View previous topic :: View next topic |
Author |
Message |
Ballisitc How do I cheat? Reputation: 0
Joined: 04 Jan 2015 Posts: 6
|
Posted: Sun Jan 25, 2015 5:50 am Post subject: Reverse Engineering - Trying to get Invisibility hack, help |
|
|
Hi everyone!
So currently I'm stuck because I think this is beyond my understanding. I'm trying to achieve invisibility mode to always stay when sprinting.
In this game, in order to activate invisibility mode on I have to sprint and it lasts for 3 seconds then off. Apparently I cannot find the timer, I wish I could because it would be a lot easier, but apparently the dynamic address that I found works just as good. The value decreases whenever I turn invis and then increases back to original when not invis, that's when I freeze the value when NOT invis, I stay invis completely when I start sprinting until I stop sprinting, I turn back to normal. I click "what writes to this address" and it points me to the address "27DEF0CF - 89 46 58" whenever invisibility is activated. I immediately NOP the address, but then I realize I couldn't turn invisible anymore. I looked back and realize the address is also wrote to when the the invisibility is turned off. I tried NOP'ing other addresses but no avail. I either don't turn invisible or the game crashes. I realize I need to do some AA or reverse engineering to make this work, which I have very little knowledge.
I click "select current function" and it highlighted the details for you guys to see.
NOTE - Not sure if I could name the name of the game since it is a Multiplayer game....
Description: |
|
Filesize: |
63.33 KB |
Viewed: |
5943 Time(s) |
|
|
|
Back to top |
|
|
Krampus Cheater Reputation: 0
Joined: 22 Nov 2014 Posts: 41
|
Posted: Sun Jan 25, 2015 11:56 am Post subject: |
|
|
What's in the EAX register when invisibility is on, then when it's off? You could probably make a simple AA script that moves the value for invisible into the register, unless it's some sort of timer in which case you may have to go and reverse a little bit further.
_________________
There is no spoon. |
|
Back to top |
|
|
Ballisitc How do I cheat? Reputation: 0
Joined: 04 Jan 2015 Posts: 6
|
Posted: Sun Jan 25, 2015 4:06 pm Post subject: |
|
|
The EAX is 0. When turning invis and going off of invis, both procs the same address.
Description: |
|
Filesize: |
10.36 KB |
Viewed: |
5890 Time(s) |
|
Description: |
|
Filesize: |
13.18 KB |
Viewed: |
5898 Time(s) |
|
|
|
Back to top |
|
|
Lithium. Newbie cheater Reputation: 1
Joined: 21 Jan 2015 Posts: 17
|
Posted: Thu Feb 05, 2015 6:41 pm Post subject: |
|
|
Looks like it's moving the value of what "invisible" would be. I bet it would be something like Invisible =1 and Normal = 0. Have you tried NOP'ing the instruction to see what happens? If you have, and the effects were what you wanted then try this below.
Replace mov [esi+58],eax with: mov [esi+58],1
See how that works out.
EDIT: Another thing that might work...
mov eax,1
mov [esi+58],eax
|
|
Back to top |
|
|
SteveAndrew Master Cheater Reputation: 30
Joined: 02 Sep 2012 Posts: 323
|
Posted: Fri Feb 06, 2015 6:22 am Post subject: |
|
|
Yeah I'm with Lithium on this one, I bet eax did actually contain a nonzero value for when you become invisible. You likely just didn't catch it when that happened. The find what accesses 'more info' only shows you the info from the first execution / first count it debugged.
I say this because the "test eax,eax" looks important. You could try flipping/reversing the conditional jump or nopping it like so:
Code: |
[enable]
27def0d6:
db 75 //jne +0c
[disable]
27def0d6:
db 74 //je +0c
|
or
Code: |
[enable]
27def0d6:
db 90 90 //nop nop
[disable]
27def0d6:
db 74 0c//je +0c
|
If I had to guess I would say the code at: 27def0d8 is the code that's responsible for turning you invisible. So when eax is zero that code is skipped. It's worth a try!
_________________
|
|
Back to top |
|
|
|