Trying again to make a script for Cogmind. Need help.

[Lord Blade]

Hello all. So I suck at this whole script thing. Normally I just search for values each time I start a new session, which gets tedious.



So I've got Cogmind, which I'm trying to work out a proper script for. A while back I got some help and got one thing done, which was for the tracing value (when you're hacking terminals, so you don't set off an alarm and get locked out).



Now, I'm trying to get a script for the overall alert value (called Influence) which basically as it increases gets more sentries and squads sent your way. So you want to keep it locked at 0, so that you don't have to worry about all those death squads.



So I've done the "what accesses" bit, and found the line of code that seems to be the one I want.

In the code list it's showing as COGMIND.exe+1B2CEE Code:mov [eax],edx



How exactly do I now turn that into a script again? It's been a while.

I tried looking at the existing script, but honestly I can't even really remember how I got that done (I basically had someone hand holding me every step). :p

Can someone please help me?

[GreenHouse]

If that instruction only gets what you want, then just change [B]mov [eax],edx[/B] to [B]mov [eax],#0[/B] or [B](float)0[/B]. Depending on the type of value.

[Lord Blade]

But how exactly should the script be written out? Can you show me that?

As I said, I'm looking at the script I already have, but I'm still confused as to how to put it together.



I've been sat here reading online tutorials, and most of it just goes way over my head. lol

[automerge]1591028933[/automerge]

[CODE]{ Game : COGMIND.exe

Version:

Date : 2020-06-01

Author : Adam Taylor



This script does blah blah blah

}



[ENABLE]



aobscanmodule(Influence,COGMIND.exe,89 10 83 3D 4C BA B0 00 00) // should be unique

alloc(newmem,$1000)



label(code)

label(return)



newmem:



code:

mov [eax],edx

cmp dword ptr [COGMIND.exe+70BA4C],00

jmp return



INJECT:

jmp newmem

nop 4

return:

registersymbol(INJECT)



[DISABLE]



INJECT:

db 89 10 83 3D 4C BA B0 00 00



unregistersymbol(INJECT)

dealloc(newmem)



{

// ORIGINAL CODE - INJECTION POINT: "COGMIND.exe"+1B2CEE



"COGMIND.exe"+1B2CC9: C7 45 FC FF FF FF FF - mov [ebp-04],FFFFFFFF

"COGMIND.exe"+1B2CD0: 8D 4D D4 - lea ecx,[ebp-2C]

"COGMIND.exe"+1B2CD3: E8 38 2B 28 00 - call COGMIND.exe+435810

"COGMIND.exe"+1B2CD8: 83 7D D0 00 - cmp dword ptr [ebp-30],00

"COGMIND.exe"+1B2CDC: 74 05 - je COGMIND.exe+1B2CE3

"COGMIND.exe"+1B2CDE: E9 86 00 00 00 - jmp COGMIND.exe+1B2D69

"COGMIND.exe"+1B2CE3: 8B 4D CC - mov ecx,[ebp-34]

"COGMIND.exe"+1B2CE6: 8B 11 - mov edx,[ecx]

"COGMIND.exe"+1B2CE8: 03 55 08 - add edx,[ebp+08]

"COGMIND.exe"+1B2CEB: 8B 45 CC - mov eax,[ebp-34]

// ---------- INJECTING HERE ----------

"COGMIND.exe"+1B2CEE: 89 10 - mov [eax],edx

"COGMIND.exe"+1B2CF0: 83 3D 4C BA B0 00 00 - cmp dword ptr [COGMIND.exe+70BA4C],00

// ---------- DONE INJECTING ----------

"COGMIND.exe"+1B2CF7: 74 62 - je COGMIND.exe+1B2D5B

"COGMIND.exe"+1B2CF9: 8B 0D 4C BA B0 00 - mov ecx,[COGMIND.exe+70BA4C]

"COGMIND.exe"+1B2CFF: 89 4D C8 - mov [ebp-38],ecx

"COGMIND.exe"+1B2D02: 83 7D C8 02 - cmp dword ptr [ebp-38],02

"COGMIND.exe"+1B2D06: 74 08 - je COGMIND.exe+1B2D10

"COGMIND.exe"+1B2D08: 83 7D C8 05 - cmp dword ptr [ebp-38],05

"COGMIND.exe"+1B2D0C: 74 28 - je COGMIND.exe+1B2D36

"COGMIND.exe"+1B2D0E: EB 4B - jmp COGMIND.exe+1B2D5B

"COGMIND.exe"+1B2D10: 83 7D 08 05 - cmp dword ptr [ebp+08],05

"COGMIND.exe"+1B2D14: 7E 1E - jle COGMIND.exe+1B2D34

}[/CODE]



Okay, so I can get this far. But then my eyes go crossed and my brain hurts. lol

[GreenHouse]

Like I said, change mov [eax],edx to mov [eax],#0.

[Lord Blade]

So you mean this:



code:

mov [eax],edx

cmp dword ptr [COGMIND.exe+70BA4C],00

jmp return



Should be:



code:

mov [eax],#0

cmp dword ptr [COGMIND.exe+70BA4C],00

jmp return





Would making that change and saving the script work for me be able to just turn it on and off with the checkbox?

[VampTY]

It can work as [B][COLOR=rgb(163, 143, 132)]GreenHouse[/COLOR][/B] mentioned, only if that address access only that, try it, it might work or not!You can also put a [COLOR=rgb(226, 80, 65)][B]//[/B][/COLOR] in front of [COLOR=rgb(41, 105, 176)] [B]mov [eax],edx[/B][/COLOR][COLOR=rgb(0, 0, 0)][B], [/B]like[/COLOR][COLOR=rgb(41, 105, 176)][B]:[/B][/COLOR]



[COLOR=rgb(71, 85, 119)]// [/COLOR][B][COLOR=rgb(71, 85, 119)]mov [eax],edx[/COLOR]



[COLOR=rgb(124, 112, 107)][U]Or it can be[/U][/COLOR][COLOR=rgb(71, 85, 119)] :[/COLOR]



[COLOR=rgb(65, 168, 95)][B]mov [eax],0[/B][/COLOR][/B]

[COLOR=rgb(65, 168, 95)][B]mov [eax],#0

mov [eax],(float)0[/B][/COLOR]

[B][COLOR=rgb(65, 168, 95)][B]mov [eax],(int)0[/B][/COLOR][/B]





[COLOR=rgb(0, 0, 0)][B]Well, i was curious about what this game is and since i don't own it, i've downloaded beta 9.4 [old version] and played for about 3 mins[/B].[/COLOR]



THESE WON'T WORK ON YOUR VERSION [or who knows!]...just to see how it might be, like some example.



[COLOR=rgb(226, 80, 65)][B]ENERGY[/B][/COLOR]

[CODE][ENABLE]

aobscanmodule(energy,COGMIND.exe,89 82 8C 00 00 00 C7 85)

alloc(newmem,$100)

label(return)

newmem:

mov [edx+8C],3E7

jmp return

energy:

jmp newmem

nop

return:

registersymbol(energy)

[DISABLE]

energy:

db 89 82 8C 00 00 00

unregistersymbol(energy)

dealloc(newmem)[/CODE]



[B][COLOR=rgb(226, 80, 65)]TIME[/COLOR][/B]

[CODE][ENABLE]

aobscanmodule(time,COGMIND.exe,89 08 8B 4D 08 C7)

alloc(newmem,$100)

label(return)

newmem:

mov [eax],0

mov ecx,[ebp+08]

jmp return

time:

jmp newmem

return:

registersymbol(time)

[DISABLE]

time:

db 89 08 8B 4D 08

unregistersymbol(time)

dealloc(newmem)[/CODE]



[COLOR=rgb(147, 101, 184)][I]Sorry for not properly helping, i don't have the game, perhaps this might help you in a way![/I][/COLOR]

[Lord Blade]

I seem to have it working! Huzzah!

Thanks to both of you for your help. I really suck at this. lol