The following is a old tutorial given by Fangor from CEF.

Well... I've seen one or two people wondering how to use pointers in a script, and I'm bored, so here it is. With pointers, you can't just put the address in a script like with a normal address, because there is a base and an ofset. Instead, you have to use registers. here's an example of an Auto-DC script that uses the People Scanner pointer:


Code:
[enable]
alloc(check,32)

check:
mov eax,[7d421c]
mov eax,[eax+18]
cmp eax,0
jne 0
and eax,7fff
ret

71723d:
call Check

[disable]
71723d:
and eax,7fff
dealloc(Check)

In the script, the first thing we do is move the value of the pointer base(7d421c) into the EAX register. Notice the square brackets around the address, it tells the script to move the value at the address 7d421c into the EAX register. If the brackets weren't there, it would move the number 7d421c into the EAX. Other registers can be used, but we're using EAX here. Next, you move the register + the pointer offset into itself, with those brackets around the register + offset. You have to do it this way, because doing mov eax,[7d421c+18] just won't work. Now we have the pointer's value in the EAX register. Next the script compares the pointer's value to 0, and if it's not 0(there are people on the map), it executes a code to crash the game. Here's a script that uses multiple pointers and registers, dICE Vac:

Code:
[enable]
alloc(dICE,64)
alloc(right,4)
alloc(left,4)
registersymbol(right)
registersymbol(left)
label(return)

dICE:
pushad

mov edx, [7d4d88]
mov ebx, [edx+57c]
mov ecx,[edx+580]
add ebx, [right]
sub ebx, [left]

mov eax,[7d4214]
mov [eax+C],ebx
mov [eax+14],ebx
mov [eax+10],ecx
mov [eax+18],ecx
popad

mov [ebx], eax
mov edi,[ebp+10]
jmp return

right: //Set right to 0.
db 00 00

left: //Set left to 0.
db 00 00

6B621B:
jmp dICE
return:

6B8B7D:
db 0f 84

6B266A:
db 75

6B2906:
db 0f 85

[disable]
6B621B:
mov [ebx], eax
mov edi,[ebp+10]

6B8B7D:
db 0f 85

6B266A:
db 74

6B2906:
db 0f 84

dealloc(dICE)
dealloc(left)
dealloc(right)
unregistersymbol(left)
unregistersymbol(right)

At the part labeled "dICE", the first thing it does is push all of the registers onto the stack using "pushad". This is necessary when using multiple registers like this script does. Then it moves the Character Coordinate base address into the EDX register, and moves the offsets for Char X and Y into separate registers. Then it does the same for the four wall pointers, and moves Character X into Wall Left and Right, and Character Y into Wall Top and Bottom. After manipulating the registers, it uses "popad" to pop them back onto the stack. After pushing any register, you have to pop it. So... now you (hopefully) know how to use pointers in registers. And... may the 1337 h4x force be with you...








I'm pretty noob so i need to ask a few question regarding the formats. The codes are from a section of dICE. Please answer my 5 questions.



1.)
mov edx, [007DDA80] // Character Code

The value for character "007DDA80" is moved into the place-holder called edx, so whenever we have edx henseforth, we are actually calling the value "007DDA80" ???

If i'm right say YES / NO (Why ?) .

2.)
mov ebx, [edx+590] // Char X

This means we are moving 007DDA80 + 590 (Cordinate of char on x-axis) into the place-holder ebx???

If i'm right say YES / NO (Why ?) .

3.)
mov ecx,[edx+594] // Char Y

This means we are moving 007DDA80 + 590 (Cordinate of char on y-axis) into the place-holder ecx???

If i'm right say YES / NO (Why ?) .

4.)
add ebx, 46

What does this mean??? It means that we are adding to the value of ebx (007DDA80 + 590 ) with another 46? So its coordinate is something like (007DDA80 + 590 + 46) so watever that is, it'll appear on the right of the char X coordinate???

If i'm right say YES / NO (Why ?) .

5.)
mov [ebx], eax
I am lost on this one, what does it do? Cause the format is different from the above ones.

a.) Move value of eax into the place-holder ebx?

b.) Move value of ebx into the place-holder eax?

Which one is this???

1. Yes, so if you see future references like edx+500, you know that that is a pointer with address 007DDA80 and offset 500.

2. Yes, the square brackets refer to the value stored there. So [edx+590] is equal to the CharX Coord.

3. Same as above.

4. You know what it does but your explanation is wrong. It's adding 46 in HEX to the CharX Coord, not changing the offset of the pointer. So if your CharX Coord is 50 in DEC now, after mov ebx,46, your CharX Coord will now be 120 in DEC. You don't explain it as 007DDA80 + 590 + 46 as that's referring to a level 2 pointer (ie 2 offsets), which is not the case here.

5. I've always been confused over the usage of square brackets, so I hope someone can give a clearer explanation of this. But anyway, that just makes eax equal to ebx. See this short example:



mov eax, [7DDA80]
mov [ebx], eax
mov eax, [eax+590]
mov ebx, [ebx+590]
cmp eax,ebx
je End
jmp Start


After this script runs, it will jump to End. Understand? :)

add ebx, 46

Now i understands how dICE works. And the ranged dICE is made by simpily adding in a bigger number than 46, or something along this line of thought?

By manipulating the variable in the code.

And by going along this line of though, every script that is posted can be customised, be it adding values to the x-cord or the y-cord?

Yes you can, but most of the time the vac has already been made so that it works without modifications. Well except dICE when it was first released, that's probably why there are so many variations now.

mov eax,[007DCFA4] - Wall
mov [eax+C],ebx -Wall Left
mov [eax+14],ebx - Wall Right
mov [eax+10],ecx - Wall Top
mov [eax+18],ecx - Wall Bottom
popad

So this segment of code just mean

mov [eax+C],ebx
ebx is now 007DCFA4 + c

mov [eax+14],ebx
If ebx is now 007DCFA4 + c, this bumps/replaces another value into the place-holder ebx?

Or

Does it mean something like ebx is now consisting of the value of the the left and right wall coordinate?

ebx = (007DCFA4 + c) + (007DCFA4 + c)

You have gotten it mixed up.

The command is mov destination, source

mov [eax+C],ebx means to move the value of ebx to the pointer 7DCFA4+C.

mov destination, source

Ahh now i know! Thanks.

add ebx, 46

Now i understands how dICE works. And the ranged dICE is made by simpily adding in a bigger number than 46, or something along this line of thought?

By manipulating the variable in the code.

And by going along this line of though, every script that is posted can be customised, be it adding values to the x-cord or the y-cord?

Izzit possible to change the value to negative? so that the creeps will appear on the left? Thanks. Me still noob.

sub ebx, 46

thanx thanx... will try it...

THE MOV COMMAND

The mov command is probably one of the most important in Assembly. Mov = Move.

Code:
Mov a,b


This means to move b into a. Get it?

That’s just the basics. Now you have to get more specific. What do you want to move into a? Do you want to move the address of b into a? Or do you want to move the value of b into a?

Code:
Mov a,b


That means move the address of b into the address of a.

Code:
Mov a,[b]


Move the value of b into the address of a.

Code:
Mov [a],b


Move the address of b into the value of a.

Getting it? Surrounding it by brackets makes it the value instead of the address.

You can not move a value into a value. For example, this code WILL NOT WORK.


For celyst, who's been helpful.

Technically, it's not moving.

b stays intact after copying the stuff over to a.

The above was copied from another person's guide on ASm that i;ve been reading.

sorcerers tut

Lol I still don't get the brackets thing. I can understand the script but I won't be able to choose whether to put brackets or not if I'm writing my own code.

nice tut.. thanks man! it help me much =)