xeratal
Advanced Cheater
![]() Reputation: 1
Joined: 05 Nov 2005
Posts: 93
|
 Posted: Wed Jan 25, 2012 11:46 pm Post subject: Thermidia |
 |
|
I'm wondering if anybody here has attempted cheating in a thermidia protected (one of the latest versions; I assume the latest one actually) game WITHOUT debug privileges (or basically understands how to), or has any idea how I can solve this obfuscation.
I will skip a lot of the description and show exactly what problem I am facing.
---
This is the code section which I have trouble with (with thermidia protection):
| Code: | mov ecx,[009F8434] : [00000000]
mov eax,[ecx]
mov edx,[eax+60]
push 000001B4
call edx
test al,al
je 004CCF56 |
Without thermidia protection, the code is supposed to be something like this:
| Code: | mov ecx,[00xxxxxx]
mov eax, [ecx]
mov edx, [eax+000001B4]
cmp edx, 0
je 004CCF56 |
Since I cannot directly edit this part of the code, what I really want to do is find out what the pointer for the address is (e.g. in the non-thermidia protected code it is simply the [00xxxxxx+0]+1B4) in the thermidia protected code. Any ideas?
-I can't debug it.
-I looked through many other parts of the code and every single place where there's supposed to be a cmp with 0, they do this tricky thing to push the offset (1B4 in this case) and then do a call which I can't trace (the 009F8434 is only assigned a value before it's needed and is used everywhere throughout the program with different values in different cases) and leave the value (not the pointer) in al for the test al,al...
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
