Array Ce

Cheats and Hacks:
[Purchase & Upgrade Minions for free]

Search for: d1 24 09 0c ?? 00 00 ??
Change to: d1 24 09 0c 27 00 00 47
Search for: 25 90 03 68 ?? ?? d0 25 90 03
Change to: 24 00 02 68 94 03 d0 24 00 02
[Invincibility]
Search for: d1 a1 68 ?? ?? 60 ?? ?? 24 00 27
Change to: 02 02 68 A5 0A 60 A5 0A 24 00 27
Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine

FAQFAQ SearchSearch MemberlistMemberlist UsergroupsUsergroups RegisterR
egister
ProfileProfile Log in to check your private messagesLog in to check your priv
ate messages Log inLog in
A Very In Depth Tutorial on Auto Assembler
Goto page 1, 2, 3, 4, 5, 6 Next

Post new topic Reply to topic Cheat Engine Forum Index -> Cheat Engine Tuto
rials -> Auto Assembler tutorials
View previous topic :: View next topic
Author Message
samuri25404
Grandmaster Cheater
Reputation: 2
Joined: 04 May 2007
Posts: 960
Location: Why do you care?
PostPosted: Wed Jun 13, 2007 11:55 am Post subject: A Very In Depth Tutorial
on Auto Assembler This post has 2 review(s) Reply with quote
------------------------------
Table of Contents
------------------------------
I. Introduction
II. Registers
II.a 32 Bit Registers
II.b 16 Bit Registers
III. Commands
III.a JMP
III.b MOV
III.c Push/Pop + The Stack
III.d alloc/label/registersymbol
III.e Call and Ret
III.f Others
IV. Array of Bytes
V. Conclusion
VI. Credits/Acknowledgements
BONUS: Writing a Script
------------------------------
I. Introduction
------------------------------
'Ello there, I assume one of two things because you're reading this.
1) You're trying to learn Auto Assembler (I won't call you a noob, because every
body has to start somewhere, right? =) )
or
2) You want to test your Auto Assembler knowledge (to an extent).
Now, if the first of the two is correct, then take each part slowly, and make su
re you understand a section before going on ahead.
Dark Byte wrote:
Most people think that AA is hard, but in fact, it's really quite easy.
Words from the creator of Cheat Engine himself.
If the second of the two is true, then I don't really have any advice for you, h
owever I do have a favor to ask. If you find something incorrect, or vague, or s
omething that you think I can redo better, PLEASE TELL ME. I am sitll in the pro
cess of learning myself! But wait, don't even ask, I can read your mind...
You wrote:
Why should I listen (or in this case, read) to/from someone who is still learnin
g?
Well, I'll tell you, my good friend. Although I'm still learning, I do know abou
t Auto Assembler, and I just thought it would be nice to share the knowledge tha
t I have with you. =)
Edit: This was written a long time ago, but I've learned a lot, and I've recheck
ed it.
Now, off we go... into the amazing world of the computer.....
------------------------------
II. Registers
------------------------------
Now you have probably seen these before in scripts, as they are VERY commonly us
ed. There are two types of Registers used, and I shall explain both in this guid
e.
---------------
II.a 32 Bit
---------------
First of all, I will explain how each register got its name, in order to possibl
y help you remember which is which. First of all, the E in front (if you notice
below, all of the 32 Bit Registers have an E in front) tells you that the regist
er is a 32 Bit Register. The A, B, C, and D, should become obvious after reading
the description. As should SI, DI, BP, SP, and IP. The X after EAX, EBX, ECX, a
nd EDX, is simply there to show that there are no more letters to put, kinda lik
e a NOP command (which you will read about later on). If you notice, there are t
hree letters in each of the 32 Bit Registers.
EAX: The Acculmulator register. It can also be used as storage.
EBX: Once upon a time, it was the base register, but now it's just free storage.

ECX: The Counting register. Once again, can also be used as storage.
EDX: The Data register. As with the last three, it can be used as storage.
ESI: The Source Index register. It is used as a pointer variable in strings, but
you shouldn't worry about that part right now. Can be used for storage.
EDI: The Destiny Index register. Once again, can be used as storage, and is a po
inter variable in strings, but don't worry about it.
EBP: The Base Pointer register. It temporarily store ESP, but can also be used a
s general storage.
ESP: The Source Pointer register. It points to registers and addresses on the st
ack (more on that later).
EIP: The Instruction Pointer register. Using this incorrectly can lead to a cras
h in whatever program you're trying to mess with.
---------------
II.b 16 Bit
---------------
The 16 Bit Registers are very similar to the 32 Bit Registers, save a couple thi
ngs. One of the things is that, instead of three letters, as the 32 Bit register
s have, they have two letters. There are also a couple more 16 Bit registers tha
n 32 Bit registers, but don't worry about them. 16 Bit registers probably won't
be used in our general purposes anyway.
AX: See EAX
BX: See EBX
CX: See ECX
DX: See EDX
SI: See ESI
DI: See EDI
BP: See EBP
SP: See ESP
IP: See EIP
---------------
And that's pretty much it on registers. If you want to learn more about register
s, then just go Google it. For most learners, however, this should suffice.
------------------------------
III. Commands
------------------------------
Now, what is a language without its functions or commands? Comparing this to Eng
lish, a command is like a word, and an opcode is like a sentence. For those that
don't know, an opcode is something simple, such as:
Code:
jmp 00123EAA
There are a couple things that you should know about Opcodes.
Firstly, there is always an address and/or a register involved in an opcode, as
well as the obvious command. An address is in Hex, which is short for Hexadecima
l. Hexadecimal is a numbering system with base 16. It's like the Decimal numberi
ng system, which has a base of ten.
Think about it this way. Our normal numbering system is decimal, which, as I sai
d above, is base 10. This means that we can not have a "10" in one column, rathe
r, it is placed in two. In Hexadecimal, you CAN have a 10 in one column--you can
have all the way up to 15 in one column. But you may be wondering about that fa
ct that 1 and 0 don't fit in one column still.
Calm down, though. In hexadecimal, the decimal 10 is replaced by A, the decimal
11 is replaced by B, and so forth up to F, which stands for 16. After that, it b
ecomes 10, then 11, up until 1F, and then it starts over at 20, and so forth. A
way to translate between these two, is to click on "Start" at the bottom left co
rner of your screen, then click the "Run" button, and type in "calc". Next, clic
k on view, and click on "Scientific", so that your calculator nearly doubles in
size, with many new functions (unless of course, it was already in "Scientific"
mode). Next, click on the numbering system that your original number is in. e.g
Click on "Hex" if you want to put 6AF0 into Decimal. Next, type in your number,
and then click on the system that you want to translate to. Voila, you have your
number translated!
Also, every address has an opcode and a number of bytes. The number of bytes cor
responds to what the opcode is, as every command takes up a certain number of by
tes. I know how many bytes some of the very common functions take up, but if you
want to know the number of bytes that each command takes up, you'll have to rel
y on someone else... preferably Google! =)
Lastly, something very handy is to "comment" something. To comment, all you do i
s put "//" after a command, or a space, and then type whatever you would like. I
f you don't type the "//" after a command or space, then the computer will think
that you're typing a command.
Now, on to what each command does...
---------------
III.a JMP
---------------
The JMP command is one of the most commonly used commands (around as common as t
he MOV command, which we will get to next). However, you don't see "JMP" nearly
as much as you see "MOV" in opcodes and scripts, because there are many variatio
ns to the JMP command. There are way too many to list, but some are listed below
.
JMP: Always jump to
JE/JZ: Jump to if equal
JNE/JNZ: Jump to if not equal
JA: Jump to if Above
JG: Jump to if Greater
JNA: Jump to if not Above
JNG: Jump to if not Greater
JB: Jump to if Below
JL: Jump to if Lower
JNB: Jump to if not Below
JNL: Jump to if not Lower
JAE: Jump to if Above or Equal
JGE: Jump to if Greater or Equal
JNAE: Jump to if not Above or Equal (i.e. JB)
JNGE: Jump to if not greater than or Equal (i.e. JL)
And you get the picture. Now this must seem confusing. "Jump to if greater", or
JG is one of the Conditional Jumps. A conditional jump is as its name implies, i
t jumps when a certain condition is met. Usually, there is a "CMP" or compare fu
nction above it--more on that later. That's pretty much it for JMP. On to...
---------------
III.b MOV
---------------
Now, as you read above, the MOV command is one of the most widely used commands,
because it is one of the most versatile. An example of MOV is below.
Code:
mov eax,ebx
What this means is "move the address that is stored at ebx into eax". Notice tha
t there is a comma that seperates the two registers, but no space. It may seem a
bit confusing at first, but it is really simple. Here is a better explanation.
"Mov" stands for "move". A register by itself means "the address stored within t
hat register". So basically, "Move, the address stored in ebx, into the address
of eax", which will overwrite whatever was in eax before, and completely erase i
ts existance. =D What you could relate this to is copying what is in ebx, and pa
sting it into eax.
Another form of mov is below.
Code:
mov eax,[ebx]
This means "move the VALUE of ebx into the address that is stored within eax". S
imply put, having the [brackets] around a register or address means the value of
what is in the register or address.
However, something that will not work is below.
Code:
mov [eax],[ebx]
WILL NOT WORK. REPEAT: THE CODE ABOVE WILL NOT WORK. You can not, repeat CAN NOT
move the value of one thing into the value of another thing. But don't take thi
s the wrong way--you can move the value of one thing indirectly into another thi
ng. ;) Refer to the code below.
Code:
push eax //Push eax onto the stack--we'll cover this later
mov eax,[0100200A] //Move the value of 0100200A into eax
mov [ebx],eax //Move eax (which is the value of 0100200A) into the value
of ebx
pop eax //Pop eax from the stack--once again, we'll cover this later
I believe that covers it for the MOV function. Onto...
---------------
III.c Push and Pop + The Stack
---------------
You saw above how I used the Push and Pop commands. But wait, I'm psychic... I c
an read your mind!
You wrote:
What does push and pop do? And what is the stack?
Ok, well as you saw above, after the "Push", I commented:
Code:
//Push eax onto the stack
This is basically just putting eax onto the stack. The Pop eax is basically taki
ng eax out of the stack. A very, VERY good explanation of the stack was written
by Skyone, from CEF, and I just couldn't live with myself if I didn't allow you
the pleasure of learning about it the way I did. ;)
Skyone wrote:
The stack is used to give a variable a blank value, and use it for storage. This
about it like this: You have a piece of paper that you are doing your homework
on, but then your friend calls you to tell you that you need to call Phil, where
his number is 555-6405. You panic, with nothing else to write on, you write it
on your homework sheet. After you hang up from talking to your friend, you now h
ave time to find your phone book so you can write down Phil's number. After writ
ing Phil's number in the phone book, you erase it from your homework, call Phil,
and continue on with the homework.
To push a value on to the stack is to "write down Phil's number on the homework.
" To pop it is to "transfer the number to a phone book, then erase it from the h
omework."
Next up...
---------------
III.d Alloc/Label/RegisterSymbol
---------------
I like to classify Auto Assembler scripts two ways.
1) The simple changing of an address
This is simply something like the code below.
Code:
[enable]
00ABC123:
mov eax,ebx
[disable]
00ABC123:
mov ebx,eax
All it really is doing is changing the opcode of the address 00ABC123.
But then there are very complicated scripts, much like the scripts for dICE or p
ID00. (I'm not gonna put one here, because it isn't really necessary to your lea
rning.
In the very complicated scripts, at the top you will see things (note how I didn
't use usually--in a complicated script there will be the functions "alloc", "la
bel", and sometimes "registersymbol".
````````````
Label
````````````
I believe the "label" function is the most important of the three. What it does
is allows the variable that you "label" to be used in your script, like below.
Code:
label(Continue)
AutoAssembler:
mov eax,02
cmp eax,03
jne Continue
je SayWhat
Continue:
//...
//...
SayWhat:
jmp 0 //insta-crash! =D
There are a few things to note in this script. First, this script is missing the
"alloc" functions, which I'll get into after this one.
Next, if you understand why I chose the label that corresponds to the "jne", the
n you're doing well.
Note that I use all of the labels that are defined in my script, otherwise it wo
uld not compile.
````````````
Alloc
````````````
Now, the "alloc" function. What it does is allocates (hence, alloc, allocate) X
amount of memory to your purpose. Now, this memory isn't just any old memory, th
is is unused memory that you can overwrite without running into problems. Now, a
s I said, it allocates X amount of memory. X is a variable that is a certain num
ber of bytes. 1024 bytes, or one kb (kilobyte) is usually enough for what you're
trying to accomplish. Now that we know about the alloc function, let me demonst
rate to you how to use it--and for now, let us just build upon what we have so f
ar.
Code:
alloc(AutoAssembler,1024)
alloc(SayWhat,1024)
label(Continue)
AutoAssembler:
mov eax,02
cmp eax,03
jne Continue
je SayWhat
Continue:
//...
SayWhat:
jmp 0
Notice how I don't do
Code:
label(AutoAssembler)
or
Code:
label(SayWhat)
because those are already defined in Cheat Engine's "dictionary," as we'll call
it.
````````````
RegisterSymbol
````````````
Lastly, the function "registersymbol". What this does, is allows you to add the
symbol that you register to your Cheat Table. Note, you still have to allocate m
emory for it. Let's try this in our script.
Code:
alloc(SayWhat,1024)
alloc(WooHoo,1024)
label(Continue)
registersymbol(WooHoo)
AutoAssembler:
mov eax,02
cmp eax,03
jne Continue
je SayWhat
Continue:
cmp eax,[WooHoo]
SayWhat:
jmp 0
````````````
Counterparts
````````````
Now, the last part of this mini-section: the counterparts.
There are two things that you can do with an Auto Assembler script. Firstly, you
can inject something. Secondly, you can add it to your Cheat Table. If you deci
de that you want to add it to your cheat table (which is how most scripts are no
wadays), then you need an enable and disable section of your code, like below.
Code:
[ENABLE]
alloc(SayWhat,1024)
alloc(WooHoo,1024)
label(Continue)
AutoAssembler:
mov eax,02
cmp eax,03
jne Continue
je SayWhat
Continue:
cmp eax,[WooHoo]
[DISABLE]
Now, as you noticed, there is nothing in the Disable section--but not for long!
;)
What you want to accomplish in the DISABLE section of your code, is to undo what
ever you did in the ENABLE section.
How you do this is to undo the allocating, and the registering of symbols. Now,
I feel a question coming on...
You wrote:
How do you do that?
Simple, my friend. Via the dealloc, and unregister symbol functions! Oh wait, an
other question,
"What about label?" you ask?
Well, there is nothing to undo label. =) That means that n the DISABLE section,
you drop almost half of the code from the beginning section! =)
So why don't we add what we've learned to the script?
Code:
[ENABLE]
alloc(SayWhat,1024)
alloc(WooHoo,1024)
label(Continue)
AutoAssembler:
mov eax,02
cmp eax,03
jne Continue
je SayWhat
Continue:
cmp eax,[WooHoo]
[DISABLE]
dealloc(AutoAssembler)
dealloc(SayWhat)
dealloc(WooHoo)
unregistersymbol(WooHoo)
Oh hey there... another question.
You wrote:
Why didn't you put the "1024"?
Well since the computer knows that you allocated 1024 bytes to AutoAssembler (le
t's just use this as an example), you only need to dealloc AutoAssembler, and it
knows to deallocate the whole 1024 bytes that were allocated to AutoAssembler.
(Sorry if this is a bit vague)
---------------
III.e Call and Ret
---------------
The Call function is very similar to the JMP function. The only difference is th
at it has a counterpart to get back to where it was before. A simple script util
izing these two functions is below.
Code:
mov [0100579C],10 //Move 10 into the value of the address
cmp [0100579C],0 //Compare it to 0
call NameGoesHere //Call, or JMP to NameGoesHere
jmp 01002FF5

NameGoesHere:
dec [0100579C] //Decrease the value of the address
cmp [0100579C],0 //Compare it to Zero
jne NameGoesHere //If it's not equal, jump back to the beginning of
//NameGoesHere, otherwise continue
ret //Go back to the code before, right after the call function
---------------
III.f Others
---------------
Now, obviously, there are many, many other functions in Auto Assembler, or else
it would be a VERY limited language.
I'll go ahead and define as many as I can. (Oh boy...)
`````
Nop
`````
Nop: I mentioned this earlier. This means "No Operation", and it basically cance
ls out what was there before it.
`````
Inc/Dec
`````
Inc: Increase by one. This increases the value of the register or addres by one.
Used as below.
Code:
inc eax
Dec: Decrease by one. Virtually the same as Inc.
`````
Add/Sub
`````
Add: Addition. Used as the script below.
Code:
add eax,02 //Add 2 to eax, and store the result in eax
Sub: Subtraction. Used like add.
`````
Lea
`````
This is a bit confusing, but here goes. Look at the script below.
Code:
mov eax,00123ABC
lea ebx,[eax+DEF]
If you couldn't tell, [eax+DEF] is a pointer. LEA is taking the address that is
being pointed at by [eax+DEF] and placing it (the address being pointed at) into
ebx.
`````
And/Or/Xor
`````
Ok, I haven't the slightest clue what "xor" means in English--many websites say
something along the lines of...
Them wrote:
I assume you understand how these logical operator behave.
If someone could define XOR in English for me, I would be most indebted. However
, I need no help explaining how they work in Assembly. ;)
First off, they all have the same syntax as the add, and sub commands--as in bel
ow.
Code:
and eax,ebx
In which eax and ebx can be anything. But no, it cannot be "my mom". -.-;
Back to the script. To process this, (yes I know we're not computers...) we have
to first give the two registers values. How about we give eax the value of 12,
and ebx the value of 27. Next, we change them to binary--the one's and zero's la
nguage. =O Is that a question?
You wrote:
But I do I change it from decimal to binary?
Simple my friend, just load up your good ol' friend the calculator, select decim
al and type in your number, then click the binary! Something to note, the calcul
ator does not allow you to put decimals, it simply rounds then changes to binary
.
I come up with:
Code:
EAX = 1100
&
EBX = 11011
Ok, now you remember back in Elementary school when we lined up our numbers to d
o arithmetic? Well let's do that here.
Code:
and eax,ebx
EAX = 1100
EBX = 11011
------------
Now, the AND instruction will give a 1 if both of the numbers are 1, otherwise i
t will give a zero. So let's check it out on this problem.
Code:
and eax,ebx
EAX = 01100 (added the zero just to make it easier)
EBX = 11011
-----------
01000
And now we change 01000 to decimal, and we get 8, which is stored into EAX.
Next, the OR function. Let's use our same scenario, just for the sake of ease.
Code:
or eax,ebx
EAX = 01100
EBX = 11011
-----------
Now, what the OR function does is the oppositte of the AND function. If both dig
its are 0, then it will produce a 0, otherwise it will produce a one.
Code:
or eax,ebx
EAX = 01100
EBX = 11011
------------
11111
We change 11111 to decimal, and we get 31, which is stored into EAX.
Lastly, the XOR function. Once again, let's use the same scenario.
Code:
xor eax,ebx
EAX = 01100
EBX = 11011
-----------
Ok, now the XOR function will return 0 if both digits have the same value, other
wise it will return a one.
Code:
xor eax,ebx
EAX = 01100
EBX = 11011
-----------
10111
We translate that to 23, and so 23 is stored into EAX. By the way, when writing
a script/code/whavever, you don't need to inclue the EAX = BlahBlahBlah, I was j
ust using it to show you how it worked.
`````
Well that's about all you need to know for commands! (Man that was long...) Onto
the next section...
------------------------------
IV. Array of Bytes
------------------------------
Ok, picture this. You've gotten your script and your addresses and you start hac
king. All's well. until... OH NO! A PATCH! But don't fret. Now you don't have to
worry about waiting for other people to post the new addresses!
You wrote:
I did? I don't recall doing that...
You didn't?!
Oh, you don't know how.
Alrighty, then, I'll tell you, my good friend.
1) Load up your Engine and attatch it to the game you are hacking.
2) Click on "Add Address Manually", which is above the right side of your Cheat
Table.
3) Click on the box next to what says "Address", and type in the Addresses of wh
os AOB's you want to get.
4) Click on the drop-down-arrow next to what says "Type" and choose Array of Byt
e.
5) Type in 8 as the number (or Nr.) of bytes.
6) Click ok. =)
Ok, now you have the Array of Bytes for your address. But how about after the pa
tch?
1) Load up your Engine and attatch it to the game that you want to hack.
2) Around the top of the middle area of the Engine should be a section of scanni
ng. Click on the drop-down-box by "Value Type" then choose Array of Bytes.
3) Now, type (or paste if you want, from a Notepad doccument), the Array of Byte
s into the Value section.
4) Click first scan, and an address should pop up. If an address doesn't pop up,
take a few bytes (the two letter/number segments) off of the end, and then sear
ch again.
Ok, you've got the address... now what do you do with it? Take the script that y
ou want to convert--let's just use the v.38 Maplestory God Mode script.
Code:
[ENABLE]
6803ec:
je 0068133e
[DISABLE]
6803ec:
jne 0068133e
So you have the new address. Delete the "6803EC" in the Enable and Disable secti
ons, and then paste your address. MAKE SURE THAT YOU LEAVE THE COLON ( : ) THERE
.
Well, that's it for the Array of Bytes...
------------------------------
V. Conclusion
------------------------------
...and that's pretty much it for the Auto Assembler tutorial! Hey wait, do I sen
se a question?
You wrote:
Was it really that easy? That's it? No more tricks or anything like that?
Nope, that really was it! Once again, I shall quote the creator of Cheat Engine.
..
"Most people think that ASM is really hard, but in fact, it's really quite simpl
e." ~Dark Byte himself
However, I have a mini-tut after this on writing a script, so stay tuned, folks!
You don't need to read the "Writing a Script" tutorial, as it is only Bonus, al
though I highly recommend it.
------------------------------
VI. Credits/Acknowledgements
------------------------------
There are a couple acknowledgements I would like to give, before giving the cred
its.
First, and foremost, Wizet, for creating Maplestory that I got so in to hacking.
; )
Second, Dark Byte, for creating the base of our hacking today, and for creating
the Tutorial for Cheat Engine. Hey, we all have to start somewhere!
Third, Sponge and Labyrnth for helping me with my scripts.
and Fourth, the creators of all the guides that I got my information from.
Thank you!
``````````
Credits
``````````
Note, that these are not in any order.
Scrbly's Tutorial on CodeInjection and AutoAssembler
Idogear's post on Basic Assembly
TheSorc3r3r's tutorial on Beginning Assembly Language
Skyone's Tutorial on Basic Assembly
M3KillU's tutorial on Array of Bytes
Renkokuken's Post on Register Sets
Vrunk's Tutorial on Allocated Memory
Dark Byte's Guide on Basic Assembler
Dark Byte's Guide on the registersymbol/unregistersymbol functions
Zhoul's "There's always more than 1 way to skin a cat"
Dark Byte's "Auto assembler scripts in cheat tables"
------------------------------
Bonus. Writing a Script
------------------------------
So you've read the tutorial, and you understand it fully, but you still want mor
e. I understand, as I felt like that once--unfortunately I don't believe there w
ere any tutorials on writing scripts when I needed them.
Code:
[ENABLE]
alloc(SayWhat,1024)
alloc(WooHoo,1024)
label(Continue)
AutoAssembler:
mov eax,02
cmp eax,03
jne Continue
je SayWhat
Continue:
cmp eax,[WooHoo]
SayWhat:
jmp 0
[DISABLE]
dealloc(SayWhat)
dealloc(WooHoo)
Remember this script from before? Well let's turn it into a full script, using a
lot of what we've learned.
Code:
[ENABLE]
alloc(SayWhat,1024)
alloc(WooHoo,1024)
label(Continue)
AutoAssembler:
mov eax,02
cmp eax,03
jne Continue
je SayWhat
Continue:
cmp eax,[WooHoo]
SayWhat:
jmp 0
[DISABLE]
dealloc(SayWhat)
dealloc(WooHoo)
Something that you NEED for a script, is an address in the actual memory of the
program that you're hacking. However, this can't be just any random address, or
something could happen that you don't want to happen (crash, maybe). This addres
s has to be related to your cause.
But why do we need an address? Well as I said before, the alloc function allocat
es UNUSED MEMORY, in the program to your function. Because this is UNUSED, the p
rogram does nothing to access this, and therefore, you have to MAKE IT access th
is.
There are a couple crucial things when messing with addresses. First, you MUST u
se the same ammount of bytes as the original opcode used. How do we tell the num
ber of bytes in an opcode? Simple. Look between the address and the opcode and t
here should be a bunch of segments of 2 letter/number combinations. These are ca
lled the Array of Bytes.
Something very helpful when meeting this need is the function "nop". As I explai
ned earlier, it means "no operation". All it does is take up a byte. Meaning, if
you don't use up all of the bytes, then you can fill in the remaining bytes wit
h 'nop's.
There are 3 scenarios you can encounter when filling in bytes. I have already de
scribed one, in which your code is smaller than the original code. Another of th
e last two scenarios is when you have exactly the same ammount of bytes as the o
riginal opcode, in which all is fine.
But the last of the scenarios is a bit confusing. This is the scenario in which
your code has more bytes than the original opcode. Now, what you have to do has
overwrite the NEXT address's opcode with your code, and do so forth until you ha
ve enough bytes.
Why don't we play with Minesweeper? I wrote a code a little while back while I w
as learning about writing scripts (I still am, but that was when I knew less).
Code:
[enable]
alloc(WhatNowMinesweeper,256) //Allocating...
alloc(ChiliDog,4)
label(ReturnHere)
registersymbol(ChiliDog) //Registering...
ChiliDog:
dd 0 //Just FYI, this is telling it that ChiliDog's value starts out at 0
01002FF5: //This is the address that writes to the time on MineSwee
per
jmp WhatNowMinesweeper //I rewrote the opcode to tell it to jmp to my
//script
nop //I fill in the last byte
ReturnHere: //I'll tell you about this later
WhatNowMinesweeper: //My actual code
push eax //Save eax, we could have trouble if we don't do this
mov eax,[ChiliDog] //Move the value of ChiliDog into eax
mov [0100579C],eax //Move eax, which is the value of ChiliDog, into the
//time
pop eax //Take eax out, because we're done editing it
jmp ReturnHere //Jmp to ReturnHere, I'll explain this later
[disable]
dealloc(WhatNowMinesweeper) //Deallocate the memory
dealloc(ChiliDog)
unregistersymbol(ChiliDog) //Unregister the symbol
01002FF5: //The address that we modified to jmp to my code
inc [0100579C] //The original opcode, to prevent a crash
Now, first thing's first. I told you that I would tell you about the "ReturnHere
" thing, and so I shall. Just so you know, a program processes what it is told t
o do in one opcode, then moves on to the next opcode, and so on. It's pretty muc
h like a never ending cycle. However, if we make a dead end, i.e. if the code ha
s no where else to go after the code, then the program will most likely crash. T
herefore, we redirect it out back right after the end of the address that we cha
nged, and therefore the code has a place to go--and we don't crash! =D
And that's pretty much it on writing a script. Please, feel free to ask question
s, and to comment on whether you liked it or not. =)
Last edited by samuri25404 on Fri Apr 04, 2008 6:38 pm; edited 3 times in total
Back to top
View user's profile Send private message
jeroendeman
Master Cheater
Reputation: 0
Joined: 03 Jan 2007
Posts: 270
Location: netherlands
PostPosted: Wed Jun 13, 2007 12:28 pm Post subject: Reply with quote
realy nice very good tut man i read something but i gonna read it al at home !!!
Back to top
Chi-Tur
How do I cheat?
Reputation: 0
Joined: 13 Jun 2007
Posts: 1
PostPosted: Wed Jun 13, 2007 4:59 pm Post subject: nice Reply with quote
nice tut man... helped a lot ... n' im a noob so ty alot Shocked Shocked
Back to top
ravicus
Master Cheater
Reputation: 0
Joined: 16 Dec 2006
Posts: 464
Just printed the whole thing off
+Rep Very Happy
_________________
Back to top
haha01haha01
Grandmaster Cheater Supreme
Reputation: 0
Joined: 15 Jun 2007
Posts: 1234
Location: http://www.SaviourFagFails.com/
PostPosted: Fri Jun 15, 2007 1:13 pm Post subject: wow nice! Reply with quote
wow man u amde realy hard work!
btw you indeed improved since that mine sweeper script couse this script wasnt e
ven working cheat engine say that at like 4 where u label whatsnowminesweeper it
is not defined in the script.
Back to top
View user's profile Send private message Send e-mail AIM Address Yahoo Messenge
r MSN Messenger
ICQ Number
DevilGilad
Grandmaster Cheater
Reputation: 0
Joined: 10 May 2007
Posts: 624
Location: Delete C:\WINDOWS folder and you'll be able to see me.
PostPosted: Fri Jun 15, 2007 11:17 pm Post subject: Reply with quote
I think it's the most helpfull AutoASM guide I have ever seen :}
_________________

ACTool -> From the start to pro Very Happy
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
ICQ Number
samuri25404
Grandmaster Cheater
Reputation: 2
Joined: 04 May 2007
Posts: 960
Location: Why do you care?
PostPosted: Sun Jun 17, 2007 1:11 pm Post subject: Reply with quote
what program are you talking about? o.o" I don't think that address is in very m
any programs because few use that much memory... o.o
Back to top
gianfun
Cheater
Reputation: 0
Joined: 20 Jun 2007
Posts: 25
Location: Here !
WOW - Amazing script.
i came here knowing nothing about AA, and this really helped me understand AA
thanks
_________________
be happy - hack
Back to top
jeroendeman
Master Cheater
Reputation: 0
Joined: 03 Jan 2007
Posts: 270
Location: netherlands
PostPosted: Thu Jun 21, 2007 11:22 am Post subject: Reply with quote
wtf tyvm for this tutorial now i know same basics from asm !!
_________________
R> hacker guild in windia pm me ur ign
Back to top
spedchyyz
Master Cheater
Reputation: 0
Joined: 16 Jun 2007
Posts: 268
Location: what ?
PostPosted: Thu Jun 21, 2007 11:28 am Post subject: nice Reply with quote
that was a very nice tut... easy to grasp Very Happy
_________________
Back to top
Flyte
Peanuts!!!!
Reputation: 6
Joined: 19 Apr 2006
Posts: 1889
Location: Canada
Calm down! In hexadecimal, the decimal 10 is replaced by A, the decimal 11 is re
placed by B, and so forth up to F, which stands for 15.
Back to top
Acim
Grandmaster Cheater Supreme
Reputation: 0
Joined: 04 Jun 2007
Posts: 1949
Location: If anyone has a GMS DK and they don't need it I'll have it!!
Thank you! Finally a good tut Very Happy
_________________
I'm alive and well, but I quit CEF for a while. Legitly playing since Novemberis
h 07. Starting hacking October 06.
Back to top
Arkas
How do I cheat?
Reputation: 0
Joined: 21 Jun 2007
Posts: 5
PostPosted: Sat Jun 23, 2007 10:28 am Post subject: Reply with quote
Normal OR will Be True if either value is true and if both values are true. XOR
will only be true if one of the values is true and the other one is False. If th
ey are both true or both false, then the XOR answer is false.
TRUE = 1
FALSE = 0
XOR - In English:
You want to read up on some new games, and check out the latest hacking scene, b
ut you don't want to browse any sites that deal with Hacking and games, or Game
hacking.
So you go to Google, and you search for "Hacking XOR Games"
Your result set will include: (Gaming Sites)
www_IGN_Com
www_GameSpot_com
It will also include: (Hacking Sites)
www_HackThePlanet_Com
www_Phrack_Org
But your result set WILL NOT Include: (Sites about Hacking Games)
www_CheatEngine_org
There it is, in English. And as an added bonus, the redirect on Hack The Planet
takes you to a great site that has nothing to do with Hacking or Planets.
Back to top
*CandyShop*
Grandmaster Cheater
Reputation: 0
Joined: 03 Apr 2007
Posts: 865
Location: Israel
PostPosted: Sat Jun 23, 2007 1:06 pm Post subject: Reply with quote
AX, BX, CX, DI, SI, etc. are 16 BIT registers.
EAX , EBX, ECX, EDI, ESI etc. are 32 BIT register. In 32 Bit it adds to all 16 B
it Regirsters the 'E' Letter. The 'E' letter means Extended.
What about explaning on Real Mode and Protected Mode maybe Interrupts too Wink
Back to top
C0dereality.Frost
Advanced Cheater
Reputation: 0
Joined: 28 May 2007
Posts: 61
PostPosted: Thu Jun 28, 2007 9:00 am Post subject: Reply with quote
mmmmm good tut Razz May i quote some of these points if i link back to here?
Back to top
View user's profile Send private message Yahoo Messenger
Display posts from previous:
Post new topic Reply to topic Cheat Engine Forum Index -> Cheat Engine Tuto
rials -> Auto Assembler tutorials All times are GMT - 6 Hours
Goto page 1, 2, 3, 4, 5, 6 Next
Page 1 of 6

Jump to:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
Powered by phpBB 2001, 2005 phpBB Group
CE Wiki IRC (#CEF)

Array Ce

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Array Ce

Hochgeladen von

Copyright:

Verfügbare Formate

Cheats and Hacks:

[Purchase & Upgrade Minions for free]

Das könnte Ihnen auch gefallen