Register for your free account! | Forgot your password?

Go Back   elitepvpers > Coders Den > C/C++
CE Step 9 [C++] CE Step 9
You last visited: Today at 05:00

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement


Advertise with us!

CE Step 9

Discussion on CE Step 9 within the C/C++ forum part of the Coders Den category.

Reply
 
Old   #1
 
elite*gold: 0
The Black Market: 1/0/0
Join Date: Dec 2017
Posts: 82
Received Thanks: 4
CE Step 9

Hello,

I was looking at this video

At the end, step 9, there is something I don't understand to make team 1 " invicible"
We add code like this :

cmp [ebx+10] 1
jne originalcode
fldz
jmp originalcode+5

original code:

mov [ebx+04],eax
fldz



What means the ebx ?
I understand that the 10 is the offset of team and that the 1 is our team.

But what does exactly mean ? We check team, if it's egual to our team we don't do anything ?
And if it's not our team, we do a jump by using "jne" to the original code, then it will attack as the originalcode say.
But why using jne, what is it ? Why not using jmp ?

And what does eax mean ?

Also is the 04 the offset of health ?

I understand that because we don't know what is fldz, we don't touch it.
But what we put a jump using "jmp" this time to the original code +5.

Why is he saying that it is 5 bytes jump ?

Sorry for all that question, i'm a beggining, and tried to learn more about CE to start.
You will probably take me for a ****** that doesn't understand anything
NotRealy is offline  
Old 12/26/2017, 01:10   #2
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Apr 2011
Posts: 363
Received Thanks: 167
ebx is an assembly register, it contains a memory direction. When you search what writes to HP value you get some assembly code that writes your desired address, that is the same for those who contains hp values in the game.
EBX + 4 points to HP value of any entity (you can set a breakpoint and check and the value of ebx won't be the same if you press button 1 / 2 / 3 / 4 because are different addresses, you need to find a way to check if is your team or is enemy team.
When you dissect data structure you found that your team id offset is 0xC, that offset is from HP address that if u remember in the assembly code is EBX+4+C -> EBX+10 is team id.

Now you can inject some code:
mov [ebx+04],eax
fldz

This code is responsible of removing life when you press the Attack button.
eax is the value of life you are removing from the entity's HP and fldz don't know but doesn't matter.

So we know how to get team id,
[ebx+10]
we can do something like this:

Assembly code:
cmp [ebx+10],1
jne originalcode
fldz

we compare that value (TEAM ID) with 1 -> OUR TEAM ID
jne -> conditional jump if NOT EQUAL jump.
If is our team we don't execute the original code, if not we do.


Our assembly code looks now like this:
0 cmp [ebx+10],1
1 jne originalcode
2 fldz
3 mov [ebx+04],eax //ORIGINAL CODE
4 fldz
5 jmp ...

you will notice if we don't take the jump (JNE) original code will be executed,
and we don't want that, we can fix that with a jump.
So where we jump?. simple count bytes of original code (5 bytes)



Assembly is hard at the begining
elmarcia is offline  
Thanks
1 User
Old 12/26/2017, 14:15   #3
 
elite*gold: 0
The Black Market: 1/0/0
Join Date: Dec 2017
Posts: 82
Received Thanks: 4
Thank you for taking time to explain to me, it's already a little clearer.

But there is something I still don't understand, why the jmp originalcode+5...
Why do we count 5 bytes ?
Sorry, but I still don't undersand that.

The code we just change, where does it go ? Before the original code ?
Then why do we count +5 after the original code ?
NotRealy is offline  
Old 12/26/2017, 16:07   #4
 
elite*gold: 100
The Black Market: 1/0/0
Join Date: Apr 2008
Posts: 860
Received Thanks: 1,487
originalcode is a label holding the address of the location marked in red. This is where the codecave came from. The marked disassembly is 5 bytes long and does the part of reducing the players health. In order to make the players invicible, we need to jump behind the code marked in red (aka. skip it). We don't know what address that is, but we know originalcode is right before it, and originalcode+5 is where this code ends.
florian0 is offline  
Thanks
1 User
Old 12/26/2017, 16:27   #5
 
elite*gold: 0
The Black Market: 1/0/0
Join Date: Dec 2017
Posts: 82
Received Thanks: 4
Quote:
Originally Posted by florian0 View Post
originalcode is a label holding the address of the location marked in red. This is where the codecave came from. The marked disassembly is 5 bytes long and does the part of reducing the players health. In order to make the players invicible, we need to jump behind the code marked in red (aka. skip it). We don't know what address that is, but we know originalcode is right before it, and originalcode+5 is where this code ends.
Thank you,

anyway before trying uderstanding this, I think I should learn basic memory things, I don't even know what exactly are assembly register, codecave, disassembly, address and other.

Because i'm sure you are explaining this really well, but I really can't understand what you are saying if I don't know what means the specific words you are using
NotRealy is offline  
Old 01/03/2018, 21:06   #6
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Jan 2018
Posts: 43
Received Thanks: 4
originalcode is right before it, and originalcode+5 is where this code ends.
Is4kqq is offline  
Reply

« Problem | AutoPatcher For Game »

Similar Threads Similar Threads
Multi-Client for 4312(step by step included)
08/30/2008 - CO2 Exploits, Hacks & Tools - 253 Replies
Some might notice the fact that TQ really tried to prevent multiclient in patch 4312.. :eek: they packed the new conquer.exe using UPX so that we can't just hex-edit the new exe as usual anymore.. :o some have found out ways to direct hex edit but it causes day, time at top left corner disappear etc. if u post a screenshot(of coz on official forum) without day/time, ppl will know u use multi client.. :x to solve this, we need to unpack it before we can edit the exe as usual. since new...
BEGINNERS "STEP BY STEP" SECURITY GUIDE
05/09/2008 - Kal Online - 4 Replies
www.hnc3k.com/stepbystephacktute.htm
Step by Step Explanation
05/09/2008 - Lineage 2 - 1 Replies
Could someone from whom the l2walker runs give a step by step information about what he does to get the Walker running. Thnx Alot
Step by step guide on how to install Softmod
06/20/2007 - SRO Guides & Templates - 23 Replies
i posted this in the proper section but with the delay it will take a while for it to show up, so ill post in this section also. this is a step by step guide on how to install and use the softmod from this site, if this helps you please +K :) if at the end of this you still have questions, ask away. http://img.photobucket.com/albums/v627/lx_juan_xl /step1.png



All times are GMT +1. The time now is 05:00.

elitepvpers - play less, get more - Top

Powered by vBulletin®
Copyright ©2000 - 2026, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2026 elitepvpers All Rights Reserved.