[Resolved] 4*8+6 Auto-Assembly Code
4*8+6 Auto-Assembly Code Posted on: 01/08/2014 7:27am
Quote Post

Title says it all, I got the most recent version of CE a couple of weeks ago and I completely forgot I had added 4*8+6 to the value type and I forgot where to find the post on the forums where someone posted it a while back. If someone would be so kind to link me to the that post or give me the code here directly, I'd really appreciate it!




MOEKTAZO!
RE: 4*8+6 Auto-Assembly Code Posted on: 01/08/2014 9:28am
Quote Post

May try this

alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(UsesFloat,1)

TypeName:
db 'Old Flash 8*4b + 6',0

ByteSize:
dd 4

UsesFloat:
db 0

label(_valid)

ConvertRoutine:
[64-bit]
mov  eax,[rcx]
[/64-bit]

[32-bit]
push ebp
mov  ebp,esp
mov  eax,[ebp+8]
mov  eax,[eax]
[/32-bit]
// ==== convert start
push ebx
mov  bl, al    // save last byte to test last 3 bit later
shr  eax, 3    // this is result eax if original eax have last 3bit == 6
and  bl, 0x7
cmp  bl, 6
je   _valid //
// the original eax is not in form of 8*4b + 6, so replace result eax with -1,
// so that the searcher will reject this address (the value to search should not be -1)
xor  eax,eax
dec  eax // eax <= -1
_valid:
pop  ebx
// ==== convert end
[32-bit]
pop  ebp
ret  4
[/32-bit]

[64-bit]
ret
[/64-bit]

ConvertBackRoutine:
[64-bit]
push eax
mov  eax,ecx
[/64-bit]

[32-bit]
push ebp
mov  ebp,esp
push eax
push ebx
mov  eax,[ebp+8]
mov  ebx,[ebp+0c]
[/32-bit]
// ==== convert back start
// simply x8 +6
shl  eax, 3
add  eax, 6
// ==== convert back end
[32-bit]
mov [ebx],eax
pop  ebx
pop  eax
pop  ebp
ret  8
[/32-bit]

[64-bit]
mov  [rdx],eax
pop  eax
ret
[/64-bit]



ctrl-right-click on the dropdown list of value type, define new custom type (auto assembler), then paste the script.
It will cause access violation (@ce v6.2) if enter new value on left address list, but ok for selected address in lower panel.
Not really test if it work ok in both 32-bit and 64-bit process.

bye~




No +karma or thanks post please,
we shall exchange appreciation via telepathy ;)
 

RE: 4*8+6 Auto-Assembly Code Posted on: 01/18/2014 7:57pm
Quote Post

Thanks a lot haenawolf, I'll be sure to give it a try later. Sorry for not responding sooner, haven't been online a lot lately.




MOEKTAZO!
RE: 4*8+6 Auto-Assembly Code Posted on: 02/14/2014 2:53am
Quote Post
disgruntled old man

TNC pointed this out to me awhile ago, but did you know that you can just type in "your_value*8+6" into CE with the 4 bytes Value type and it'll search it?




New to Kong Hack and want to learn the basics? Check out the [Kong Hack 101] and the [Hacking 101].
Wanna learn how we make the hacks? Start with getting [the tools], then check these out: [AoB tutorial] | [.sol guide] | [Unity3d tutorial] | kadat's [video tutorials]
And if you don't already have it, check out the [Kong Hack Ultra Trainer]. You'll be glad you did!
RE: 4*8+6 Auto-Assembly Code Posted on: 02/14/2014 4:48am
Quote Post

Wow, really? I had absolutely no idea that CE was capable of doing that. Thanks for the tip gates!




MOEKTAZO!
RE: 4*8+6 Auto-Assembly Code Posted on: 05/04/2014 12:51pm
Quote Post
gates Posted on: 02/13/2014 9:53pm

TNC pointed this out to me awhile ago, but did you know that you can just type in "your_value*8+6" into CE with the 4 bytes Value type and it'll search it?



I had no idea either, thanks for the tip!