Hacker Aspirant Newbie cheater Reputation: 0
Joined: 24 Sep 2012 Posts: 22
|
Posted: Mon Sep 24, 2012 10:44 am Post subject: Mount and Blade Warband SP (TUTORIAL AA) |
|
|
Includes:
Ammo Hack, Health Hack, Soldiers Hack and Wounded Soldiers Hack.
This game isnt Hard and is good choice for noobs at AA.
Here I show how to hack it.
***************************************************************
Step 1
First Thing to do is find health adress and ammo adress.
Health adress is stored as float and is the exact value you see in game.
For example if my health is full and my max health is 118, so search for 118, than take damge and search 118-damege taken.
The ammo adress is diferent.Dont search for the number of arrows you have, but the number of arrows you already used up.For example, Waste 1 arrow, search for 1, waste 2 arrows search for 2,etc.The arrow adress is similar to health adress, so you can limitate the scan for adress around the health adress.
Got Health and arrow adress go to step 2.
Step 2
Find what access Health adress.Take the first code you get and click show in dissasembler.Press Ctrl+A, Than Template->cheat table framework->Code injection.Half the script is automaticaly done.
Step 3 - The hack
Copy the original code to newmem.Under the code write the hack:
mov [edx+offset],HealthYouwant
To find the health you want, change the value of health to 1000, put it as 4 Bytes and than click show as heaxadeciamal.Copy its value and paste on "HealthYouWant".
Health hack is done, but lets use this script to hack ammo too.
Step 4- Ammo
The ammo adress is very similar to the Health Adress.So they are using the same base adress with different offsets.
My health adress is equal to EBX+6004.
To find ammo offset use the formula: AMMO ADRESS + OFFSET = EBX
Now add to the script mov [ebx+ammoOffset],00000000 (Value of arrows already wasted, not value of arrows, Changing it to 0).
step 5- Total Soldiers
The soldiers hack is easy, just search for the number of soldiers.After finding the adress find what access it, Go to the game and Disband an unit.
Get the dec xxx,[aaa+bbb] ( Decrease code)
do the same steps as before to make the health script.
Step 6 - Wounded Soldiers
If you do a data/structure dissect you will find that wounded value have the offset 10(hex) bigger than total soldiers offset.
For example if Total soldiers offset is 00000020 .. wounded soldiers will be 00000040.And the next group of soldiers will be 00000040 and 00000050 (wounded).Understood?
Step -7 The final script
First thing, Nop the Dec Code. Than make some cmp and JL codes.
For example cmp (compare) [edx+offset],00000002 ( if soldiers value bigger than 2).Than: jl (jump if lower to) exit.Do that for all the groups of Total Soldiers-Wounded Soldiers.
Step 8- It should Look something like that:
Health/Ammo:
*************************************************************
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
fld dword ptr [ebx+00006004]//Original Code.
mov [ebx+00006004],4479C000 //HP Code Hack, Health = 999 (4Bytes and Hexadecimal).
mov [ebx+000007E0],00000000 // This code Gives you Inf. Ammo by telling the game you used up 0 arrows.
originalcode:
fld dword ptr [ebx+00006004]
exit:
jmp returnhere
"mb_warband.exe"+2299B8:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"mb_warband.exe"+2299B8:
fld dword ptr [ebx+00006004]
//Alt: db D9 83 04 60 00 00
************************************************************
Total Soldiers-Wounded Soldiers:
************************************************************
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
nop
mov esi,[mb_warband.exe+5D5E2C]
cmp [edx+00000020],00000002
jl exit
mov [edx+00000020],00000028//First Soldiers line = 40 units
mov [edx+00000030],00000000//No wounded
cmp [edx+00000040],00000002
jl exit
mov [edx+00000040],00000028//2 line = 40 units
mov [edx+00000050],00000000//No wounded
cmp [edx+00000060],00000002
jl exit
mov [edx+00000060],00000028//3 line
mov [edx+00000070],00000000//No Wounded
originalcode:
dec [edx+ebx]
mov esi,[mb_warband.exe+5D5E2C]
exit:
jmp returnhere
"mb_warband.exe"+1FFA1E:
jmp newmem
nop
nop
nop
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"mb_warband.exe"+1FFA1E:
dec [edx+ebx]
mov esi,[mb_warband.exe+5D5E2C]
//Alt: db FF 0C 1A 8B 35 2C 5E 9D 00
*************************************************************
Any doubts just ask, and sorry for my bad english.All the english I know I learned reading Tutorials like this one.
|
|