FileForums (//
-   Game Coders (//
-   -   Most values accessed by one asm line, question (//

JMC17 01-08-2011 19:52

Most values accessed by one asm line, question
I've been working on a trainer based on ASM instead of multilevel pointers.
Some other games were pretty easy and straightforward.

Although i've encountered a few games that makes me scratch my head..

There was Sims 3 and Fallout new vegas but I skipped those for now.
The one i'm having trouble with and not willing to skip it (gotta learn somehow)
is Hunting Unlimited 2011.

If i find one of both bullets values (min&max) and find what accesses it, with Cheat Engine, It'll come up with a line of code (00416838 - add [ebx+088B0440],cl)
Then I find the Kills value, find what accesses it and the very same line comes up. Same thing with the Total Points value.

So it seems to me like the same code is used to set different values in the game. Like i said, not the first game I've seen this, been trying to figure it out, played with the ASM codes and Ollydbg but still clueless.

Been working on this all day long and now it's getting late ; too tired to keep trying, hope for a reply ^_^
Well.. At least while destroying the code with my careless fingers I found out how to make the Deers and all animals spawn on me, hunting's much easier that way.. hehe.

Still I would love to understand how to get Infinite ammos, without having infinite points and kills x.x

[EDIT] Well looks like one of the topics below had a similar problem.. more than 6 years ago <.<
Guess i'll be spending the day working on this.

[EDIT2] Whoa, i'm all excited, I found some addresses that holds UNICODE "if(&LastAttackTime.TimePassed < &CurWDelay)return;if(&AmmoLoaded == 0 && &AmmoTotal == 0)return;AddD" and last shot fired delay lower in the hex dump, which allows me to make shotguns fire like machine guns XD
And the above unicode when set in an impossible manner, will never stop you from running out of bullets, although doesnt nullify reloading =(
(Meh, nevermind about not running out of bullets, seems like the game itself has a flaw, if you use the second shotgun and shot all bullets until you reach your last clip, it'll break (8 bullets per clip, last clip has 7 so it ends with -1 which goes into infinity))

Gah, sometimes I wish I could attach both Ollydbg and Cheat Engine on the same process :(
When I change the unicode in Ollydbg it works fine, but with cheat engine it doesnt.

cocodrilo 03-08-2011 14:45

in hu2011.exe+0x15F5C have this:

mov ecx,[eax+4]
mov [ecx],edi

if eax+0x30 points to a unicode string AmmoLoaded, edi contains your current ammo (current number of bullets). modify edi to get infinite ammo, or write to [ecx] directly and skip original code (only if condition is true)..

for more options you can use the same hook, for example when eax+0x30 is AmmoTotal etc etc.

JMC17 04-08-2011 05:03

Oh my god, you're the best coco!

I already had an address found with CE (0x1684B) although I did tried yours and it worked great.

Then I did what you said, more or less and it worked damn great!
[EDIT1](Hugh, maybe I didnt understood you completely, right now any values hitting 2 gets set to 255, ammos are changed when hitting 2 and same with kills value.)
(Anyhow i'll be re-reading your post a dozen time and be working on it.)
[EDIT2] Well now I do understand what you mean, just a matter of time before i figure out how to do it properly

[EDIT3] There it is!
I believe this is exactly what you told me to do, and it works perfectly.
[EDIT4]Heh.. Actually it was a bit off, fixed the script but didnt corrected the code box below.


offset 0x0041683E
jmp 0x00726000
offset 0x00726000
add ESP,24
cmp ESP,0018F204
jne 00726011
mov ecx,255
sub ESP,24
mov [esi],ecx
mov eax,00000001
mov ecx,[esp+1C]
xor ecx,esp
jmp 0x0041684B

All times are GMT -7. The time now is 16:59.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2018, vBulletin Solutions Inc.
Copyright 2000-2018, FileForums @