and select 'check if found opcodes also access other addresses'. Its pretty self explanatory form there.

Once you found a good instruction let me know.

LegendZero88
Novice Cheater
Novice Cheater
Posts: 16
Joined: Wed Apr 19, 2017 8:23 am
Reputation: 0

Re: Hello a newbie here approaching making tables!

Post by LegendZero88 » Mon Jul 17, 2017 5:19 pm

Hi. i will detail it a bit better.
The game in question is midboss, and i'm hacking mana which is float.
The fld instruction is called frequently and is unique, the fstp only when it decrese or increase.
Now the question is: how do i compile a script.. or a pointer for this value?
I don't understand how to finalize my findings.
Thanks for all the help

Squall8
Expert Cheater
Expert Cheater
Posts: 109
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 29

Re: Hello a newbie here approaching making tables!

Post by Squall8 » Mon Jul 17, 2017 5:46 pm

Paste an unmodified aob injection template of the instruction you found.

LegendZero88
Novice Cheater
Novice Cheater
Posts: 16
Joined: Wed Apr 19, 2017 8:23 am
Reputation: 0

Re: Hello a newbie here approaching making tables!

Post by LegendZero88 » Mon Jul 17, 2017 6:11 pm

here it is
Show

Code: Select all

{ Game   : MidBoss.exe
  Version: 1.1.6
  Date   : 2017-07-17
  Author : LegendZero

  This script does blah blah blah
}

[ENABLE]

aobscan(mana,D9 5E 30 D9 46 30 8B CE D9 5D F8) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:

code:
  fstp dword ptr [esi+30]
  fld dword ptr [esi+30]
  jmp return

mana:
  jmp newmem
  nop
return:
registersymbol(mana)

[DISABLE]

mana:
  db D9 5E 30 D9 46 30

unregistersymbol(mana)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: 0E1A7D02

""+E1A7CED: 00 00                 -  add [eax],al
""+E1A7CEF: 00 78 DF              -  add [eax-21],bh
""+E1A7CF2: EF                    -  out dx,eax
""+E1A7CF3: 0D 60 63 63 0D        -  or eax,D636360
""+E1A7CF8: 55                    -  push ebp
""+E1A7CF9: 8B EC                 -  mov ebp,esp
""+E1A7CFB: 56                    -  push esi
""+E1A7CFC: 50                    -  push eax
""+E1A7CFD: 8B F1                 -  mov esi,ecx
""+E1A7CFF: D9 45 08              -  fld dword ptr [ebp+08]
// ---------- INJECTING HERE ----------
""+E1A7D02: D9 5E 30              -  fstp dword ptr [esi+30]
""+E1A7D05: D9 46 30              -  fld dword ptr [esi+30]
// ---------- DONE INJECTING  ----------
""+E1A7D08: 8B CE                 -  mov ecx,esi
""+E1A7D0A: D9 5D F8              -  fstp dword ptr [ebp-08]
""+E1A7D0D: 8B 01                 -  mov eax,[ecx]
""+E1A7D0F: 8B 40 28              -  mov eax,[eax+28]
""+E1A7D12: FF 50 10              -  call dword ptr [eax+10]
""+E1A7D15: D9 45 F8              -  fld dword ptr [ebp-08]
""+E1A7D18: DB 46 28              -  fild dword ptr [esi+28]
""+E1A7D1B: D9 5D F8              -  fstp dword ptr [ebp-08]
""+E1A7D1E: D9 45 F8              -  fld dword ptr [ebp-08]
""+E1A7D21: DF F1                 -  fcomip st(0),st(1)
}

Squall8
Expert Cheater
Expert Cheater
Posts: 109
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 29

Re: Hello a newbie here approaching making tables!

Post by Squall8 » Mon Jul 17, 2017 8:14 pm

Pointer:

Code: Select all

[ENABLE]

aobscan(mana,D9 5E 30 D9 46 30 8B CE D9 5D F8)
alloc(newmem,$1000)

label(code)
label(return)
label(manapointer)  //Add this.

registersymbol(mana)
registersymbol(manapointer) //And this.

newmem:
  mov [manapointer],esi //And this. Your symbol that you can use outside of the script. Pretty self explanatory.

code:
  fstp dword ptr [esi+30]
  fld dword ptr [esi+30]
  jmp return
  
manapointer: //Your label
  dd 0  // dd for 32bit, dq for 64bit/

mana:
  jmp newmem
  nop
return:

[DISABLE]

mana:
  db D9 5E 30 D9 46 30

unregistersymbol(mana)
unregistersymbol(manapointer)
dealloc(newmem)
Lets just say you used 'what writes' to find this instruction. To nop it:

Code: Select all

[ENABLE]

aobscan(mana,D9 5E 30 D9 46 30 8B CE D9 5D F8)
registersymbol(mana)

mana:
  db 90 90 90 // Length in bytes of original instruction.

[DISABLE]

mana:
  db D9 5E 30 //Notice I got rid of the last 3 bytes. 

unregistersymbol(mana)

LegendZero88
Novice Cheater
Novice Cheater
Posts: 16
Joined: Wed Apr 19, 2017 8:23 am
Reputation: 0

Re: Hello a newbie here approaching making tables!

Post by LegendZero88 » Tue Jul 18, 2017 2:54 pm

both scripts not worked... probably i missed something or have done things wrong... uhm...
Thanks anyway :D

LegendZero88
Novice Cheater
Novice Cheater
Posts: 16
Joined: Wed Apr 19, 2017 8:23 am
Reputation: 0

Re: Hello a newbie here approaching making tables!

Post by LegendZero88 » Fri Jul 21, 2017 9:14 am

i understood the problem. i ahve done other scripts but i cant do helath mana or stamini because the instruzion and bytes are the same for all the three... how i can resolve?

Squall8
Expert Cheater
Expert Cheater
Posts: 109
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 29

Re: Hello a newbie here approaching making tables!

Post by Squall8 » Fri Jul 21, 2017 10:44 am

If you're talking about 3 different instructions that have a similar byte pattern in assembly then you need to find a difference somewhere and include that in your array.

If you're talking about one instruction sharing these 3 addresses you will be better off using 'what accesses' to find an instruction accessing only health, mana or stamina. From there you can push the max value into the current or something, get creative.
Or if you're feeling lazy just nop the instruction and call the cheat Max Stats :lol: !

LegendZero88
Novice Cheater
Novice Cheater
Posts: 16
Joined: Wed Apr 19, 2017 8:23 am
Reputation: 0

Re: Hello a newbie here approaching making tables!

Post by LegendZero88 » Fri Jul 21, 2017 2:11 pm

i have been able to create a pointer with aob injection for mana.
but when i try to create it for health and stamina, it gets back the mana value for all of them, because the instruction fld and fstp are always on the same bytes...
why it gives me back alway mana...?


ps: i tried what you said... i tried even backtracking... but i'm no good with it.
for what acess this adress are the same two istruction for everyone in the same bytes.

Squall8
Expert Cheater
Expert Cheater
Posts: 109
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 29

Re: Hello a newbie here approaching making tables!

Post by Squall8 » Fri Jul 21, 2017 6:18 pm

Still not sure what you mean.. Take a screenshot of the debugger windows for health mana and stamina. Use what accesses, and in the debugger window right click and choose 'check if found opcodes access other addresses'. Just upload one screenshot with all 3 side by side. Snippets of the assembly region wouldn't hurt either.

Also have you tried adding pointers with different offsets that point to health or stamina? As long as they are in the same data structure and the instruction you used for mana isn't shared you will be able to.

Squall8
Expert Cheater
Expert Cheater
Posts: 109
Joined: Fri Mar 03, 2017 7:43 am
Reputation: 29

Re: Hello a newbie here approaching making tables!

Post by Squall8 » Sat Jul 22, 2017 3:32 am

I took a look into the game myself. Its a bit more complicated than I was anticipating. Anyways here is what I came up with:

Code: Select all

{ Game   : MidBoss.exe
  Version: 
  Date   : 2017-07-21
  Author : Squall8
}

[ENABLE]

aobscan(infhealth,D9 46 30 DF F1 DD D8 7A 06 0F 84 7D)
alloc(newmem,$1000,MidBoss.exe)

label(code)
label(return)

newmem:
  push eax               //Basically what it says. 
  mov eax,[esi+14]       //Moves 4 Byte Max Health value into eax.
  cvtsi2ss xmm0,eax      //Converts value in eax to a float value in xmm0.
  movss [esi+30],xmm0    //Moves "Max Health into Current Health".
  pop eax

code:
  fld dword ptr [esi+30]
  fcomip st(0),st(1)
  jmp return

infhealth:
  jmp newmem
return:
registersymbol(infhealth)

[DISABLE]

infhealth:
  db D9 46 30 DF F1

unregistersymbol(infhealth)
dealloc(newmem)
https://ibb.co/mQ1b25

You should be able to figure out what I did here. You will basically have to do the same thing for mana and stamina. Let me know if you need anymore help.

LegendZero88
Novice Cheater
Novice Cheater
Posts: 16
Joined: Wed Apr 19, 2017 8:23 am
Reputation: 0

Re: Hello a newbie here approaching making tables!

Post by LegendZero88 » Sat Jul 22, 2017 6:15 am

i think i understood what you did there.
Simply thing you dissected the structure for health, moved in eax converted and then replaced current health.
So i think i will have to do the same thing for mana and stamina... i will try to do it as soon as possible...

ps: and of course you have taken the address with only one access.

Thanks i think i will do it in the afternoon and post my result here, hoping i succed with it.

Post Reply

Who is online

Users browsing this forum: No registered users