 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
predro
Newbie cheater
![]() Reputation: 0
Joined: 13 Feb 2012
Posts: 10
|
 Posted: Wed May 28, 2014 7:23 am Post subject: Raise Values part II |
 |
|
Thx for your help so far.
I opened a new thread to make it more readable.
So here i got another value to change.
The marked line is the one that writes to the value.
Itīs different than before, i donīt get it. Itīs also a double.
Can you hint me to what happens there and how i could achieve to raise that value as well?
| Description: |
|
| Filesize: |
112.12 KB |
| Viewed: |
6817 Time(s) |
|
|
|
| Back to top |
|
 |
Redouane
Master Cheater
![]() Reputation: 3
Joined: 05 Sep 2013
Posts: 363
Location: Algeria
|
| Posted: Wed May 28, 2014 1:51 pm Post subject: Re: Raise Values part II |
|
|
| predro wrote: | Thx for your help so far.
I opened a new thread to make it more readable.
So here i got another value to change.
The marked line is the one that writes to the value.
Itīs different than before, i donīt get it. Itīs also a double.
Can you hint me to what happens there and how i could achieve to raise that value as well? |
I wouldn't advice you to do code injection here,because you are inside a system module,this code does not write only to your value,try right clicking your code and clicking 'find out what addresses this code writes to' and you'll find a bunch of random values,changing memory in this section will most likely result in a crash,if you really want to hack more things in your flash game,then download the swf file of your game,download a flash decompiler (like ffdec),find the actionscript code that you want to modify,find the array of byte associated with that code,then modify it and make a script in CE that scans for your aob when the game loads and then remplaces a part of it with something else,remember that your aob is in AS3 bytecodes,47 means returnvoid (return from procedure).
I did this to disable the anti-cheat of Knightmare Tower (thanks DaSpammer).
|
|
| Back to top |
|
|
Redouane
Master Cheater
![]() Reputation: 3
Joined: 05 Sep 2013
Posts: 363
Location: Algeria
|
| Posted: Thu May 29, 2014 1:49 pm Post subject: Re: Raise Values part II |
|
|
| predro wrote: | Thx for your help so far.
I opened a new thread to make it more readable.
So here i got another value to change.
The marked line is the one that writes to the value.
Itīs different than before, i donīt get it. Itīs also a double.
Can you hint me to what happens there and how i could achieve to raise that value as well? |
I can still give a try:
| Code: | alloc(mem,1024)
label(return)
label(skip)
mem:
dd (float)9999
pushfd // Save all the flags
cmp esi,addr // Compare esi with your address
jne skip // Could be remplaced with jne +6
fadd dword ptr[mem]
skip:
fstp dword ptr[esi]
add esp,4 // Part of the original code
jmp return
"NPSWF32_13_0_0_214.BrokerMainW"+EC123:
jmp mem+4
return: |
Remplace addr with the address that you found (the one you want to set to 9999)
Not sure if it will work,but whatever you do,you won't be able to save your work in a cheat table (with an AOB) because pointers don't work in flash games.
|
|
| Back to top |
|
|
predro
Newbie cheater
![]() Reputation: 0
Joined: 13 Feb 2012
Posts: 10
|
| Posted: Sun Jun 01, 2014 3:49 pm Post subject: Re: Raise Values part II |
|
|
| Redone wrote: | | predro wrote: | Thx for your help so far.
I opened a new thread to make it more readable.
So here i got another value to change.
The marked line is the one that writes to the value.
Itīs different than before, i donīt get it. Itīs also a double.
Can you hint me to what happens there and how i could achieve to raise that value as well? |
I wouldn't advice you to do code injection here,because you are inside a system module,this code does not write only to your value,try right clicking your code and clicking 'find out what addresses this code writes to' and you'll find a bunch of random values,changing memory in this section will most likely result in a crash,if you really want to hack more things in your flash game,then download the swf file of your game,download a flash decompiler (like ffdec),find the actionscript code that you want to modify,find the array of byte associated with that code,then modify it and make a script in CE that scans for your aob when the game loads and then remplaces a part of it with something else,remember that your aob is in AS3 bytecodes,47 means returnvoid (return from procedure).
I did this to disable the anti-cheat of Knightmare Tower (thanks DaSpammer). |
Thanks for your advice.
I decompiled the swf and found an area where i want to change a pushtrue (26) to pushfalse (27).
I scanned the flashplayer in CE for the corresponding AOB but it did not find it!
Is there another way to scan? Because you wrote "scan when the game loads"
|
|
| Back to top |
|
|
Redouane
Master Cheater
![]() Reputation: 3
Joined: 05 Sep 2013
Posts: 363
Location: Algeria
|
| Posted: Mon Jun 02, 2014 8:20 am Post subject: Re: Raise Values part II |
|
|
| predro wrote: | Thanks for your advice.
I decompiled the swf and found an area where i want to change a pushtrue (26) to pushfalse (27).
I scanned the flashplayer in CE for the corresponding AOB but it did not find it!
Is there another way to scan? Because you wrote "scan when the game loads" |
make the 'writable' checkbox grayed,then change the type to Array of bytes,then right after the game loads,before clicking the play button,scan for the bytes you found in the part you want to modify (pushtrue(26)),take some bytes before or after that instruction because your AOB must be unique,once you find 1 and only 1 result,modify the 'pushtrue(26)' bytes to the 'pushfalse(27)' bytes (edit the instruction in ffdec and you'll find the bytecode of pushfalse(27)).
you know,in flash games,AS3 bytecodes get translated to machine code when the game is started,if your game starts immediately after loading,then pause it with CE immediately when it loads(set a hotkey for pause to ALT+X and you'll be able to pause it at any time).
here's the script I made to disable the anti-cheat of Knightmare Tower:
| Code: | [ENABLE]
{This will disable the anti-cheat on Knightmare Tower
Special thanks to DaSpammer =)}
aobscan(anticheat,4f d3 09 01 47) // This is the AS3 AOB that loads the anti-cheat (found it with ffdec).
anticheat:
db 47 // 47 = returnvoid in AS3:ends the function.
[DISABLE]
// No need to disable this script. |
|
|
| Back to top |
|
|
Redouane
Master Cheater
![]() Reputation: 3
Joined: 05 Sep 2013
Posts: 363
Location: Algeria
|
| Posted: Mon Jun 02, 2014 4:54 pm Post subject: Re: Raise Values part II |
|
|
| Redone wrote: | | predro wrote: | Thanks for your advice.
I decompiled the swf and found an area where i want to change a pushtrue (26) to pushfalse (27).
I scanned the flashplayer in CE for the corresponding AOB but it did not find it!
Is there another way to scan? Because you wrote "scan when the game loads" |
make the 'writable' checkbox grayed,then change the type to Array of bytes,then right after the game loads,before clicking the play button,scan for the bytes you found in the part you want to modify (pushtrue(26)),take some bytes before or after that instruction because your AOB must be unique,once you find 1 and only 1 result,modify the 'pushtrue(26)' bytes to the 'pushfalse(27)' bytes (edit the instruction in ffdec and you'll find the bytecode of pushfalse(27)).
you know,in flash games,AS3 bytecodes get translated to machine code when the game is started,if your game starts immediately after loading,then pause it with CE immediately when it loads(set a hotkey for pause to ALT+X and you'll be able to pause it at any time).
here's the script I made to disable the anti-cheat of Knightmare Tower:
| Code: | [ENABLE]
{This will disable the anti-cheat on Knightmare Tower
Special thanks to DaSpammer =)}
aobscan(anticheat,4f d3 09 01 47) // This is the AS3 AOB that loads the anti-cheat (found it with ffdec).
anticheat:
db 47 // 47 = returnvoid in AS3:ends the function.
[DISABLE]
// No need to disable this script. |
|
By the way,Here's a program that you'll probably like :
.minerva
It edits the flash shared objects (sol files),the game must be closed when its save is being edited.
If you have more questions regarding flash games (not PC games) then please ask in the flash games forum,people there have much more knowledge about flash gamehacking.
|
|
| Back to top |
|
|
predro
Newbie cheater
![]() Reputation: 0
Joined: 13 Feb 2012
Posts: 10
|
| Posted: Tue Jun 03, 2014 11:14 am Post subject: |
|
|
I just canīt manage to find the AOB.
The game has a START Button, but although i dont start, i cannot find any aob from ffdec in the game 
When you say pause, do you mean to enable speedhack in CE with speed 0?
|
|
| Back to top |
|
|
Redouane
Master Cheater
![]() Reputation: 3
Joined: 05 Sep 2013
Posts: 363
Location: Algeria
|
|
| Back to top |
|
|
predro
Newbie cheater
![]() Reputation: 0
Joined: 13 Feb 2012
Posts: 10
|
|
| Back to top |
|
|
Redouane
Master Cheater
![]() Reputation: 3
Joined: 05 Sep 2013
Posts: 363
Location: Algeria
|
| Posted: Fri Jun 06, 2014 3:42 am Post subject: |
|
|
| predro wrote: | Yes, i do it just as described (see attachment)
Did NOT click Start, but the AOB does not get found.
Also tried another AOB, dont find that either.
|
I said make the 'Writable checkbox' grayed,do not disable it,because in flash games,the code is in the data section,so it's still writable memory,but it's a good habbit to make it grayed when doing AOB scans,because otherwise they may fail on non flash games.
Also,what game are you trying to hack?
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
