Memory Hacking Software

[Coffeeman]

Okay in cheatengine i make my auto assembler script

as soon as i check the box next to my script

[ENABLE]
00bb937A:
mov edx,5
mov [edi],edx
jmp 00663583


[DISABLE]
00bb937A:
mov [edi],edx
jmp 00663583

it as always auto injects to my cave code wich is as stated above 00bb937A just as simple as that

Well spiro told me if i wanted to do it simular to cheat engine

http://www.memoryhacking.com/forums/vie ... highlight=

"On the main window hit Insert, add a value at address 0x00bb937A.
Double-click it in the main list.
Modify its Auto-Assembly code to match what you wrote.
Click Use Auto-Assemble for Locking.
Hit Okay."

Well i do all that but dosent seem like anything is getting injected

i went to the address 00bb937A is still says add [eax],al when i looked up the adress instead of


00bb937A mov edx,5
xxxxxxxx mov [edi],edx
xxxxxxxx jmp 00663583

so basicly after im done i Click Use Auto-Assemble for Locking.
Hit Okay." its still not injecting, what am i doing wrong.

ps the reason i wanna use MHS cause its seem to be less bugger in some games then cheatengine, im still learning.

[L. Spiro]

Use FULLACCESS( 0x00BB937A, 32 ) in the script.


L. Spiro

[Coffeeman]

Ty buddy yeah that was me lesbianlover dont ask me lol. I will try that out. See what i do is this game has a small or big how ever you wanna call it cheat detection.

so basicly i right my script simular to cheatengine

[ENABLE]
00bb937A:
mov edx,5
mov [edi],edx
jmp 00663583


[DISABLE]
00bb937A:
mov [edi],edx
jmp 00663583

You can tell that mov [edi],edx is the address im changing say it was 008345DA mov [edi],edx

Well I inject

[ENABLE]
00bb937A:
mov edx,5
mov [edi],edx
jmp 00663583
wich of course injects the code to my cave

i then take 008345DA mov [edi],edx change eip register at 00bb937A
and i can get infinty say afturburn with out getting banned. Its the only way i know otherwise i will get suspended.

one more question so i dont make lil post

on To change the EIP register without injecting code will involve a hardware breakpoint and a Breakpoint Script. The help file explains this.

Is there a way i can add that to my script the change EIP then enter my cave code, or do i have to do it all in 2 steps. Ive tried to change registers but it says something like Registers can only be modifyed while single stepping with debugger or something like that. Injecting is fine i just wanna put it all together. I know you hate hearing about ce this ce that but it was so easy to change register with on click.

But MHS is teaching me alot more i tell you that much.

[L. Spiro]

If you can inject code, just change EIP via JMP.


L. Spiro

[Coffeeman]

FULLACCESS( 0x00BB937A, 32 )

[ENABLE]
mov edx,5
mov [edi],edx
jmp 00663583


ty buddy worked like a charm, im kind of starting to understand

thats the last thing how would i go about that to change EIP via JMP

okay say 00662ddF mov [edi],edx i wanna change the eip register at address 00662ddF to my cave code (00BB937A)

[L. Spiro]

0x00662DDF :
JMP 00BB937Ah


L. Spiro

[Coffeeman]

okay im soaking all this in okay these are the real address

FULLACCESS(0x00BB937A,32)

[Global]
MOV esi,5
jmp 0090865C

0x00663581:
JMP 00BB937Ah

so how to i add the 0x00663581:
JMP 00BB937Ah with the stuff at top to make it all work. I can see how MHS is a good learning tool, wouldent get this at alot of other memory editors

[spunge]

okay im soaking all this in okay these are the real address

FULLACCESS(0x00BB937A,32)

[Global]
MOV esi,5
jmp 0090865C

0x00663581:
JMP 00BB937Ah

so how to i add the 0x00663581:
JMP 00BB937Ah with the stuff at top to make it all work. I can see how MHS is a good learning tool, wouldent get this at alot of other memory editors

Just in case anyone is wondering what FULLACCESS is doing... it is most likely a VirtualProtectEx call, setting the memory in that region to PAGE_READWRITE_EXECUTE.

change [global] to your codecave and make sure you jump back at the correct spot. Also make sure you nop residual bytes.

[L. Spiro]

so how to i add the 0x00663581:
JMP 00BB937Ah with the stuff at top to make it all work. I can see how MHS is a good learning tool, wouldent get this at alot of other memory editors

I have no idea.
You have posted incomplete and changing segments of the code everywhere and I have no global idea of how it is supposed to look.


L. Spiro

[Coffeeman]

Sorry for the global, i read what it was for and i dont usally use disable command unless maby there is a gm. Lets start over this is what i do in CE




I make my script like that and check the box

It injects the enable code to my cave code with is as stated above 00bb937A


I go to the original address not my cave code to where the code is im changing wich is 00663581 mov [edi],edx

I click on it,change register then tick eip box and input my cave code 00bb937A

Basicly i wanna do all this same stuff but with MHS.exe not CE

i got the ce like script down and how to activate it

FULLACCESS(0x00BB937A,32)


[ENABLE]
00bb937A:
mov edx,5
mov [edi],edx
jmp 00663583


[DISABLE]
00bb937A:
mov [edi],edx
jmp 00663583

works like a charm

Now after that i wanna 00663581 change register EIP to 00bb937A

so for the change eip register to cave code you told me to

0x00663581:
JMP 00BB937Ah

How do i add that part in the right script or code format for MHS

[spunge]

Code: Select all


[Enable]
FULLACCESS( 0x00BB937A, 32 )

0x00BB937A:
mov edx,5
mov [edi],edx
je 0066358Eh
mov ecx, edi
jmp 00663587h

0x00663581:
JMP 00BB937Ah
nop

[disable]
0x00663581:
mov [edi],edx
je 0066358Eh
mov ecx, edi

If its a code cave don't need to do shit to it.

[Coffeeman]

TY spunge sorry for being such a nub, im learning alot. I didnt mean to have my post all over the place. I will try it out.

grr problem now is when i add

FULLACCESS(0x00BB937A,32)

it keeps telling me

Failed to change protection on address 00bb937A it was working fine yesterday.