Can we give a request to CH authors? - Cheat Happens General Discussions Message Board (Page 3)
Cheat Happens Game Cheats and Wallpapers
Cheat Happens Game Cheats and Wallpapers
 
Cheat Happens Game Cheats and Wallpapers
 
     TRAINERS       REQUESTS       GAME REVIEWS       GAME WALLPAPERS       BOARDS
-OR-
  SAVE 25% ON A LIFETIME MEMBERSHIP WITH PROMO CODE "CHULIFEPROMO25" -- SHORT TIME! [ close ] 
 
     
  MESSAGE BOARD LINKS:   SIGNUP    |    BOARDS HOME    |   MY FAVORITE BOARDS    |   NEWEST POSTS    |   MY THREADS  
 
GENERAL DISCUSSIONS MESSAGE BOARD
 
   
SEARCH BOARDS:  
SEARCH THIS BOARD ONLY  
SEARCH HEADERS ONLY  
 
           
   Page 3 of 4     First Page     Previous Page     Next Page     Last Page  New Topic New Topic    New Poll New Poll    Post Reply Post Reply    Help Help   
 
 MESSAGE BOARDS >> GENERAL DISCUSSIONS
 Can we give a request to CH authors?  
 
 
Current rank: 3.5 Stars. Next Rank at 8000 Posts.

Send a PM to DABhand
AUTHOR
DABhand
  send PM
  view profile
  add to friends

United Kingdom 
User #: 157287
Posts: 5333 
Joined: Aug 27, 2006   
Last visit: Sep 17, 2014
Posted: May 09, 2010 2:54:28 PM - Report post  (0)  (0)       Post Reply  post reply  

Of course, but it is already been established early in the thread that this game is more likely requires code-shifting.

Well technically code-shifting requires code injection also but meh :P

---------------------------------------------------------------------------
Great site for new games with constant deals

Click Here for G2Play for great deals

Oh and Don't forget some tuts on ASM and defeating DMA

Clicky Here for them
Current rank: 1 Star. Next Rank at 100 Posts.

Send a PM to AramAz
AUTHOR
AramAz
  send PM
  view profile
  add to friends

Cyprus 
User #: 756443
Posts: 70 
Joined: Jul 13, 2009   
Last visit: Sep 06, 2014
Posted: May 09, 2010 10:08:52 PM - Report post  (0)  (0)       Post Reply  post reply  

 quote:
 originally posted by DABhand:

Code Injection is better?

Not if the base address of the .dll is dynamic. Then Code Shifting applies.

As for the legal point, its not illegal. As you are technically changing memory on the fly so to speak.

Ive seen reviews for this game looks fun and new, but I haven't played it to say what is what with the game. If indeed the routines are stored in dynamically loaded libraries then code shifting will be the answer.


You said you know ASM, but obviously you dont 100%.

You cant change the start of that opcode to a 00 or 90. that would be silly.

04 is the usual hex value for add al, changing it to 90 would knocked the subsequent bytes out of touch. 00 would give you another add instruction but to a different lower register.

[Edited by DABhand, 5/9/2010 2:19:44 PM]

thanks.

1- What about offline patching? is that illegal? (directly changing the content of the file in harddisk)

2- As I said, if you read my previous post, the machine code instructions I'm trying to change is like a virtual machine with its own instruction set and is NOT meaningful as x86 code.

And of course, you can change 04 to 90 (nop) as long as you change the consequent related bytes to 90 too. That way it won't break anymore. But then again, I am trying to patch an Intermediate Language (.NET) which is absolutely not x86 code.

I'm trying to have you look at the code not as a set of x86 instructions, because it is IL. Have you ever used .net or ildasm? (intermediate language diassembler)

take a look at this:
This is the original "Appearance" of 12 bytes of code in memory view of CE:

// Total bytes used is 12.
add ah,[edx] // 02 22
add [eax],al // 00 00
add [eax],al // 00 00
jnl 07ab3afc // 7D 23
or [eax],eax // 09 00
add al,2a // 04 2A


These 6 lines are translation of these bytes: 02 22 00 00 00 00 7D 23 09 00 04 2A

but notice the same bytes in memory that are meant for a JIT language such as .NET languages. The same bytes are translated like this :

.maxstack 8
IL_0000: /* 02 | */ ldarg.0
IL_0001: /* 22 | 00000000 */ ldc.r4 0.0
IL_0006: /* 7D | (04)000923 */ stfld float32 (this variable is set to zeo)
IL_000b: /* 2A | */ ret


so now I want to make everything 00 except the last 2A. And don't tell me 00 is another x86 instruction, because this is not x86. In IL code, 00 means nop.


Now that I clearly showed that you can not look at the memory view of CE as x86 instructions (for this game), I myself can conclude that you can not look for x86 code in memory and replace it with instructions!

You should be looking for array of bytes, and replace it with array of bytes. That is what I'm asking you guys. How to do that?

[Edited by AramAz, 5/9/2010 10:16:20 PM]

[Edited by AramAz, 5/9/2010 10:55:25 PM]

[Edited by AramAz, 5/9/2010 10:55:50 PM]

[Edited by AramAz, 5/9/2010 10:56:33 PM]

Current rank: 1 Star. Next Rank at 100 Posts.

Send a PM to AramAz
AUTHOR
AramAz
  send PM
  view profile
  add to friends

Cyprus 
User #: 756443
Posts: 70 
Joined: Jul 13, 2009   
Last visit: Sep 06, 2014
Posted: May 09, 2010 10:50:31 PM - Report post  (0)  (0)       Post Reply  post reply  

This game is awesome. It is totally worth paying 20$. It has 15 levels which I managed to finish in less than 3 hours by cheating .
Moderator

Send a PM to HonestGamer
MODERATOR
HonestGamer
  send PM
  view profile
  add to friends

India 
User #: 603229
Posts: 5978 
Joined: Dec 17, 2008   
Last visit: Sep 17, 2014
Posted: May 09, 2010 10:56:17 PM - Report post  (0)  (0)       Post Reply  post reply  

I have created many byte patchers for games that simply remove the code writing to game attributes like lives, ammo, etc. I usually make them when I see no scope for more than 1 or 2 options in a game. But the negative factor is that it can't be toggled straight away, you need to make a backup.

Also there are terms known as "Tweaking" and "Modding" which deals with putting changes in files. And that does not make it illegal. Even people in the official game forums discuss about it! Only when it comes to removing game protections from executables does make things illegal.

I have tried my hands on Max and the Magic Marker. The game does not use code-shifting, the codes are loaded within its own main executable, not with an extended .dll! Marker ink is hard coded here, so don't bother searching for it - You'll end up crashing the game or just making a "Visual" only option. You need some reversing skills at this.

[Edited by HonestGamer, 5/9/2010 10:58:56 PM]

---------------------------------------------------------------------------
Life is best for those who enjoy it, difficult for those who analyze it and worst for those who criticize it.
Current rank: 1 Star. Next Rank at 100 Posts.

Send a PM to AramAz
AUTHOR
AramAz
  send PM
  view profile
  add to friends

Cyprus 
User #: 756443
Posts: 70 
Joined: Jul 13, 2009   
Last visit: Sep 06, 2014
Posted: May 09, 2010 11:02:05 PM - Report post  (0)  (0)       Post Reply  post reply  

Thanks for your post. I've already reversed, diassembled and found the corresponding bytes and patched it in the memory by hand and it works perfectly with no crashing.

What I need to know, is how to make that memory searching and patching in ce so it won't break next time i load the game.

I already know how to not let that monster suck your ink, as well as how to be able to get scores and save the game even when usiung cheats from the cheat menu.

But notice this game will revert to CLR environment, so CE can't reverse it for you, nor it can replace its code.



And the logic code is not inside the main program. It is inside a .dll file. I know becuase i tried and patched it in memory and it works.

[Edited by AramAz, 5/9/2010 11:03:11 PM]

Current rank: 3.5 Stars. Next Rank at 8000 Posts.

Send a PM to DABhand
AUTHOR
DABhand
  send PM
  view profile
  add to friends

United Kingdom 
User #: 157287
Posts: 5333 
Joined: Aug 27, 2006   
Last visit: Sep 17, 2014
Posted: May 10, 2010 7:03:19 AM - Report post  (0)  (0)       Post Reply  post reply  

Here is the part you misunderstand, doesnt matter what language the game is coded in, it still has to go through the CPU ultimately and that is what your debugging, the mnemonics of the CPU.

So even in C++, VB, .NET, etc they all can be debugged, after all you can code in a language and later you have to compile to a binary file.

As for ILDASM, that is primarily for PE files.

Unless what your trying to say is the game is run via a .net engine running it. Then you will have to go a long way about things.

[Edited by DABhand, 5/10/2010 7:11:00 AM]

---------------------------------------------------------------------------
Great site for new games with constant deals

Click Here for G2Play for great deals

Oh and Don't forget some tuts on ASM and defeating DMA

Clicky Here for them
Current rank: 1 Star. Next Rank at 100 Posts.

Send a PM to AramAz
AUTHOR
AramAz
  send PM
  view profile
  add to friends

Cyprus 
User #: 756443
Posts: 70 
Joined: Jul 13, 2009   
Last visit: Sep 06, 2014
Posted: May 10, 2010 7:44:03 AM - Report post  (0)  (0)       Post Reply  post reply  

 quote:
 originally posted by DABhand:

Here is the part you misunderstand, doesnt matter what language the game is coded in, it still has to go through the CPU ultimately and that is what your debugging, the mnemonics of the CPU.

So even in C++, VB, .NET, etc they all can be debugged, after all you can code in a language and later you have to compile to a binary file.

As for ILDASM, that is primarily for PE files.

Unless what your trying to say is the game is run via a .net engine running it. Then you will have to go a long way about things.

[Edited by DABhand, 5/10/2010 7:11:00 AM]

Exactly. It is based on .NET, but the exe file is not .net, only the .dll parts of that game.

I'm catching the .dll content in memory before it is compiled into native code, as you may know .net uses a JIT compilation scheme.

And of course understanding the logic of the game before it goes to native code is much easier since it is .net and the original code can be reflected using many tools.


Long story short, how to search memory for an array of bytes and patch with Cheat engine?

or if you know another tool that can do this?

Otherwise I'm going to create my own memory patcher and tell users to run the trainer before running the game.

Regards,
Aram

Current rank: 3.5 Stars. Next Rank at 8000 Posts.

Send a PM to DABhand
AUTHOR
DABhand
  send PM
  view profile
  add to friends

United Kingdom 
User #: 157287
Posts: 5333 
Joined: Aug 27, 2006   
Last visit: Sep 17, 2014
Posted: May 10, 2010 7:58:07 AM - Report post  (0)  (0)       Post Reply  post reply  

Well the binary that runs the game will have to call on the .dll's. So you can technically find where it makes those calls through the binary and from there figure out a way of getting addresses to manipulate.

Again I dont have the game itself to check, and dont think ill buy it either. Still strange a game that is also available on the Wii would use a JIT compiler of sorts.

---------------------------------------------------------------------------
Great site for new games with constant deals

Click Here for G2Play for great deals

Oh and Don't forget some tuts on ASM and defeating DMA

Clicky Here for them
Page 3 of 4     First Page     Previous Page     Next Page     Last Page
Go to page: 1  2  4 
All times are (GMT -08:00) Pacific Time (US & Canada). Current time is 10:43:02 AM
Return to General Discussions Message Board 3426 users online.   3303 guests / 123 members.
 
     
 
 
Trainer Troubleshooting Guide        Cheat Terms and Tutorials        Anti-Virus Notifications        Site Help / FAQ        Submit Cheats        Our Friends and Affiliates        About Us
      Copyright © 2001 - 2014  webworks, LLC  All Rights Reserved    -   DISCLAIMER    -   PRIVACY POLICY    -   TERMS OF SERVICE