Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[TUTORIAL Game] Try to hack this tutorial Hitler
Goto page Previous  1, 2, 3
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes
View previous topic :: View next topic  
Author Message
ParkourPenguin
I post too much
Reputation: 137

Joined: 06 Jul 2014
Posts: 4250

PostPosted: Wed Jun 01, 2016 8:28 am    Post subject: Reply with quote

Post that section of asm here.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Stacktrace
Expert Cheater
Reputation: 1

Joined: 04 Jul 2015
Posts: 105

PostPosted: Wed Jun 01, 2016 9:42 am    Post subject: Reply with quote

ParkourPenguin wrote:
Post that section of asm here.


alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
cmp [ecx-1],0
je health
jmp originalcode

health:
mov ax,(int)999
xor eax,eax
jmp returnhere

originalcode:
mov [ecx],ax
xor eax,eax

exit:
jmp returnhere

"MSVBVM60.DLL"+F5F52:
jmp newmem
returnhere:


I'm clueless, how can I make it know what the value of 'byte' says? Int won't work so.. Or am I doing this all wrong? This method worked in another game that uses shared health...
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 137

Joined: 06 Jul 2014
Posts: 4250

PostPosted: Wed Jun 01, 2016 9:51 am    Post subject: Reply with quote

You can use byte ptr before a memory access to specify the data you're accessing is 1 byte long:
Code:
cmp byte ptr[ecx-1],0


Regardless, that won't work. Health and mana are stored as words (2-byte) right next to each other- health before mana. Since health is around 1000, the byte representation of that would be E8 03. See the problem yet? If your health ever drops below 256 (00 01), byte ptr[ecx-1] will be 00 when mana is written to, meaning you can't use that to distinguish between health and mana.

If you want a hint, set a breakpoint at that instruction instead and see where it returns to (or use break and trace).

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Stacktrace
Expert Cheater
Reputation: 1

Joined: 04 Jul 2015
Posts: 105

PostPosted: Wed Jun 01, 2016 9:55 am    Post subject: Reply with quote

ParkourPenguin wrote:
You can use byte ptr before a memory access to specify the data you're accessing is 1 byte long:
Code:
cmp byte ptr[ecx-1],0


Regardless, that won't work. Health and mana are stored as words (2-byte) right next to each other- health before mana. Since health is around 1000, the byte representation of that would be E8 03. See the problem yet? If your health ever drops below 256 (00 01), byte ptr[ecx-1] will be 00 when mana is written to, meaning you can't use that to distinguish between health and mana.

If you want a hint, set a breakpoint at that instruction instead and see where it returns to (or use break and trace).


Haha, nope! I must say thanks man Smile
cmp byte ptr[ecx-1],0 worked!

I now have infinite health and any other instruction that accesses that address will act normal such as magic Very Happy

But I do have a question, how come cmp [ecx-1],0 doesn't work but byte ptr does? I can see that byte ptr uses byte in the instruction which makes it more logical but it still leaves me a bit confused because shouldn't they both techinacally do the same thing? same with (int)0
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 137

Joined: 06 Jul 2014
Posts: 4250

PostPosted: Wed Jun 01, 2016 10:14 am    Post subject: Reply with quote

Perhaps I should clarify: that won't work all the time. Set your health to 100 and you'll see changing your mana will set your health to 999.


To answer your question, the computer is not magic. It does not know what you want the value "0" to be: is it 1 byte long? 2 bytes long? 4? 8? This information is usually implied by the size of the memory region you're accessing. In this specific case, there are two addressing modes of the cmp instruction (reference) that could be used: cmp r/m32,imm8 and cmp r/m8, imm8. I suppose it could use cmp r/m32,imm32 as well, but that wouldn't be optimized.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Stacktrace
Expert Cheater
Reputation: 1

Joined: 04 Jul 2015
Posts: 105

PostPosted: Wed Jun 01, 2016 10:22 am    Post subject: Reply with quote

ParkourPenguin wrote:
Perhaps I should clarify: that won't work all the time. Set your health to 100 and you'll see changing your mana will set your health to 999.


To answer your question, the computer is not magic. It does not know what you want the value "0" to be: is it 1 byte long? 2 bytes long? 4? 8? This information is usually implied by the size of the memory region you're accessing. In this specific case, there are two addressing modes of the cmp instruction (reference) that could be used: cmp r/m32,imm8 and cmp r/m8, imm8. I suppose it could use cmp r/m32,imm32 as well, but that wouldn't be optimized.



Ah, thanks man!
The value I set it to '999' won't actually set it that much, I know how to fix that but it was just as a quick test when I was writing the code for my first time. It can be set to '0' too all it does it freeze your HP so it won't go down, resulting in "infinite health" and I've tested a lot of times, even when the health is randomized such as 40, 90, 20 ,10, 2, the code always works. I used dissect data structures to find out what the value -1 is. I've seen others make cheats that way too. 0 = Health () 2 = Magic and if you plus that address by 1 you'll get the actual value. It doesn't matter what the value is, they will always either be 1 or 2 from what I've gathered throughout this process. Keep in mind I'm still learning about reverse engineering Razz Thanks though, I'll look into that page about compares. This is quite interesting Smile

Edit: Nope, I've tested all kind of things. It always works and if I compare it with 2 it'll make me loose health but lock the magic. Like I said, whatever the value is, It'll be 0 or 2, depending on what runs, health or magic.
Back to top
View user's profile Send private message
MumbleD3DHook
How do I cheat?
Reputation: 0

Joined: 06 Oct 2017
Posts: 1
Location: Somewhere in the Kuiper system

PostPosted: Fri Oct 06, 2017 2:41 pm    Post subject: Reply with quote

I might not be able to hack inventories and stuff, but I'll try to do most of it. I'll report back with a cheat table later (Health and mana, cracked so far)
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes All times are GMT - 6 Hours
Goto page Previous  1, 2, 3
Page 3 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites