Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[H] Problem with timers!

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
r4dbrnu
How do I cheat?
Reputation: 0

Joined: 14 Feb 2009
Posts: 8
PostPosted: Mon Apr 27, 2015 8:16 pm    Post subject: [H] Problem with timers! Reply with quote
Hi guys,

I'm trying to search the time address from "AikonCWD's challenge #1: Test your skill here!"
But until know nothing( i spent 2 hours).
So... What's the solution?

Code:
http://forum.cheatengine.org/viewtopic.php?t=577886&postdays=0&postorder=asc&start=0
Back to top
View user's profile Send private message
Rissorr
Master Cheater
Reputation: 3

Joined: 17 Sep 2013
Posts: 273
Location: Israel!
PostPosted: Tue Apr 28, 2015 8:28 am    Post subject: Reply with quote
This may help you:

atm0s wrote:

The first step was to locate the player information and see how the data was handled. In this applications case, simply searching for the data is not an option as the data is "encoded" in a manner to prevent cheating from happening easily. (More info on this below.) So I took to debugging to attempt to locate some usable information.

The first thing I came across was the string: "FFFFFFFFFFFFFC22"

Immediately this stood out to me as a double value in string/hex form. So converting this back to an actual value gives us: -990.00

Afterward, I debugged the parts of the code that made use of this string which we see here:
Code:

004B7E4B   . 8B4E 7C        MOV ECX,DWORD PTR DS:[ESI+7C]
004B7E4E   . 66:8941 04     MOV WORD PTR DS:[ECX+4],AX
004B7E52   . 8D4D CC        LEA ECX,DWORD PTR SS:[EBP-34]
004B7E55   . E8 4A99F4FF    CALL <JMP.&MSVBVM60.__vbaFreeVar>
004B7E5A   . BA E46A4100    MOV EDX,challeng.00416AE4                         ;  UNICODE "FFFFFFFFFFFFFC22"
004B7E5F   . 8D8E 88000000  LEA ECX,DWORD PTR DS:[ESI+88]
004B7E65   . E8 2299F4FF    CALL <JMP.&MSVBVM60.__vbaStrCopy>
004B7E6A   . BA 0C6B4100    MOV EDX,challeng.00416B0C
004B7E6F   . 8D8E 8C000000  LEA ECX,DWORD PTR DS:[ESI+8C]
004B7E75   . E8 1299F4FF    CALL <JMP.&MSVBVM60.__vbaStrCopy>


From this if we monitor the data, we see that the string is truncated and copied to [ESI+88]. Next, we let the game run and we will see that the value that was stored in ESI+88 is changing as the game plays. Freezing this value freezes the time.
Bingo, we have the time location.


Credits goes to atm0s
Back to top
View user's profile Send private message
r4dbrnu
How do I cheat?
Reputation: 0

Joined: 14 Feb 2009
Posts: 8
PostPosted: Tue Apr 28, 2015 5:38 pm    Post subject: Reply with quote
omg Laughing
I'm so dumb !
Thank you man! It worked!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites