Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[Tutorial] Advanced CHEAT for Shank 2 v1.0.0 Part 2

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials -> Auto Assembler tutorials
View previous topic :: View next topic  
Author Message
vergilganesh
Expert Cheater
Reputation: 0

Joined: 01 Jul 2013
Posts: 134
Location: India

PostPosted: Thu Sep 05, 2013 9:58 am    Post subject: [Tutorial] Advanced CHEAT for Shank 2 v1.0.0 Part 2 Reply with quote

This is the second Part of the SHANK 2 Cheat.
This is majorly Done in a principle of single player survival mode.
INFINITE GRANADE
Just fill the granade bar and use 4 byte exact scan value 3. Throw a granade and use 2 as next scan. Throw another granade and use 1 as next scan. You will find a value. Just right click and "what writes to this address" and note that instruction.

Note the code just above there is a dec instruction. Just nop it to make a cheat. Or make a code as below.
Code:

[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem:

originalcode:
mov [esi+4C],03
mov ecx,[esp+18]

exit:
jmp returnhere

"Shank2.exe"+13FECA:
jmp newmem
nop
nop
nop
returnhere:


 
 
[DISABLE]
dealloc(newmem)
"Shank2.exe"+13FECA:
dec eax
mov [esi+4C],eax
mov ecx,[esp+18]
//Alt: db 48 89 46 4C 8B 4C 24 18

ITEM HACK
There are two different ways to make a item cheat. first one no decreasing of experience points second one instant item. Scan and search for points and find what writes to this address to find the correct instruction. Nop that. Second cheat is done by repeated scanning. Find the time counter value with value between option on float data type.

Then we will rewrite this code
Code:

[ENABLE]
004D6032:
db 90 90 90
alloc(newmem,2048) //2kb should be enough
alloc(val,12)
label(returnhere)
label(originalcode)
label(exit)
val:
dd (float)0.5
newmem:
fmul dword ptr [val]
originalcode:
fsub dword ptr [ebp+08]
fstp dword ptr [ecx+10]

exit:
jmp returnhere

"Shank2.exe"+D5970:
jmp newmem
nop
returnhere:




[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"Shank2.exe"+D5970:
fsub dword ptr [ebp+08]
fstp dword ptr [ecx+10]

004D6032:
sub [ebx+50],eax

POINTS
Just use 4 byte exact value scanning and find the correct value and addresses. There are two addressses and the game crashed if both are different. So the idea is just multiply with a number on any one instruction, then copy the same value to the other instruction.

Then we have to write the code as below:
Code:

[ENABLE]
alloc(newmem,2048) //2kb should be enough
alloc(val,12)
label(returnhere)
label(originalcode)
label(exit)

newmem:
imul edi,edi,05
originalcode:
mov ecx,[esi+08]
add [esi+50],edi
mov eax,[esi+50]
mov [val],eax
exit:
jmp returnhere

"Shank2.exe"+D645E:
jmp newmem
nop
returnhere:


alloc(newmem1,2048) //2kb should be enough
label(returnhere1)
label(originalcode1)
label(exit1)

newmem1:
mov ecx,[val]
originalcode1:
mov eax,[ebp-30]

exit1:
jmp returnhere1

"Shank2.exe"+36759E:
jmp newmem1
nop
returnhere1:

[DISABLE]
dealloc(newmem)
"Shank2.exe"+D645E:
mov ecx,[esi+08]
add [esi+50],edi
dealloc(newmem1)
"Shank2.exe"+36759E:
add ecx,[edx+14]
mov eax,[ebp-30]
//Alt: db 03 4A 14 8B 45 D0

HITS
Hits are 4 byte values. Pause game and search with exact value. There are two values. but the main problem is Hits only is displayed after 3rd hit. Only shown at 4 then only increasing.

So try to make an exception while hit is under 4. There are two addressses and the game crashed if both are different. So the idea is mov a number on any one instruction, then copy the same value to the other instruction.
Code:

[ENABLE]
alloc(newmem,2048) //2kb should be enough
alloc(val,12)
label(returnhere)
label(next)
label(originalcode)
label(exit)

newmem:

originalcode:
mov ecx,[eax+24]
cmp ecx,04
jle next
mov ecx,(int)99999
next:
mov edi,eax
mov [val],ecx
exit:
jmp returnhere

"Shank2.exe"+13DD2B:
jmp newmem
nop
returnhere:

alloc(newmem1,2048) //2kb should be enough
label(returnhere1)
label(originalcode1)
label(exit1)

newmem1:

originalcode1:
mov edx,[val]
mov [ecx+58],edx
mov eax,[ebp+0C]

exit1:
jmp returnhere1

"Shank2.exe"+3307FA:
jmp newmem1
nop
returnhere1:
 
 
[DISABLE]
dealloc(newmem1)
"Shank2.exe"+3307FA:
mov [ecx+58],edx
mov eax,[ebp+0C]
//Alt: db 89 51 58 8B 45 0C
dealloc(newmem)
"Shank2.exe"+13DD2B:
mov ecx,[eax+24]
inc ecx
mov edi,eax

BULLETS

Just nop dec instruction.
THANK U
Click here for next part
http://forum.cheatengine.org/viewtopic.php?t=567955
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials -> Auto Assembler tutorials All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites