CE Step 9

Hello,

I was looking at this video

At the end, step 9, there is something I don't understand to make team 1 " invicible"
We add code like this :

cmp [ebx+10] 1
jne originalcode
fldz
jmp originalcode+5

original code:

mov [ebx+04],eax
fldz



What means the ebx ?
I understand that the 10 is the offset of team and that the 1 is our team.

But what does exactly mean ? We check team, if it's egual to our team we don't do anything ?
And if it's not our team, we do a jump by using "jne" to the original code, then it will attack as the originalcode say.
But why using jne, what is it ? Why not using jmp ?

And what does eax mean ?

Also is the 04 the offset of health ?

I understand that because we don't know what is fldz, we don't touch it.
But what we put a jump using "jmp" this time to the original code +5.

Why is he saying that it is 5 bytes jump ?

Sorry for all that question, i'm a beggining, and tried to learn more about CE to start.
You will probably take me for a retard that doesn't understand anything :feelsbadman:

ebx is an assembly register, it contains a memory direction. When you search what writes to HP value you get some assembly code that writes your desired address, that is the same for those who contains hp values in the game.
EBX + 4 points to HP value of any entity (you can set a breakpoint and check and the value of ebx won't be the same if you press button 1 / 2 / 3 / 4 because are different addresses, you need to find a way to check if is your team or is enemy team.
When you dissect data structure you found that your team id offset is 0xC, that offset is from HP address that if u remember in the assembly code is EBX+4+C -> EBX+10 is team id.

Now you can inject some code:
mov [ebx+04],eax
fldz

This code is responsible of removing life when you press the Attack button.
eax is the value of life you are removing from the entity's HP and fldz don't know but doesn't matter.

So we know how to get team id,
[ebx+10]
we can do something like this:
[Only registered and activated users can see links. Click Here To Register...]
Assembly code:
cmp [ebx+10],1
jne originalcode
fldz

we compare that value (TEAM ID) with 1 -> OUR TEAM ID
jne -> conditional jump if NOT EQUAL jump.
If is our team we don't execute the original code, if not we do.


Our assembly code looks now like this:
0 cmp [ebx+10],1
1 jne originalcode
2 fldz
3 mov [ebx+04],eax //ORIGINAL CODE
4 fldz
5 jmp ...

you will notice if we don't take the jump (JNE) original code will be executed,
and we don't want that, we can fix that with a jump.
So where we jump?. simple count bytes of original code (5 bytes)

[Only registered and activated users can see links. Click Here To Register...]

Assembly is hard at the begining

Thank you for taking time to explain to me, it's already a little clearer.

But there is something I still don't understand, why the jmp originalcode+5...
Why do we count 5 bytes ?
Sorry, but I still don't undersand that.

The code we just change, where does it go ? Before the original code ?
Then why do we count +5 after the original code ?

originalcode is a label holding the address of the location marked in red. This is where the codecave came from. The marked disassembly is 5 bytes long and does the part of reducing the players health. In order to make the players invicible, we need to jump behind the code marked in red (aka. skip it). We don't know what address that is, but we know originalcode is right before it, and originalcode+5 is where this code ends.

Quote:

Originally Posted by florian0 originalcode is a label holding the address of the location marked in red. This is where the codecave came from. The marked disassembly is 5 bytes long and does the part of reducing the players health. In order to make the players invicible, we need to jump behind the code marked in red (aka. skip it). We don't know what address that is, but we know originalcode is right before it, and originalcode+5 is where this code ends.

Thank you,

anyway before trying uderstanding this, I think I should learn basic memory things, I don't even know what exactly are assembly register, codecave, disassembly, address and other.

Because i'm sure you are explaining this really well, but I really can't understand what you are saying if I don't know what means the specific words you are using

originalcode is right before it, and originalcode+5 is where this code ends.