Jump in Assembler

MangaDrawing

MangaDrawing

What is cheating?
#1
Mar 5, 2017
29
0
1
#1
Hi.
If we have for example this code:
cmp [ecx+08],1
je ???
cmp eax,eax
mov [ecx+14],(float)100

How can jump from "je" to "cmp eax,eax" or "mov [ecx+14],(float)100".Instead of "???" What should I write that jump to other lines?
 
B

Bloodybone

Novice Cheater
#2
Aug 3, 2017
103
0
16
#2
you can directly manipulate the bytes at the je so je is in byte form 74 and then the second byte is how long you wan't to jump so if you wan't to jump to cmp eax,eax do 74 00 and if you wan't to jump to mov [ecx+14],(float)100 then do 74 01
 
B

Bloodybone

Novice Cheater
#3
Aug 3, 2017
103
0
16
#3
Also if you wan't to jump in the Auto Assembler so if
cmp [ecx+08],1
je ???
cmp eax,eax
mov [ecx+14],(float)100

is your code you can add labels

Example:
Code: 
define(address,"Tutorial-i386.exe"+23B78)
define(bytes,8B 83 80 04 00 00)

[ENABLE]

assert(address,bytes)
alloc(newmem,$100)

label(code)
label(return)
label(jumpto)

newmem:

code:
  cmp [ecx+08],1
  je jumpto
  cmp eax,eax
  jmp return

jumpto:
  mov [ecx+14],(float)100
  jmp return

address:
  jmp newmem
  nop
return:

[DISABLE]

address:
  db bytes

dealloc(newmem)
 
squall0833

squall0833

Noobzor
#4
Mar 4, 2017
51
1
8
#4
Bloodybone post_id=18833 time=1506813778 user_id=7561 said:
Also if you wan't to jump in the Auto Assembler so if
cmp [ecx+08],1
je ???
cmp eax,eax
mov [ecx+14],(float)100

is your code you can add labels

Example:
Code: 
define(address,"Tutorial-i386.exe"+23B78)
define(bytes,8B 83 80 04 00 00)

[ENABLE]

assert(address,bytes)
alloc(newmem,$100)

label(code)
label(return)
label(jumpto)

newmem:

code:
  cmp [ecx+08],1
  je jumpto
  cmp eax,eax
  jmp return

jumpto:
  mov [ecx+14],(float)100
  jmp return

address:
  jmp newmem
  nop
return:

[DISABLE]

address:
  db bytes

dealloc(newmem)
Click to expand...

hello again @Bloodybone

i have some question, i saw somewhere that you can jmp to a label and skip few lines, what was it again?

for example my code below
[ENABLE]

aobscanmodule(Inf_Money,game.exe,89 87 A4 01 00 00 EB)
alloc(newmem,$1000)
registersymbol(playeronlyflag)


label(code)
label(return)
label(playeronlyflag)

newmem:
cmp [playeronlyflag],1 //check if playeronly is active
jne newmem+4 // is this correct? i was trying to skip 4 lines to sub [edi+000001A4],eax for enable to allplayer
cmp [edi+000001EC],0 //check if this is player
jne code //jump to original code if this is not player
sub [edi+000001A4],eax
push ebx
mov ebx,[edi+000001A4]
mov [edi+000001A4],eax
add [edi+000001A4],ebx // money wont decrease, adding spent money instead of deduct
pop ebx
jmp return

code:
mov [edi+000001A4],eax
jmp return

playeronlyflag:
dd 0 //cheat enable to all players by default


Inf_Money:
jmp newmem
nop
return:
registersymbol(Inf_Money)

[DISABLE]

Inf_Money:
db 89 87 A4 01 00 00

unregistersymbol(Inf_Money)
dealloc(newmem)
unregistersymbol(playeronlyflag)
Click to expand...
The code above doesn't work properly, it still applies cheat to Player Only no matter what flag is set.

is there anywhere incorrect? is it correct, the way i use newmem+4: on label for skipping lines?
 
jungletek

jungletek

Reality Bytes
Staff member
Shogun
#5
Oct 17, 2017
154
6
18
#5
squall0833 post_id=23818 time=1510045843 user_id=639 said:
Bloodybone post_id=18833 time=1506813778 user_id=7561 said:
Also if you wan't to jump in the Auto Assembler so if
cmp [ecx+08],1
je ???
cmp eax,eax
mov [ecx+14],(float)100

is your code you can add labels

Example:
Code: 
define(address,"Tutorial-i386.exe"+23B78)
define(bytes,8B 83 80 04 00 00)

[ENABLE]

assert(address,bytes)
alloc(newmem,$100)

label(code)
label(return)
label(jumpto)

newmem:

code:
  cmp [ecx+08],1
  je jumpto
  cmp eax,eax
  jmp return

jumpto:
  mov [ecx+14],(float)100
  jmp return

address:
  jmp newmem
  nop
return:

[DISABLE]

address:
  db bytes

dealloc(newmem)
Click to expand...

hello again @Bloodybone

i have some question, i saw somewhere that you can jmp to a label and skip few lines, what was it again?

for example my code below
[ENABLE]

aobscanmodule(Inf_Money,game.exe,89 87 A4 01 00 00 EB)
alloc(newmem,$1000)
registersymbol(playeronlyflag)


label(code)
label(return)
label(playeronlyflag)

newmem:
cmp [playeronlyflag],1 //check if playeronly is active
jne newmem+4 // im not sure if this is correct, what I want is jumping to newmem again but skip 4 lines to sub [edi+000001A4],eax (so the inf money cheat applies to all enemies in game too.
cmp [edi+000001EC],0 //check if this is player
jne code //jump to original code if this is not player
sub [edi+000001A4],eax
push ebx
mov ebx,[edi+000001A4]
mov [edi+000001A4],eax
add [edi+000001A4],ebx // money wont decrease, adding spent money instead of deduct
pop ebx
jmp return

code:
mov [edi+000001A4],eax
jmp return

playeronlyflag:
dd 0 //cheat enable to all players by default


Inf_Money:
jmp newmem
nop
return:
registersymbol(Inf_Money)

[DISABLE]

Inf_Money:
db 89 87 A4 01 00 00

unregistersymbol(Inf_Money)
dealloc(newmem)
unregistersymbol(playeronlyflag)
Click to expand...
The code above doesn't work properly, it still applies cheat to Player Only no matter what flag is set.

is there anywhere incorrect? is it correct, the way i use newmem+4: on label for skipping lines?
Click to expand...
newmem+4 is the address of newmem plus 4 BYTES, not 4 lines of code.
 
squall0833

squall0833

Noobzor
#6
Mar 4, 2017
51
1
8
#6
jungletek post_id=23820 time=1510046070 user_id=9475 said:
squall0833 post_id=23818 time=1510045843 user_id=639 said:
Bloodybone post_id=18833 time=1506813778 user_id=7561 said:
Also if you wan't to jump in the Auto Assembler so if
cmp [ecx+08],1
je ???
cmp eax,eax
mov [ecx+14],(float)100

is your code you can add labels

Example:
Code: 
define(address,"Tutorial-i386.exe"+23B78)
define(bytes,8B 83 80 04 00 00)

[ENABLE]

assert(address,bytes)
alloc(newmem,$100)

label(code)
label(return)
label(jumpto)

newmem:

code:
  cmp [ecx+08],1
  je jumpto
  cmp eax,eax
  jmp return

jumpto:
  mov [ecx+14],(float)100
  jmp return

address:
  jmp newmem
  nop
return:

[DISABLE]

address:
  db bytes

dealloc(newmem)
Click to expand...

hello again @Bloodybone

i have some question, i saw somewhere that you can jmp to a label and skip few lines, what was it again?

for example my code below
[ENABLE]

aobscanmodule(Inf_Money,game.exe,89 87 A4 01 00 00 EB)
alloc(newmem,$1000)
registersymbol(playeronlyflag)


label(code)
label(return)
label(playeronlyflag)

newmem:
cmp [playeronlyflag],1 //check if playeronly is active
jne newmem+4 // im not sure if this is correct, what I want is jumping to newmem again but skip 4 lines to sub [edi+000001A4],eax (so the inf money cheat applies to all enemies in game too.
cmp [edi+000001EC],0 //check if this is player
jne code //jump to original code if this is not player
sub [edi+000001A4],eax
push ebx
mov ebx,[edi+000001A4]
mov [edi+000001A4],eax
add [edi+000001A4],ebx // money wont decrease, adding spent money instead of deduct
pop ebx
jmp return

code:
mov [edi+000001A4],eax
jmp return

playeronlyflag:
dd 0 //cheat enable to all players by default


Inf_Money:
jmp newmem
nop
return:
registersymbol(Inf_Money)

[DISABLE]

Inf_Money:
db 89 87 A4 01 00 00

unregistersymbol(Inf_Money)
dealloc(newmem)
unregistersymbol(playeronlyflag)
Click to expand...
The code above doesn't work properly, it still applies cheat to Player Only no matter what flag is set.

is there anywhere incorrect? is it correct, the way i use newmem+4: on label for skipping lines?
Click to expand...
newmem+4 is the address of newmem plus 4 BYTES, not 4 lines of code.
Click to expand...

Oh, I got it wrong, so is there a way to do that?

If there isn't any, then I have to write the flag different way.
 
jungletek

jungletek

Reality Bytes
Staff member
Shogun
#7
Oct 17, 2017
154
6
18
#7
Somebody already told you above...

Just define another label, and unless you have a globally declared playeronlyflag flag variable elsewhere, declare it here like so:
Code: 
[ENABLE]
aobscanmodule(Inf_Money,game.exe,89 87 A4 01 00 00 EB)
alloc(newmem,$1000)
globalalloc(playeronlyflag,1)

playeronlyflag:
  db 0 //Write a '0' byte to the playeronlyflag to initialize it after allocating. db writes a byte, dd 4 bytes, dq 8 bytes. A flag is (usually) a boolean (true/false, 1/0) so we only need a byte.

label(code)
label(return)
label(player)

newmem:
  cmp [edi+000001EC],0 //check if this is player
  jne code //jump to original code if this is not player
  cmp [playeronlyflag],1 //check if playeronly is active
  je player
  
code:
  mov [edi+000001A4],eax
  jmp return
  
player:
  sub [edi+000001A4],eax
  push ebx
  mov ebx,[edi+000001A4]
  mov [edi+000001A4],eax
  add [edi+000001A4],ebx // money wont decrease, adding spent money instead of deduct
  pop ebx
  jmp return

Inf_Money:
  jmp newmem
  nop
return:
registersymbol(Inf_Money)

[DISABLE]

Inf_Money:
  db 89 87 A4 01 00 00

unregistersymbol(Inf_Money)
unregistersymbol(playeronlyflag)
dealloc(newmem)
dealloc(playeronlyflag)
This should work if I understand what you're trying to do (it helps people like me to leave the auto-generated "surrounding code" at the bottom so we can see the original code flow, BTW). If you want to add a third 'state' that affects the enemies differently if it's enabled (the flag doesn't have to be treated like a boolean, it's actually a byte after all, so you can have up to 16 'states' (0x0-0xF)), just add another label and do a cmp [playeronlyflag],2 (for example) and jump to a different section via another label.

Makes more sense now?
 
squall0833

squall0833

Noobzor
#8
Mar 4, 2017
51
1
8
#8
yes, thanks

that really helped alot :)

i just need to find another fix value offset to identify player, the current 1EC seems like there is a small chance could change to different value
 
You must log in or register to reply here.