| View previous topic :: View next topic |
| Author |
Message |
likethisway
How do I cheat?
![]() Reputation: 0
Joined: 02 Dec 2006
Posts: 4
|
 Posted: Sat Dec 02, 2006 8:59 pm Post subject: Can you cheat me? Try it. |
 |
|
Sometimes a program will check the important value in a timer. If it finds the value changed,it will stop working or change it back.
So My question is that Can CE find the address of a timer and kill it ,so we can change the value successfully ?
Someone would like to share the experience of it? Thanks.
-----------------------------------------------
P.s (A small test file is attached below)
Last edited by likethisway on Tue Dec 05, 2006 8:10 pm; edited 1 time in total |
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25831
Location: The netherlands
|
| Posted: Sun Dec 03, 2006 4:40 am Post subject: |
|
|
find out what writes to it and change it.
and if it's a online game it won't work
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
SunBeam
I post too much
 Reputation: 65
Joined: 25 Feb 2005
Posts: 4023
Location: Romania
|
| Posted: Sun Dec 03, 2006 7:20 am Post subject: |
|
|
| Give examples, and we might help >.<
|
|
| Back to top |
|
|
h4c0r-BG
Master Cheater
 Reputation: 0
Joined: 29 Nov 2006
Posts: 449
Location: The yogurt country
|
| Posted: Sun Dec 03, 2006 2:35 pm Post subject: |
|
|
Yeah ... more details please 
_________________
|
|
| Back to top |
|
|
likethisway
How do I cheat?
![]() Reputation: 0
Joined: 02 Dec 2006
Posts: 4
|
| Posted: Mon Dec 04, 2006 7:09 pm Post subject: Let's cheat it. |
|
|
I wrote a small example in vb 6.
It has two steps need to be cheated , each one with a timer thing.
Interested cheating it ?
(If you did not find the address of the value ,try to change the address range to all .
If you can't run the program ,may be you have to install the VB6 runtime library first.)
Good luck!
|
|
| Back to top |
|
|
dothacker
How do I cheat?
![]() Reputation: 0
Joined: 03 Dec 2006
Posts: 7
|
|
| Back to top |
|
|
SunBeam
I post too much
Reputation: 65
Joined: 25 Feb 2005
Posts: 4023
Location: Romania
|
| Posted: Wed Dec 06, 2006 4:07 am Post subject: |
|
|
Maybe you can explain this : http://i12.tinypic.com/42uorpf.gif
And don't say I need it to be exactly 5000  I got 9999 and the button isn't enabled...
Also : http://i11.tinypic.com/35k7cyf.gif
Is it me or the "next" won't get enabled ?
My script :
| Quote: |
[ENABLE]
alloc(cave,256)
alloc(address,4)
alloc(value,4)
registersymbol(address)
registersymbol(value)
label(back)
cave:
pushad
mov eax,esi
add eax,8
mov [address],eax
mov ebx,[eax]
mov [value],ebx
popad
mov [esi+4],edx
mov [esi+c],ecx
jmp back
_vbaVarMove+93:
jmp cave
nop
back:
[DISABLE]
_vbaVarMove+93:
mov [esi+4],edx
mov [esi+c],ecx
dealloc(cave)
dealloc(address)
dealloc(value)
unregistersymbol(point) |
|
|
| Back to top |
|
|
reignofsb
Grandmaster Cheater Supreme
 Reputation: 0
Joined: 09 Oct 2006
Posts: 1205
Location: no where
|
| Posted: Wed Dec 06, 2006 4:55 am Post subject: |
|
|
oo i dun understand wad u guys are saying at all lol
_________________
|
|
| Back to top |
|
|
dezuzi
Expert Cheater
![]() Reputation: 0
Joined: 09 Aug 2006
Posts: 146
Location: In your washing machine
|
|
| Back to top |
|
|
SunBeam
I post too much
Reputation: 65
Joined: 25 Feb 2005
Posts: 4023
Location: Romania
|
| Posted: Wed Dec 06, 2006 5:27 am Post subject: |
|
|
After a bit of tracing, me and Lab got to this piece of code :
| Quote: |
00403194 - call dword ptr [00401004]
0040319a - test ax,ax
0040319d - je 00403261 // [2] change from je to jne to enable button
004031a3 - lea eax,[ebp-3c]
004031a6 - push edi
004031a7 - lea ecx,[ebp-2c]
004031aa - push eax
004031ab - push ecx
004031ac - mov [ebp-34],000003e8 // [1] change from 3e8 to 0
004031b3 - mov [ebp-3c],00000002
004031ba - call dword ptr [00401000]
004031c0 - mov edx,eax
004031c2 - mov ecx,edi |
Change your address' value to higher than 5000, using first script I posted to get the address. Once changed, you'll see cheatme won't decrease it with 1000 till it reaches 4999 (I used 9999 as my value). The JNE will enable "next" 
Oki doki. I used another script to trace back to where the whole deal started :
| Quote: |
[ENABLE]
alloc(cave,128)
label(back)
cave:
movsx ecx, word ptr [edi+8]
xor ecx,ecx
sub eax,ecx
jmp back
SysReAllocString+2D:
jmp cave
nop
back:
[DISABLE]
SysReAllocString+2D:
movsx ecx, word ptr [edi+8]
sub eax,ecx
dealloc(cave) |
In the script above, you can go to SysReAllocString+2D and break there. Once you break, change the value to higher than 5000, and you'll see all you need to know. The 1000 value is held in edi+8, and if you trace carefully, not skipping jumps or calls, you will end nicely in the main code @ 4031AC.
Good luck Me and Lab we're movin` on to Step 2...
* EDIT *
Step 2 solved. Remember first script I posted ? Well, use that script to get the address you need for Step 1. Once you get the address, when moving on to Step 2, just take that address and add +10 to it
My address was 1457EC in Step 1, added +10 » 1457FC = the timer for Step 2. No fancy cracking this time, just set the timer to 200 or above. And you've finished...
Step 1 finished » http://i11.tinypic.com/44ajyte.gif
Step 2 finished » http://i13.tinypic.com/2hd9v05.gif
Peace, out...
|
|
| Back to top |
|
|
dezuzi
Expert Cheater
![]() Reputation: 0
Joined: 09 Aug 2006
Posts: 146
Location: In your washing machine
|
|
| Back to top |
|
|
SunBeam
I post too much
Reputation: 65
Joined: 25 Feb 2005
Posts: 4023
Location: Romania
|
| Posted: Wed Dec 06, 2006 6:47 am Post subject: |
|
|
| No way. All the people I've told of the cheatme, I also told them not to read my posts Am not spoiling anything kekeke...
|
|
| Back to top |
|
|
Labyrnth
Moderator
![]() Reputation: 10
Joined: 28 Nov 2006
Posts: 6301
|
| Posted: Wed Dec 06, 2006 1:24 pm Post subject: |
|
|
Well if they use the post to spoil it then they took upon themselves to spoil it. 
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
MORE MORE these are fun