|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
grasmanek94 Master Cheater Reputation: 0
Joined: 03 Jun 2008 Posts: 283 Location: The Netherlands
|
Posted: Mon Sep 17, 2012 11:53 am Post subject: How do I 'execute' an opcode manually? -Evochron Mercenaries |
|
|
Well the game detects chages of values on the money adress, you die when you cheat money, but when replacing the opcode that decreases the amount of money you can sell stuff, gain money, buy stuff again, sell again... and do it like this forever.....
but this is really slow and annoying, how could I execute an opcode which I found with the "find out what writes to this address" option? I would like to add 999999 times 500 cash or something like that.
(run the opcode x times)
How do I do that?
Edit:
got another way to hack the money, I changed an items sell price I had in my inventory, seemed to work. Anyway please answer this question as it may come in very handy!
Edit2:
aH WELL same for level hack, you die asap you give yourself more exp/lvl, i tried assembling the memory region which is this opcode:
mov eax,[010BB152]
I tried changing [010BB152] to the address of my money so level would raise with 9999999 instead of 1 but then the game also detected the 'cheat'...
If anyone is asking:
Yes I hacked the hell oput of Evochron Mercenaries (by using my brain i was easily able to bypass most of the anti cheat system which has been built into the game), money, assembly points, frame config points, warp drive distance to unlimited, etc etd.. there are no pointers and opcodes change with each run of the game.
All values you look for are shifted 16 bits to the left when using fast scan, so instead of searching for 0x1 you need to search for 0x10000 (hex)
or just do: the value you search * 65536.
For money hack: do not search for the amount of money you have, instead dock to a station and look how much you primary weapon costs, when using fast scan do weapon cost * 65536, there shouldn't be that many addresses there so just try to change ~2 of them to a very high value, before you do that add them to the list and change the type to 8 bytes, change the value to 65536000000000 and you will have 1 billion credits when you sell your primary weapon.
As for wrarp: get ANY felerum drive installed, if you have C1 search for 65536, C2 65536*2, C3 - 65536*3, now, disable your drive, and install a other class drive, search for another value, repeat until one address is found (all scans are 4 bytes). now add the address, change to 8 bytes, change value to 655360000000 and you can travel 10,000,000 sectors (sometimes it doesn't work).
Assembly points: search for the value*65536 every time, when found do "what writes to this address", decrease assembly points, you will see one opcode for the decrese, NOP it, add back all your assembly points, now do unlimited upgrades.
Now I am stuck with rank hack on military pilot... you die when you change rank, I cannot find any good method.
|
|
Back to top |
|
|
Studio80 Advanced Cheater Reputation: 2
Joined: 12 Sep 2012 Posts: 83
|
Posted: Mon Sep 17, 2012 8:50 pm Post subject: |
|
|
Its not going to be easy, as I used to crack applications with Olly Debugger I'm going to tell you the following.
Where you normally apply the code injection, copy and paste that adress. Load olly debugger, and load the game (dont run it yet). Set a break point on the adress you got, scroll up till you reach the Entry Point and set a BP on that as well.
Run the game, now there are two steps you need to do.
First, lets say we're using the money adress. Go in game, do something that changes the money value. Olly will break on the EP breakpoint, trace the code line by line and see what happens. After the code is executed the game will run again. So you shouldn't die.
Second: Now change the value like when you do when the game crashes. Olly should break again on the Entry Point, now step the lines one by one (F. Keep your eyes open because this time something different should happen compared to the first time.
E.x there could be a JNZ/JN command that jumps right to the CALL which executes the code that kills you. Or there could be a value check example if value of pointer x = 1 then call KILL CODE or something like that.
If its a jump that doesn't jump over a call you simply can change it to a JMP, so it always will jump over the CALL. If its a CMP VALUE instruction, you simply can change it like:
orginal code: CMP [ADDIE],01
Change to CMP [ADDIE],00.
If its a CALL function you simply can step in it after the breakpoint and see which other functions use that call. Break point on them too so you can see if the other functions use it as well. If you have questions feel free to ask, im not an expert nor novice just trying to share my knowlegde.
|
|
Back to top |
|
|
grasmanek94 Master Cheater Reputation: 0
Joined: 03 Jun 2008 Posts: 283 Location: The Netherlands
|
Posted: Tue Sep 18, 2012 1:24 am Post subject: |
|
|
ah thanks! I am going to try this, will report back asap
BTW:
"Where you normally apply the code injection, copy and paste that adress. Load olly debugger, and load the game (dont run it yet). Set a break point on the adress you got, scroll up till you reach the Entry Point and set a BP on that as well. " You mean the address of the opcode, right?
Edit: Ok awkward: game does not want to run from ollydbg >_>
Anyway here are 2 screen showing the disasembler info, maybe you can get some info out of it:
one opcode is for when decresing the amount, other is for when it's increasing, I just don't know yet which one is which because I don't want to go out and do an one hour mission just to increase it by one and not be ble to hack it xD
Edit: if you want to teamview me, go ahead just let me know
EDIT:
Ah lol hacked it, replaced ALL opcodes from that adress woth nops and then set the value, let me kill, uload last save, voila, level 10000
|
|
Back to top |
|
|
Studio80 Advanced Cheater Reputation: 2
Joined: 12 Sep 2012 Posts: 83
|
Posted: Tue Sep 18, 2012 4:55 pm Post subject: |
|
|
What happens if you change:
CMP EAX,0
to
CMP EAX, 1
I wouldn't NOP it, the game might crash at a later stage. Instead do a Code Injection. And mov a new value into EAX. I think the CMP command kills you in the game, so you need to patch that one as well if you use a code injection.
|
|
Back to top |
|
|
Lucifer66 How do I cheat? Reputation: 0
Joined: 17 Dec 2013 Posts: 3 Location: United States
|
Posted: Thu Dec 26, 2013 10:31 pm Post subject: |
|
|
OK for those of us who don't have a clue of what the heck you guys are talking about, can you guys just make a table we can just load or what?
|
|
Back to top |
|
|
DaSpamer Grandmaster Cheater Supreme Reputation: 52
Joined: 13 Sep 2011 Posts: 1578
|
Posted: Fri Dec 27, 2013 10:33 am Post subject: |
|
|
Hmm why not change the opcode from mov to add (to increase).
If it's a shared opcode (decreases,increases, and sets).
You could do
Code: | cmp [address],value
jg exit // address bigger than value which means value is after purchasing item |
_________________
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|