View previous topic :: View next topic |
Author |
Message |
bhfff Cheater Reputation: 0
Joined: 19 Jan 2017 Posts: 30
|
Posted: Sun Sep 03, 2017 9:44 am Post subject: I've managed to find the integrity check opcode |
|
|
Note: I'm still a newbie and all I can do is follow tutorials
I can bypass it even by injecting this piece of code (won't crash)
Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
mov edi,[edi] // <----- All bytes are stored here
add eax,0000001F
exit:
jmp returnhere
0C561E14:
jmp newmem
nop
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
0C561E14:
mov edi,[edi]
add eax,0000001F
//Alt: db 8B 3F 05 1F 00 00 00 |
The problem is that it (probably) compares the actual value, with the edited value.. or something like that.
I need to tell mov edi,[edi] "Hey it's all good! All values are correct."
How could I possibly solve this problem?
P.S. I found the opcode using stealthedit's integrity scan routines.
Quick edit: The code I gave you is unedited
Description: |
"Find out what.." on the opcode |
|
Filesize: |
17.31 KB |
Viewed: |
4531 Time(s) |
|
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1587
|
Posted: Sun Sep 03, 2017 9:50 am Post subject: |
|
|
bhfff wrote: | The problem is that it (probably) compares the actual value, with the edited value.. or something like that.
I need to tell mov edi,[edi] "Hey it's all good! All values are correct." |
im not sure about what you are asking and doing.
what instruction you want to modify?
and mov edi,[edi] is shared instruction.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
bhfff Cheater Reputation: 0
Joined: 19 Jan 2017 Posts: 30
|
Posted: Sun Sep 03, 2017 10:36 am Post subject: |
|
|
OldCheatEngineUser wrote: | bhfff wrote: | The problem is that it (probably) compares the actual value, with the edited value.. or something like that.
I need to tell mov edi,[edi] "Hey it's all good! All values are correct." |
im not sure about what you are asking and doing.
what instruction you want to modify?
and mov edi,[edi] is shared instruction. |
I need to bypass the shared instruction, because I can not nop it.
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1587
|
Posted: Mon Sep 04, 2017 7:08 am Post subject: |
|
|
find another instruction that is associated with your address.
see what accesses this address.
otherwise use a pointer.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
|