Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Starforce

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25796
Location: The netherlands

PostPosted: Tue Sep 06, 2005 2:38 pm    Post subject: Starforce Reply with quote

You may know some games that use it (e.g mount and blade, ww2, and some other games)
In those games it's almost impossible to debug, because the IDT entries for int1 and int3 get overwritten.(even the kernel debugger of ce will often crash, or the game will crash)
But if you are DESPERATE and want to find out what code accesses or modifies a address then download this modified version of dbk32.dll

this will rewrite the interrupt descripter a lot faster than starforce does, but it will cause Cheat engine AND the game to start taking up 100% cpu, even on dual core cpu's. It'll even affect the mouse, it'll start skipping, BUT the code list will start to get filled with code (most of the time)

Here's how to use it:
first download this file and replace your old dbk32.dll with this one (I recommend backing up the old one as this is a really terrible to use on normal games)

enable the kerneldebugger in settings->extra
start the ce tutorial and go to step 2
find the address of health , rightclick the address and choose "find out what accesses this address" (keep in mind that for the kernel debugger you may not attach the normal debugger)

now close cheat engine and the tutorial.
(If you're wonderign why you did this: This way the driver gets the original int1 handler, and already makes a link it will use to overwrite the idt of int1 till the computer gets rebooted)

Start CE again
start the game
get INTO the game, start playing

make sure that in settings->extra the query memory regions and read/write memory options are enabled
open the process of the game (preferably using the processwatcher)
now scan the memory for the value you want to find the code for.
once you've found it, get a pen and paper to write on...
rightclick and choose "find out what accesses this address" or "find out what writes to this address"
now try to go into the game (see if you can get it into windowed mode, or on dual display before doign this, because tabbing back will be a hell)
change the address inside the game (e.g buy, sell, get hit, fire, jump, etc...)
and hope you dont crash at once.
now if the code list gets filled write down the addresses as fast as possible, and if you still have some time before your cpu has melted, doubleclick those entries to get the state of the registers and write them down as well.
Hopefully this'll give you enough information to get you further with hacking in the game.

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
ungabunga
How do I cheat?
Reputation: 0

Joined: 24 Nov 2005
Posts: 8
Location: Somwhere far away from everywhere

PostPosted: Fri Nov 25, 2005 9:13 am    Post subject: Reply with quote

I've tried this and it didn't work:( The game was The Suffering 2, i've found the adresses but when i did the "Find out what acceses " it didn't worked! Pls tell me what to do.
P.S.: i've folowed all the steps you've described here, on ce 5.11
Pls help, i really need help whit this game.
Back to top
View user's profile Send private message Yahoo Messenger
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25796
Location: The netherlands

PostPosted: Fri Nov 25, 2005 9:19 am    Post subject: Reply with quote

well, for one this was used for ce 5.0

and this was only tested for the first starforce version (used in mount&blade) where starforce just overwrote the int1 handler to point to ffffffff, and this patch just made it so it pointed to ce's handler every time it could.

the game would become very unstable, and the chance of blue screens are very high.
BUT, every now and then it would give you 1 or 2 results before crashing the system.

no idea if it still works or not, it all depends on luck though. (also 5.0 has a horrible problem with the kernel debugger regardign threads, so no idea how usefull this thing is anymore)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
ungabunga
How do I cheat?
Reputation: 0

Joined: 24 Nov 2005
Posts: 8
Location: Somwhere far away from everywhere

PostPosted: Fri Nov 25, 2005 9:34 am    Post subject: Reply with quote

Thanx DarkByte.
I was also astoinished by the fact my computer didn't crash, thougt i only have an xp2000+ with 256 megs of ram and an ati 9550 gu inf od. I made all the steps again and miracle! one adress apeared even if i didn't tabed back to the game to change some values.it was something like 00456f27 - b552. But i'm not sure if it is right... i've tried to search for the pointer but i think i am just dum... it didn;t work ... again.
So there still is hope Very Happy
Back to top
View user's profile Send private message Yahoo Messenger
SunBeam
I post too much
Reputation: 65

Joined: 25 Feb 2005
Posts: 4023
Location: Romania

PostPosted: Fri Dec 09, 2005 6:43 am    Post subject: Reply with quote

Tested, not working...I mean the .dll not working...

Here's what I did :

* uninstalled all my CEs
* deleted all CE related reg keys
* rebooted
* installed ce 5.0
* replaced the dbk32.dll
* now when i try enabling the kernel debugger, it says the driver isn't loaded or something like that; if i ignore that, it says 'failed to load the debugger'

Am I missing something ? Cause as I recall, in order to use the kernel debugger as you said, you need to pass the callretriever test, which in the case of replacing the dbk32.dll doesn't work...

I'll post some pics when I have time...Still @ university and @ iCafe...

So, till I test if this wether works with SF3 or not, I can't seem to make it work in the first place [like really make it work]...

Any tips ?...
Back to top
View user's profile Send private message
SunBeam
I post too much
Reputation: 65

Joined: 25 Feb 2005
Posts: 4023
Location: Romania

PostPosted: Fri Dec 09, 2005 6:44 am    Post subject: Reply with quote

Not wanted replies from Dark Byte :

- use the unloader - did, it's not loaded [the driver]
- edit registry - did, same thing

With the normal dbk32.dll all works fine, with this modified .dll doesn't work...
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25796
Location: The netherlands

PostPosted: Fri Dec 09, 2005 6:57 am    Post subject: Reply with quote

sorry, my mistake, it's for 5.1
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
SunBeam
I post too much
Reputation: 65

Joined: 25 Feb 2005
Posts: 4023
Location: Romania

PostPosted: Sat Dec 10, 2005 5:21 am    Post subject: Reply with quote

Umm kinda works for 5.1.1 [i dun have 5.1]. But :

- i dun get the command that accesses the address i debug on
- i get just a line like : 4257B7 - ff

That's all...Entered the game, alt-tabed and nada, just that...

Any ideas ?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25796
Location: The netherlands

PostPosted: Sat Dec 10, 2005 8:20 am    Post subject: Reply with quote

no, it all depends on luck, there is a 1% chance it finds something instead of 0.00001%
but try to investigate that instruction.
it starts with ff, but I think the disasembler doesn't know that instruction. Send those bytes (16 of them) to me and i'll see if I can disassembhle it, and fix it in ce.

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
SunBeam
I post too much
Reputation: 65

Joined: 25 Feb 2005
Posts: 4023
Location: Romania

PostPosted: Thu Dec 15, 2005 9:18 am    Post subject: Reply with quote

Umm that ff comes from a call to a sound function [?] : SND_fvectorxxxxxx [I dun remember the name exactly]

I know that I'd get better chances if I ran in windowed mode, cause that way the game would be active...but can't make PoP2T run in windowed mode. Plus you have to run PrinceOfPersia.exe which will start POP3.exe. So what I need windowed is POP3.exe...and that seems to not work...

Back @ home next week. Catch you on MSN. I found some more bugs...bad news, eh ?...Sad...
Back to top
View user's profile Send private message
Human
How do I cheat?
Reputation: 0

Joined: 13 Dec 2005
Posts: 2

PostPosted: Thu Dec 15, 2005 5:24 pm    Post subject: Reply with quote

that dll doesnt work with ce5.2,db can you work more on starforce support, today everything that comes out is protected with that crap
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites