| View previous topic :: View next topic |
| Author |
Message |
bhfff
Cheater
![]() Reputation: 0
Joined: 19 Jan 2017
Posts: 30
|
 Posted: Sun Sep 03, 2017 9:44 am Post subject: I've managed to find the integrity check opcode |
 |
|
Note: I'm still a newbie and all I can do is follow tutorials
I can bypass it even by injecting this piece of code (won't crash)
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
mov edi,[edi] // <----- All bytes are stored here
add eax,0000001F
exit:
jmp returnhere
0C561E14:
jmp newmem
nop
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
0C561E14:
mov edi,[edi]
add eax,0000001F
//Alt: db 8B 3F 05 1F 00 00 00 |
The problem is that it (probably) compares the actual value, with the edited value.. or something like that.
I need to tell mov edi,[edi] "Hey it's all good! All values are correct."
How could I possibly solve this problem?
P.S. I found the opcode using stealthedit's integrity scan routines.
Quick edit: The code I gave you is unedited
| Description: |
| "Find out what.." on the opcode |
|
| Filesize: |
17.31 KB |
| Viewed: |
5184 Time(s) |
|
|
|
| Back to top |
|
 |
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Sun Sep 03, 2017 9:50 am Post subject: |
|
|
| bhfff wrote: | The problem is that it (probably) compares the actual value, with the edited value.. or something like that.
I need to tell mov edi,[edi] "Hey it's all good! All values are correct." |
im not sure about what you are asking and doing.
what instruction you want to modify?
and mov edi,[edi] is shared instruction.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
bhfff
Cheater
![]() Reputation: 0
Joined: 19 Jan 2017
Posts: 30
|
| Posted: Sun Sep 03, 2017 10:36 am Post subject: |
|
|
| OldCheatEngineUser wrote: | | bhfff wrote: | The problem is that it (probably) compares the actual value, with the edited value.. or something like that.
I need to tell mov edi,[edi] "Hey it's all good! All values are correct." |
im not sure about what you are asking and doing.
what instruction you want to modify?
and mov edi,[edi] is shared instruction. |
I need to bypass the shared instruction, because I can not nop it.
|
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Mon Sep 04, 2017 7:08 am Post subject: |
|
|
find another instruction that is associated with your address.
see what accesses this address.
otherwise use a pointer.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
