 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Ungreat
Expert Cheater
![]() Reputation: 0
Joined: 27 Feb 2007
Posts: 215
|
 Posted: Thu Mar 08, 2007 5:49 pm Post subject: |
 |
|
So uh... when is x0r going to put in his excuse 
_________________
| Code: | mov r10, qword ptr [rsp+0A28h+arg_5F8]
shl rdx, 20h
mov r11, 7010008004002001h
or rax, rdx
mov rcx, r10
xor rcx, rax
lea rax, [rsp+0A28h+var_2C8] |
Oh man, I'm getting too excited |
|
| Back to top |
|
 |
krotoc
Advanced Cheater
 Reputation: 0
Joined: 24 Dec 2006
Posts: 82
|
| Posted: Fri Mar 09, 2007 4:21 am Post subject: |
|
|
| Is it possible to find godmode in PerfectWorld online?
|
|
| Back to top |
|
|
Irwin
Banned!
![]() Reputation: 1
Joined: 04 Feb 2007
Posts: 0
|
| Posted: Fri Mar 09, 2007 5:56 am Post subject: |
|
|
| Ungreat wrote: | | So uh... when is x0r going to put in his excuse |
Meh, didn't really feel like explaining so I guess I'll give you a mediocre "excuse". I wrote this around 4AM so I wasn't thinking too well. I even asked appalsap & SunBeam to proof-read it because I was extremely sleepy, also note that this is the only time I've ever asked for someone to proof-read my text. Eh, thanks for correcting the text.
krotoc, you should try to find it instead of randomly asking.
Last edited by Irwin on Wed Dec 23, 2009 11:24 am; edited 1 time in total |
|
| Back to top |
|
|
MrBojanglesx
Grandmaster Cheater
 Reputation: 0
Joined: 11 Apr 2006
Posts: 593
Location: Chi-Town
|
| Posted: Sun Mar 11, 2007 9:41 pm Post subject: |
|
|
Good effort even though this has been re hashed over and over...
and x0r... I thought you said you and Irwin were 2 different people. The Irwin on MSN= generally nice and helpful. x0r on CEF= generally arrogant and asshole-ish. Maybe you have seperate personalities?
EDIT: nvm, my bad. Turns out he really is a moron on MSN too. Arrogant asshole who can't handle being wrong even when the facts are right in front of his face. Get off your high horse you tool. You're not as smart as you think you are.
|
|
| Back to top |
|
|
XiaoPrisBoi
Grandmaster Cheater
 Reputation: 0
Joined: 13 Feb 2007
Posts: 508
|
| Posted: Tue Mar 13, 2007 7:54 pm Post subject: |
|
|
| Nicee ;D This helps alot
|
|
| Back to top |
|
|
zippie
How do I cheat?
![]() Reputation: 0
Joined: 23 Dec 2006
Posts: 5
|
| Posted: Tue Mar 27, 2007 12:38 pm Post subject: |
|
|
| Quote: | Posted: Fri Mar 02, 2007 10:50 am Post subject: In-Depth Tutorial On Finding Godmode
--------------------------------------------------------------------------------
Hey everyone!
Today I'm going to teach you how to find "god-mode" (invulnerability to all attacks). Now, "god-mode" can be found in many ways using Cheat-Engine & there's really an infinite amount of methods you can use to get to achieve the same result but I'm going to show you what I believe to be the three main methods;
Knock-back/blink Exploitation (Most likely to work)
HP Exploitation
Collision Nullification (Requires usage of method #1)
1. Knockback/blink exploitation
In most games when you get hit there's a certain amount of time in which you're unable to get hit. When you're in a tight situation & if you were to stay in one the same location as many many monsters, you'd be barraged with constant hits. By implimenting a timer that makes you temporarily invulnerable it can also create a huge security flaw, this is because the timer can be frozen which can make users permenantly invunlrerable. (note: you'll have to take one hit for it to activate) The easiest method of finding an exploit for this in a game with a blink/knockback timer is to find the boolean or the variable that defines your state. This can be done with Cheat Engine but it requires speed/pausing the process. You can do the following:
1. Stay in a stationary & safe position (away from anything that can force you to blink) & then search for an "Unknown Initial Value" with Cheat Engine.
2. Now go & get do something to get put into a blinking state then quickly search for a changed value.
3. Repeat 2-3 until you have a few addresses then check to see if they're triggered by going into that blinking state.
Now we should have some very useful addresses when it comes to the blinking state. There are usually two ways of setting the blink state as I said before. There may be a boolean (possibly a 0 when in an idle state & a 1 when blinking) or there may be a speed for the interval between blinking (usually increases when getting hit) you should freeze them when you're in the blinking state. You may have just discovered "blink god-mode" in your game!
If you've discovered the hack then congratulations However for those of you who have discovered that you disconnect when trying this there's probably a check to see if you always have the boolean/blink speed at the same value but don't fret! Although you may not be able to change the variable without disconnecting you can have the variable change and still stay in the blinking state. To do this we must do some memory editing (beware, some games check to see if the memory has been modified). Right click on the variable that you usually freeze & click "Find out what accesses this address". Now go & get hit then wait a few seconds... You should see a few things appear, we're hoping for an instruction with a MOV or a CMP. For any MOVs. We should look for an instruction which stores the value of the blink-state variable in a register. (so something alone the lines of MOV EAX, [400300]) Then after that there should be a TEST or a CMP which checks the register which the value of your blink-state is stored in. After that we'll be looking for a condition jump like JNE, JE, JA, etc. Here's an example of what we'll be looking for:
Code:
MOV EAX, [400300] // Moves the value of the blink-state into the EAX register
CMP EAX, 0 // Checks to see if the blink-state is true (in boolean values, 1 usually = true). It may skip the MOV & just CMP [400300], 0
JNE 400400 // Jumps if blink-state is true
As you can see, this will check if the value of your blink-state is 0 (example of a boolean check) and if it isn't 0 (disabled) it will jump to the "blink activator". Now, how do we fix this?! Well, in this case we turn the JNE into a JMP or we can make the EAX (in the CMP or the MOV) a 0 by setting a debug register. This may vary in other cases but you get my drift, it involves changing the jump or the CMP. (CMP is much better because changing jumps can be dangerous)
2. HP Exploitation
Well this is a bit easier but less likely to work because it's much more orthodox & generic to check the client's HP value to that of the server. There are many ways of doing this;
Stop HP From Changing
Stop Death Sequence From Occuring
Decrease Damage Taken
i) Stop HP From Changing
This is pretty straight forward, simply look for your HP value then freeze it (note: there may be a few, some for GUI elements [HP bar, etc] & the real one)
ii) Stop Death Sequence From Occuring
Well, you can look for a CMP or a MOV;
Code:
MOV EAX, [600300] // Moves HP value into EAX,
CMP EAX, 0 // Compares HP to 0, can skip MOV by doing CMP [600300], 0
JE 600700 // Death Sequence
As shown, the HP is compared to 0 and it will jump to the death sequence if the HP is equal to 0. Another way of doing this is to check for a boolean for death and then freezing it.
iii) Decrease Damage Taken
Two methods:
The first method involves the following following: Get hit then search for the damage that you had just taken, then get hit again and do it again. You should end up with a value, freeze it at 0. (This may result in a "miss-mode" effect)
The second method involves looking for what reads to the HP address and then looking for some kind of decrease which will eventually bring apon the DEC operand, look for something like this;
Code:
MOV EAX, [500300] // Moves value of HP into EAX register
SUB EAX, ECX // Subtracts ECX from EAX
You can easily combat this by changing ECX into a 0 or using a deub-register to change the value of ECX into 0. Hopefully now you'll have a working damage reduction hack |
OK, i know this is bringing up an old topic...go ahead and flame me for that. But I need some help. I have found several things in this game I am trying to find an damage reduction hack or godmode type hack.
I have found the actuall HP addy AND the HP bar addy. They are dynamic and change each time but easy to find.
So i have:
0DE8DF0C as the actually HP addy
0DE8DF08 as the top half of the HP bar
I note these in blue because the last 4 digits come up the same each time just the first 4 change (would be nice to find an AA script that would find these for me....but maybe later after I learn some more)
Both of these addresses are accessed by the same addy 10179120 which the code there is
I think I am on the right track......maybe not......what should I be looking for next? There is a comparison in the general area of the addy 10179120 but how do I know if it is related?
I will keep looking around and hopefully someone who is interested in helping me will post.
|
|
| Back to top |
|
|
aea
How do I cheat?
![]() Reputation: 0
Joined: 28 Mar 2007
Posts: 1
|
| Posted: Wed Mar 28, 2007 12:21 pm Post subject: |
|
|
Please help me
I'm captured HP value from Online game (Biosfear) this is the code
code :005203e5 - db 85 70 05 00 00 - fild dword ptr [ebp+00000570]
code :00529505 - 89 86 70 05 00 00 - mov [esi+00000570],eax
code :0051b975 - 00 00 - add [eax],al
How can I change it to stop HP and how can I make exe file?
thank you.
|
|
| Back to top |
|
|
Irwin
Banned!
![]() Reputation: 1
Joined: 04 Feb 2007
Posts: 0
|
| Posted: Tue Apr 03, 2007 3:52 am Post subject: |
|
|
zippie: Get the pointers. Also, set a debug register at the MOV and set EAX to your HP in hexadecimal value.
aea:
1. Show me the instructions around 005203E5
2. Set a debug register at 00529505 and set EAX to your HP's value in hexadecimal value.
3. Once again; set a debug register at 0051B975 and insert the HP you want in hexadecimal value.
Last edited by Irwin on Wed Dec 23, 2009 11:23 am; edited 1 time in total |
|
| Back to top |
|
|
muffinman177
Master Cheater
 Reputation: 0
Joined: 09 Dec 2006
Posts: 377
Location: Drury Lane
|
| Posted: Sun Apr 22, 2007 10:33 am Post subject: |
|
|
Nice tut. It helped me alot.
|
|
| Back to top |
|
|
Snow1337
Catastrophic Cheatah
 Reputation: 1
Joined: 12 Oct 2004
Posts: 183
Location: Your, Computer
|
| Posted: Tue May 01, 2007 11:51 pm Post subject: |
|
|
x0r, I got respect for you. You did make a few mistakes in the tutorial, and the god-mode hack has been tutorialized over and over on the CE forums, but it was a nice tutorial non-the-less.
I've seen some of your posts on USE forums, you seem to know what you're doing.
You was trying to help some of our lower members whom are trying to learn, that gave nobody the reason to flame you.
Kudos,
Vao
_________________
|
|
| Back to top |
|
|
Midas
How do I cheat?
![]() Reputation: 0
Joined: 12 May 2007
Posts: 2
|
| Posted: Sun May 13, 2007 12:34 pm Post subject: |
|
|
| I need Bet On Soldier god mode... Can anyone find how? I tried all off this but they didnt work for me...
|
|
| Back to top |
|
|
yoonkwun2
How do I cheat?
![]() Reputation: 0
Joined: 17 Mar 2007
Posts: 6
|
| Posted: Mon May 14, 2007 3:07 pm Post subject: |
|
|
| Thanks SO much. Don't care what nobody says, this Tutorial pwns the ubercakes out of everyone. Except, of course, the moderators and the person who wrote this (x0r). They are an exception.
|
|
| Back to top |
|
|
Irwin
Banned!
![]() Reputation: 1
Joined: 04 Feb 2007
Posts: 0
|
| Posted: Mon May 14, 2007 5:42 pm Post subject: |
|
|
Vao: Thanks
Midas: I had a look at a few screen-shots of the game and I didn't see where the HP was  If this is your issue then you may want to just search for a decreased value when you get hit 
yoonkwun2: Thank you
Last edited by Irwin on Wed Dec 23, 2009 11:22 am; edited 1 time in total |
|
| Back to top |
|
|
FrozenGod
Cheater
![]() Reputation: 0
Joined: 14 May 2007
Posts: 42
|
| Posted: Wed May 16, 2007 8:28 am Post subject: |
|
|
Tnx. man...
hmmm hmmm tryed all here and nothink working on RYL (Risk Your Life)..
maybe im doing somthink wrong.. but thanks anyway..
im so sad =[[ 
|
|
| Back to top |
|
|
Hexogen
Expert Cheater
 Reputation: 0
Joined: 30 Oct 2006
Posts: 171
Location: NULL
|
| Posted: Thu May 17, 2007 7:47 am Post subject: |
|
|
x0r, i already tried ur method several time on PKO(pirate king online) is it possible because the opcode of the addy that i found always change, not in static, so how is possible to find godmode? i can`t find any opcode relating to je, but always mov eax,[something], any guide please?
_________________
click this please >>
| Dark Byte wrote: | | Who knows, perhaps i'm a maple gm!!!! |
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
