Ch now rip Sicheats Trainers?

[cocodrilo]

Please, off-topic posts in another thread.

[CalFromCH]

Quote:

Originally Posted by h4x0r #

What happen?, no trainer for Oil Rush 1.0 and yes sicheats + 1, no trainer for Oil Rush 1.1 and yes sicheats +2 and Today VOILA!, CH have a + 2 Trainer?

Sicheats release:

Published on January 28, 2012 21:12: by Cocodrilo

CH Release:

Trainer . added: 1/28/2012 12:44:24 PM



Please CH, type here source Code from this trainer and come on to see comparation.

Great work, fantastic.

First of all THANKS FOR THE PROPS! we do good work over here at CH.

i am sorry that you feel we somehow borrowed your work, Jose Francisco Sanchez Romero.

at the time we posted our trainer on our site there was only one other trainer that we saw. The trainer was from:

gchan

and the website is:

3dmgame.com


also i am seeing that his trainer has an earlier time stamp than yours. In other words, HIS trainer was first before OURS and YOURS. therefore with YOUR logic, we BOTH ripped him off since the options were the same in ALL THREE TRAINERS.. oil and points are two pretty SENSIBLE options though, arent they JOSE?


anyways-

i don't know how your trainer nor HIS trainer works, but we found no good way to isolate the addresses by code injection and compare (standard trainer making practice) and since this game seems to send alot of addresses through 3 main portals (i.e. there are 3 code areas that all data seems to sift through) then you can assume the game is basically script driven via a scripting language like LUA or actionscript or UniScript or whatever from this engine.

Therefore the decision was made to try and see if this engine had a static address that pointer chains could be used to point to the same addresses over and over.

We all know what pointer chains are, right?


At any rate, using Cheatengine latest version, you can isolate the OIL by doing a search, then building something, and then search. Then you can do a pointerscan (i used 5 levels) and you get a list of about 15000 or so. then you stop the game and restart it and repeat over and over. i did this in both campaign AND Quick Match. it takes literally 10-15 mins each one to narrow down the pointer scan list (the pointer chain) to a static address and working chain.

here are the working chains i searched for this game:

POINTER SCAN
============

unigine_x86.dll

campaign
+5fbac4]+90]+60c]+70]+30==OIL LONG
+5fbac4]+90]+654]+9c]+30==POINTS LONG

quickgame
+5fbac4]+90]+610]+9c]+30==OIL LONG
+5fbac4]+90]+650]+70]+30==POINTS LONG

+5fbac4 is the static offset from the BASE of the unigine_x86.dll



there is no real 'code' to post, other than the readprocessmemory to set up the actual address:

; -------------------------
;-ADDRESS LIST
; -------------------------
;{

;GameNumber=1
Address1=RendBase+$5fbac4; BASE
;Address2=RendBase+$42FC0F; TEST2
;Version=$99999999
;versionoffset=ProgramBase+$200000

;Gosub CreateAddressData
;Gosub SearchAddressData

;}

AND:

; -------------------------
;-GET ADDRESSES
; -------------------------
;{


result = ReadProcessMemory_(app,Address1 ,buffer,4,Null)
MainAddress=PeekL(buffer)+$90
;Debug Hex(MainAddress)

result = ReadProcessMemory_(app,MainAddress ,buffer,4,Null)
MainAddress=PeekL(buffer)+$60C
;Debug Hex(MainAddress)

result = ReadProcessMemory_(app,MainAddress ,buffer,4,Null)
MainAddress=PeekL(buffer)+$70
;Debug Hex(MainAddress)

result = ReadProcessMemory_(app,MainAddress ,buffer,4,Null)
MainAddress=PeekL(buffer)+$30
CampaignOilAddress=MainAddress
;Debug Hex(MainAddress)
;=========================================
result = ReadProcessMemory_(app,Address1 ,buffer,4,Null)
MainAddress=PeekL(buffer)+$90
;Debug Hex(MainAddress)

result = ReadProcessMemory_(app,MainAddress ,buffer,4,Null)
MainAddress=PeekL(buffer)+$654
;Debug Hex(MainAddress)

result = ReadProcessMemory_(app,MainAddress ,buffer,4,Null)
MainAddress=PeekL(buffer)+$9c
;Debug Hex(MainAddress)

result = ReadProcessMemory_(app,MainAddress ,buffer,4,Null)
MainAddress=PeekL(buffer)+$30
CampaignUpgradePointsAddress=MainAddress
;Debug Hex(MainAddress)
;=========================================
result = ReadProcessMemory_(app,Address1 ,buffer,4,Null)
MainAddress=PeekL(buffer)+$90
;Debug Hex(MainAddress)

result = ReadProcessMemory_(app,MainAddress ,buffer,4,Null)
MainAddress=PeekL(buffer)+$610
;Debug Hex(MainAddress)

result = ReadProcessMemory_(app,MainAddress ,buffer,4,Null)
MainAddress=PeekL(buffer)+$9c
;Debug Hex(MainAddress)

result = ReadProcessMemory_(app,MainAddress ,buffer,4,Null)
MainAddress=PeekL(buffer)+$30
QuickGameOilAddress=MainAddress
;Debug Hex(MainAddress)
;=========================================
result = ReadProcessMemory_(app,Address1 ,buffer,4,Null)
MainAddress=PeekL(buffer)+$90
;Debug Hex(MainAddress)

result = ReadProcessMemory_(app,MainAddress ,buffer,4,Null)
MainAddress=PeekL(buffer)+$650
;Debug Hex(MainAddress)

result = ReadProcessMemory_(app,MainAddress ,buffer,4,Null)
MainAddress=PeekL(buffer)+$70
;Debug Hex(MainAddress)

result = ReadProcessMemory_(app,MainAddress ,buffer,4,Null)
MainAddress=PeekL(buffer)+$30
QuickGameUpgradePointsAddress=MainAddress
;Debug Hex(MainAddress)

;End

;}


then writing to them when user presses key:

such as:

; -------------------------
;-Detect 'F1' Keypress
; -------------------------
;{

aaaa=1:keypressed1=CheckKeypress(key(aaaa), keys(aaaa), keyc(aaaa), keya(aaaa))


If keypressed1<>0

result=PokeL(buffer,999)
result = WriteProcessMemory_(app,CampaignOilAddress,buffer, 4,Null)
result = WriteProcessMemory_(app,QuickGameOilAddress,buffer ,4,Null)

PlaySound(0)
Delay(300)

EndIf



;}



nobody 'stole' anyone's code. if you found a way to write to the addresses using direct .exe manipulation (i.e. code injection) then more power to you. we went the long hard route of doing pointer scans, which is annoying and takes forever to truly isolate, and also each patch i have to do this over and over again. but i have no idea how your trainer and this other fellow trainer works. by the way, the pointer chain has it's faults and our trainer isn't working 'perfect' 100% of the time, and people have to follow the correct instructions.


here is some notes where i tried to make the trainer access the .exe but i could never get a stable working solution that worked every time:

OIL / POINTS
=============


6019E321 8B0C81 MOV ECX,DWORD PTR DS:[ECX+EAX*4]

then

EAX==181
then, [ECX+18]+50 == OIL +30?


EAX==192
then, [ECX+18]+50 == POINTS +30?


6019E308 8B0483 MOV EAX,DWORD PTR DS:[EBX+EAX*4]
6019E30B 0FB70F MOVZX ECX,WORD PTR DS:[EDI]
6019E30E 8B80 A0000000 MOV EAX,DWORD PTR DS:[EAX+A0]
6019E314 8B0488 MOV EAX,DWORD PTR DS:[EAX+ECX*4]
6019E317 8B4C24 30 MOV ECX,DWORD PTR SS:[ESP+30]
6019E31B 8B89 90000000 MOV ECX,DWORD PTR DS:[ECX+90]
6019E321 8B0C81 MOV ECX,DWORD PTR DS:[ECX+EAX*4]
6019E324 > E8 0FDFFCFF CALL Unigine_.6016C238



TROOPS
=======

601711B8 8B0C81 MOV ECX,DWORD PTR DS:[ECX+EAX*4]

EAX==8a7
then, [ECX+20]+10 == OIL

601711A3 8B47 14 MOV EAX,DWORD PTR DS:[EDI+14]
601711A6 8B4E 04 MOV ECX,DWORD PTR DS:[ESI+4]
601711A9 8B0498 MOV EAX,DWORD PTR DS:[EAX+EBX*4]
601711AC 8B89 90000000 MOV ECX,DWORD PTR DS:[ECX+90]
601711B2 FFB5 DCFBFFFF PUSH DWORD PTR SS:[EBP-424]
601711B8 8B0C81 MOV ECX,DWORD PTR DS:[ECX+EAX*4]


i thought that fileforums and GCW were killing this sort of stuff? are you going to post a retration now JOSE? are trippex and Blow Forster going to chime in here and tell JOSE how stupid he and this CoCoDildo lackey look accusing people without actually using and testing our trainer?

if it gets down to it, i guess we can post the actual trainer somewhere if needed but, really, this is just pathetic. you are fueling this fight again, and losing......




best,
Cal

[h4x0r #]

post edited,double post

[h4x0r #]

You ripped cocodrilo trainer, 100% sure.

Cocodildo?, pathetic.

and you are profesional using pointer scan? x2 pathetic.

grettings H. Michael Yurgalavage

[cocodrilo]

Code:

DWORD oil = 499; //global oil ammount.

struct Datos
{
 DWORD type;  //variable type for internally use in the unigine scripting.
 DWORD unk2;  
 DWORD unk3;  
 DWORD mi_ptr; //a pointer only used to compare.
 DWORD value;  //a value of the variable (oil value).
};

Code:

void __stdcall trainerFunc(Datos *pDatos,Datos *pEBX)
{
 DWORD *Puntos = NULL;

 if(pDatos!=NULL && pEBX!=NULL && pDatos->mi_ptr!=NULL)
 {
  if(pDatos->value>=0x30000000) 
  {
   return;
  }
  else if(pDatos->value<=20)
  {
   return;
  }
  else if(pDatos->mi_ptr<=1)
  {
   return;
  }
  pEBX->value = oil;
  Puntos = (DWORD*)pDatos;
  //"anti rip measure": points is not accesed directly, make a simple addition and substraction to point to the value.
  //Begin junk code
  Puntos+=4;
  Puntos-=0x3FD0;
  *Puntos=999;
  //end junk code
  #ifdef PROBANDO
  printf("Oil %X Puntos %X tipo(EBX): %X tipo(EDI): %X\n",pDatos+4,Puntos,pEBX->type,pDatos->type);
  #endif
 }
}

this is a buged version of the trainer, works but is bad trainer.

Quote:

i thought that fileforums and GCW were killing this sort of stuff? are you going to post a retration now JOSE? are trippex and Blow Forster going to chime in here and tell JOSE how stupid he and this CoCoDildo lackey look accusing people without actually using and testing our trainer?

Anyone accused only said it was suspicious.

is the same way you accuse haxor.

Quote:

also i am seeing that his trainer has an earlier time stamp than yours. In other words, HIS trainer was first before OURS and YOURS. therefore with YOUR logic, we BOTH ripped him off since the options were the same in ALL THREE TRAINERS.. oil and points are two pretty SENSIBLE options though, arent they JOSE?

Give me any piece similar to any public trainer in the SC trainer. I can tell you how the game engine works, I have no need to look for trainers of others over the internet.

48 hours to do a pointer scan.....

[PWizFromCH]

So, let me get this straight. First, Jose is 100% sure that we ripped cocodipshit's trainer. Then cocodildo confirms that we DID NOT rip his trainer, but of course says that our trainer sucks anyways. Sounds like you two idiots are not on the same page.

BTW, cocodiladong, in that same 48 hours we also released trainers for two other big games, King Arthur 2 and SOL: Exodus. I see that you haven't managed to rip, I mean, train these two games yourself.

Cal and I have been keeping to ourselves, yet we continue to be dragged back into this bullshit by h4x0r.

BTW Joe, for a site that despises us so much, we sure do manage to monopolize your forums around here.

[TippeX]

this is like some crap detective movie, where at the end of it nothing makes sense and i just had time taken from me... confused

[h4x0r #]

"cocodiladong, cocodildo, cocodipshit's", please a respect and seriousness.

you havent respect or shame for nothing.

[CalFromCH]

Quote:

Originally Posted by TippeX

this is like some crap detective movie, where at the end of it nothing makes sense and i just had time taken from me... confused

LOL! well said! i agree... this 'detective movie' sucks because the 'detectives' are bumbling idiots.. and further they have no grasp of communication, so i cannot even tell what the fuck they are talking about half the time.

at any rate, sorry this is going on again in FF. trust me, i'd rather not be here typing this sort of shit and responding to this stuff, especially over 5 dollar bargain bin download games of no consequence.. especially when i got shit tons of other work i am doing besides this crap 'oil' game that i am being accused of ripping someone's work off of (eyerolls)..

sorry if i/we ruffled any GCW feathers. i think you can lock this one and put it away for posterity or add it to your mega anti-CH list of stuff for good humor-

life is too short so have a nice day all-
Mike Yurgalavage

[Joe Forster/STA]

Quote:

Originally Posted by Desu[Shield]

It is, however, a true statement as you are making a statement and demanding the opposing property provide proof of their innocence (the very definition of Argumentum ad Ignorantiam). It works the other way in that you must prove the opposing party is guilty with evidence that shows without any form of doubt.

Have you been in a cave during the CheatHappens vs. h4x0r war?! CheatHappens - and their agents, fans, whatever - did the very same things: unfounded, vague accusations, without any actual proofs. Read our announcements and learn!

Quote:

Originally Posted by Desu[Shield]

Also why would someone send in code to a website that is heavily biased in your favor?

Not biased in h4x0r's favor; biased against h4x0r's "enemies". If you don't understand the difference, remember that "the enemy of our enemy is our friend". And, since you're so fuckin' educated about logic, let me add this, too: http://en.wikipedia.org/wiki/Law_of_excluded_middle.

Quote:

Originally Posted by cocodrilo

My trainer is public released for free, anyone can download and inspect.

Then there's no need for us to compare the two trainers as anyone can do that anyway. And that includes trainer coders, too, which I am not.

Quote:

Originally Posted by Desu[Shield]

Posting the algorithms is high sensitive information.

Reminds me of this case: http://en.wikipedia.org/wiki/AACS_en...ey_controversy.

Quote:

Originally Posted by Desu[Shield]

From what I've seen from previous topics, Joe is extremely biased against Cheat Happens and favors your work a lot better (and there is no guarantee that he would not slip information to you for your own use).

I don't remember of having ever used a CheatHappens or Sicheats trainer so I can't favor either side's work at all. By the way, the bold part is a shameless argumentum ad hominem: you're trying to belittle and discredit the other side, without any actual proofs. You yourself are using the logical somersaults that you're condemning the other side of. Conclusion: fuck off!

@CalFromCH: Permbanned for your obscene name-calling. Take your filthy mind elsewhere!

Quote:

Originally Posted by PWizFromCH

BTW Joe, for a site that despises us so much, we sure do manage to monopolize your forums around here.

Which shows what you've been trying to deny all the time: that we're trying to remain impartial. (Which does not include letting people call us like Caliber does - another example of argumentum ad hominem -, at such an unacceptable level of disrespect that we never used against you. Shorten his leash!)

You remind of the Hungarian "Socialist" Party (not leftist: they have nothing to do with socialism, they're the local executors of international plutocracy) crying around that free speech is being banned by the national (rightist) government's allegedly dictatorial laws... and they do that in the Hungarian press. This really helps with their/your authenticity, doesn't it? Talk about an own goal.

Good that you mentioned despising: I think I should pity you instead...

Quote:

Originally Posted by CalFromCH

the 'detectives' (...) have no grasp of communication, so i cannot even tell what the fuck they are talking about half the time.

Or - there are two sides of the coin! - your intellect is too low to grasp the logical jumps I make. (By the way, yet another argumentum ad hominem. Wait, already two: mine is also one!)

Quote:

Originally Posted by CalFromCH

i think you can lock this one and put it away for posterity

Oh, you can bet we're gonna keep this as yet another memento! When the tide turns, I'm sure you'll regret and will want to take back some/most of whatever you've said here but that will be your problem, not ours.

As both parties dissected their own trainers, there's not much more to be said. Thread closed, we let readers make their own opinions.