Cheat Engine

[relation]

Note: The sole hacking of this game is not important but what is important is its method for storing the data
Note 2: I know there are already some topics about this but this one is not aveyond specific!

Game Info:
Aveyond 2 from (reflexive DOT com SLASH Aveyond2 DOT html) Reflexive Arcade

This game is made with (tkool DOT jp SLASH products SLASH rpgxp SLASH eng SLASH) RPG Maker XP and so a lot of games can have the same hacking procedure.

An Unwrapper for the .RWG files:(you are responsible for its use)
(arteam DOT accessroot DOT com SLASH releases SLASH dl DOT php?id=27)

Known Info About The Game Memory:
1.Generally all the values are encoded this way:
MemoryValue=InGameValue*2+1
They are generally 4 bytes

2.The process that responds to scans is game.exe

3.Some values such as gold and items and remaining HP and MP are saved in single memory locations while some others like the increased MP is recorded in another location (that is, they are added to the main value in the game) and also with the same value encoding method (a*2+1).

4.The code responsible for most of the value changes in the game is this(you can find it by searching for the pointer of an address you found previously):

[samuri25404]

Maybe there isn't one, and you need to dynamically find the pointer each hacking session.

[relation]

So what could be the use of finding the pointer at all!
Could it possibly not have Static things? or what affects the change? any idea!? I am asking the experienced ones!

[Barlad]

Your pointer is not "pseudo-static", it's dynamic. It is not because you cannot find a "static" pointer pointing to your pointer that it means the last one you got is static.

The most obvious thing that comes to my mind is that perhaps your pointer is a member of an object (i.e: instantiation of a class). There is probably a static pointer pointing to the object in question and your "dynamic" pointer is accessed by using an offset from this static pointer.

Now it's up to you to figure out the object in question and the static pointer which points to it

[Labyrnth]

You could be getting a code shift, But i do not remember this game series doing that.
Only other thing is the pointer is dynamic, like was said or you have not found the base pointer.
*Try pointer scanner and find pointers. Then recheck pointers after game restart.

Also you can directly alter the flo of the assembly you find and not worry about the pointer.
00da6ff4 - 89 47 08 - mov [edi+08],eax



Just a little side note, the unwrapper you used for this game is not really needed since it is raw at runtime anyway. You would only need that to debug the application for better analysis in trying to crack it. Which turns out to be very easy to do with or without the unwrapper.

[relation]

1.If the pointer is dynamic or a member of a class then I think that in some way I should be able to find the cause of the change of it. How can I do it?

The base pointer scan didn't find any correct answers. (I had tried it before this post, or maybe I did something wrong; I selected level 3 and different search options and the few now and again results were not static)

2.In case there is a code shift, that seems logical, hence there are two processes one namely Aveyond 2.exe and the other one game.exe and we could assume that the first one randomly changes the memory location of the second. How can I prove it and find a solution for it?

3.and about the direct assembly code editing I don't think that it could help it or better to say I could do any good for it, since that code is responsible for many kinds of value decrease and increase in game so a static altering of it is not suitable. (btw, that code is an offset of RGSS102E.dll)

[Barlad]

Concerning 1), the way I would go for it is to put a breakpoint on your pointer for access, look at the function(s) accessing your pointer and figure out where this function gets the pointer/offset from. That is, what argument was passed to the function in question to figure out the address of your pointer.

That will get you a level closer to something static. Note that depending on the complexity of your program, you can wander around from function to function for a while until you eventually get a static element.

I am very new to Cheat Engine so I do not know how far you can debug programs with it but I guess that to make it easier, you would need to use something like OllyDbg, Softice or IDA.

[relation]

@Barlad:
It seems that I should enter the realm of real Cracking!
(I have many times tried many tutorials or assembly books, but I have stopped halfway because even the best of them sometimes consider the reader a professional coder or a mathematician and go far from the reader's currently assumed knowledge!)

[Barlad]

If you really are into it, I think the smoothest and most interesting way to learn cracking is by reverse engineering your own stuff. I know that might sound lame to crack your own software but, in my opinion, it is the easiest way to go about it.

Do some basic C++ software (or any other language but I recommened an object-oriented one because that's what games are all about today) and then use CE or whatever tool to try to see if you can understand how your program works. By basic C++, I really mean basic. Just a program which creates an object with a string in it can keep you busy for a couple days


It assumes you have some basic programming skill but I guess that's a prerequisite if you want to be serious about it.

[Labyrnth]

[relation]

thanks, it seems that I need to read some books to the end, like the art of assembly that I left after the first chapter