level 6
拿5.6改6.2教程有木有,露个脸。。。
2013年05月10日 11点05分
level 1
第一种方案--给自己人加血,对手直接死
..............................................................
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit) newmem: //this is allocated memory, you have read,write,execute access
//place your code here cmp [ebx+10],1
je exit originalcode:
fsubr dword ptr [ebx+04]
fstp dword ptr [e
bp
-30]
jmp returnhere
exit:
fadd dword ptr[ebx+04]
fstp dword ptr[ebp-30]
jmp returnhere "Tutorial-i386.exe"+2509D:
jmp newmem
nop
returnhere: ..........................................................
第二种方案--自己人不减血,对手直接死
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit) newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp [ebx+10],1
je exit originalcode:
mov [ebx+04],eax
fldz
jmp returnhere exit:
nop
fldz
jmp returnhere "Tutorial-i386.exe"+250C6:
jmp newmem
returnhere:
............................
第三种方案:给自己人加满血,对手全死亡(最无敌的代码) //Made by svchost with Cheat Engine 6.2 RC 1
//4th May, 2012 [ENABLE]
alloc(StoreHealthAddress,2048)
label(StoreHealthAddressReturn)
alloc(WriteHealthAddress,2048)
label(WriteHealthAddressReturn) globalalloc(Player1_Dave,4)
globalalloc(Player2_Eric,4)
globalalloc(Enemy1_Hal,4)
globalalloc(Enemy2_Kitt,4) label(WriteOrignal)
label(IsPlayer1_Dave)
label(IsPlayer2_Eric)
label(IsEnemy1_Hal)
label(IsEnemy2_Kitt)
//----------------------------------------
// Read And Store Address For Later Comparison
//---------------------------------------- //At "tutorial-i386.exe"+2504C address, ebx is constant for Health Address Calculation
"tutorial-i386.exe"+2504C:
jmp StoreHealthAddress
nop
nop
nop
nop
nop
nop
StoreHealthAddressReturn: StoreHealthAddress: //From below I calculated Manually Health Address
//And stored at the Custom Address
//Note:-For Health address, add 4 to it. eg.add [Player1_Dave],4
//means value at the [Player1_Dave] is the Health Address. push ecx
mov ecx,[ebx+49C] // Offset->49C Player1
mov [Player1_Dave],ecx
pop ecx push ecx
mov ecx,[ebx+4A0] // Offset->4A0 Player2
mov [Player2_Eric],ecx
pop ecx push ecx
mov ecx,[ebx+4A4] // Offset->4A4 Enemy1
mov [Enemy1_Hal],ecx
pop ecx push ecx
mov ecx,[ebx+4A8] // Offset->4A8 Enemy2
mov [Enemy2_Kitt],ecx
pop ecx //From below it is orignal code at the "tutorial-i386.exe"+2504C
mov ebx,eax
mov esi,edx
mov [ebp-3C],00000000
jmp StoreHealthAddressReturn
//----------------------------------------
// Write Address
//----------------------------------------
//At this Address Friendly as well as Enemy Health is Decreasing
"Tutorial-i386.exe"+250C6:
jmp WriteHealthAddress
WriteHealthAddressReturn:
//Now I'm checking the Health address For each player seperately.
WriteHealthAddress:
cmp ebx,[Player1_Dave]
je IsPlayer1_Dave cmp ebx,[Player2_Eric]
je IsPlayer2_Eric cmp ebx,[Enemy1_Hal]
je IsEnemy1_Hal cmp ebx,[Enemy2_Kitt]
je IsEnemy2_Kitt jmp WriteOrignal
jmp WriteHealthAddressReturn //---------------------------------- IsPlayer1_Dave:
mov [ebx+04],(float)99999
fldz
jmp WriteHealthAddressReturn IsPlayer2_Eric:
mov [ebx+04],(float)99999
fldz
jmp WriteHealthAddressReturn IsEnemy1_Hal:
mov [ebx+04],(float)0
fldz
jmp WriteHealthAddressReturn IsEnemy2_Kitt:
mov [ebx+04],(float)0
fldz
jmp WriteHealthAddressReturn //---------------------------------- WriteOrignal:
mov [ebx+04],eax
fldz
jmp WriteHealthAddressReturn
[DISABLE]
dealloc(StoreHealthAddress)
"tutorial-i386.exe"+2504C:
movebx,eax
movesi,edx
mov [ebp-3C],00000000 dealloc(WriteHealthAddress)
"Tutorial-i386.exe"+250C6:
mov [ebx+04],eax
fldz .................................................................
地址:Tutorial-i386.exe+250C6
2013年06月24日 19点06分
7
..............................................................
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit) newmem: //this is allocated memory, you have read,write,execute access
//place your code here cmp [ebx+10],1
je exit originalcode:
fsubr dword ptr [ebx+04]
fstp dword ptr [e
bp
-30]
jmp returnhere
exit:
fadd dword ptr[ebx+04]
fstp dword ptr[ebp-30]
jmp returnhere "Tutorial-i386.exe"+2509D:
jmp newmem
nop
returnhere: ..........................................................
第二种方案--自己人不减血,对手直接死
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit) newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp [ebx+10],1
je exit originalcode:
mov [ebx+04],eax
fldz
jmp returnhere exit:
nop
fldz
jmp returnhere "Tutorial-i386.exe"+250C6:
jmp newmem
returnhere:
............................
第三种方案:给自己人加满血,对手全死亡(最无敌的代码) //Made by svchost with Cheat Engine 6.2 RC 1
//4th May, 2012 [ENABLE]
alloc(StoreHealthAddress,2048)
label(StoreHealthAddressReturn)
alloc(WriteHealthAddress,2048)
label(WriteHealthAddressReturn) globalalloc(Player1_Dave,4)
globalalloc(Player2_Eric,4)
globalalloc(Enemy1_Hal,4)
globalalloc(Enemy2_Kitt,4) label(WriteOrignal)
label(IsPlayer1_Dave)
label(IsPlayer2_Eric)
label(IsEnemy1_Hal)
label(IsEnemy2_Kitt)
//----------------------------------------
// Read And Store Address For Later Comparison
//---------------------------------------- //At "tutorial-i386.exe"+2504C address, ebx is constant for Health Address Calculation
"tutorial-i386.exe"+2504C:
jmp StoreHealthAddress
nop
nop
nop
nop
nop
nop
StoreHealthAddressReturn: StoreHealthAddress: //From below I calculated Manually Health Address
//And stored at the Custom Address
//Note:-For Health address, add 4 to it. eg.add [Player1_Dave],4
//means value at the [Player1_Dave] is the Health Address. push ecx
mov ecx,[ebx+49C] // Offset->49C Player1
mov [Player1_Dave],ecx
pop ecx push ecx
mov ecx,[ebx+4A0] // Offset->4A0 Player2
mov [Player2_Eric],ecx
pop ecx push ecx
mov ecx,[ebx+4A4] // Offset->4A4 Enemy1
mov [Enemy1_Hal],ecx
pop ecx push ecx
mov ecx,[ebx+4A8] // Offset->4A8 Enemy2
mov [Enemy2_Kitt],ecx
pop ecx //From below it is orignal code at the "tutorial-i386.exe"+2504C
mov ebx,eax
mov esi,edx
mov [ebp-3C],00000000
jmp StoreHealthAddressReturn
//----------------------------------------
// Write Address
//----------------------------------------
//At this Address Friendly as well as Enemy Health is Decreasing
"Tutorial-i386.exe"+250C6:
jmp WriteHealthAddress
WriteHealthAddressReturn:
//Now I'm checking the Health address For each player seperately.
WriteHealthAddress:
cmp ebx,[Player1_Dave]
je IsPlayer1_Dave cmp ebx,[Player2_Eric]
je IsPlayer2_Eric cmp ebx,[Enemy1_Hal]
je IsEnemy1_Hal cmp ebx,[Enemy2_Kitt]
je IsEnemy2_Kitt jmp WriteOrignal
jmp WriteHealthAddressReturn //---------------------------------- IsPlayer1_Dave:
mov [ebx+04],(float)99999
fldz
jmp WriteHealthAddressReturn IsPlayer2_Eric:
mov [ebx+04],(float)99999
fldz
jmp WriteHealthAddressReturn IsEnemy1_Hal:
mov [ebx+04],(float)0
fldz
jmp WriteHealthAddressReturn IsEnemy2_Kitt:
mov [ebx+04],(float)0
fldz
jmp WriteHealthAddressReturn //---------------------------------- WriteOrignal:
mov [ebx+04],eax
fldz
jmp WriteHealthAddressReturn
[DISABLE]
dealloc(StoreHealthAddress)
"tutorial-i386.exe"+2504C:
movebx,eax
movesi,edx
mov [ebp-3C],00000000 dealloc(WriteHealthAddress)
"Tutorial-i386.exe"+250C6:
mov [ebx+04],eax
fldz .................................................................
地址:Tutorial-i386.exe+250C6
本层是6。2版本,第九关的通关注入代码。
2013年06月24日 19点06分