| View previous topic :: View next topic |
| Author |
Message |
itsoqrappy
Advanced Cheater
![]() Reputation: 0
Joined: 24 Mar 2016
Posts: 67
|
 Posted: Sun Apr 10, 2016 9:20 am Post subject: NOP'ing an instruction crashes the game |
 |
|
I have found an address of a game, and, when I try to nop it I can see the effect of the hack.
But just after a bit (like 5 mins, but the time changes, it could be also after 30 seconds) my game crashes.
I have no idea what would fix this, so I'm asking suggestions to get a solution.
Anyhow, pre-thanks in advance.
Screenshot (the blue-selected is the address I was meant to nop):
Last edited by itsoqrappy on Sun Apr 10, 2016 4:44 pm; edited 2 times in total |
|
| Back to top |
|
 |
BringChaos
Advanced Cheater
 Reputation: 5
Joined: 31 Jul 2011
Posts: 92
|
| Posted: Sun Apr 10, 2016 10:05 am Post subject: |
|
|
| the eax register is used twice right after that before being set to something new. I don't think it would be surprising stopping the register from being set in this case could cause issues
|
|
| Back to top |
|
|
itsoqrappy
Advanced Cheater
![]() Reputation: 0
Joined: 24 Mar 2016
Posts: 67
|
| Posted: Sun Apr 10, 2016 10:15 am Post subject: |
|
|
| BringChaos wrote: | | the eax register is used twice right after that before being set to something new. I don't think it would be surprising stopping the register from being set in this case could cause issues |
So, should I nop also these instructions who are using the 'eax' register?:
xor eax,[esi+0000062C]
mov [esp+10],eax
mov eax,[esp+18]
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4699
|
| Posted: Sun Apr 10, 2016 10:45 am Post subject: |
|
|
Why would you want to replace that instruction with NOPs in the first place? It's reading from an address, not writing to an address. It would probably be better to load an immediate into eax instead of doing nothing.
Also, make sure that instruction is only accessing the address you're concerned with. If it accesses multiple addresses, then it could be changing more than you think.
What is this section of asm suppose to be doing? Providing more information could help us help you.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
itsoqrappy
Advanced Cheater
![]() Reputation: 0
Joined: 24 Mar 2016
Posts: 67
|
| Posted: Sun Apr 10, 2016 11:00 am Post subject: |
|
|
| ParkourPenguin wrote: | Why would you want to replace that instruction with NOPs in the first place? It's reading from an address, not writing to an address. It would probably be better to load an immediate into eax instead of doing nothing.
Also, make sure that instruction is only accessing the address you're concerned with. If it accesses multiple addresses, then it could be changing more than you think.
What is this section of asm suppose to be doing? Providing more information could help us help you. |
That's the instruction for the spread...
| Quote: | | It's reading from an address, not writing to an address. |
Yeah, but if I nop it, I get the no-spread effect. That's strange.
| Quote: | | It would probably be better to load an immediate into eax instead of doing nothing. |
Could you do a simple example?
| Quote: | | Also, make sure that instruction is only accessing the address you're concerned with. If it accesses multiple addresses, then it could be changing more than you think. |
It accesses two addresses.
| Quote: | | What is this section of asm suppose to be doing? Providing more information could help us help you. |
Spread.
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4699
|
| Posted: Sun Apr 10, 2016 11:24 am Post subject: |
|
|
So one of the addresses it's reading from is spread. What's the other address it's accessing?
When you replace that instruction with NOPs, you're removing the assignment of the eax register. That means every instruction that expects a certain value in eax will now get whatever value eax was at, which isn't guaranteed to be remotely close to any expected value. As such, instead of removing that instruction, it is usually better to place some other value into eax. The easiest way is to use an immediate, or a value that is a part of the instruction itself. For example, mov eax, 1234.
I'm assuming changing the value of the address esi+630 changes the spread of your weapon. Figure out which value makes it have 0 spread and change the instruction to move that value into eax.
The dword at esi+62C also seems somewhat important since it's used in an xor with esi+630. What are the values at esi+630 and esi+62C?
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
itsoqrappy
Advanced Cheater
![]() Reputation: 0
Joined: 24 Mar 2016
Posts: 67
|
| Posted: Sun Apr 10, 2016 12:19 pm Post subject: |
|
|
| ParkourPenguin wrote: | So one of the addresses it's reading from is spread. What's the other address it's accessing?
When you replace that instruction with NOPs, you're removing the assignment of the eax register. That means every instruction that expects a certain value in eax will now get whatever value eax was at, which isn't guaranteed to be remotely close to any expected value. As such, instead of removing that instruction, it is usually better to place some other value into eax. The easiest way is to use an immediate, or a value that is a part of the instruction itself. For example, mov eax, 1234.
I'm assuming changing the value of the address esi+630 changes the spread of your weapon. Figure out which value makes it have 0 spread and change the instruction to move that value into eax.
The dword at esi+62C also seems somewhat important since it's used in an xor with esi+630. What are the values at esi+630 and esi+62C? |
I followed your advice/suggestion, but:
didn't let me shoot against enemies, so I tried:
which works but after a bit it anyway crashes  .
So I think esi+62c is pretty important, but my question is how do i get the values at esi+630 and esi+62c
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4699
|
| Posted: Sun Apr 10, 2016 12:27 pm Post subject: |
|
|
mov eax,eax does absolutely nothing. I'm pretty sure it's even less efficient than replacing the instruction with NOPs.
Right click on the instructions mov eax,[esi+00000630] and xor eax,[esi+0000062C]. Then, select "Find out what addresses this instruction accesses". Look at the "value" column to get the value of those addresses.
You could also easily use breakpoints.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Sun Apr 10, 2016 12:32 pm Post subject: |
|
|
Replace instruction: xor eax,[esi+0000062C]
With: xor eax,eax
|
|
| Back to top |
|
|
itsoqrappy
Advanced Cheater
![]() Reputation: 0
Joined: 24 Mar 2016
Posts: 67
|
| Posted: Sun Apr 10, 2016 12:45 pm Post subject: |
|
|
| ParkourPenguin wrote: | mov eax,eax does absolutely nothing. I'm pretty sure it's even less efficient than replacing the instruction with NOPs.
Right click on the instructions mov eax,[esi+00000630] and xor eax,[esi+0000062C]. Then, select "Find out what addresses this instruction accesses". Look at the "value" column to get the value of those addresses.
You could also easily use breakpoints. |
| Zanzer wrote: | Replace instruction: xor eax,[esi+0000062C]
With: xor eax,eax |
i've just solved
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
