| View previous topic :: View next topic |
| Author |
Message |
shark2003 Newbie cheater
Reputation: 0
Joined: 28 Sep 2010 Posts: 19
|
Posted: Thu Sep 30, 2010 5:05 pm Post subject: |
|
|
| Giza wrote: | | I have found value, but I can not make trainer. The address always changes on different and search through Pointer has not given results. I am not so strong in Cheat Engine (( |
I followed the Video Tuts on youtube..it is very helpful...and actaully launching the cheat engine tutorial..really helps out..I was doing the Pointer scan thing before also...didnt make any sense to me actually and it did work for the Health...but it was too random..I should have saved it..LOL....it worked until I found out how to find pointers the correct way..??
|
|
| Back to top |
|
 |
shark2003 Newbie cheater
Reputation: 0
Joined: 28 Sep 2010 Posts: 19
|
Posted: Fri Oct 01, 2010 10:23 am Post subject: |
|
|
| Pointer will work until an instant death,then the address in the pointer changes to 00000008. I dont know what is going on there. ???
|
|
| Back to top |
|
 |
Geri Moderator
Reputation: 112
Joined: 05 Feb 2010 Posts: 5627
|
Posted: Fri Oct 01, 2010 10:28 am Post subject: |
|
|
Did You try to find a code which is accessing to Your health only?
_________________
|
|
| Back to top |
|
 |
shark2003 Newbie cheater
Reputation: 0
Joined: 28 Sep 2010 Posts: 19
|
Posted: Fri Oct 01, 2010 11:51 am Post subject: |
|
|
Yeah,it looks like this
0083fd94 - test ecx,ecx
0083fd96 - je 0083fe3f
0083fd9c - cmp dword ptr [ecx+08],00
0083fda0 - jng 0083fe3f
0083fda6 - mov esi,[eax+00001e7c]
Probable base pointer =105E2A70
EAX=1C943280
EBX=00000000
ECX=105E2A70
EDX=0056FEF0
ESI=FFFFFFFF
EDI=00000000
EBP=10352840
ESP=0012ED48
EIP=0083FDA0
I tried a simple script that added to your health but it also affected the enemies and they couldnt be killed...this is getting a little frustrating..
|
|
| Back to top |
|
 |
Giza Newbie cheater
Reputation: 0
Joined: 30 Sep 2010 Posts: 13
|
Posted: Fri Oct 01, 2010 4:20 pm Post subject: |
|
|
| shark2003 wrote: | | Pointer will work until an instant death,then the address in the pointer changes to 00000008. I dont know what is going on there. ??? |
Try it. Has made, but it is similar a little curve. Sometimes from game takes off. Share of licenses.
| Description: |
|
 Download |
| Filename: |
lcgol.CT |
| Filesize: |
411 Bytes |
| Downloaded: |
803 Time(s) |
|
|
| Back to top |
|
 |
shark2003 Newbie cheater
Reputation: 0
Joined: 28 Sep 2010 Posts: 19
|
Posted: Fri Oct 01, 2010 5:04 pm Post subject: |
|
|
| Giza wrote: | | shark2003 wrote: | | Pointer will work until an instant death,then the address in the pointer changes to 00000008. I dont know what is going on there. ??? |
Try it. Has made, but it is similar a little curve. Sometimes from game takes off. Share of licenses. |
That doesnt work for me,Cheat engine is showing this..
Ammo ????????
Health 00000008
Score 00001F2C
These are all of the same values I have been messing with also
..I think I need to go back to hacking my Wii games..LOL
|
|
| Back to top |
|
 |
Dark Byte Site Admin
Reputation: 474
Joined: 09 May 2003 Posts: 25953 Location: The netherlands
|
Posted: Fri Oct 01, 2010 5:25 pm Post subject: |
|
|
it's easier to use the cmp address to store the address of health to a known location, or easier to just set the health to the max right there
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
 |
shark2003 Newbie cheater
Reputation: 0
Joined: 28 Sep 2010 Posts: 19
|
Posted: Fri Oct 01, 2010 7:33 pm Post subject: |
|
|
I have tried everything I can think of and it just doesnt work...
Pointer: Instant death Changes address
Script- NOP/Injecting a code -Affects everything that has a health Value
|
|
| Back to top |
|
 |
Dark Byte Site Admin
Reputation: 474
Joined: 09 May 2003 Posts: 25953 Location: The netherlands
|
Posted: Fri Oct 01, 2010 8:47 pm Post subject: |
|
|
Use find what accesses on the health to get all code locations that access health
Then use the option to find out what addresses each code accesses.
See if there is one that only accesses the player's health (in the demo it's the first cmp in the list)
There do a code injection to either save the address of health, or set health to the max possible address
e.g I'd do a code injection at the bytes :83 79 08 00 0f 8e ?? ?? ?? ?? 8b b0
I can't make an aa script that works for the released version because this instruction sits between two relative jumps, but you should be able to
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
 |
Dark Byte Site Admin
Reputation: 474
Joined: 09 May 2003 Posts: 25953 Location: The netherlands
|
Posted: Fri Oct 01, 2010 9:36 pm Post subject: |
|
|
following script should give godmode for the demo
for the retail:
replace 0083E86C with the address that contains "83 79 08 00 0f 8e ?? ?? ?? ?? 8b b0 "
replace 004D1641 with the address that contains "29 4e 08 8b 56 08 89 53 70"
and replace the "jng 0083E90A" lines with the appropriate substitute
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
//script 1
alloc(newmem,2048) //2kb should be enough
alloc(healthaddress,4)
label(returnhere)
label(originalcode)
label(exit)
0083E86C:
jmp newmem
nop
nop
nop
nop
nop
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
push eax
mov eax,[ecx+0c] //max health
mov dword ptr [ecx+08],eax
lea eax,[ecx+8] //get the address
mov [healthaddress],eax
pop eax
originalcode:
cmp dword ptr [ecx+08],00
jng 0083E90A
exit:
jmp returnhere
//script 2
alloc(newmem1,2048) //2kb should be enough
label(returnhere1)
label(originalcode1)
label(exit1)
label(aftersub)
004D1641:
jmp newmem1
nop
returnhere1:
newmem1: //this is allocated memory, you have read,write,execute access
//place your code here
push eax
lea eax,[esi+8]
cmp eax,[healthaddress] //check if esi+8 matches the last known player address
pop eax
je aftersub //if so, skip the sub
originalcode1:
sub [esi+08],ecx
aftersub:
mov edx,[esi+08]
exit1:
jmp returnhere1
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
0083E86C:
cmp dword ptr [ecx+08],00
jng 0083E90A
004D1641:
sub [esi+08],ecx
mov edx,[esi+08]
dealloc(newmem)
dealloc(newmem2)
|
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
 |
shark2003 Newbie cheater
Reputation: 0
Joined: 28 Sep 2010 Posts: 19
|
Posted: Fri Oct 01, 2010 10:26 pm Post subject: |
|
|
| Thanks guys..I'll have to digest this all tomorrow..
|
|
| Back to top |
|
 |
shark2003 Newbie cheater
Reputation: 0
Joined: 28 Sep 2010 Posts: 19
|
Posted: Sat Oct 02, 2010 5:00 pm Post subject: |
|
|
I get an error on this line...
mov dword ptr [ecx+08],eax
|
|
| Back to top |
|
 |
Dark Byte Site Admin
Reputation: 474
Joined: 09 May 2003 Posts: 25953 Location: The netherlands
|
Posted: Sat Oct 02, 2010 5:57 pm Post subject: |
|
|
what is the error?
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
 |
shark2003 Newbie cheater
Reputation: 0
Joined: 28 Sep 2010 Posts: 19
|
Posted: Sat Oct 02, 2010 7:38 pm Post subject: |
|
|
Error in line 15 (mov eax,[ecx+0c],1000:This instruction cant be compiled.
Although..that instruction is on line 14..
What do you mean by this--->//get the address
Do I need to search for an address for health?
and this---> [healthaddress]
in your script
|
|
| Back to top |
|
 |
Dark Byte Site Admin
Reputation: 474
Joined: 09 May 2003 Posts: 25953 Location: The netherlands
|
Posted: Sat Oct 02, 2010 8:59 pm Post subject: |
|
|
the code isn't "mov eax,[ecx+0c],1000" but "mov eax,[ecx+0c]"
That code places the maximum health value (stored 4 bytes after the current health value) into the eax register
lines with // are just comments explaining what the code does
//get the address means that that code gets the address (in this case eax+8)
healthaddress is just a label that is filled by the cmp hook. It is a valid address in the script and you don't need to change that
the only things you need to change are:
and
at both disable and enable parts
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
 |
|