Code injection with value

CJtheTiger

What is cheating?
Mar 4, 2017
4
0
1
#1
Using the Auto Assembler I created a little snippet which modifies which value will be set to a specific address.

Initially it was:
Code:
mov [esi+9A],al
What I want it to be is:
Code:
mov [esi+9A],<my value>
I'd like to define the value in the table. How would I accomplish this?

This is the complete script:
Code:
[ENABLE]

alloc(valuemod,2048)
label(valuemodexit)

valuemod:
mov [esi+9A],<my value>
jmp valuemodexit

"MyGame.exe"+ABCDEF:
jmp valuemod
valuemodexit:
 
[DISABLE]
"MyGame.exe"+ABCDEF:
mov [esi+9A],al
I could just make another entry in the table which writes the value into allocated memory for the injection and then just retrieve it in there, but I figured there must be some way to do this in a more elegant way.
 

TheyCallMeTim13

I... am an enchanter.
Talents
Fearless Donors
Mar 3, 2017
346
19
18
#2
if your push value is always the same then you can just put your value in like you have it, but CE will interpret this as hex but you can use (int)#
Code:
mov [esi+9A],(int)100
Or you could define a value:
Code:
define(PushValue,(int)100)
...
mov [esi+9A],PushValue
 

++METHOS

Administrator
Administrator
Mar 2, 2017
203
1
18
#3
You can also create a custom symbol and add it to your table as a custom address:
[ENABLE]

alloc(valuemod,2048)
label(valuemodexit)
label(originalcode)
label(value)

registersymbol(value)

valuemod:

{--optional-->>
cmp [value],0
je originalcode
<<--optional--}

push edi
mov edi,[value]
mov [esi+9A],edi
pop edi
jmp valuemodexit //may need to add some original code before the jump

originalcode:
//originalcode here
jmp valuemodexit

value:
dd 0

"MyGame.exe"+ABCDEF:
jmp valuemod
valuemodexit:

[DISABLE]
"MyGame.exe"+ABCDEF:
mov [esi+9A],al

unregistersymbol(value)
Once the script is activated, add a custom address to your table and put value in the address field. You can assign hotkeys for setting/freezing values etc..
 

Zanzer

RCE Fanatics
Talents
Mar 3, 2017
96
2
8
#5
Be sure to include "byte ptr" so you're not overwriting more than the 1 address.
Code:
mov byte ptr [esi+9A],<my value>
Code:
mov al,[value]
 

CJtheTiger

What is cheating?
Mar 4, 2017
4
0
1
#6
Zanzer post_id=632 time=1488769039 user_id=523 said:
Be sure to include "byte ptr" so you're not overwriting more than the 1 address.
Code:
mov byte ptr [esi+9A],<my value>
Code:
mov al,[value]
From my understanding it will take the smallest common size, so when I move some value to AL which is one byte in size, it will only take one byte from the value I want to move there. Feel free to correct me there though.