 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Ungreat
Expert Cheater
![]() Reputation: 0
Joined: 27 Feb 2007
Posts: 215
|
 Posted: Thu Mar 08, 2007 5:59 pm Post subject: |
 |
|
You can patch it and backtrace it just like you could before 
*points to Instant Demo tut
_________________
| Code: | mov r10, qword ptr [rsp+0A28h+arg_5F8]
shl rdx, 20h
mov r11, 7010008004002001h
or rax, rdx
mov rcx, r10
xor rcx, rax
lea rax, [rsp+0A28h+var_2C8] |
Oh man, I'm getting too excited |
|
| Back to top |
|
 |
TheSorc3r3r
I post too much
 Reputation: 0
Joined: 06 Sep 2006
Posts: 2404
|
| Posted: Thu Mar 08, 2007 6:05 pm Post subject: |
|
|
| SunBeam wrote: | | @TheSorc3r3r - that was the old one |
He posted the same one twice, I swear!
_________________
Don't laugh, I'm still learning photoshop! |
|
| Back to top |
|
|
Uligor
Grandmaster Cheater
 Reputation: 0
Joined: 21 Jan 2006
Posts: 956
|
| Posted: Fri Mar 09, 2007 1:33 am Post subject: |
|
|
| Ungreat wrote: | You can patch it and backtrace it just like you could before
*points to Instant Demo tut |
You can't. 
_________________
|
|
| Back to top |
|
|
Uligor
Grandmaster Cheater
Reputation: 0
Joined: 21 Jan 2006
Posts: 956
|
| Posted: Sat Mar 10, 2007 10:34 am Post subject: |
|
|
Zuan cracked it.
source:
| Code: |
/*char string1[] = "Please enter the code: ";
char string2[] = "%d";
char winstring[] = "Correct! You win!";
char losestring[] = "Wrong! You lose!";*/
char string1[] = {0xB4, 0xCC, 0xDE, 0xD6, 0xF2, 0xDE, 0x54, 0xDE, 0xC8, 0xFC, 0xDE, 0xF0, 0x54, 0xFC, 0xC4, 0xDE, 0x54, 0xD2, 0xCA, 0xDC, 0xDE, 0x60, 0x54, 0x14};
char string2[] = {0x5E, 0xDC, 0x14};
char winstring[] = {0x92, 0xCA, 0xF0, 0xF0, 0xDE, 0xD2, 0xFC, 0x56, 0x54, 0xA6, 0xCA, 0xFE, 0x54, 0xFA, 0xC6, 0xC8, 0x56, 0x14};
char losestring[] = {0xBA, 0xF0, 0xCA, 0xC8, 0xDA, 0x56, 0x54, 0xA6, 0xCA, 0xFE, 0x54, 0xCC, 0xCA, 0xF2, 0xDE, 0x56, 0x14};
DWORD tempfake1 = 0x00000000;
DWORD tempfake2 = 0x00000000;
char lolstring[] = "This isn't a book, stop reading >=D";
DWORD input;
int main()
{
__asm
{
pushad
lea eax, [malloc-17]
add eax, 17
push 0x100
call eax
add esp, 4
push eax
lea edi, [code1-0xA3]
push edi
mov eax, 4
mov ebx, 3
mov ecx, 2
mov edx, 1
ror eax, 3
rol ebx, 5
ror ecx, 11
rol edx, 23
xchg eax, ebx
xchg ecx, edx
xchg ebx, edx
xchg edx, ecx
xchg eax, ebx
xchg ebx, ecx
push eax
xor eax, ebx
push ebx
xor [esp], eax
pop eax
pop ebx
shr eax, 16
add eax, ecx
rol edx, 11
lea ebx, [eax+edx]
dec ebx
add [esp], ebx
sub ebx, 2
sub eax, ebx
shr edx, 8
add ecx, 0xFFFFFFA0
not eax
mov ebx, eax
jc jump
__emit 0xB4
__emit 0xC9
__emit 0xE0
realend:
add esp, 4
popad
lea eax, [final]
push eax
jmp jump
__emit 0xE6
__emit 0xB4
__emit 0x31
code2:
pop eax
jnp jump
jp next9
__emit 0x70
__emit 0x70
__emit 0x8F
next9:
ror eax, 3
rol ebx, 7
jnc next10
__emit 0x74
__emit 0x21
__emit 0x89
next10:
push edi
lea edi, [esi-68]
push ecx
jnz next11
__emit 0xA9
__emit 0xCC
__emit 0x6A
next11:
mov ecx, 15
add ecx, 53
rep movsb
mov ecx, 12
jno next12
__emit 0xE8
next12:
add esp, 4
pop esi
sub esi, 76
add ecx, 56
add esi, 8
jnp next13
__emit 0xC8
__emit 0x69
__emit 0x00
right:
add [esp], 4
jmp next36
__emit 0x0F
__emit 0xE9
__emit 0x89
next36:
lea eax, [printf+73156616]
jnz next37
__emit 0x21
__emit 0x97
__emit 0x52
next37:
sub eax, 73156616
call eax
jnz next38
__emit 0xF0
__emit 0x13
__emit 0x63
next38:
lea eax, [realend]
push eax
jmp jump
__emit 0x63
__emit 0xC9
__emit 0x34
__emit 0xE0
next13:
xor byte ptr [esi], al
not [esi]
ror byte ptr [esi], 1
inc esi
loop next13
jns next14
__emit 0xB1
__emit 0x39
__emit 0x2F
next14:
sub esp, 8
pop ecx
add esp, 8
lea esi, [code3]
push esi
xor esi, esi
jz jump
__emit 0xE9
storestrings:
jno next6
__emit 0xB4
next6:
mov edi, [esp+8]
lea esi, [string1]
jnz next7
__emit 0x31
__emit 0x67
next7:
push ecx
mov ecx, 68
rep movsb
js next8
__emit 0x98
__emit 0x99
__emit 0xF4
next8:
pop ecx
lea eax, [code2]
push eax
jmp jump
__emit 0xA0
__emit 0x62
__emit 0xA9
jump:
ret
__emit 0x62
__emit 0x93
__emit 0x16
__emit 0x0A
code4:
next17:
mov esi, input
xor input, esi
push esi
mov esi, eax
jmp next18
__emit 0x25
__emit 0x97
__emit 0xC2
next18:
pop eax
mov edx, eax
mov ecx, eax
mov edi, 0x66D14B97
jmp next19
__emit 0x12
__emit 0xC7
__emit 0x8F
next19:
xor eax, ebx
rol eax, 7
xor ecx, 0x64F0C521
xor edx, 0x0215FF0F
jmp next20
__emit 0x62
__emit 0x5A
wrong:
add [esp], 4
mov edi, [esp]
jmp next30
__emit 0xF0
next30:
mov ecx, 20
lea esi, [edi+20]
jmp next31
__emit 0x6E
__emit 0x6B
__emit 0x98
next31:
rep movsb
jmp next32
__emit 0x77
__emit 0x11
__emit 0xD2
next32:
lea eax, [printf+17]
jmp next33
__emit 0xE7
__emit 0x25
__emit 0x52
__emit 0xC3
next33:
sub eax, 17
call eax
jmp next34
__emit 0x88
__emit 0x17
__emit 0x0B
next34:
push realend
jmp jump
__emit 0xE9
__emit 0xE7
next20:
rol eax, 5
xor eax, ecx
add eax, ecx
xor eax, edx
sub eax, edx
jmp next21
__emit 0xCC
__emit 0x21
__emit 0xB1
next21:
xor ecx, edx
dec eax
ror eax, 13
xor eax, ecx
ror edx, 18
xor edx, 0x08F9221C
jmp next22
__emit 0xC3
__emit 0xE1
__emit 0xC2
next22:
xor ecx, 0x9B0C5211
xor eax, edx
rol ecx, 2
xor eax, ecx
jmp next23
__emit 0xE4
__emit 0xC0
__emit 0x00
next23:
rol edx, 19
xor edx, ecx
ror eax, 15
xor edi, eax
rol edx, 1
jmp next24
__emit 0xF3
__emit 0x91
__emit 0xC8
next24:
xor eax, edx
dec eax
dec eax
add eax, ecx
xor eax, 0x621DE010
jmp next25
__emit 0x89
__emit 0x63
next25:
xor edx, 0xD2D2D2D2
xor ecx, 0xC621FA62
xor eax, edx
xor eax, ecx
add eax, edx
jmp next26
__emit 0xE9
__emit 0x12
next26:
sub edx, ecx
sub eax, edx
ror edx, 16
rol ecx, 27
xor eax, edx
jmp next27
__emit 0x36
__emit 0xF0
next27:
xor eax, ecx
sub eax, edx
sub eax, ecx
xor ecx, edx
xor ecx, 0x4D453FEE
jmp next28
__emit 0xF0
__emit 0x84
next28:
xor eax, ecx
xor eax, ebx
push edi
jz jump
jmp next29
__emit 0x62
__emit 0x25
next29:
pop edi
lea edi, [wrong]
push edi
jmp jump
__emit 0xB6
__emit 0xF9
fake2:
add esp, 8
popad
lea eax, [final]
push eax
jmp jump
__emit 0xF0
__emit 0x9A
__emit 0x09
__emit 0xF1
code1:
jnp fake2
sub eax, 1
jnz next1
__emit 0x0F
__emit 0xE9
__emit 0x89
next1:
mov ebx, 0x0FC1FE01
xor edx, 0x82156ADE
mov ecx, 0xEBB8EA00
ja next2
__emit 0x70
next2:
sub edx, 0x5040CC23
ror ecx, 17
xor edx, ecx
xor edx, ebx
jp next3
__emit 0xEB
next3:
push eax
xor eax, ecx
not eax
js next4
__emit 0x9A
__emit 0x04
next4:
rol ebx, 9
ror eax, 4
rol ecx, 3
rol edx, 17
xor ebx, edx
jnc next5
__emit 0x8C
next5:
push eax
lea eax, [storestrings]
push eax
jnz jump
__emit 0xC2
__emit 0xC3
code3:
__emit 0xE8
__emit 0x00
__emit 0x00
__emit 0x00
__emit 0x00
add dword ptr [esp], 15
lea esi, [printf-7]
add esi, 7
jmp esi
jnz next15
__emit 0x75
__emit 0x12
__emit 0x21
__emit 0x7F
next15:
add dword ptr [esp], 24
add esp, 8
push OFFSET input
sub esp, 4
lea esi, [scanf+89]
sub esi, 89
jmp next16
__emit 0x5D
__emit 0x0C
next16:
__emit 0xE8
__emit 0x00
__emit 0x00
__emit 0x00
__emit 0x00
add dword ptr [esp], 10
push esi
jmp jump
lea esi, [code4]
push esi
jmp jump
__emit 0x21
__emit 0x76
fake3:
add esp, 0xC
popad
lea eax, [final]
push eax
jmp jump
__emit 0x98
__emit 0x24
final:
}
Sleep(INFINITE);
return 0;
} |
_________________
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
