Cheat Engine

[silentus]

Hi !
I need your help, i need to write a NOP to game speed address in SA:MP game.When i write something to this address (0xB7CB64 - [float] Game speed in percent) its automatically changed to its default value (1)
when i make it "Active" in CE, its pretty working however i see that moments when it switchs back to 1, when i find what writes to this address and then change it to code that does nothing (NOP) then it works, but i need to make it in VB.NET, and i kinda have no idea how to make something like this, i know how to use pointers in vb.net etc, but a NOP ? I found some memory module that had write nop function, but it was doing the same as normal write memory..it still was changing to 1
Help please

[TsTg]

If you mean how to write a NOP in the dot NET assembly(MSIL), the op code byte is 0x00, while is normal assembly it's 0x90

[silentus]

ok but how do i use it to lock the value so the game wotn change it ?

EDIT
After tracking what writes to this address, i got this

[SteveAndrew]

Well if nopping it has the effect you want, you're going to need to NOP all bytes of that instruction...

There are 10 bytes which make up that instruction:

[TsTg]

[foxfire9]

You need to know how much NOP's you need. And how will it affect to the system. And also tell the difference that's afffect to that instruction.

I forgot what thread it was.

[silentus]

I kinda cant understand how can i write to these bytes ? In what address are they located ?
In CE when i try to add a address 00401190 with a type of byte array, it doesnt give a value, just "???"
When i try to add the same address with a pointer, then it kinda gets the value but reversed and some zeros are missing.
Could just someone explain me what i have to do ? Without any code, because if you tell me what i need to do then i will understand this and code it without any problems.I just have no idea how to write &H90 to those bytes, as i dont know how to find them oO

[TsTg]

ok let's say you want to NOP the command at
00401190 - C7 05 64CBB700 0000803F - mov[gta_sa.exe+77CB64],3F800000 , right ?

as you see here the: C7 05 64CBB700 0000803F are the bytes you are looking for(in fact every byte consist of two charachters, so this should be: C7 05 64 CB B7 00 00 00 80 3F)

in order to NOP an assembly instruction you have to set all the bytes of it(here we have,...C7 is a one byte, 05 is another byte, so total is 10 bytes), by replacing all the bytes with 90, so it will be: 90 90 90 90 90 90 90 90 90 90).

TAKE IMPORTANT NOTE: that the address 401190 and all the bytes mentioned (including the 90) are all HEXADECIMAL values, so in some programs or developer applications, you will need to add the characters 0x just before the value,(so 90 is 0x90, C7 is 0xC7, the address 401190 is 0x401190, and so on).

If you want to write the values using WriteProcessMemory, you enter the bytes in a reverse order, let's say i will edit 4 bytes starting from
401190 to 401193, this should be:

1)For nopping: use DataToWrite = 0x90909090 <--Four nops
Address = 0x401190 <--as a DWORD or integer value
DataLength = 4 <--Four bytes to edit

2)For restoring original code: use DataToWrite = 0xCB6405C7 <-- the reverse order of the C7 05 64 CB bytes

Now Call: WriteProcessMemory(Process_Handle,Address,DataToWrite,DataLength,RealLength_as_output)

-Now for the next four bytes (out of 10), set Address to (0x401190+4 = 0x401194), and so on.

[Dark Byte]

Sometimes you may need to use VirtualProtectEx to make the memory writable first

[silentus]

Hmm
i read the value of &H4011190 and it gave me all the bytes that i found in CE, however they were reversed (i needed to convert it to string)
So i thought i will write 90909090909090909090 to this address (of course write as a hex, with &H at start (in VB.NET you use &H for hex))
however this gives me 10 opcodes in game, and crashes:
(i cant post images so i will just copy the text here)

[TsTg]

Well, i don't write programs in VB.NET language, but here's a sample of using WriteProcessMemory api that i found:

[silentus]

Oh thank you for this code, it probably wasnt written in any IDE but just on some forum, i needed to edit it because it had errors like missing commas etc
It works perfectly
Anyways, can i be sure that this address will be static (401190) for all computers if its static on mine ? Always when i find what writes to the speed address i find this address, but i dont have any other computers with gta to test, will it always be the same ?

[TsTg]

Well you can not always assume the image base will be same on all computers (assuming here it's 400000), so to reach your address you will add the offset 1190 to the base address to be 401190, you can get the image base of the process executable by calling the functions:

-CreateToolhelp32Snapshot
-Module32First
-Module32Next
http://msdn.microsoft.com/en-us/library/windows/desktop/ms684218

Or if you are injecting a dll inside the game to patch it, you can use GetModuleHandle instead
http://msdn.microsoft.com/en-us/library/windows/desktop/ms683199

[silentus]

Well its very weird, this address wasnt changing for like a week, and after i nopped it in VB.NET and restarted my PC, its completely different.And before it changed, in CE disassembler in "address" there was
"gta_sa.exe + 1190" but now its "gta_sa.exe + 20CD41"

If it changes like this, how can i get this address every time ? I also thought i have to add 1190 to that gta_sa.exe pointer, but it changed from 1190 to 20CD41 ?
Now the proper address with those bytes is 60CD41
It says "The value of pointer needed to find this address is probably 0077CB64" thats the only thing that didnt changed

[TsTg]