General Discussions

Page 4 of 6   •  First Page  •  Previous Page  •   Next Page  •   Last Page
Signup or Login to Post
Memory Buffer Problem
  • Current rank: 3.5 Stars. Next Rank at 8000 Posts.
    Send a message to DABhand
    PHAT CAT
    DABhand posted on Mar 21, 2010 4:33:55 AM - Report post
     
    Good good, learning as you go along.
    Oh and Don't forget some tuts on ASM and defeating DMA

    Clicky Here for them
  • Current rank: 1 Star. Next Rank at 100 Posts.
    Send a message to Sil3nt_Pr0digy
    ELITE
    Sil3nt_Pr0digy posted on Mar 21, 2010 10:21:32 AM - Report post
     
    yeah, but I still am having problems with figuring out how to properly do infinite health. Anyone can nop the code and give both unlimited health.

    But I want a proper hack for unlimited health. And it once again uses movss with those XMM registers.

    I don't know how I'm suppose to isolate the one that writes to the player's health.

    Any suggestions?
  • Current rank: 1 Star. Next Rank at 100 Posts.
    Send a message to Sil3nt_Pr0digy
    ELITE
    Sil3nt_Pr0digy posted on Mar 21, 2010 6:49:23 PM - Report post
     
    Well here is what I have been thinking...

    The function that controls health is this:

    0045D67D - f3 0f 11 87 20 01 00 00 - movss [edi+00000120],xmm0

    Now what I know is that the health is written to edi+00000120. Here is a screenshot of the values at the address, captured via CoSMOS. Link

    Now if I take the address shown at EDI and add the offset you get 8553280. Navigating to that address gives you this code:

    08553280 - 00 80 ab 43 00 00 - add [eax+000043ab],al

    This is the address that my life is stored to. But changing this results in it to reset to add [eax+000043ab],al.

    Now what I've been thinking of doing is instituting a conditional jump, in which if edi = 08553160, and if it does, set the value to a set value, to cause the true infinite life effect. Does this sound right? if so, how would I code the edi conditional jump inside my code cave.

    Thanks for the help Dabs... Your guidance has put me on the path to understand ASM and SSE better. But one thing that I don't really understand is Conditional Jumps.

    Help would be appreciated :]


    Ok, so I want to use a condition jump if edi is equal to 08553160. I'm going to look at the tuts more and see if there is a way to do it.

    [Edited by Sil3nt_Pr0digy, 3/21/2010 8:09:56 PM]

    My bad... I realized that it won't work because the address I was seeing (8553160) was a DMA address for health; not what I was looking for... Damn it... isn't there some other way to sort out the player's health?

    BTW, I got my conditional jump working... now if I just knew what to put in it...

    [Edited by Sil3nt_Pr0digy, 3/21/2010 9:43:44 PM]
  • Current rank: 1 Star. Next Rank at 100 Posts.
    Send a message to Sil3nt_Pr0digy
    ELITE
    Sil3nt_Pr0digy posted on Mar 21, 2010 10:43:17 PM - Report post
     
    Ok... So I have everything I need to get the Infinite Health Working; Except the ability to tell which value controls my health.

    This would be so much easier if I could find an example of infinite health in which a game has similar functions for health.

    Ok... Still having problems separating the codes... how does everyone else do this? lol, There obviously have to be some way for me to do it because others have done it.... I just wish someone would tell me how and finally let me know.

    [Edited by Sil3nt_Pr0digy, 3/21/2010 11:02:57 PM]
  • Current rank: 3.5 Stars. Next Rank at 8000 Posts.
    Send a message to DABhand
    PHAT CAT
    DABhand posted on Mar 22, 2010 1:45:32 AM - Report post
     
    Read up on ASM.

    Icezilion has a website with lots more resources. Google for it.

    Oh and Don't forget some tuts on ASM and defeating DMA

    Clicky Here for them
  • Current rank: 1 Star. Next Rank at 100 Posts.
    Send a message to Sil3nt_Pr0digy
    ELITE
    Sil3nt_Pr0digy posted on Mar 22, 2010 2:00:07 AM - Report post
     
    thanks dabs

    I can't seem to find the website; do you have a link?

    [Edited by Sil3nt_Pr0digy, 3/22/2010 2:04:34 AM]

    Nvm, I found the site, I'm reading up on them right now. They are hard to understand, as he is using MASM. I really don't see how this will help me figure out how to do my infinite health tho.

    [Edited by Sil3nt_Pr0digy, 3/22/2010 2:16:53 AM]

    I went through the Exagone tuts, they are pretty basic, and stuff that is already listed in your tuts.

    [Edited by Sil3nt_Pr0digy, 3/22/2010 2:26:44 AM]

    Well after reading a bit more; I still cannot seem to find anything relating to my problem, or having to do with things that I haven't already learned in tutorials from CH and other websites.

    Hopefully someone has a URL, example, or can assist me, so that I may figure out the way to get my code working.

    I believe a conditional jump is the right idea; but I do not know how to make sure that the conditional jump will only be executed if the pointer is that of the player's health;

    I was thinking about checking pointers; but several thousand tend to show up when I am doing a pointer scan of the address; Which does not help me at all.

    [Edited by Sil3nt_Pr0digy, 3/22/2010 2:39:04 AM]
  • Current rank: 3.5 Stars. Next Rank at 8000 Posts.
    Send a message to DABhand
    PHAT CAT
    DABhand posted on Mar 22, 2010 4:06:41 AM - Report post
     
    Sorry meant to say Iczelion :\

    The pointer you found was for the player/NPC structure.

    You will have to check with each structure to see if there is a difference at the start of each. Most of the time, the first byte could be a 01 and for NPC's 00.

    If that is the case, then you could do something like

    PUSH EAX << Save content of register for later
    MOV EAX, [Pointeraddress] -- Move address into EAX
    CMP [EAX+xx],01 - compare the memory location + offset to the check byte with 1
    JNE xxxxxx - Jump if not equal - i.e. Jump if not player
    MOV [EAX+xx],64 - Force decimal value of 100 into player health (xx being the offset for health)
    XOR EAX,EAX - This effectivaly makes EAX 0
    POP EAX - Put back the original value.
    JMP xxxxxx - Jump back to game.
    POP EAX - Put back to original value - also this is where JNE jumps to
    (Place back original instructions here for NPC)
    JMP xxxxxx - Jump back to game


    That was just an example, dont have the game your using so its just an idea of how it works

    EDIT: When I said [Pointeraddress] I mean the register+offset not the actual value

    [Edited by DABhand, 3/22/2010 4:12:53 AM]
    Oh and Don't forget some tuts on ASM and defeating DMA

    Clicky Here for them
  • Current rank: 3.5 Stars. Next Rank at 8000 Posts.
    Send a message to DABhand
    PHAT CAT
    DABhand posted on Mar 22, 2010 4:17:42 AM - Report post
     
    Which version of Dead Space you have? I am going shopping shortly, if I can find a cheap copy ill buy it and have a look, not played it yet and people have said its an experience

    Version as in patched version
    Oh and Don't forget some tuts on ASM and defeating DMA

    Clicky Here for them
Page 4 of 6   •  First Page  •  Previous Page  •   Next Page  •   Last Page
Signup or Login to Post
All times are (GMT -06:00) Central Time (US & Canada). Current time is 3:49:32 AM