|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
MCHubble Newbie cheater Reputation: 0
Joined: 07 Apr 2014 Posts: 18
|
Posted: Wed Jul 16, 2014 1:58 pm Post subject: [OCD] must hack Tiny & Big |
|
|
The game keeps count of how many times you've died trying to complete a level.
I intentionally kill myself and find the address.
If I change the value from e.g. 6 to 0, then the value changes to 7 when i die.
And even if I change right before I finish the level, so it's 0, then the game still knows that it was 7.
So i tried to figure out what writes the adress, and this comes up;
I was expecting an add or inc ... But does anyone know the solution?
Could really use some help, been trying for 3 hours, even re-did the tutorial just in case I missed something, but I just can't solve this one alone.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Wed Jul 16, 2014 2:21 pm Post subject: |
|
|
Disconnect from the internet and then die and see if it makes a difference (if you can't play the game anymore give up)
If it makes no difference (and you can still play) then perhaps the real value is stored differently. E.g the number of times you've played and the number of times you didn't die
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
MCHubble Newbie cheater Reputation: 0
Joined: 07 Apr 2014 Posts: 18
|
Posted: Wed Jul 16, 2014 2:38 pm Post subject: |
|
|
Going off-line didn't change anything.
It's also an off-line single player game.
Anyway I searched for an unknown initial value and then killed myself and said that the increase was by 1.
I found other address, and tried one of them and found this
Code: | 13F76C9C6 - 83 41 08 FF - add dword ptr [rcx+08],FF
13FB7F9E0 - FF 41 08 - inc [rcx+08]
|
Tried to change the inc [rcx+08] to NOP but the game crashed.
|
|
Back to top |
|
|
pox911 Grandmaster Cheater Reputation: 28
Joined: 29 Nov 2008 Posts: 918
|
Posted: Sun Jul 20, 2014 1:48 am Post subject: |
|
|
I dug around some and it looks like the actual death count is jumping around addresses. mov [rcx-08],r10 is the correct write address. A few op codes up is mov r10,[rdx+rcx-08]. This is pulling from the current death count from the rotation. The rotated value and this one work in sync some how.
I havent fully tested this code, 2 am and will test in the morning, but this should prevent the death count increase.
Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,"tinyandbig.exe"+E9C3B2)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
pushfq
mov [rcx-10],rax
mov [rcx-08],r10
cmp rax,00000001
jne exit
cmp r14,00000001
jne exit
mov [rdx+rcx-08],#0
mov [rcx-08],#0
exit:
popfq
jmp returnhere
"tinyandbig.exe"+E9C3B2:
jmp newmem
nop
nop
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"tinyandbig.exe"+E9C3B2:
db 48 89 41 F0 4C 89 51 F8 |
To explain what is going on in here: This code is called frequently by other threads. I added a compare to it that should make it only trigger during death. It then writes 0 to both the current death value and the background one. Im not 100% familiar with the 64-bit functions but it should work in theory.
|
|
Back to top |
|
|
Chris12 Expert Cheater Reputation: 1
Joined: 27 Apr 2012 Posts: 103
|
Posted: Sun Jul 20, 2014 4:20 am Post subject: |
|
|
The creator(s) of the game maybe made the value immutable like this.
[C# Code]
class LevelStats
{
public readonly int DeathCount;
public LevelStats(int deathCount) { DeathCount = deathCount; }
}
And everytime you die a new class is created.
How to defeat this?
Easy. Just look at the offset where the value is written. In your case 0x8.
Then look where RCX is set, or better, scan for the value of RCX, that lets you find all pointers to the container class.
Then die again, find the value again, find RCX again and finally isolate more pointers. Nothing special, just like with a normal Hp or deathcount scan...
Now you always have the right container pointer + offset.
And you can use that to instantly reset your deathcount to zero everytime.
Questions? Just ask.
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|