JirkaCZS How do I cheat? Reputation: 0
Joined: 18 Jul 2015 Posts: 8
|
Posted: Sat Jul 18, 2015 10:24 am Post subject: Speed hack don't work |
|
|
Hello.
I am trying to do speed hack on one game, but it don't work.
After some searching I found game use RtlQueryPerformanceCounter and speed hack is successfully injected into game.
When I change some opcodes in RtlQueryPerformanceCounter, I can speed up or speed down game, but it is hard and sometimes game crash.
Can you help me how to make cheat engine speed hack working?
And here is code of QueryPerformanceCounter and RtlQueryPerformanceCounter.
QueryPerformanceCounter:
Code: |
kernel32.QueryPerformanceCounter - 8B FF - mov edi,edi
kernel32.QueryPerformanceCounter+2- 55 - push ebp
kernel32.QueryPerformanceCounter+3- 8B EC - mov ebp,esp
kernel32.QueryPerformanceCounter+5- 5D - pop ebp
kernel32.QueryPerformanceCounter+6- EB 05 - jmp kernel32.QueryPerformanceCounter+D
kernel32.QueryPerformanceCounter+8- 90 - nop
kernel32.QueryPerformanceCounter+9- 90 - nop
kernel32.QueryPerformanceCounter+A- 90 - nop
kernel32.QueryPerformanceCounter+B- 90 - nop
kernel32.QueryPerformanceCounter+C- 90 - nop
kernel32.QueryPerformanceCounter+D- FF 25 D40DA476 - jmp dword ptr [kernel32.dll+10DD4]
kernel32.QueryPerformanceCounter+13- 90 - nop
kernel32.QueryPerformanceCounter+14- 90 - nop
kernel32.QueryPerformanceCounter+15- 90 - nop
kernel32.QueryPerformanceCounter+16- 90 - nop
kernel32.QueryPerformanceCounter+17- 90 - nop
kernel32.QueryPerformanceCounter+18- FF 25 6807A476 - jmp dword ptr [kernel32.dll+10768]
kernel32.QueryPerformanceCounter+1E- 90 - nop
kernel32.QueryPerformanceCounter+1F- 90 - nop
kernel32.QueryPerformanceCounter+20- 90 - nop
kernel32.QueryPerformanceCounter+21- 90 - nop
kernel32.QueryPerformanceCounter+22- 90 - nop
|
RtlQueryPerformanceCounter:
Code: |
ntdll.RtlQueryPerformanceCounter - 8B FF - mov edi,edi
ntdll.RtlQueryPerformanceCounter+2- 55 - push ebp
ntdll.RtlQueryPerformanceCounter+3- 8B EC - mov ebp,esp
ntdll.RtlQueryPerformanceCounter+5- 51 - push ecx
ntdll.RtlQueryPerformanceCounter+6- 51 - push ecx
ntdll.RtlQueryPerformanceCounter+7- F6 05 ED02FE7F 01 - test byte ptr [7FFE02ED],01
ntdll.RtlQueryPerformanceCounter+E- 0F84 BAF50400 - je ntdll.RtlUlonglongByteSwap+A9F2
ntdll.RtlQueryPerformanceCounter+14- 56 - push esi
ntdll.RtlQueryPerformanceCounter+15- 8B 0D B803FE7F - mov ecx,[7FFE03B8] : [00000000]
ntdll.RtlQueryPerformanceCounter+1B- 8B 35 BC03FE7F - mov esi,[7FFE03BC] : [00000000]
ntdll.RtlQueryPerformanceCounter+21- A1 B803FE7F - mov eax,[7FFE03B8] : [00000000]
ntdll.RtlQueryPerformanceCounter+26- 8B 15 BC03FE7F - mov edx,[7FFE03BC] : [00000000]
ntdll.RtlQueryPerformanceCounter+2C- 3B C8 - cmp ecx,eax
ntdll.RtlQueryPerformanceCounter+2E- 75 E5 - jne ntdll.RtlQueryPerformanceCounter+15
ntdll.RtlQueryPerformanceCounter+30- 3B F2 - cmp esi,edx
ntdll.RtlQueryPerformanceCounter+32- 75 E1 - jne ntdll.RtlQueryPerformanceCounter+15
ntdll.RtlQueryPerformanceCounter+34- 0F31 - rdtsc
ntdll.RtlQueryPerformanceCounter+36- 03 C1 - add eax,ecx
ntdll.RtlQueryPerformanceCounter+38- 0FB6 0D ED02FE7F - movzx ecx,byte ptr [7FFE02ED] : [29]
ntdll.RtlQueryPerformanceCounter+3F- 13 D6 - adc edx,esi
ntdll.RtlQueryPerformanceCounter+41- C1 E9 02 - shr ecx,02
ntdll.RtlQueryPerformanceCounter+44- E8 93FFFFFF - call ntdll.aullshr
ntdll.RtlQueryPerformanceCounter+49- 8B 4D 08 - mov ecx,[ebp+08]
ntdll.RtlQueryPerformanceCounter+4C- 89 01 - mov [ecx],eax
ntdll.RtlQueryPerformanceCounter+4E- 89 51 04 - mov [ecx+04],edx
ntdll.RtlQueryPerformanceCounter+51- 5E - pop esi
ntdll.RtlQueryPerformanceCounter+52- 33 C0 - xor eax,eax
ntdll.RtlQueryPerformanceCounter+54- 40 - inc eax
ntdll.RtlQueryPerformanceCounter+55- C9 - leave
ntdll.RtlQueryPerformanceCounter+56- C2 0400 - ret 0004
ntdll.RtlQueryPerformanceCounter+59- 90 - nop
ntdll.RtlQueryPerformanceCounter+5A- 90 - nop
ntdll.RtlQueryPerformanceCounter+5B- 90 - nop
ntdll.RtlQueryPerformanceCounter+5C- 90 - nop
ntdll.RtlQueryPerformanceCounter+5D- 90 - nop
|
Thanks for help.
|
|