Absolute beginner: Your first ammo script

Section's for general approaches on hacking various options in games. No online-related discussions/posts OR warez!
User avatar
TheyCallMeTim13
Administration
Administration
Posts: 1727
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 690

Re: Absolute beginner: Your first ammo script

Post by TheyCallMeTim13 » Tue Feb 18, 2020 11:15 am

Lord Blade wrote:
Tue Feb 18, 2020 2:34 am
So having it set up as you showed would basically stop the tracking from working then? How do you know how many 90's you need?
I'm still confused with all this stuff. :p
You just want to replace the original instruction. And the original MOV is 6 bytes long, thus 6 NOPs.
CE wiki - Tutorials CE wiki - Auto Assembler Basics - CE wiki - Lua Basics If it's not a Personal Message don't PM me, use the forum. I ignore PMs that should be asked on the forum.

User avatar
Lord Blade
Expert Cheater
Expert Cheater
Posts: 819
Joined: Thu Mar 09, 2017 7:52 am
Reputation: 52

Re: Absolute beginner: Your first ammo script

Post by Lord Blade » Tue Feb 18, 2020 6:08 pm

I think I get it.

User avatar
Lord Blade
Expert Cheater
Expert Cheater
Posts: 819
Joined: Thu Mar 09, 2017 7:52 am
Reputation: 52

Re: Absolute beginner: Your first ammo script

Post by Lord Blade » Tue Feb 18, 2020 6:45 pm

So, I tried it and the script seems to work great.

Now my question is how do you know what the change is supposed to be?
Meaning how do you know to change this:

Code: Select all

aobscanmodule(Tracking,COGMIND.exe,FC FF FF 89 82 88 00 00 00 C7) // should be unique
alloc(Tracking,$1000)

label(return)

Tracking:

mov [edx+00000088],eax
jmp return

Tracking+03:
jmp Tracking
nop
return:
registersymbol(Tracking)

[DISABLE]

Tracking+03:
db 89 82 88 00 00 00

unregistersymbol(Tracking)
dealloc(Tracking)
Into this:

Code: Select all

aobscanmodule(Tracking,COGMIND.exe,FC FF FF 89 82 88 00 00 00 C7) // should be unique
Tracking+03:
  db 90 90 90 90 90 90
registersymbol(Tracking)

[DISABLE]
Tracking+03:
  db 89 82 88 00 00 00

unregistersymbol(Tracking)
Because the tutorials I found didn't really explain much.

User avatar
Lord Blade
Expert Cheater
Expert Cheater
Posts: 819
Joined: Thu Mar 09, 2017 7:52 am
Reputation: 52

Re: Absolute beginner: Your first ammo script

Post by Lord Blade » Tue Feb 18, 2020 7:31 pm

So I have a similar thing the overall alert level in the game (which goes up when stuff happens to draw attention, like you shooting or enemies spotting you).

Code: Select all

{ Game   : COGMIND.exe
  Version: 
  Date   : 2020-02-18
  Author : Adam Taylor

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(Alert,COGMIND.exe,89 10 83 3D BC 27 AF 00 00) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:

code:
  mov [eax],edx
  cmp dword ptr [COGMIND.exe+6F27BC],00
  jmp return

Alert:
  jmp newmem
  nop 4
return:
registersymbol(Alert)

[DISABLE]

Alert:
  db 89 10 83 3D BC 27 AF 00 00

unregistersymbol(Alert)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "COGMIND.exe"+1A5F1E

"COGMIND.exe"+1A5EF9: C7 45 FC FF FF FF FF  -  mov [ebp-04],FFFFFFFF
"COGMIND.exe"+1A5F00: 8D 4D D4              -  lea ecx,[ebp-2C]
"COGMIND.exe"+1A5F03: E8 98 AB 27 00        -  call COGMIND.exe+420AA0
"COGMIND.exe"+1A5F08: 83 7D D0 00           -  cmp dword ptr [ebp-30],00
"COGMIND.exe"+1A5F0C: 74 05                 -  je COGMIND.exe+1A5F13
"COGMIND.exe"+1A5F0E: E9 86 00 00 00        -  jmp COGMIND.exe+1A5F99
"COGMIND.exe"+1A5F13: 8B 4D CC              -  mov ecx,[ebp-34]
"COGMIND.exe"+1A5F16: 8B 11                 -  mov edx,[ecx]
"COGMIND.exe"+1A5F18: 03 55 08              -  add edx,[ebp+08]
"COGMIND.exe"+1A5F1B: 8B 45 CC              -  mov eax,[ebp-34]
// ---------- INJECTING HERE ----------
"COGMIND.exe"+1A5F1E: 89 10                 -  mov [eax],edx
"COGMIND.exe"+1A5F20: 83 3D BC 27 AF 00 00  -  cmp dword ptr [COGMIND.exe+6F27BC],00
// ---------- DONE INJECTING  ----------
"COGMIND.exe"+1A5F27: 74 62                 -  je COGMIND.exe+1A5F8B
"COGMIND.exe"+1A5F29: 8B 0D BC 27 AF 00     -  mov ecx,[COGMIND.exe+6F27BC]
"COGMIND.exe"+1A5F2F: 89 4D C8              -  mov [ebp-38],ecx
"COGMIND.exe"+1A5F32: 83 7D C8 02           -  cmp dword ptr [ebp-38],02
"COGMIND.exe"+1A5F36: 74 08                 -  je COGMIND.exe+1A5F40
"COGMIND.exe"+1A5F38: 83 7D C8 05           -  cmp dword ptr [ebp-38],05
"COGMIND.exe"+1A5F3C: 74 28                 -  je COGMIND.exe+1A5F66
"COGMIND.exe"+1A5F3E: EB 4B                 -  jmp COGMIND.exe+1A5F8B
"COGMIND.exe"+1A5F40: 83 7D 08 05           -  cmp dword ptr [ebp+08],05
"COGMIND.exe"+1A5F44: 7E 1E                 -  jle COGMIND.exe+1A5F64
}
So I get this far, but the code at the start looks different. The other code for the tacking stuff showed up as Tracking+03, but this isn't showing the same.

User avatar
TheyCallMeTim13
Administration
Administration
Posts: 1727
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 690

Re: Absolute beginner: Your first ammo script

Post by TheyCallMeTim13 » Tue Feb 18, 2020 9:07 pm

Lord Blade wrote:
Tue Feb 18, 2020 7:31 pm
...

Basically it sounds like you just need to zero the value, you could just use a MOV (i.e.: mov edx,0). But I tend to use XOR (i.e.: xor edx,edx), it's just less bytes. And basically if you xor any number by it self it will always be zero (i.e.: 100 xor 100 = 0).

Code: Select all

{ Game   : COGMIND.exe
  Version: 
  Date   : 2020-02-18
  Author : Adam Taylor

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(Alert,COGMIND.exe,89 10 83 3D BC 27 AF 00 00) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:

code:
  xor edx,edx // xor any number by it self and it will always be zero. So this just zeros the value.
  // mov edx,(int)100 // use this if the value decreases as alert level increases and set it to what the game's value is.
  mov [eax],edx
  cmp dword ptr [COGMIND.exe+6F27BC],00
  jmp return

Alert:
  jmp newmem
  nop 4
return:
registersymbol(Alert)

[DISABLE]

Alert:
  db 89 10 83 3D BC 27 AF 00 00

unregistersymbol(Alert)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "COGMIND.exe"+1A5F1E

"COGMIND.exe"+1A5EF9: C7 45 FC FF FF FF FF  -  mov [ebp-04],FFFFFFFF
"COGMIND.exe"+1A5F00: 8D 4D D4              -  lea ecx,[ebp-2C]
"COGMIND.exe"+1A5F03: E8 98 AB 27 00        -  call COGMIND.exe+420AA0
"COGMIND.exe"+1A5F08: 83 7D D0 00           -  cmp dword ptr [ebp-30],00
"COGMIND.exe"+1A5F0C: 74 05                 -  je COGMIND.exe+1A5F13
"COGMIND.exe"+1A5F0E: E9 86 00 00 00        -  jmp COGMIND.exe+1A5F99
"COGMIND.exe"+1A5F13: 8B 4D CC              -  mov ecx,[ebp-34]
"COGMIND.exe"+1A5F16: 8B 11                 -  mov edx,[ecx]
"COGMIND.exe"+1A5F18: 03 55 08              -  add edx,[ebp+08]
"COGMIND.exe"+1A5F1B: 8B 45 CC              -  mov eax,[ebp-34]
// ---------- INJECTING HERE ----------
"COGMIND.exe"+1A5F1E: 89 10                 -  mov [eax],edx
"COGMIND.exe"+1A5F20: 83 3D BC 27 AF 00 00  -  cmp dword ptr [COGMIND.exe+6F27BC],00
// ---------- DONE INJECTING  ----------
"COGMIND.exe"+1A5F27: 74 62                 -  je COGMIND.exe+1A5F8B
"COGMIND.exe"+1A5F29: 8B 0D BC 27 AF 00     -  mov ecx,[COGMIND.exe+6F27BC]
"COGMIND.exe"+1A5F2F: 89 4D C8              -  mov [ebp-38],ecx
"COGMIND.exe"+1A5F32: 83 7D C8 02           -  cmp dword ptr [ebp-38],02
"COGMIND.exe"+1A5F36: 74 08                 -  je COGMIND.exe+1A5F40
"COGMIND.exe"+1A5F38: 83 7D C8 05           -  cmp dword ptr [ebp-38],05
"COGMIND.exe"+1A5F3C: 74 28                 -  je COGMIND.exe+1A5F66
"COGMIND.exe"+1A5F3E: EB 4B                 -  jmp COGMIND.exe+1A5F8B
"COGMIND.exe"+1A5F40: 83 7D 08 05           -  cmp dword ptr [ebp+08],05
"COGMIND.exe"+1A5F44: 7E 1E                 -  jle COGMIND.exe+1A5F64
}
CE wiki - Tutorials CE wiki - Auto Assembler Basics - CE wiki - Lua Basics If it's not a Personal Message don't PM me, use the forum. I ignore PMs that should be asked on the forum.

User avatar
Lord Blade
Expert Cheater
Expert Cheater
Posts: 819
Joined: Thu Mar 09, 2017 7:52 am
Reputation: 52

Re: Absolute beginner: Your first ammo script

Post by Lord Blade » Fri Feb 21, 2020 1:53 am

So, I'm trying that code you listed, but I keep getting errors. Like while scanning AOB Alert, not all found and such.

User avatar
TheyCallMeTim13
Administration
Administration
Posts: 1727
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 690

Re: Absolute beginner: Your first ammo script

Post by TheyCallMeTim13 » Fri Feb 21, 2020 11:42 pm

Lord Blade wrote:
Fri Feb 21, 2020 1:53 am
So, I'm trying that code you listed, but I keep getting errors. Like while scanning AOB Alert, not all found and such.
That's the AOB you posted, so it sounds like the game got an update since then. You'll just have to find the injection point again, and then try to zero the registry.
CE wiki - Tutorials CE wiki - Auto Assembler Basics - CE wiki - Lua Basics If it's not a Personal Message don't PM me, use the forum. I ignore PMs that should be asked on the forum.

Post Reply

Who is online

Users browsing this forum: No registered users