View previous topic :: View next topic |
How many of you have h0zed a NFS-MW save game, in the name of haxX0ring? |
Frequently |
|
33% |
[ 1 ] |
A few, but not many... |
|
0% |
[ 0 ] |
This one time... At Band Camp... |
|
0% |
[ 0 ] |
What's an NFS-MW save game? |
|
0% |
[ 0 ] |
Do you have wall hakus!? I NEED WALLLLL HCKUSSS |
|
66% |
[ 2 ] |
|
Total Votes : 3 |
|
Author |
Message |
JONG Expert Cheater Reputation: 0
Joined: 30 Nov 2005 Posts: 130
|
Posted: Fri Dec 09, 2005 2:28 pm Post subject: |
|
|
Hi cparty, I still can't find the "mission timer" even I search again and again.
I don't know what type of value is it type, I was try to use folat, 4 bytes, 8 bytes, 2 bytes, array of byte, double.........
But still no luckly.
Maybe you can to suggest what type of value is the "mission timer" use ?
|
|
Back to top |
|
|
cparty Expert Cheater Reputation: 0
Joined: 01 Dec 2005 Posts: 219
|
Posted: Fri Dec 09, 2005 4:11 pm Post subject: |
|
|
JONG wrote: | Maybe you can to suggest what type of value is the "mission timer" use ? |
all the Time values in NFSMW I have seen so far are seconds multiplied with 4000, so a time of 3:41.87 == 221.87s
221.87 * 4000 == 887480
So the value would be (4 Bytes) 887480.
|
|
Back to top |
|
|
-=DocDOOM=- How do I cheat? Reputation: 0
Joined: 09 Dec 2005 Posts: 6 Location: Germany
|
Posted: Fri Dec 09, 2005 5:22 pm Post subject: |
|
|
ok, first of all thanks for your replies ....
but now to the parts ...
i've bought Body Kits for my car in slot1
non-stock ...stock ... non-stock ... stock ... etc
and finally i've got the adress
01BCAD60
if i have non-stock, the 4byte value is 0
if i have the 1st upgrade, the value is 1
if i have the 2nd upgrade, the value is 1
if i have the 3rd upgrade, the value is 98
!?
i don't know what to do with this values or what i have to change,
to get access to all bodykits
|
|
Back to top |
|
|
Zhoul Master Cheater Reputation: 1
Joined: 19 Sep 2005 Posts: 394
|
Posted: Fri Dec 09, 2005 5:32 pm Post subject: |
|
|
-=DocDOOM=- wrote: | ok, first of all thanks for your replies ....
but now to the parts ...
i've bought Body Kits for my car in slot1
non-stock ...stock ... non-stock ... stock ... etc
and finally i've got the adress
01BCAD60
if i have non-stock, the 4byte value is 0
if i have the 1st upgrade, the value is 1
if i have the 2nd upgrade, the value is 1
if i have the 3rd upgrade, the value is 98
!?
i don't know what to do with this values or what i have to change,
to get access to all bodykits |
These are 1 byte values my friend. You're probably offset to the left or right by a few bytes. Download one of the tables to get an example of what it should all look like.
|
|
Back to top |
|
|
-=DocDOOM=- How do I cheat? Reputation: 0
Joined: 09 Dec 2005 Posts: 6 Location: Germany
|
Posted: Fri Dec 09, 2005 5:46 pm Post subject: |
|
|
i am very confused ...
in the speed table (from cparty i think)
the values are 238
an now ... i am so confused ... i don't know what i could write ... -.-
|
|
Back to top |
|
|
Zhoul Master Cheater Reputation: 1
Joined: 19 Sep 2005 Posts: 394
|
Posted: Fri Dec 09, 2005 7:42 pm Post subject: |
|
|
-=DocDOOM=- wrote: | i am very confused ...
in the speed table (from cparty i think)
the values are 238
an now ... i am so confused ... i don't know what i could write ... -.- |
He might use the 2 byte version.
I used the 1 byte version so the bodies and stuff were 0-5
But things like the tail fins and stuff are definitely around the 0-200 range (in the 1 byte form)
Just try this.
- Scan for unknown value - byte.
- Change the body and BUY it.. make sure you actually buy it, and not just put it in your shopping cart.
- Scan for a value that increased or decreased, depending on what you did (if you buy a body higher, then the value increases)
- Keep buying and scanning and you'll end up with a value that changes by 1 byte, if you buy a body +/- 1 from the 'current' body.
You'll find it...
|
|
Back to top |
|
|
-=DocDOOM=- How do I cheat? Reputation: 0
Joined: 09 Dec 2005 Posts: 6 Location: Germany
|
Posted: Fri Dec 09, 2005 9:49 pm Post subject: |
|
|
thx for your help, but it is the same adress and teh same value ...
Quote: |
01BCAD60
if i have non-stock, the byte value is 0
if i have the 1st upgrade, the value is 1
if i have the 2nd upgrade, the value is 1
if i have the 3rd upgrade, the value is 98
|
|
|
Back to top |
|
|
JONG Expert Cheater Reputation: 0
Joined: 30 Nov 2005 Posts: 130
|
Posted: Fri Dec 09, 2005 10:54 pm Post subject: |
|
|
cparty wrote: | all the Time values in NFSMW I have seen so far are seconds multiplied with 4000, so a time of 3:41.87 == 221.87s
221.87 * 4000 == 887480
So the value would be (4 Bytes) 887480. |
Thanks cparty.
I will try it right now, and search the new value of X, Y, Z.
|
|
Back to top |
|
|
JONG Expert Cheater Reputation: 0
Joined: 30 Nov 2005 Posts: 130
|
Posted: Sat Dec 10, 2005 2:04 am Post subject: |
|
|
Ok update the Zhoul give us of value in the V1.3 vession of game (all of values is static):
Tilt - Front-To-Back - 1 = Standing on Nose - neg1 = Standing on tail
00961CE8
Rear Turn - Left/Right - From current value: +1 or -1 = 180
00961CEC
Tilt - Left/Right 1 to -1
00961CF0
Frontal Turn - Left/Right - From current value: +1 or -1 = 180
00961CF4
X - Location
00961CF8
Z - Location
00961CFC
Y - Location
00961D00
I hope that can help you to find some thing.
Last edited by JONG on Fri Dec 16, 2005 2:26 pm; edited 1 time in total |
|
Back to top |
|
|
cparty Expert Cheater Reputation: 0
Joined: 01 Dec 2005 Posts: 219
|
Posted: Sat Dec 10, 2005 4:13 am Post subject: |
|
|
-=DocDOOM=- wrote: | thx for your help, but it is the same adress and teh same value ... |
My bad, I forgot to tell you that from stock-parts to the first upgrade the values completely change (for that part) and then increase by 1. This was just to find the place in mem where the change happens.
In my scan you see I marked 2 or more bytes for a part but usually its only the left byte holding the value, but the right one usually changes too from stock to an upgrade (but not from upgrade to upgrade) so I put it in the list anyway (however, some parts like the bodykit only use one byte in the VW but as I didn't check with all cars I still marked 2 bytes).
Ok example, I'll use the VW again:
stock body: E8 03
upgrade 1: E9 03
upgrade 2: EA 03
etc.
stock spoiler: 02 04
upgrade 1: C8 2C
upgrade 2: C9 2C
etc.
note: sport, tuner, carbon are mixed while counting up
I usually look at the Bytes in the memview rather then the decimal number in the table as in this case it makes more sense. Also I havent tried through all the upgrades one by one so I don't even know if the right byte will change again at some point (eg. the left byte passes FF). Never bothered too much about those parts as I could buy them with my unlimited money
*Edit* there are also values giving you parts which aren't in the list (until you finish the game I think).
*Edit2* -=DocDOOM=- wrote: | and finally i've got the adress 01BCAD60
if i have non-stock, the 4byte value is 0
if i have the 1st upgrade, the value is 1 |
I think you don't got the right address you are looking at. Why? I have never seen a part (except performance) giving 0 with all 4 Bytes.
|
|
Back to top |
|
|
JONG Expert Cheater Reputation: 0
Joined: 30 Nov 2005 Posts: 130
|
Posted: Sat Dec 10, 2005 5:51 am Post subject: |
|
|
I search the "mission timer" but still not find any way to stop the timer.
Only I can stop is the hud of timer number, the real timer still running.
|
|
Back to top |
|
|
cparty Expert Cheater Reputation: 0
Joined: 01 Dec 2005 Posts: 219
|
Posted: Sat Dec 10, 2005 7:20 am Post subject: |
|
|
JONG wrote: | I search the "mission timer" but still not find any way to stop the timer.
Only I can stop is the hud of timer number, the real timer still running. |
The same happens to me, same thing when on a pursuit and you try to change pursuit length and damanged/immobilized vehicels etc. so the real value might be encoded somehow?
|
|
Back to top |
|
|
JONG Expert Cheater Reputation: 0
Joined: 30 Nov 2005 Posts: 130
|
Posted: Sat Dec 10, 2005 7:29 am Post subject: |
|
|
cparty wrote: | The same happens to me, same thing when on a pursuit and you try to change pursuit length and damanged/immobilized vehicels etc. so the real value might be encoded somehow? |
Do you think it's value maybe not in the nfsMW.exe ?
I always see the "~e5.0001" in the memory, when I close the game, the "~e5.0001" will be close too.
Maybe the game put the value to this way, I am not sure, just guess.
Never mind, there are nothing inside, I was try it.
I find a value about speed, the code information is:
Address:006afc56 - d8 a6 fc 00 00 00 - fsub dword ptr [esi+000000fc]
If I nop it,and go back the game, push the add speed key, you will see your car increase speed very fast.
But you will very hard to control your car.
|
|
Back to top |
|
|
cparty Expert Cheater Reputation: 0
Joined: 01 Dec 2005 Posts: 219
|
Posted: Sat Dec 10, 2005 9:59 am Post subject: |
|
|
JONG wrote: | Do you think it's value maybe not in the nfsMW.exe ?
I always see the "~e5.0001" in the memory, when I close the game, the "~e5.0001" will be close too. |
This is the debugger related to the copy protection. The value should be in speed.exe but it might be "crypted/encoded" somehow.
Still on my quest gathering typecodes, but you cant fly or drive the copter
|
|
Back to top |
|
|
JONG Expert Cheater Reputation: 0
Joined: 30 Nov 2005 Posts: 130
|
Posted: Sat Dec 10, 2005 11:17 am Post subject: |
|
|
cparty wrote: | Still on my quest gathering typecodes, but you cant fly or drive the copter
|
OH MY GOD ! YOU DID IT !
You are a great man !
If it can be drive, that will be perfect !
Go on man, you are the one.
|
|
Back to top |
|
|
|