Quote:
Originally Posted by streben
yeah, but did you search before and after a race or how did you do that?
|
Actually I never searched for the bonus points directly, I found it was stored +4h from cash. So find the cash addie and add 4hex to get bonus points.
Take note though, the memory address you'll find for cash is dynamically allocated and so is the region it'll break on.
Here's what I have in my notes;
bonus points (cash+4)
read:
017BC3B6 BF 181C9614 MOV EDI,14961C18
017BC3BB 8BBF 5C080000 MOV EDI,DWORD PTR DS:[EDI+85C]
017BC3C1 8B7F 58 MOV EDI,DWORD PTR DS:[EDI+58]
017BC3C4 3BF7 CMP ESI,EDI
017BC3C6 0F8F 1B000000 JG 017BC3E7
The above routine is dynamically allocated but the pointer address +offsets aren't (as far as I'm aware). So all I did was use the pointer routine as a subroutine which hooks the 'cash break on write' area;
016B27BF jmp 00409370
MOV EBX,14961C18
MOV EBX,DWORD PTR DS:[EBX+85C]
mov dword [ebx+58],0c350
MOVZX EBX,WORD PTR DS:[ESI+1]
MOV ECX,DWORD PTR SS:[EBP-10]
jmp 016B27C6
The cash routine is basically the same except for the -4h offset and jumps;
016B289F jmp 0040938e
MOV EBX,14961C18
MOV EBX,DWORD PTR DS:[EBX+85C]
mov dword [ebx+54],0c350
MOVZX EBX,WORD PTR DS:[ESI+1]
MOV ECX,DWORD PTR SS:[EBP-10]
jmp 016B28A6
The capitalised lines are the from the original pointer routine and the opcodes I replaced with the hook.
As you can see, they're virtually identical so I can't see how one works and the other doesn't for you. I've just downloaded the trainer and it still works fine for me on my game/pc.