Absolute beginner: Your first ammo script

Section's for general approaches on hacking various options in games. No online-related discussions/posts OR warez!
User avatar
TheyCallMeTim13
Administration
Administration
Posts: 1480
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 738

Re: Absolute beginner: Your first ammo script

Post by TheyCallMeTim13 »

Lord Blade wrote:
Tue Feb 18, 2020 2:34 am
So having it set up as you showed would basically stop the tracking from working then? How do you know how many 90's you need?
I'm still confused with all this stuff. :p
You just want to replace the original instruction. And the original MOV is 6 bytes long, thus 6 NOPs.

User avatar
Lord Blade
Expert Cheater
Expert Cheater
Posts: 832
Joined: Thu Mar 09, 2017 7:52 am
Reputation: 55

Re: Absolute beginner: Your first ammo script

Post by Lord Blade »

I think I get it.

User avatar
Lord Blade
Expert Cheater
Expert Cheater
Posts: 832
Joined: Thu Mar 09, 2017 7:52 am
Reputation: 55

Re: Absolute beginner: Your first ammo script

Post by Lord Blade »

So, I tried it and the script seems to work great.

Now my question is how do you know what the change is supposed to be?
Meaning how do you know to change this:

Code: Select all

aobscanmodule(Tracking,COGMIND.exe,FC FF FF 89 82 88 00 00 00 C7) // should be unique
alloc(Tracking,$1000)

label(return)

Tracking:

mov [edx+00000088],eax
jmp return

Tracking+03:
jmp Tracking
nop
return:
registersymbol(Tracking)

[DISABLE]

Tracking+03:
db 89 82 88 00 00 00

unregistersymbol(Tracking)
dealloc(Tracking)
Into this:

Code: Select all

aobscanmodule(Tracking,COGMIND.exe,FC FF FF 89 82 88 00 00 00 C7) // should be unique
Tracking+03:
  db 90 90 90 90 90 90
registersymbol(Tracking)

[DISABLE]
Tracking+03:
  db 89 82 88 00 00 00

unregistersymbol(Tracking)
Because the tutorials I found didn't really explain much.

User avatar
Lord Blade
Expert Cheater
Expert Cheater
Posts: 832
Joined: Thu Mar 09, 2017 7:52 am
Reputation: 55

Re: Absolute beginner: Your first ammo script

Post by Lord Blade »

So I have a similar thing the overall alert level in the game (which goes up when stuff happens to draw attention, like you shooting or enemies spotting you).

Code: Select all

{ Game   : COGMIND.exe
  Version: 
  Date   : 2020-02-18
  Author : Adam Taylor

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(Alert,COGMIND.exe,89 10 83 3D BC 27 AF 00 00) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:

code:
  mov [eax],edx
  cmp dword ptr [COGMIND.exe+6F27BC],00
  jmp return

Alert:
  jmp newmem
  nop 4
return:
registersymbol(Alert)

[DISABLE]

Alert:
  db 89 10 83 3D BC 27 AF 00 00

unregistersymbol(Alert)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "COGMIND.exe"+1A5F1E

"COGMIND.exe"+1A5EF9: C7 45 FC FF FF FF FF  -  mov [ebp-04],FFFFFFFF
"COGMIND.exe"+1A5F00: 8D 4D D4              -  lea ecx,[ebp-2C]
"COGMIND.exe"+1A5F03: E8 98 AB 27 00        -  call COGMIND.exe+420AA0
"COGMIND.exe"+1A5F08: 83 7D D0 00           -  cmp dword ptr [ebp-30],00
"COGMIND.exe"+1A5F0C: 74 05                 -  je COGMIND.exe+1A5F13
"COGMIND.exe"+1A5F0E: E9 86 00 00 00        -  jmp COGMIND.exe+1A5F99
"COGMIND.exe"+1A5F13: 8B 4D CC              -  mov ecx,[ebp-34]
"COGMIND.exe"+1A5F16: 8B 11                 -  mov edx,[ecx]
"COGMIND.exe"+1A5F18: 03 55 08              -  add edx,[ebp+08]
"COGMIND.exe"+1A5F1B: 8B 45 CC              -  mov eax,[ebp-34]
// ---------- INJECTING HERE ----------
"COGMIND.exe"+1A5F1E: 89 10                 -  mov [eax],edx
"COGMIND.exe"+1A5F20: 83 3D BC 27 AF 00 00  -  cmp dword ptr [COGMIND.exe+6F27BC],00
// ---------- DONE INJECTING  ----------
"COGMIND.exe"+1A5F27: 74 62                 -  je COGMIND.exe+1A5F8B
"COGMIND.exe"+1A5F29: 8B 0D BC 27 AF 00     -  mov ecx,[COGMIND.exe+6F27BC]
"COGMIND.exe"+1A5F2F: 89 4D C8              -  mov [ebp-38],ecx
"COGMIND.exe"+1A5F32: 83 7D C8 02           -  cmp dword ptr [ebp-38],02
"COGMIND.exe"+1A5F36: 74 08                 -  je COGMIND.exe+1A5F40
"COGMIND.exe"+1A5F38: 83 7D C8 05           -  cmp dword ptr [ebp-38],05
"COGMIND.exe"+1A5F3C: 74 28                 -  je COGMIND.exe+1A5F66
"COGMIND.exe"+1A5F3E: EB 4B                 -  jmp COGMIND.exe+1A5F8B
"COGMIND.exe"+1A5F40: 83 7D 08 05           -  cmp dword ptr [ebp+08],05
"COGMIND.exe"+1A5F44: 7E 1E                 -  jle COGMIND.exe+1A5F64
}
So I get this far, but the code at the start looks different. The other code for the tacking stuff showed up as Tracking+03, but this isn't showing the same.

User avatar
TheyCallMeTim13
Administration
Administration
Posts: 1480
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 738

Re: Absolute beginner: Your first ammo script

Post by TheyCallMeTim13 »

Lord Blade wrote:
Tue Feb 18, 2020 7:31 pm
...

Basically it sounds like you just need to zero the value, you could just use a MOV (i.e.: mov edx,0). But I tend to use XOR (i.e.: xor edx,edx), it's just less bytes. And basically if you xor any number by it self it will always be zero (i.e.: 100 xor 100 = 0).

Code: Select all

{ Game   : COGMIND.exe
  Version: 
  Date   : 2020-02-18
  Author : Adam Taylor

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(Alert,COGMIND.exe,89 10 83 3D BC 27 AF 00 00) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:

code:
  xor edx,edx // xor any number by it self and it will always be zero. So this just zeros the value.
  // mov edx,(int)100 // use this if the value decreases as alert level increases and set it to what the game's value is.
  mov [eax],edx
  cmp dword ptr [COGMIND.exe+6F27BC],00
  jmp return

Alert:
  jmp newmem
  nop 4
return:
registersymbol(Alert)

[DISABLE]

Alert:
  db 89 10 83 3D BC 27 AF 00 00

unregistersymbol(Alert)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "COGMIND.exe"+1A5F1E

"COGMIND.exe"+1A5EF9: C7 45 FC FF FF FF FF  -  mov [ebp-04],FFFFFFFF
"COGMIND.exe"+1A5F00: 8D 4D D4              -  lea ecx,[ebp-2C]
"COGMIND.exe"+1A5F03: E8 98 AB 27 00        -  call COGMIND.exe+420AA0
"COGMIND.exe"+1A5F08: 83 7D D0 00           -  cmp dword ptr [ebp-30],00
"COGMIND.exe"+1A5F0C: 74 05                 -  je COGMIND.exe+1A5F13
"COGMIND.exe"+1A5F0E: E9 86 00 00 00        -  jmp COGMIND.exe+1A5F99
"COGMIND.exe"+1A5F13: 8B 4D CC              -  mov ecx,[ebp-34]
"COGMIND.exe"+1A5F16: 8B 11                 -  mov edx,[ecx]
"COGMIND.exe"+1A5F18: 03 55 08              -  add edx,[ebp+08]
"COGMIND.exe"+1A5F1B: 8B 45 CC              -  mov eax,[ebp-34]
// ---------- INJECTING HERE ----------
"COGMIND.exe"+1A5F1E: 89 10                 -  mov [eax],edx
"COGMIND.exe"+1A5F20: 83 3D BC 27 AF 00 00  -  cmp dword ptr [COGMIND.exe+6F27BC],00
// ---------- DONE INJECTING  ----------
"COGMIND.exe"+1A5F27: 74 62                 -  je COGMIND.exe+1A5F8B
"COGMIND.exe"+1A5F29: 8B 0D BC 27 AF 00     -  mov ecx,[COGMIND.exe+6F27BC]
"COGMIND.exe"+1A5F2F: 89 4D C8              -  mov [ebp-38],ecx
"COGMIND.exe"+1A5F32: 83 7D C8 02           -  cmp dword ptr [ebp-38],02
"COGMIND.exe"+1A5F36: 74 08                 -  je COGMIND.exe+1A5F40
"COGMIND.exe"+1A5F38: 83 7D C8 05           -  cmp dword ptr [ebp-38],05
"COGMIND.exe"+1A5F3C: 74 28                 -  je COGMIND.exe+1A5F66
"COGMIND.exe"+1A5F3E: EB 4B                 -  jmp COGMIND.exe+1A5F8B
"COGMIND.exe"+1A5F40: 83 7D 08 05           -  cmp dword ptr [ebp+08],05
"COGMIND.exe"+1A5F44: 7E 1E                 -  jle COGMIND.exe+1A5F64
}

User avatar
Lord Blade
Expert Cheater
Expert Cheater
Posts: 832
Joined: Thu Mar 09, 2017 7:52 am
Reputation: 55

Re: Absolute beginner: Your first ammo script

Post by Lord Blade »

So, I'm trying that code you listed, but I keep getting errors. Like while scanning AOB Alert, not all found and such.

User avatar
TheyCallMeTim13
Administration
Administration
Posts: 1480
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 738

Re: Absolute beginner: Your first ammo script

Post by TheyCallMeTim13 »

Lord Blade wrote:
Fri Feb 21, 2020 1:53 am
So, I'm trying that code you listed, but I keep getting errors. Like while scanning AOB Alert, not all found and such.
That's the AOB you posted, so it sounds like the game got an update since then. You'll just have to find the injection point again, and then try to zero the registry.

darkh2o
What is cheating?
What is cheating?
Posts: 2
Joined: Thu Sep 10, 2020 2:54 pm
Reputation: 0

Re: Absolute beginner: Your first ammo script

Post by darkh2o »

So I guess I qualify as the absolute beginner. I have been able to find the address I need to stop or change a timer. I followed this guide to try to make a CT file so I dont have to look for the address on every game launch.
I seem to get lost after the script creation. After the script is made how do I export as a CT file? Did I miss that part?

*Edit* I figured it out.

Post Reply

Who is online

Users browsing this forum: No registered users