| View previous topic :: View next topic |
| Author |
Message |
zirkhaki
Cheater
 Reputation: 0
Joined: 10 Dec 2008
Posts: 44
Location: Iran
|
 Posted: Thu Jul 23, 2009 7:27 am Post subject: indiana jones and the emperor's tomb HP problem |
 |
|
Hi everybody
i'm working on indiana jones and i have some problems for hp
the game uses code shifting so the module address is this
| Code: | GCore.dll+14adb4:
fstp dword ptr [esi+00000084] |
the problem is that this opcode is also used for enemy's HP so as i learned from others, in these cases i should use the cmp command, something like this:
another problem is that the value for the pointer is not static so if i find the value of the pointer and put it in the xxxxxxxx place, after reopening the game that value will change and the command won't work. i checked other register for hp, i mean eax, ecx,... but none of them was static
so can you help me to find the static value or any other way to solve my problem.
one of my friends told me to do this script but it didn't work either. i think i did somthing wrong with it
| Code: | [ENABLE]
label(returnhere)
label(originalcode)
label(exit)
GCore.dll+14adb4:
jmp 004d42f1
nop
returnhere:
004d42f1:
cmp [esp],xxxxxx
je 004d42d1
nop
ret
jne 004d4305
nop
ret
004d42d1:
mov [esi+00000084],0
004d4305:
mov [esi+00000084],#1142292728
GCore.dll+14adb4:
call 004d42f1
originalcode:
exit:
jmp returnhere
[DISABLE]
GCore.dll+14adb4:
fstp dword ptr [esi+00000084] |
Last edited by zirkhaki on Sun Jul 26, 2009 3:42 am; edited 1 time in total |
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 472
Joined: 09 May 2003
Posts: 25870
Location: The netherlands
|
| Posted: Thu Jul 23, 2009 11:12 am Post subject: |
|
|
Yes, that script is almost useless, just write your own
I think what they are describing is the class pointer in the class structure
Each object of a certain type has a pointer to a static location specific for that object.
e.g player has a pointer to 00451234 and monsterx would have a pointer to 00451290
You can then check if the object is 00451234 and if so, don't decrease health, and if it isn't set health to 1 hit kill all enemies (and object)
In this case, it'd be "cmp [esi],xxxxxxxx" since it looks like esi contains the address of the structure
To find out what the base is use "find what accesses" on the hp you've found, and then check the value of esi. Go there with the memory browser and note down the first 4 bytes there, that's most likely the value you've got to check.
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
zirkhaki
Cheater
Reputation: 0
Joined: 10 Dec 2008
Posts: 44
Location: Iran
|
| Posted: Mon Jul 27, 2009 2:20 pm Post subject: |
|
|
I did what you said and these are the result
after the first time i tried to find what access to that opcode i've got one adress for myself and another for the enemy i checked both registers and took a look at esi address. here are the images
to check the results i closed the game and reopened it again and did the process again. so the values had changed. and about those 4 bytes as you see only the third byte has changed and i don't even know what to do with them
so are these things useful
| Description: |
|
| Filesize: |
87.42 KB |
| Viewed: |
9507 Time(s) |
|
|
|
| Back to top |
|
|
zirkhaki
Cheater
Reputation: 0
Joined: 10 Dec 2008
Posts: 44
Location: Iran
|
| Posted: Thu Aug 20, 2009 3:07 pm Post subject: |
|
|
at last i found it
thanks darkbyte
|
|
| Back to top |
|
|
zirkhaki
Cheater
Reputation: 0
Joined: 10 Dec 2008
Posts: 44
Location: Iran
|
| Posted: Mon Aug 24, 2009 1:40 am Post subject: |
|
|
Gcore.dll has the health option
G_indy.sgl has the ammo option
i'm sure about it
|
|
| Back to top |
|
|
zirkhaki
Cheater
Reputation: 0
Joined: 10 Dec 2008
Posts: 44
Location: Iran
|
| Posted: Mon Aug 24, 2009 3:16 pm Post subject: |
|
|
check this script which is for health option on v1.0.0.1
| Code: | [ENABLE]
alloc(cave,256)
label(back)
label(code)
Gcore.dll+14aef4:
jmp cave
nop
back:
cave:
cmp word ptr [esi],0770
jne code
mov [esi+00000084],44160000//float value of 600
fstp dword ptr [esi+00000084]
code:
fstp dword ptr [esi+00000084]
jmp back
[DISABLE]
dealloc(cave)
Gcore.dll+14aef4:
fstp dword ptr [esi+00000084] |
the trainer also will be uploaded on CHU and GCW as soon as possible
before working on this game i could not make one side options so i worked too many days until i got it and i didn't confront with that address even for one time; you may check what access to the address and got that, and i just tried what writes to the health address.
you said you have a trainer, whose trainer is it? i didn't find any working trainer on the web, i just found the h4x0r trainers which didn't work for me.
and i can't check the address you said above cause i uninstalled this game before  
|
|
| Back to top |
|
|
zirkhaki
Cheater
Reputation: 0
Joined: 10 Dec 2008
Posts: 44
Location: Iran
|
| Posted: Mon Aug 24, 2009 11:05 pm Post subject: |
|
|
ok no problem
as i said i can't check that but if you use it without any problem then it has no problem but mine works, too.
thanks for sharing your ideas
one problem with the value 4e6e6b28!!!
do you use 1000000000 float value for health? doesn't it make any problem?
|
|
| Back to top |
|
|
zirkhaki
Cheater
Reputation: 0
Joined: 10 Dec 2008
Posts: 44
Location: Iran
|
| Posted: Tue Aug 25, 2009 2:10 am Post subject: |
|
|
| great, good luck
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
