| View previous topic :: View next topic |
| Author |
Message |
Kyokyonos
Newbie cheater
![]() Reputation: 0
Joined: 14 Apr 2009
Posts: 19
|
 Posted: Tue Jun 22, 2010 12:26 am Post subject: Code locations change everytime game restarts. |
 |
|
So I was messing around with Dolphin Wii (had to use 32 bit version) with CE and ended up finding a code that, when nop'd, provides a desired effect. However, when restarting the game completely, the code locations change!
105F86DE, for example, would yield opcodes 'mov [edx+818],cl' (which, at this location, is what I need to replace w/ nothing), but on a complete restart, the same address (105F86DE) would yield something like 'add[eax],al' so nop'ing it would not have my desired effect ]:
I already know how to find pointers that point to addressees so I can easily change values, but this is my first time seeing the codes change. Can anyone link me to a guide regarding this (if it's possible)? Come to think of it, I don't think I could find pointers on this either ;x... I've looked and searched but I can't quite describe this behavior in a search that would get me to the right guide. Can anyone point me in the right direction?
|
|
| Back to top |
|
 |
Pingo
Grandmaster Cheater
![]() Reputation: 8
Joined: 12 Jul 2007
Posts: 571
|
| Posted: Tue Jun 22, 2010 1:54 am Post subject: |
|
|
Looks to me like the game is codeshifting.
Try this next time you get that address. Add the address manually so you can see the value (dont nop it). Tick (also scan read-only memory) and scan for the value of your address. You should see it in the new scan list but it will be green. Double click it to bring it down. If you look at this new address it'l look something like this game.exe+XXXXX or it could be a .dll
Use that address.
So instead of writing your code like this
105F86DE:
//code
do it like
game.exe+XXXXX:
//code
The address should update after restart.
_________________
|
|
| Back to top |
|
|
3XTR3M1ST
Grandmaster Cheater
 Reputation: 0
Joined: 13 Jan 2006
Posts: 621
|
| Posted: Tue Jun 22, 2010 3:37 am Post subject: |
|
|
| is that like a pointer thing?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25807
Location: The netherlands
|
| Posted: Tue Jun 22, 2010 4:36 am Post subject: |
|
|
no, it's just an alternate method of writing an address which takes care of code shifting
an easier way to find that notation is just going to that address in the disassembler and press ctrl+m
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Evil_Intentions
Expert Cheater
 Reputation: 65
Joined: 07 Jan 2010
Posts: 214
|
| Posted: Tue Jun 22, 2010 5:16 am Post subject: |
|
|
| Dark Byte wrote: | no, it's just an alternate method of writing an address which takes care of code shifting
an easier way to find that notation is just going to that address in the disassembler and press ctrl+m |
since there is this related thread open already, how would i implement that same action (finding the other address) in my own program? I know how to read/write addresses, but not changing addresses.
Note:im using c++
|
|
| Back to top |
|
|
Pingo
Grandmaster Cheater
![]() Reputation: 8
Joined: 12 Jul 2007
Posts: 571
|
| Posted: Tue Jun 22, 2010 12:14 pm Post subject: |
|
|
| Dark Byte wrote: | no, it's just an alternate method of writing an address which takes care of code shifting
an easier way to find that notation is just going to that address in the disassembler and press ctrl+m |
ctrl+m cool, didnt know that!
_________________
|
|
| Back to top |
|
|
Kyokyonos
Newbie cheater
![]() Reputation: 0
Joined: 14 Apr 2009
Posts: 19
|
| Posted: Tue Jun 22, 2010 12:47 pm Post subject: |
|
|
| Quote: | Looks to me like the game is codeshifting.
Try this next time you get that address. Add the address manually so you can see the value (dont nop it). Tick (also scan read-only memory) and scan for the value of your address. You should see it in the new scan list but it will be green. Double click it to bring it down. If you look at this new address it'l look something like this game.exe+XXXXX or it could be a .dll
Use that address.
So instead of writing your code like this
105F86DE:
//code
do it like
game.exe+XXXXX:
//code
The address should update after restart. |
I'm not sure I quite understand.
This is what I did:
-Found the code I wanted to nope.
It was like at 1071111A with Code: mov [edx+07cc0000]
-I searched for 07cc0000, ticking 'Also scan read-only memory'(was I supposed to do this?)
-There were lots of static and normal addressees so I had no idea which one I was supposed to use. So I closed the game, restarted, and re-looked for the code I wanted again and it was changed to a different address with something like mov [edx+07e40000]. Eventually I noticed and narrowed down that there are 5 static addresses that have values that will always match the code's offset. I tried using all of them as replacements in a simple auto assembler script that would just nop but they did not provide the desired effect.
| Quote: | no, it's just an alternate method of writing an address which takes care of code shifting
an easier way to find that notation is just going to that address in the disassembler and press ctrl+m |
I went to the address in disassembler (the one I wanted to nop) and pressed ctrl+m nothing for that specific address showed anything different. Am I doing something wrong? The opcode looks like... 'mov [edx+07cc0000],cl' most of the time and the offset/address changed on restart. A few addresses above, however, do change and display like 'dolphin.exe+51edfc'.
|
|
| Back to top |
|
|
Radiation
Grandmaster Cheater
 Reputation: 14
Joined: 17 Jun 2009
Posts: 842
Location: Chernobyl
|
| Posted: Tue Jun 22, 2010 3:17 pm Post subject: |
|
|
oh yeah, the code "add[eax],al" is 00 00 in hex... so your code must have been shifted
_________________
|
|
| Back to top |
|
|
Pingo
Grandmaster Cheater
![]() Reputation: 8
Joined: 12 Jul 2007
Posts: 571
|
| Posted: Tue Jun 22, 2010 3:28 pm Post subject: |
|
|
| Kyokyonos wrote: |
I'm not sure I quite understand.
This is what I did:
-Found the code I wanted to nope.
It was like at 1071111A with Code: mov [edx+07cc0000]
-I searched for 07cc0000, ticking 'Also scan read-only memory'(was I supposed to do this?)
|
No not really. You should have added 1071111A to the address list. Search the value of 1071111A
Try ctrl+m again
What is the process name for this game? The name cheat engine connects too.
_________________
|
|
| Back to top |
|
|
Kyokyonos
Newbie cheater
![]() Reputation: 0
Joined: 14 Apr 2009
Posts: 19
|
| Posted: Tue Jun 22, 2010 3:41 pm Post subject: |
|
|
| Pingo wrote: | | Kyokyonos wrote: |
I'm not sure I quite understand.
This is what I did:
-Found the code I wanted to nope.
It was like at 1071111A with Code: mov [edx+07cc0000]
-I searched for 07cc0000, ticking 'Also scan read-only memory'(was I supposed to do this?)
|
No not really. You should have added 1071111A to the address list. Search the value of 1071111A
Try ctrl+m again
What is the process name for this game? The name cheat engine connects too. |
Well, the name of the process is Dolphin.exe
Alright so, I tried again (the address of the code is now 10707F1E since I restarted) and the value of 10707F1E is 35464. I do a normal 4 byte scan for 35464 and 10 static addresses come up. They are all like 'Dolphin.exe+49E02D' but none of them point to the right instruction in the right location. Am I supposed to do something in addition from here?
If I go to the disassembler and go to 10707F1E and press ctrl+m, nothing happens to it's code (now mov [edx+07fc0000]], cl).
Thanks for the replies btw.
|
|
| Back to top |
|
|
Pingo
Grandmaster Cheater
![]() Reputation: 8
Joined: 12 Jul 2007
Posts: 571
|
| Posted: Tue Jun 22, 2010 4:33 pm Post subject: |
|
|
Run this small app i just made Link
All you need to do is paste that address in the top box on the app (game needs to be on aswell). It should show you the static address im talking about.
Should work for any code injection address you need.
I have no way of testing it so let me know how you get on.
_________________
|
|
| Back to top |
|
|
Kyokyonos
Newbie cheater
![]() Reputation: 0
Joined: 14 Apr 2009
Posts: 19
|
| Posted: Wed Jun 23, 2010 1:13 am Post subject: |
|
|
| Pingo wrote: | Run this small app i just made
All you need to do is paste that address in the top box on the app (game needs to be on aswell). It should show you the static address im talking about.
Should work for any code injection address you need.
I have no way of testing it so let me know how you get on. |
I got the address of the code that I wanted to nope and pasted in your program and it came up with 'Dolphin.exe+1034C956'. I restarted the game and tried nop'ing Dolphin.exe+1034C956 but it didn't work and still turns it points to an unrelated code/address T_T. Or is there something I should do after finding the static address that I'm missing?
It would be nice to know how to deal with this kind of code shifting, but I'm about to just settle for finding the code every time I want to nop it for it's effect (since I end up playing the game for hours anyways, so I guess I wouldn't mind taking out 1 minute of that time to find the code/address to nop)
Thanks for your help so far.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25807
Location: The netherlands
|
| Posted: Wed Jun 23, 2010 5:04 am Post subject: |
|
|
if it's actually a .net, java or flash game then it's generating the code at runtime.
In that case you must use autoassembler scripts that make use of the aobscan function to find where the code is located (make use of wildcards on addresses in code)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Pingo
Grandmaster Cheater
![]() Reputation: 8
Joined: 12 Jul 2007
Posts: 571
|
| Posted: Wed Jun 23, 2010 11:10 am Post subject: |
|
|
I was only assuming the address was located in the game.exe.
It might be loaded from a dll, in which case that app wont work.
Keep trying what i suggested before. You'l know for sure.
_________________
|
|
| Back to top |
|
|
Kyokyonos
Newbie cheater
![]() Reputation: 0
Joined: 14 Apr 2009
Posts: 19
|
| Posted: Wed Jun 23, 2010 1:11 pm Post subject: |
|
|
| Dark Byte wrote: | if it's actually a .net, java or flash game then it's generating the code at runtime.
In that case you must use autoassembler scripts that make use of the aobscan function to find where the code is located (make use of wildcards on addresses in code) |
I think I'd need to understand ASM better first :S. You know, more than just nop'ing, adding and subtracting xD
Well I guess I'll try Pingo's methods. I think it might be from a .dll.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
