The thing that is taking me the longest is Infinite Life hacks. I was told by a few people that there are quicker ways to do it, so I am wondering if anyone here knows the quickest way to locate the proper Infinite Health location.
movss [edi+10],xmm0 <<< Example Health Code
But is used for both enemies, cars, player, etc. Now, One could use conditional jumps if there is a difference in the first few bits, such as Enemies using 00 and player using 01, but this is not always the case. And coding a long series of conditional jumps when an easier way is available seems like a waste of resources to me.
Now most of the time you can find another location, such as this:
fld dword ptr [eax+00000366] <<< Example of Proper Health Code
Now this is a loading instruction for floating point values, if you inject a value into this location, such as this (inside a jump or call of course):
fld dword ptr [eax+00000366]
doing this injects a value of 43ab8000h or 343f (remember it is a float instruction) into the location which is getting ready to be loaded, causing a proper infinite health hack (the most proper imo).
Now I normally find this by shuffling through thousands of lines of code, and pointers, and I was wondering if there was a quicker way to locate a proper infinite health code.
As always, help would be much appreciated.
Well if you are wanting to start, take a look at the tuts in the tuts and guides section. DABHand has a really good tut on there. The only problem is that they only teach you so much. I plan on writing a guide myself to ASM and SSE instructions. But the main problem people have is the infinite life problem. If I can find a comprehensive way to find a proper infinite life hack, then I can teach others how to do it too.
But a good start is to find the players' base structure address, and from there you could easily find the opcodes responsible for changing values within the structure.
From this not only can you do life, money, xp, etc whatever the game has, but its a good place to be able manipulate co-ordinates and speed of the player.
ah, so that is how they do the teleport and other things? Nice, is there any particular method to hunting down the base struct for the player?
Sometimes it usually in the same location, or same offset from the program's base address.
As an example of course.
If you can find that out, then you can start manipulating away, and also find out what offsets from the base of the player structure does what.. like co-ordinates (always usually float values) and speed of movement (more easier to find when weight in a game affects your speed, like Fallout 3 etc).
I know what you mean, the general format for common code-shifting. I'll see if I can find some good pointer scanning tips for locating player structures, or just general tips for pointer scanning.
The only problem is that most of the things I find when I google "pointer scanning" comes up with higher language problems, such as C#, Java, LUA, etc. I can't seem to find a whole lot on ASM.
If you know any good ones dabs as always I'd appreciate it.
BTW, if you wouldn't mind, after I've found out a proper way to do it, I would be delighted to make a trainer for a game that you have, so you may test it. All of my trainers have only been used by me (unless some people have used my DS trainer I released a little while back).
Ok. Example. Current Game is FC2. Link I already have the location of the health code saved, so I pull it up in the disassembler, and found out what address it accesses, I injure myself, so my health variable shows up. I add it to the list, right click and click on "find out what writes..." and see the health script pop up. Double click on it, and it pulls up the extra info, telling me that at that point, EDI was 199C1300. So I scan for 199C1300 using hex, and scanning all memory. Only 2 address show up, neither is static, both are dynamic.
I haven't found any tuts that use pointer scanning and involves DMA, they kind of talk about it, but the mainly focus on static pointers. And in this case I do not have any static pointers.
[Edited by Sil3nt_Pr0digy, 4/29/2010 10:02:51 AM]