Go Back   FileForums > Games > Game Coders

Reply
 
Thread Tools Display Modes
  #1  
Old 01-08-2011, 20:52
JMC17's Avatar
JMC17 JMC17 is offline
Registered User
 
Join Date: Mar 2011
Location: Not Underground Anymore
Posts: 14
Thanks: 0
Thanked 0 Times in 0 Posts
JMC17 is on a distinguished road
Most values accessed by one asm line, question

I've been working on a trainer based on ASM instead of multilevel pointers.
Some other games were pretty easy and straightforward.

Although i've encountered a few games that makes me scratch my head..

There was Sims 3 and Fallout new vegas but I skipped those for now.
The one i'm having trouble with and not willing to skip it (gotta learn somehow)
is Hunting Unlimited 2011.

If i find one of both bullets values (min&max) and find what accesses it, with Cheat Engine, It'll come up with a line of code (00416838 - add [ebx+088B0440],cl)
Then I find the Kills value, find what accesses it and the very same line comes up. Same thing with the Total Points value.

So it seems to me like the same code is used to set different values in the game. Like i said, not the first game I've seen this, been trying to figure it out, played with the ASM codes and Ollydbg but still clueless.

Been working on this all day long and now it's getting late ; too tired to keep trying, hope for a reply ^_^
Well.. At least while destroying the code with my careless fingers I found out how to make the Deers and all animals spawn on me, hunting's much easier that way.. hehe.

Still I would love to understand how to get Infinite ammos, without having infinite points and kills x.x

[EDIT] Well looks like one of the topics below had a similar problem.. more than 6 years ago <.<
Guess i'll be spending the day working on this.

[EDIT2] Whoa, i'm all excited, I found some addresses that holds UNICODE "if(&LastAttackTime.TimePassed < &CurWDelay)return;if(&AmmoLoaded == 0 && &AmmoTotal == 0)return;AddD" and last shot fired delay lower in the hex dump, which allows me to make shotguns fire like machine guns XD
And the above unicode when set in an impossible manner, will never stop you from running out of bullets, although doesnt nullify reloading =(
(Meh, nevermind about not running out of bullets, seems like the game itself has a flaw, if you use the second shotgun and shot all bullets until you reach your last clip, it'll break (8 bullets per clip, last clip has 7 so it ends with -1 which goes into infinity))

Gah, sometimes I wish I could attach both Ollydbg and Cheat Engine on the same process
When I change the unicode in Ollydbg it works fine, but with cheat engine it doesnt.

Last edited by JMC17; 02-08-2011 at 14:37.
Reply With Quote
Sponsored Links
  #2  
Old 03-08-2011, 15:45
cocodrilo cocodrilo is offline
Registered User
 
Join Date: Jun 2011
Location: spain
Posts: 43
Thanks: 0
Thanked 1 Time in 1 Post
cocodrilo is on a distinguished road
in hu2011.exe+0x15F5C have this:

mov ecx,[eax+4]
mov [ecx],edi

if eax+0x30 points to a unicode string AmmoLoaded, edi contains your current ammo (current number of bullets). modify edi to get infinite ammo, or write to [ecx] directly and skip original code (only if condition is true)..

for more options you can use the same hook, for example when eax+0x30 is AmmoTotal etc etc.
Reply With Quote
  #3  
Old 04-08-2011, 06:03
JMC17's Avatar
JMC17 JMC17 is offline
Registered User
 
Join Date: Mar 2011
Location: Not Underground Anymore
Posts: 14
Thanks: 0
Thanked 0 Times in 0 Posts
JMC17 is on a distinguished road
Oh my god, you're the best coco!

I already had an address found with CE (0x1684B) although I did tried yours and it worked great.

Then I did what you said, more or less and it worked damn great!
[EDIT1](Hugh, maybe I didnt understood you completely, right now any values hitting 2 gets set to 255, ammos are changed when hitting 2 and same with kills value.)
(Anyhow i'll be re-reading your post a dozen time and be working on it.)
[EDIT2] Well now I do understand what you mean, just a matter of time before i figure out how to do it properly

[EDIT3] There it is!
I believe this is exactly what you told me to do, and it works perfectly.
[EDIT4]Heh.. Actually it was a bit off, fixed the script but didnt corrected the code box below.


Code:
offset 0x0041683E
jmp 0x00726000
nop
nop
nop
nop
nop
nop
nop
nop
offset 0x00726000
add ESP,24
cmp ESP,0018F204
jne 00726011
mov ecx,255
sub ESP,24
mov [esi],ecx
mov eax,00000001
mov ecx,[esp+1C]
xor ecx,esp
jmp 0x0041684B
nop
nop

Last edited by JMC17; 08-08-2011 at 19:15.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable to Backup "Oz" Season 2 Disc 2 soulvids DVD Backup Forum 1 25-08-2007 13:57
Having a nightmare with Iomega USB ZipCD - Help! Tranced CD/DVD-Writers 2 03-04-2005 07:00
PMA Update failure....????????? dannyk DVD Backup Forum 1 05-01-2005 15:19
Have Problems With Burning Please Help!!!!!!!!!!!!!!!! dblue CD/DVD Software & Utilities 1 15-09-2004 18:08
cd burner help snatchcrash CD/DVD-Writers 1 14-09-2002 05:32



All times are GMT -7. The time now is 10:19.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
Copyright 2000-2020, FileForums @ https://fileforums.com