View previous topic :: View next topic |
Author |
Message |
Geri Moderator Reputation: 111
Joined: 05 Feb 2010 Posts: 5636
|
Posted: Thu Feb 03, 2011 8:54 am Post subject: [Tutorial] Dealing with Xlive and similar protections |
|
|
Here is a very short tutorial to help You dealing with the security checks in some games that are protected against code injection. It will not help You cheat in online games so don't even start to read if that is Your intention. All it does is helping You to find the security checks to be able to use code injection in single player games which are protected by Xlive or other system.
It has 3 parts with 3 short videos, nothing fancy, it takes about 5 minutes to do it.
You can read it here:
http://szemelyesintegracio.hu/cheats/41-game-hacking-articles/243-xlive
_________________
|
|
Back to top |
|
|
d34dkn16h7 Cheater Reputation: 0
Joined: 06 Jan 2011 Posts: 40
|
Posted: Thu Feb 03, 2011 9:32 am Post subject: |
|
|
thanks i love watching your tuts
|
|
Back to top |
|
|
Freiza Grandmaster Cheater Reputation: 22
Joined: 28 Jun 2010 Posts: 662
|
Posted: Thu Feb 03, 2011 9:35 am Post subject: |
|
|
Nice tutorials..
|
|
Back to top |
|
|
Geri Moderator Reputation: 111
Joined: 05 Feb 2010 Posts: 5636
|
Posted: Thu Feb 03, 2011 9:37 am Post subject: |
|
|
Some games are doing such things nowadays so it doesn't hurt to know what is going on and why is the game crashing without obviously visible reasons.
_________________
|
|
Back to top |
|
|
satanrules666 Advanced Cheater Reputation: 0
Joined: 31 Oct 2010 Posts: 70 Location: New Zealand
|
Posted: Thu Mar 10, 2011 4:17 am Post subject: |
|
|
mmmm i dont really understand the tutorial fully
i found the address that gives me no reload/unlimited ammo
do i go to this in memory viewer
then set a breakpoint
go back to the game the game freezes pressing f9 does nothing i have to control alt delete out of the game select cheat engine down in the taskbar and then press f9 where it gives me one address which is a call
and according to the tutorial a call is not what i want or is it im confused and dont really know
heres my problem with cheat engine i can only use windows debuger
i am running windows 7 sp 1 64 bit
i have the options for the windows debuger and the veh debuger i can select the veh debuger and yea it find the value then when i slect what accesses or writes to that address it brings up nothing
my cheat engine does say i need to start windows with unsigned drivers so i shall try that
i also noticed since i installed cheat engine 6.0 now 5.6.1 wont scan at all it will say no readable memory
random
_________________
|
|
Back to top |
|
|
Geri Moderator Reputation: 111
Joined: 05 Feb 2010 Posts: 5636
|
Posted: Thu Mar 10, 2011 8:15 am Post subject: |
|
|
If you have the address of the code that you wish to modify, go to the codes address in the hex view (not in the disassembler view) and set a data breakpoint on it. If you see that the process has stopped (the game will not stop but CE will display that the process is debugged, you can see it in the window header of the memory view), then you can press F9. You should see the return addresses where you can see them on the video and start backtracing.
F9 will not work when you are not in the memory view. However you can set a hotkey for Debug -> Run in the CE settings. It would be better if you would run the game in window so you can see what is going on in the background.
VEHdebugger is not so good for Xlive as kernelmode debugging, but this will work with VEHdebugger too. Only problem is, sometimes the game will crash if it is detecting the debugger. No problem, you just need to restart the game and try it again. There are tons of ways to get around the debugger problem but I will not mention it here.
If VEHdebugger is not working for you for some reason, you can still try to use the DBVM to use the kernelmode debugger.
_________________
|
|
Back to top |
|
|
satanrules666 Advanced Cheater Reputation: 0
Joined: 31 Oct 2010 Posts: 70 Location: New Zealand
|
Posted: Thu Mar 10, 2011 8:48 pm Post subject: |
|
|
thanks for the reply Geri
sadly as i have a amd phenom x4 965 BE i cannot use the DBVM as i heard for that you need an intel cpu
so i can find the address by placing a data breakpoint to find out what address the function accesses
this is the very sad thing it finds it then instantly after it finds it the game crashes
really wish i got an intel at this moment
Veh debugger is good but still i think there needs to be something better for amd cpus
would you know of any other way to tackle this beast of a thing the game is resident evil 5
theres a je jump right above the address i need to change but if you jump that the game last longer but still crashes so i must have to find the evil eye thats watching everything
Description: |
you will have to zoom in to see |
|
Filesize: |
906.64 KB |
Viewed: |
61276 Time(s) |
|
Description: |
you will have to zoom in to see |
|
Filesize: |
1.06 MB |
Viewed: |
61276 Time(s) |
|
_________________
|
|
Back to top |
|
|
prince gmy Cheater Reputation: 0
Joined: 24 Feb 2011 Posts: 38 Location: alex,eg
|
Posted: Fri Mar 11, 2011 6:22 am Post subject: well...vry well |
|
|
thank geri for ur helpful tuts
u are pretty smart
|
|
Back to top |
|
|
Geri Moderator Reputation: 111
Joined: 05 Feb 2010 Posts: 5636
|
Posted: Fri Mar 11, 2011 7:02 am Post subject: |
|
|
Quote: | theres a je jump right above the address i need to change but if you jump that the game last longer but still crashes so i must have to find the evil eye thats watching everything |
Nope, it will not be enough to change that instruction. You need to disable the whole function. As you see, this is a sub-function in a sub-function etc etc. Probably it is working the same way as on my video so it should be near the 3rd return address.
Btw. if you look at the 3rd video, you can see that if you know how is Xlive looks like already, you do not even need a debugger. Cheat Engine's "dissect code" option will show where was the function called from, there are not too much possibilities. Just check out those functions and you will probably find the one which is very similar to the one on my video.
You can also see the code in the disassembler so you can try to search for it with an "Array of bytes" scan.
_________________
|
|
Back to top |
|
|
satanrules666 Advanced Cheater Reputation: 0
Joined: 31 Oct 2010 Posts: 70 Location: New Zealand
|
Posted: Sat Mar 12, 2011 12:28 am Post subject: |
|
|
thanks for the help again
but i cant even get one address to show up in the return window when i set a data break point to see what is accessing the code i want to change
when i set the data breakpoint every single time the game crashes before it even finds one rturn address
if only veh debugger was as good as kernel mode debugger
_________________
|
|
Back to top |
|
|
Geri Moderator Reputation: 111
Joined: 05 Feb 2010 Posts: 5636
|
Posted: Sat Mar 12, 2011 12:37 am Post subject: |
|
|
It is working for me with VEHdebugger too, but if you cannot solve it, check your PMs.
Off topic:
Quote: | What is up with people and my name its just a username and yes jesus does love me
Please like stop flaming me |
Lol, it's because you mispelled SANTA. Hohoho.
He won't give you presents if you don't spell his name correctly.
_________________
|
|
Back to top |
|
|
satanrules666 Advanced Cheater Reputation: 0
Joined: 31 Oct 2010 Posts: 70 Location: New Zealand
|
Posted: Sat Mar 12, 2011 2:21 am Post subject: |
|
|
Actually managed to find the address this time but i dont get a conditional jump above it like you did in your video so mmmm interesting
Off topic
yea think ill get rid of that quote now it was only there because ages back someone got me banned from here and dont know why random rages of hate i guess
and now dont really care am back on here so all good
Description: |
|
Filesize: |
1.13 MB |
Viewed: |
61194 Time(s) |
|
_________________
|
|
Back to top |
|
|
Geri Moderator Reputation: 111
Joined: 05 Feb 2010 Posts: 5636
|
Posted: Sat Mar 12, 2011 2:38 am Post subject: |
|
|
You are looking at the wrong place. It is not above the code exactly.
It looks like this:
conditional jump
call function
call sub-function
call sub-function
your code
...
Or something like that. You can see it on the video that I have gone backwards, checking where it is started.
You start from "your code" and you need to trace backwards until you find "function" and above it, you see the conditional jump.
This is why you need the return addresses, to see the addresses where the calls originated. If you don't get what I mean, probably you don't know how the "call" instruction is working but then check the previous tutorial here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles/225-basic-encryptions-debugging-backtracing-and-some-info-on-the-stack
In that tutorial, I have used the trace feature which is drawing a tree in CE 6 so you can see how is the structure of the code look like.
_________________
|
|
Back to top |
|
|
satanrules666 Advanced Cheater Reputation: 0
Joined: 31 Oct 2010 Posts: 70 Location: New Zealand
|
Posted: Sat Mar 12, 2011 7:32 am Post subject: |
|
|
well i found an address i hope im in the right place now or near it
i hope i can one day get this lol as its something ild really like to know/understand
Description: |
|
Filesize: |
1.26 MB |
Viewed: |
61167 Time(s) |
|
_________________
|
|
Back to top |
|
|
Geri Moderator Reputation: 111
Joined: 05 Feb 2010 Posts: 5636
|
Posted: Sat Mar 12, 2011 11:59 am Post subject: |
|
|
It still doesn't seem right but on the tree, you can see that your function is returning to another function, Check that, and then if you need (you will probably need to), go back even more until you find something similar that you can see on my video. Trace more instructions, like 10000 or more if it helps, maybe you will see the picture a bit better. The point is to find the source where the whole reading process will start.
Check a few functions (in any program), see how are they working, how are the return points working and if you are familiar with backtracing, you will pick this up in no time easily.
_________________
|
|
Back to top |
|
|
|