Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Need For Speed - Most Wanted
Goto page Previous  1, 2, 3 ... 11, 12, 13 ... 18, 19, 20  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  

How many of you have h0zed a NFS-MW save game, in the name of haxX0ring?
Frequently
33%
 33%  [ 1 ]
A few, but not many...
0%
 0%  [ 0 ]
This one time... At Band Camp...
0%
 0%  [ 0 ]
What's an NFS-MW save game?
0%
 0%  [ 0 ]
Do you have wall hakus!? I NEED WALLLLL HCKUSSS
66%
 66%  [ 2 ]
Total Votes : 3

Author Message
cparty
Expert Cheater
Reputation: 0

Joined: 01 Dec 2005
Posts: 219

PostPosted: Thu Dec 15, 2005 6:44 am    Post subject: Reply with quote

Wow plenty of things happend while I was away Smile

Zhoul wrote:
This goes great with an update I was about to give you all... I just updated the "Cars Only" ct that I use. Again, offset all the pointers in this table, to your 'master pointer' offset. CParty, can you save out a version for v1.3 that works for you?

Going to do one Smile
And nice one on the remove lockpad. Also nice new project you got!

was shortly looking into it when playing with the ranking

though there are no races you can choose and there's no picture of him Razz
and having ranking on 16 will do some funky stuff like putting you to the my cars in main menu when leaving a shop.

*Edit*
JONG wrote:
In game version V1.3, I can't find this address, even I only search "B9 68 16 9B 00".

Yes of course you can't find them and the picture below shows you why:

The assembler code which stands for those bytes contains static addresses which have changed in v1.3 Wink so the bytes standing for that code have changed too.
I'll upload the v1.3 table later where I fixed the cave/code.

btw. I kept my v1.2 speed.exe so I can start v1.2 if I need to check something there.
Back to top
View user's profile Send private message
Zhoul
Master Cheater
Reputation: 1

Joined: 19 Sep 2005
Posts: 394

PostPosted: Thu Dec 15, 2005 1:59 pm    Post subject: Reply with quote

cparty wrote:
and this picture shows why...
d0h!! I didn't even go back and check... Thanks cparty.
cparty wrote:
I'll upload the v1.3 table later where I fixed the cave/code.
Ahh - Since you've done (or are almost done) that... I just might upgrade to 1.3 Wink

Last edited by Zhoul on Thu Dec 15, 2005 9:28 pm; edited 1 time in total
Back to top
View user's profile Send private message AIM Address
cparty
Expert Cheater
Reputation: 0

Joined: 01 Dec 2005
Posts: 219

PostPosted: Thu Dec 15, 2005 2:10 pm    Post subject: Reply with quote

Ok here is the table, I added a few things and put some more descriptions - you will see Wink
You probably noticed the file is called HYBRID. Why is that you may ask? The answer is that the table should work for v1.2, for v1.3 yes even for every future version (or any foreign language versions).
Magic? No Very Happy I defined a SYMBOL holding the base pointer address, and all pointers in this table use the symbol instead of a real address. Its currently saved for v1.3 so if you are on v1.2 you need to go into "Memory View" --> "View" --> "Userdefined Symbols". Change the entry called BASE to the base pointer address of your version (actually you cannot change but you can delete the old one and add the new one). The addresses should update and show your values. Neat stuff Wink

*Edit* For the additional Customization I used 1 Byte like Zhoul has started. However please keep in mind that some will use 2 Bytes, the first one will be the one telling which upgrade it is, but the second one might be used to tell if the upgrade is used at all (it usually only changes from stock to upgrade but not on changes between upgrades).

*Edit2* forgot to tell that I didn't touch any of the codes in the codelist, they might only be valid for v1.2.

*Edit3* Attachement removed - grab new version from this post:
http://forum.cheatengine.org/viewtopic.php?p=29863#29863


Last edited by cparty on Fri Dec 16, 2005 1:03 pm; edited 1 time in total
Back to top
View user's profile Send private message
Zhoul
Master Cheater
Reputation: 1

Joined: 19 Sep 2005
Posts: 394

PostPosted: Thu Dec 15, 2005 9:50 pm    Post subject: Reply with quote

cparty wrote:
The assembler code which stands for those bytes contains static addresses which have changed in v1.3 so the bytes standing for that code have changed too.
Notice how the 'value' in the line 'mov ecx, 009b1668' - does not contain brackets around the value? (being 009b1668).

This means it's writing that specific 'value' to ECX, not a value found at address 009b1668. Cool Unless of course, ECX is used later on, in brackets, which im guessing it is? as this is the new master pointer?
Back to top
View user's profile Send private message AIM Address
JONG
Expert Cheater
Reputation: 0

Joined: 30 Nov 2005
Posts: 130

PostPosted: Thu Dec 15, 2005 10:32 pm    Post subject: Reply with quote

Thanks cparty, you give a lot of help for me. Wink

I use your post picture, thanks god, I find it.

In Chinese version, you can use "0F BF 04 73 50" to find the right address.

Its info is:

Addy: 00581065 (offset for 1.3)
Type: Array of Byte (5 in length)
Description: Get Cur Car Addy 2 (Orig: B9C8BC9D00 New: E8E81CA60F)

I was use your CE table file, but its seem can't use on my version, when I open it, CE show me has some error to occur.

So I need to re-check Zhoul of post, then do it myself.

Btw, thanks your info, hope you can find the tollbooth timer, hehe.

EDIT:

About "Current Car Made Easy":

Now I can find "C: Get Cur Car Addy 2 - Toggle", also "Get Cur Car Addy 1" and "Cur Car Addy 3 - Pointer" is fine, they are all of 0's.

Question is:

How can I add the other address for above function ?

I re-read Zhoul's post, but still can't understand how to make those address.

If I want to use CE make like I upload picture (gnagna2000 make trainer) of function, how can I do ?
Back to top
View user's profile Send private message
Zhoul
Master Cheater
Reputation: 1

Joined: 19 Sep 2005
Posts: 394

PostPosted: Fri Dec 16, 2005 2:33 am    Post subject: Reply with quote

JONG wrote:

How can I add the other address for above function ?
If I want to use CE make like I upload picture (gnagna2000 make trainer) of function, how can I do ?


Are you saying you can make this funtion work, but not in a trainer? Or the entire function doesn't work at all?

Attached are 2 screenshots of what the 3 lines of code/values should look like.

The first picture is what it looks like once changed, but no profile has been loaded, or you havnt left/entered the garage...

The second picture shows what happens as soon as you enter a garage/dealership/free roam.

Remember!!

This address will change at a few different points.

Point 1: When you load into free roam, it maps to the 'copy' of your car so changing values at this time would be pointless.

Point 2: When scrolling through your car list in career mode. Changing values at this point *does* affect your car, if you save.. This could be bad for a user of a trainer, if they don't know this, as the max values for each car are not the same (ie some cars can have 4-5 engine upgrades, others 1-2.. Also, adding upgrades to ANY car that cannot accept them to begin with will crash your game once you try to free roam with it).

Point 3: When entering a garage with a car. (as opposed to on foot?)

How would you create a CE trainer to do it?

Well the values wouldn't be displayed, but people could still change them.

You would have to make a function that would 'enable' the feature. That would write the new values of the Code Cave and the Toggle. (do not write to the pointer, as the code cave does this automatically in the above listed situations).

Then - all you have to do is make separate user changable options that use the 'pointer' that is created by the code cave. (the name I had that at the time was Cur Car Addy 3 - Pointer )

Then use offsets from that pointer...

i.e.

Car Body = [Pointer] + 2E

If you are using my table, then you can just get the offsets from that. If you're not... get my table, as the entire blue group will work for you, once you get the rest of the steps working.



NFS-Auto-Pointer-1.JPG
 Description:
What CE should look like, after changing the code cave and the toggle, to their new values. Before loading a profile or doing any one of the 3 listed things above.
 Filesize:  13.04 KB
 Viewed:  56509 Time(s)

NFS-Auto-Pointer-1.JPG



NFS-Auto-Pointer-2.JPG
 Description:
Notice the change from 0x00000000 to an acutal address? This is what the code cave does, if properly used. I have a group of addresses that all set themselves based off the pointer address.
 Filesize:  14.78 KB
 Viewed:  56510 Time(s)

NFS-Auto-Pointer-2.JPG



NFS-Auto-Pointer-3.JPG
 Description:
I just enabled the "Auto-Pointer" feature (same as the one you're talking about), and went to my cars list.. The addresses automatically re-align, and this is my Punto.
 Filesize:  41.92 KB
 Viewed:  56510 Time(s)

NFS-Auto-Pointer-3.JPG



NFS-Auto-Pointer-4.JPG
 Description:
Changing to the next car in my career cars list made this change automatically. This is my cop car.. notice no upgrades? *crash* if i upgrade it...
*EDIT* Actually - This cop car can be mod'd , but its one of the very few AI cars that can be , without
 Filesize:  44.21 KB
 Viewed:  56511 Time(s)

NFS-Auto-Pointer-4.JPG


Back to top
View user's profile Send private message AIM Address
cparty
Expert Cheater
Reputation: 0

Joined: 01 Dec 2005
Posts: 219

PostPosted: Fri Dec 16, 2005 4:06 am    Post subject: Reply with quote

JONG wrote:
I was use your CE table file, but its seem can't use on my version, when I open it, CE show me has some error to occur.

What is the error you got? It works fine on the different installs of CE I tried (they are all CE v5.2).

Hmm, ok I might know what the error is, it looks like CE doesn't store the user defined symbols together with the table, at least the symbol is gone when I loaded the table today. So just go to the userdefined symbols and create a symbol BASE with the address of the base pointer for your version.

I'll try to give step-by-step help on do the Car-made-easy yourself:
Step 1: Find the location where we place our call to our own code
The jump happens at "C: Get Cur Car Addy 2 - Toggle"
JONG wrote:
In Chinese version, you can use "0F BF 04 73 50" to find the right address.

Make sure it IS the correct location as I found plenty of addresses when doing that search. Here is a screen what it should look like:

The highlighted Line (0056F2C5 - b9 a8 26 9b 00 - mov ecx, 009b26a8) is what we are going to replace (Note: the addresses will probably be different for you as well as the "009b26a8" value (and the values for calls/jumps above and underneath)).
Write down the highlighted instruction on a sheet of paper as we are going to use it in the next step.

Step 2: Fill in the code cave
You already made sure the location of "C: Get Cur Car Addy 1" contains 00 and isn't used by the game to write code to, so just paste Zhouls or my Bytes there (no need to change address) and open the location in dissambler view. It should look like this:

The highlighted Line is where you need to put the instruction you just took note on a sheet of paper in the step above. We copy it there because we are going to overwrite the other one in the next step with our call.

Step 3: Place the jump to our cave
Go back to the address of "C: Get Cur Car Addy 2 - Toggle".
double-click on the mov ecx, 09xxxxxx instruction and replace it with "call 0ffd0e22".

You cannot just fill in the bytes Zhoul or I was using because they are different for your version.

Step 4: Try if it worked
Switch to the game, go to choose car and switch around. Everytime you switch car the address where the Customization Part of that car starts should be shown (the blue stuff seen in Zhouls post should show the values for your current car now):

You can check it by going to that address and see if the bytes in memview look reasonable (that is if you know how it would look in memory).
If it worked copy the bytes for later use Smile
Back to top
View user's profile Send private message
JONG
Expert Cheater
Reputation: 0

Joined: 30 Nov 2005
Posts: 130

PostPosted: Fri Dec 16, 2005 5:07 am    Post subject: Reply with quote

Very thanks Zhoul, you are a great man, I will try it as your teach.

Some info (work on V1.2 English version of game):

Add Bounty

Addy: 0056EC34 (static, V1.3 on 00580B64)
Type: Array of Byte (6 in length)
Description: Bounty (Orig: 8B4010C20400 New: E99C52440090)

This function need make a code caves, first go to 0x0056EC34, you will see:

mov eax,[eax+10]
ret 0004


(Array of Byte:8B4010C20400)

then change it to:

jmp 009c5e05

(Array of Byte:E99C52440090)

then go to 0x009C5E05, you will see:

add [eax],al
add [eax],al
add [eax],al
add [eax],al
add [eax],al
add [eax],al
add [eax],al
add [eax],al
add [eax],al


(Array of Byte:000000000000000000000000000000000000, 18 in length)

then change they to:

mov [eax+10],05f5e0ff
mov eax,[eax+10]
ret 0004
jmp 0056ec3a
(V1.3 must change to: jmp 00580b6a)

(Array of Byte:C74010FFE0F5058B4010C20400E9238EBAFF, 18 in length)
(V1.3 must change to:Array of Byte:C74010FFE0F5058B4010C20400E953ADBBFF, 18 in length)

Use above function make a trainer, you can Add Bounty.

EDIT:V1.3 version of game use different address.

EDIT:Fix before post error.

Instant Cooldown

Addy: 004447F8 (static)
Type: Array of Byte (6 in length)
Description: Instant Cooldown (Orig: D98668010000 New: E96C16580090)
Ps.other version can search "8BC8FF520C8B46608B4E5883C3048D14813BDA75BD" ,then go down a byte, that will be it.

EDIT:V1.3 version of game use same address.

This function need make a code caves, first go to 0x004447F8, you will see:

fld [esi+00000168]

(Array of Byte:D98668010000)

then change it to:

jmp 009C5E69

(Array of Byte:E96C16580090)

then go to 0x009C5E69, you will see:

add [eax],al
add [eax],al
add [eax],al
add [eax],al
add [eax],al
add [eax],al
add [eax],al
add [eax],al
add [eax],al
add [eax],al
add [eax],al


(Array of Byte:000000000000000000000000000000000000000000, 21 in length)

then change they to:

mov [esi+00000168],43fa0000
fld [esi+00000168]
jmp 004447FE


(Array of Byte:C786680100000000FA43D98668010000E980E9A7FF, 21 in length)

Use above function make a trainer, you can Instant Cooldown.

How do I know that ?

I install a English version of game, and use a +19 plus trainer, then use CE to find the trainer make of change.

Hope that can be help.


Last edited by JONG on Fri Dec 16, 2005 12:55 pm; edited 9 times in total
Back to top
View user's profile Send private message
cparty
Expert Cheater
Reputation: 0

Joined: 01 Dec 2005
Posts: 219

PostPosted: Fri Dec 16, 2005 5:36 am    Post subject: Reply with quote

JONG wrote:
jmp 009C5E69
then go to 0x009C5E69

Just as a tip to be safer (Zhoul already mentioned a few times, you can also check the 4 steps in my post above) you should do the jump AFTER you have filled in the code for the cave. Otherwise it may happen that the game jumps to the address where nothing has been filled in yet and its very likely that the game will crash. But hey, no risk no fun eh? Mr. Green
Back to top
View user's profile Send private message
JONG
Expert Cheater
Reputation: 0

Joined: 30 Nov 2005
Posts: 130

PostPosted: Fri Dec 16, 2005 6:17 am    Post subject: Reply with quote

cparty wrote:

Just as a tip to be safer (Zhoul already mentioned a few times, you can also check the 4 steps in my post above) you should do the jump AFTER you have filled in the code for the cave. Otherwise it may happen that the game jumps to the address where nothing has been filled in yet and its very likely that the game will crash. But hey, no risk no fun eh? Mr. Green


Oh ! yes ! I forget I must make the jump address have some code first, hehe, thanks again, cparty. Very Happy

Now I try to find what's code let car instant speed. Wink
Back to top
View user's profile Send private message
Zhoul
Master Cheater
Reputation: 1

Joined: 19 Sep 2005
Posts: 394

PostPosted: Fri Dec 16, 2005 10:20 am    Post subject: Reply with quote

JONG wrote:
Oh ! yes ! I forget I must make the jump address have some code first, hehe, thanks again, cparty. Very Happy
Now I try to find what's code let car instant speed. Wink


We Kinda alraedy have this, I just havn't had the chance yet to put together a hack fer it. Basically - we have 2 values that determine the direction the car is facing, and we have 2 more values that, if given + or - numbers individually -- will result in +insta speed to the players car.

Use the first 2 to determine what values you will feed the 2nd two Wink

Anyhow, I'm here to give a brief update.

**IMPORTANT** Please read the section closer to the bottom of this post about the 'pointer' before using this Wink

Trainer v0.5 is ready for pre-testing. I have not yet included any cheats, other then being able to see your speed and being able to pretty much click to anywhere you wish to go on the game map.

The 'save location' features are darn near implemented, but im still touching up other bits that need it before that's completed. I have also disabled any buttons that do not have a function just yet. I did leave them on the form, however, so you could see what it's all going to look like.

What's it do so far?:

Main Screen:
- Gives you a map (screenshot I took from the game) in the trainer window.

- Tracks where your car currently is, by pointing at it, with an "entirely separate" mouse cursor/icon. (separate from your own). You even have the option to 'Flash cursors' so you can head-check while driving (if you have 2 pc's) You can also disable either cursor, so it does not show on the map. Cursor(s) you ask? The 2nd cursor moves with you, as you select a new location by clicking and dragging anywhere on the map.

- Option to 'track movement' - This feature is actually pretty cool. It draws on the trainer map, where you've been for as long as the option has been enabled. I just added color to it as well, which reflects the speed you were driving at the time (the screenshot shows an example of this). From Red > Orange > Yellow > Green between 0-160. Once you hit the 160 mark, it turns completely white. Also, It captures 'warps' which should be defined by a blue line. Very very short warps probably won't be seen as such though Wink To erase the current 'drawing' simply uncheck the feature, and re-check it as you wish.

- Of course, the "Goto" Feature. Try to stay within the bounds of the streets on the map, but who knows, maybe theres some special Dev track, off in the distance (really, i don't know yet... heh, too busy codin'). This feature writes to game mem for approx 2-3 seconds, then releases. This is to cure the Z axis bug, which prevents you from poking the addresses once and getting preferred results (which is to actually pop up at the location).

An interesting side effect here: Try saving a location with about a football field worth of flat road ahead of you, then , hold your gas and keep pressing the button Smile


Settings Window:
A big arse, long list of pointers is the first thing you see. It's holding 1 master pointer value right now and the rest are there for future additions. Every time I make a new trainer, I take the module/API that I refined in the last one, and bring it to the next one, updating it as I go... This is part of a new feature I'm implementing based around poitners and different versions of a game. In the end, I hope to create a trainer that can re-align itself to (most) updates.

!So I need you Help! - Data collection is teh phun... What I need is the value, at this address, for any version of NFS that isn't 1.2 (out of the box) - English version. That's it Wink

Moving right along -

Map Calibration: Self explanitory, well... because it explains itself... Smile no seriously... A mini-how-to on using it, altho for prelim testing, I think the current calibration is pretty good. This feature will shine once I implement a way for users to have their own custom maps, and even 'overlays' (possibly just pointing to other maps). If you do find a better calibration for this version though - please let me know and I'll try it out. What we're going to do with it, is use the colored streets on the map - do a test on the color of the X/Y cord, and see if it's a "pretty good place" to try spawning, or "Probably not gonna happen" place (and with this over-forced goto code, not many places are the latter anyhow).

Best Use: Go to the 2 furthest extents of the map, (be it north/west , or south/east...) - and copy the numbers given by the trainer, into the calibration window (semi-auto calibration coming soon).

Suggestions how! before it goes gold! Smile (of course ill be adding as many cheats as possible, as soon as I upgrade my slack arse to 1.3)

Inspirational thanks to Jong, since he's the one who first brought up the 'jump' value Cool

- Zhoul[/code]



The Extension 'zip' was deactivated by an board admin, therefore this Attachment is not displayed.


nfs-Trn-v0.1.0.png
 Description:
 Filesize:  277.44 KB
 Viewed:  56458 Time(s)

nfs-Trn-v0.1.0.png



nfs-Trn-v0.1.0-Settings.png
 Description:
 Filesize:  22.68 KB
 Viewed:  56457 Time(s)

nfs-Trn-v0.1.0-Settings.png


Back to top
View user's profile Send private message AIM Address
cparty
Expert Cheater
Reputation: 0

Joined: 01 Dec 2005
Posts: 219

PostPosted: Fri Dec 16, 2005 11:06 am    Post subject: Reply with quote

thats cool stuff Smile gonna try in a bit.
I adjusted the unlock lockpads for v1.3 (the offsets were again different). Note: your bytes from the mycars lockpad are wrong, it looks like its the one from the part-shop.. which doesn't work hehe, BUT! I found the real one. Whooohoo. I was always looking at the ranking, but it isnt the ranking, darn. There are 2 new codes one for normal parts and the other for special parts. Going to post as soon as I have it sorted.

*Edit* new offsets and unlocks

- unLOCK *most* "My Cars" (takes the 'lockpad' off of the cars in the My Cars list, used for online games).

Addy: v1.3 - 0058A156
Type: Array of Byte (6 in length)
Description: Code - unLock My Cars - Most Cars - (Orig: 8A97B0000000 New: B20090909090)

- unLOCK all Career cars (takes the 'lockpad' off of them so they can be purchased, no matter what level).

Addy: v1.3 - 0058A644
Type: Array of Byte (6 in length)
Description: Code - unLock Career - Cars (Orig: 8A98B0000000 New: B30090909090 )

- unLOCK all parts in Career (takes the 'lockpad' off of them so they can be purchased, no matter what level).

Addy: v1.3 - 00576678
Type: Array of Byte (6 in length)
Description: Code - unLock Career - Parts (Orig: 8B81AC000000 New: B8F3F71D0090 )

- unLOCK special parts in Career (adds the parts you get after beating Razor).

Addy: v1.3 - 007AF68C
Type: Array of Byte (6 in length)
Description: Code - unLock Career - special Parts (Orig: 8B91AC000000 New: BAF3F71D0090 )


Last edited by cparty on Fri Dec 16, 2005 2:22 pm; edited 3 times in total
Back to top
View user's profile Send private message
cparty
Expert Cheater
Reputation: 0

Joined: 01 Dec 2005
Posts: 219

PostPosted: Fri Dec 16, 2005 11:52 am    Post subject: Reply with quote

I cannot get the trainer to display any current coordinates Confused I also tried adjusting the master pointer. Anything I need to enable first or are those values just stored at a different location in v1.3?
Back to top
View user's profile Send private message
cparty
Expert Cheater
Reputation: 0

Joined: 01 Dec 2005
Posts: 219

PostPosted: Fri Dec 16, 2005 12:59 pm    Post subject: Reply with quote

New version of the hybrid car table. This time you don't have to change the address for the base pointer symbol yourself (if you use english v1.2 or v1.3) as I added 2 auto-assemble scripts doing that.
Just check the version you got (you might additionally need to right-click "force recheck symbols"):



speed - Cars Only (Table-5.2) HYBRID.CT
 Description:

Download
 Filename:  speed - Cars Only (Table-5.2) HYBRID.CT
 Filesize:  18.42 KB
 Downloaded:  2011 Time(s)

Back to top
View user's profile Send private message
Zhoul
Master Cheater
Reputation: 1

Joined: 19 Sep 2005
Posts: 394

PostPosted: Fri Dec 16, 2005 2:02 pm    Post subject: Reply with quote

cparty wrote:
I cannot get the trainer to display any current coordinates Confused I also tried adjusting the master pointer. Anything I need to enable first or are those values just stored at a different location in v1.3?


What's the X,Y,Z cords for 1.3? Thought they were the same?

I'm using
X: 009376A0
Y: 00937698
Z: 0093769C

Next, is your EXE named speed.exe?

Lastly, If it's just addressing, try this version (File/Settings window to 'set' these addresses manually for now).

Gotta jet as I gotta feed my lil guy - but I'll be back around sometime this weekend... (he eats a lot)...

(see this post, to download the latest version:)
http://forum.cheatengine.org/viewtopic.php?p=30966#30966


Last edited by Zhoul on Sat Dec 24, 2005 12:40 pm; edited 1 time in total
Back to top
View user's profile Send private message AIM Address
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Goto page Previous  1, 2, 3 ... 11, 12, 13 ... 18, 19, 20  Next
Page 12 of 20

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites