[Tutorial]How to convert ASM script to C++

[francesco149]

Oh nevermind i just got it to work. I just had to make it jump to UA return addy wich is UA Addy +5.

[Nerrazzuri]

Yes, that's right, but keep in mind that not every hack will return the address of + 5.

[royalsymbol]

Create variables for the address that will be edited in the script.

Code: Select all

DWORD dwInstantDropAddy = 0x00af0dd0;

Declare a variable that will hold the bytes when the hack is enabled.

Code: Select all

BYTE Enabledbytes[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};

Declare a variable that will hold the bytes when the hack is disabled.

Code: Select all

BYTE Disabledbytes[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x8f, 0x40};

I look at your other tutorial from http://forums.xemectrum.net/viewtopic.p ... 650#p21651,
It has
static infront of

Code: Select all

BYTE Enabledbytes[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};

and static infront of

Code: Select all

DWORD dwInstantDropAddy = 0x00af0dd0;

,

whats the difference whether or not if we put static?


Is this how it looked like if we put it at Trainer.CPP from http://forums.xemectrum.net/viewtopic.p ... 650#p21651 ?

Code: Select all

#include "Trainer.h"

BOOL WriteAddress(__in LPVOID lpcvBase, __in LPCVOID lpcvWriteValue, __in size_t uSize)
{
	DWORD old_protection = 0;

	__try 
	{  
		if(VirtualProtect(lpcvBase, uSize, PAGE_READWRITE, &old_protection)) 
		{
			memcpy_s(lpcvBase, uSize, lpcvWriteValue, uSize);
			VirtualProtect(lpcvBase, uSize, old_protection, &old_protection);
		}
		else
			return FALSE;
	}  
	__except(EXCEPTION_EXECUTE_HANDLER) 
	{		
		return FALSE;
	}
	return TRUE;
}

	#define jmp(frm, to) (int)(((int)to - (int)frm) - 5);
	DWORD g_dwBook = 0x0095d048, g_dwBooKRet = g_dwBook + 5;
	char  g_szBookMem[5];
	__declspec(naked) void __stdcall MonsterBook()
{
    __asm
    {
         mov eax,5
         jmp dword ptr [g_dwBookRet]
    }
}


VOID MonsterBookHack(__in BOOL bEnable) // This first line is exact line as in cheats.h.
	{
     memcpy(g_szBookMem, (void*)g_dwBook, 5);//copy clean memory
     if(bEnable)
	 {
          *(BYTE*)  g_dwBook = 0xe9; // 0xe9 = jmp
          *(DWORD*)(g_dwBook + 1) = jmp(g_dwBook, MonsterBook); // jmp to cave
     }
     else
     {
           memcpy( (void*)g_dwBook, g_szBookMem, 5);//copy the original bytes back to the address
     }
}

Well, it says 'g_dwBookRet' was undefined.

[Nerrazzuri]

Create variables for the address that will be edited in the script.

Code: Select all

DWORD dwInstantDropAddy = 0x00af0dd0;

Declare a variable that will hold the bytes when the hack is enabled.

Code: Select all

BYTE Enabledbytes[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};

Declare a variable that will hold the bytes when the hack is disabled.

Code: Select all

BYTE Disabledbytes[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x8f, 0x40};

I look at your other tutorial from http://forums.xemectrum.net/viewtopic.p ... 650#p21651,
It has
static infront of

Code: Select all

BYTE Enabledbytes[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};

and static infront of

Code: Select all

DWORD dwInstantDropAddy = 0x00af0dd0;

,

whats the difference whether or not if we put static?


Is this how it looked like if we put it at Trainer.CPP from http://forums.xemectrum.net/viewtopic.p ... 650#p21651 ?

Code: Select all

#include "Trainer.h"

BOOL WriteAddress(__in LPVOID lpcvBase, __in LPCVOID lpcvWriteValue, __in size_t uSize)
{
	DWORD old_protection = 0;

	__try 
	{  
		if(VirtualProtect(lpcvBase, uSize, PAGE_READWRITE, &old_protection)) 
		{
			memcpy_s(lpcvBase, uSize, lpcvWriteValue, uSize);
			VirtualProtect(lpcvBase, uSize, old_protection, &old_protection);
		}
		else
			return FALSE;
	}  
	__except(EXCEPTION_EXECUTE_HANDLER) 
	{		
		return FALSE;
	}
	return TRUE;
}

	#define jmp(frm, to) (int)(((int)to - (int)frm) - 5);
	DWORD g_dwBook = 0x0095d048, g_dwBooKRet = g_dwBook + 5;
	char  g_szBookMem[5];
	__declspec(naked) void __stdcall MonsterBook()
{
    __asm
    {
         mov eax,5
         jmp dword ptr [g_dwBookRet]
    }
}


VOID MonsterBookHack(__in BOOL bEnable) // This first line is exact line as in cheats.h.
	{
     memcpy(g_szBookMem, (void*)g_dwBook, 5);//copy clean memory
     if(bEnable)
	 {
          *(BYTE*)  g_dwBook = 0xe9; // 0xe9 = jmp
          *(DWORD*)(g_dwBook + 1) = jmp(g_dwBook, MonsterBook); // jmp to cave
     }
     else
     {
           memcpy( (void*)g_dwBook, g_szBookMem, 5);//copy the original bytes back to the address
     }
}

Well, it says 'g_dwBookRet' was undefined.

static is to tell the compiler that it has a certain address/numbers/string/char for the definition.
And it says g_dwBookRet is undefined because you did not declare it.

[royalsymbol]

ahh.. just a quick question how do we make the address scan the AOB? so it uses AOB to find the address and use it as the address.
Here is what it looks like

Code: Select all

   static BYTE HackAddr[] = { 0x89, 0x86, 0x5C, 0x03, 0x00, 0x00, 0xFF, 0x15, 0xF0, 0x13};
 //Address of the hack
   static BYTE HackAddr2[] = { 0x89, 0x86, 0x60, 0x03, 0x00, 0x00, 0xE9, 0xE1, 0x01, 0x00};
 //Address of the hack
   static BYTE HackAddr3[] = { 0xC7, 0x00, 0x01, 0x00, 0x00, 0x00, 0x68, 0x90, 0x01, 0x00};
 //Address of the hack

i know it won't work since i tried it but just to explain on what im saying
something like this, so it writes AOB to the value of the HackAddr so that we could use AOBS instead of pointers

found it on GZP http://www.gamerzplanet.net/forums/gunz ... -gunz.html
for Delphi..

So now i want to know how do we make HackAddr to read the byte of AOB and take the address automatically?


The reason why i wanted to do this is because in CE, you can scan this AOBs and get the Address, but the address changes everytime, so writing the value of AOBs into the Address, could act as a pointer, if not self-updating hack. very powerful

[Victory NauX]

i dont quite understand how all of this works but i do know how to wz edit and i m willing to learn if there is any1 that can teach me all this ... maybe even direct me to a link whr i can learn it ..

[Nerrazzuri]

ahh.. just a quick question how do we make the address scan the AOB? so it uses AOB to find the address and use it as the address.
Here is what it looks like

Code: Select all

   static BYTE HackAddr[] = { 0x89, 0x86, 0x5C, 0x03, 0x00, 0x00, 0xFF, 0x15, 0xF0, 0x13};
 //Address of the hack
   static BYTE HackAddr2[] = { 0x89, 0x86, 0x60, 0x03, 0x00, 0x00, 0xE9, 0xE1, 0x01, 0x00};
 //Address of the hack
   static BYTE HackAddr3[] = { 0xC7, 0x00, 0x01, 0x00, 0x00, 0x00, 0x68, 0x90, 0x01, 0x00};
 //Address of the hack

i know it won't work since i tried it but just to explain on what im saying
something like this, so it writes AOB to the value of the HackAddr so that we could use AOBS instead of pointers

found it on GZP http://www.gamerzplanet.net/forums/gunz ... -gunz.html
for Delphi..

So now i want to know how do we make HackAddr to read the byte of AOB and take the address automatically?


The reason why i wanted to do this is because in CE, you can scan this AOBs and get the Address, but the address changes everytime, so writing the value of AOBs into the Address, could act as a pointer, if not self-updating hack. very powerful

it is, but you will have to know how an AoB read works.

[royalsymbol]

are you able to give me the structure? :X
i understand that it is but i have no idea how do i insert them in the code.
i did that small code after googling and found
http://www.example-code.com/vcpp/bytearray_encoding.asp
and extracted it to the code