Code Injection - Working with Integers

Section's for general approaches on hacking various options in games. No online-related discussions/posts OR warez!
Post Reply
User avatar
TheyCallMeTim13
RCE Fanatics
RCE Fanatics
Posts: 820
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 69

Code Injection - Working with Integers

Post by TheyCallMeTim13 » Mon May 07, 2018 4:55 am

[URL='https://wiki.cheatengine.org/index.php?title=Tutorial:CodeInjection_Integers'][U]https://wiki.cheatengine.org/index.php?title=Tutorial:CodeInjection_Integers[/U][/URL]

[SIZE=7][B]Code Injection - Working with Integers[/B][/SIZE]

This tutorial builds on the topic of Code Injection:

[LIST]

[*][URL='https://fearlessrevolution.com/threads/code-injection-basic.6538/'][U]Code Injection - Basic injection[/U][/URL]

[*][U][URL='https://fearlessrevolution.com/threads/code-injection-full.6539/']Code Injection - Full injection[/URL][/U]

[*][U][URL='https://fearlessrevolution.com/threads/code-injection-editable-values.6544/']Code Injection - Adding Editable Values[/URL][/U]

[*][URL='https://fearlessrevolution.com/threads/code-injection-working-with-floats.6715/'][U]Code Injection - Working with Floats[/U][/URL]

[/LIST]



Let's say you have an integer and some code that increases the value.

[CODE=nasm]add [eax+10],ecx[/CODE]

What if what writes to the value is only a [URL='https://wiki.cheatengine.org/index.php?title=Assembler:Commands:MOV'][U]MOV[/U][/URL]. Try to find a spot above the write instruction that has an [URL='https://wiki.cheatengine.org/index.php?title=Assembler:Commands:ADD'][U]ADD[/U][/URL] (or a [URL='https://wiki.cheatengine.org/index.php?title=Assembler:Commands:SUB'][U]SUB[/U][/URL] depending on what you want to do).

[CODE=nasm]add ecx,ebx

//...

mov [eax+10],ecx[/CODE]





[SIZE=6][B]Hardcoded value[/B][/SIZE]

We could just hardcode a value for this.

[CODE=nasm]add dword ptr [eax+10],(int)100 // #100 //// "#" is a short hand for integer[/CODE]





[SIZE=6][B]Editable value[/B][/SIZE]

We could use a [URL='https://wiki.cheatengine.org/index.php?title=Auto_Assembler:label'][U]label[/U][/URL], giving it some memory. And optionally [URL='https://wiki.cheatengine.org/index.php?title=Auto_Assembler:registerSymbol'][U]register[/U][/URL] it so the label can be used on the table as an address.

[CODE=cea]//...

alloc(someMem, 0x400)

//...

label(someSymbol)

registerSymbol(someSymbol)

//...

someMem:

//...

mov ecx,[someSymbol]

add [eax+10],ecx

//...

jmp return

//...

someSymbol:

dd (int)100

//...[/CODE]





[SIZE=6][B]Adding a Multiplier[/B][/SIZE]

We could add an editable value like above but use [URL='https://wiki.cheatengine.org/index.php?title=Assembler:Commands:IMUL'][U]IMUL[/U][/URL] to add a multiplier to the script.

[CODE=cea]//...

alloc(someMem, 0x400)

//...

label(someSymbol)

registerSymbol(someSymbol)

//...

someMem:

//...

imul ecx,[someSymbol]

add [eax+10],ecx

//...

jmp return

//...

someSymbol:

dd (int)10

//...[/CODE]





[SIZE=6][B]Fractional Multiplier[/B][/SIZE]

But what if we wanted to be able to multiply by a fractional number (i.e.: "0.5"). Well this can take a bit more, but we can use [URL='https://wiki.cheatengine.org/index.php?title=Assembler:Commands:CVTSI2SS'][U]CVTSI2SS[/U][/URL] and [URL='https://wiki.cheatengine.org/index.php?title=Assembler:Commands:CVTSS2SI&action=edit&redlink=1'][U]CVTSS2SI[/U][/URL] to convert the value form an integer to a float and back a gain. Then we can just use [URL='https://wiki.cheatengine.org/index.php?title=Assembler:Commands:MULSS'][U]MULSS[/U][/URL] to do the multiplying, but we will need an [URL='https://wiki.cheatengine.org/index.php?title=Assembler#Structure'][U]XMM[/U][/URL] [URL='https://wiki.cheatengine.org/index.php?title=Assembler#Registers'][U]registry[/U][/URL] to work with. So we will need some extra memory and use [URL='https://wiki.cheatengine.org/index.php?title=Assembler:Commands:MOVUPS&action=edit&redlink=1'][U]MOVUPS[/U][/URL] to save and restore the XMM registry.

[CODE=cea]//...

alloc(someMem, 0x400)

//...

label(someSymbol)

registerSymbol(someSymbol)

label(extraStuff)

//...

someMem:

//...

movups [extraStuff],xmm0 //// save

cvtsi2ss xmm0,ecx

mulss xmm0,[someSymbol]

cvtss2si ecx,xmm0

movups xmm0,[extraStuff] //// restore

//...

jmp return

//...

someSymbol:

dd (int)10

extraStuff:

dd 0 //// Data double-word (4 bytes)

dd 0

dq 0 //// Data quad-word (8 bytes)

//...[/CODE]





[SIZE=6][B]Calculate a value for a Multiplier[/B][/SIZE]

Let's say we just can't find an [URL='https://wiki.cheatengine.org/index.php?title=Assembler:Commands:ADD'][U]ADD[/U][/URL] or a [URL='https://wiki.cheatengine.org/index.php?title=Assembler:Commands:SUB'][U]SUB[/U][/URL], and all we have is a [URL='https://wiki.cheatengine.org/index.php?title=Assembler:Commands:MOV'][U]MOV[/U][/URL].

[CODE=nasm]mov [eax+10],ecx[/CODE]



We can just do some math in the script, to calculate a value for a multiplier.

[CODE=cea]//...

alloc(someMem, 0x400)

//...

label(someSymbol)

registerSymbol(someSymbol)

//...

someMem:

//...

sub ecx,[eax+10]

imul ecx,[someSymbol]

add ecx,[eax+10]

mov [eax+10],ecx

//...

jmp return

//...

someSymbol:

dd (int)10

//...[/CODE]





[SIZE=6][B]See Also[/B][/SIZE]

[LIST]

[*][URL='https://fearlessrevolution.com/threads/auto-assembler-basics.6503/'][U]Auto Assembler Basics[/U][/URL]

[*][URL='https://fearlessrevolution.com/threads/auto-assembler-templates.6536/'][U]Auto Assembler Templates[/U][/URL]

[*][URL='https://fearlessrevolution.com/threads/code-injection-basic.6538/'][U]Code Injection - Basic injection[/U][/URL]

[*][U][URL='https://fearlessrevolution.com/threads/code-injection-full.6539/']Code Injection - Full injection[/URL][/U]

[*][U][URL='https://fearlessrevolution.com/threads/code-injection-editable-values.6544/']Code Injection - Adding Editable Values[/URL][/U]

[*][U][URL='https://fearlessrevolution.com/threads/code-injection-working-with-floats.6715/']Code Injection - Working with Floats[/URL][/U]

[/LIST]
Last edited by TheyCallMeTim13 on Mon May 07, 2018 12:43 pm, edited 6 times in total.
"We live in a society exquisitely dependent on science and technology, in which hardly anyone knows anything about science and technology."
-- Carl Sagan

Post Reply