| View previous topic :: View next topic |
| Author |
Message |
Bortus
How do I cheat?
![]() Reputation: 0
Joined: 17 Nov 2014
Posts: 2
|
 Posted: Mon Nov 17, 2014 5:58 am Post subject: Lego Game Help |
 |
|
Hello.
I have a problem, I've never done this before it is new to me. Can you explain to me how to make cheat "Super Jump and Super speed" in Lego Game ?. I know how to use cheat engine I already earlier did a few trainers, generally wanted to learn this cheat "Super Jump and Super speed" for lego game. I have tried several ways but I failed . If you could help me I will be very grateful .
Maybe you show me ( write to me in a few steps ) where to start and what should I look for ?. I will learn and practice on these steps, so it is better for me.
For example:
Step 1: Search for jump address
Step 2: If you find the address, you must do now ...
Step 3: etc ...
Step 4: etc ...
This will help me understand and learn faster. Thanks in advance for your help.
ps. Sorry for my english.  |
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25287
Location: The netherlands
|
| Posted: Mon Nov 17, 2014 6:05 am Post subject: |
|
|
I've never done a superjump but i assume it goes like:
Find the height position, or the height acceleration (usually close to eachother)
Find what writes that address during jumps (you may not want this happening when walking up stairs)
Then do a code injection that multiplies the change in height
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Bortus
How do I cheat?
![]() Reputation: 0
Joined: 17 Nov 2014
Posts: 2
|
| Posted: Mon Nov 17, 2014 8:42 am Post subject: |
|
|
ok, I found height position address
I found what writes that address during jumps
what now I must do ?
| Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem:
originalcode:
fstp dword ptr [esi+74]
fld dword ptr [esp+38]
exit:
jmp returnhere
"LEGOBatman3.exe"+CFFAA8:
jmp newmem
nop
nop
returnhere:
[DISABLE]
dealloc(newmem)
"LEGOBatman3.exe"+CFFAA8:
fstp dword ptr [esi+74]
fld dword ptr [esp+38]
//Alt: db D9 5E 74 D9 44 24 38
{
// ORIGINAL CODE - INJECTION POINT: "LEGOBatman3.exe"+CFFAA8
"LEGOBatman3.exe"+CFFA88: 52 - push edx
"LEGOBatman3.exe"+CFFA89: 8B CE - mov ecx,esi
"LEGOBatman3.exe"+CFFA8B: E8 A0 A1 FB FF - call LEGOBatman3.exe+CB9C30
"LEGOBatman3.exe"+CFFA90: 84 DB - test bl,bl
"LEGOBatman3.exe"+CFFA92: 74 09 - je LEGOBatman3.exe+CFFA9D
"LEGOBatman3.exe"+CFFA94: F6 86 40 01 00 00 04 - test byte ptr [esi+00000140],04
"LEGOBatman3.exe"+CFFA9B: 75 1C - jne LEGOBatman3.exe+CFFAB9
"LEGOBatman3.exe"+CFFA9D: D9 44 24 30 - fld dword ptr [esp+30]
"LEGOBatman3.exe"+CFFAA1: D9 5E 70 - fstp dword ptr [esi+70]
"LEGOBatman3.exe"+CFFAA4: D9 44 24 34 - fld dword ptr [esp+34]
// ---------- INJECTING HERE ----------
"LEGOBatman3.exe"+CFFAA8: D9 5E 74 - fstp dword ptr [esi+74]
"LEGOBatman3.exe"+CFFAAB: D9 44 24 38 - fld dword ptr [esp+38]
// ---------- DONE INJECTING ----------
"LEGOBatman3.exe"+CFFAAF: D9 5E 78 - fstp dword ptr [esi+78]
"LEGOBatman3.exe"+CFFAB2: D9 44 24 3C - fld dword ptr [esp+3C]
"LEGOBatman3.exe"+CFFAB6: D9 5E 7C - fstp dword ptr [esi+7C]
"LEGOBatman3.exe"+CFFAB9: 5E - pop esi
"LEGOBatman3.exe"+CFFABA: 5B - pop ebx
"LEGOBatman3.exe"+CFFABB: 8B E5 - mov esp,ebp
"LEGOBatman3.exe"+CFFABD: 5D - pop ebp
"LEGOBatman3.exe"+CFFABE: C2 04 00 - ret 0004
"LEGOBatman3.exe"+CFFAC1: CC - int 3
"LEGOBatman3.exe"+CFFAC2: CC - int 3
}
|
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
 Reputation: 218
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Wed Nov 19, 2014 6:39 pm Post subject: |
|
|
| Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(highJump)
newmem:
// fld dword ptr [esp+34] //orig
// fstp dword ptr [esi+74] //orig
fld dword ptr [esp+34] // new value
fld dword ptr [esi+74] // old value
// ST(0):=oldValue, ST(1):=newValue
fcomi ST(0),ST(1)
jb highJump
fstp ST(0) //pop register stack
fstp dword ptr [esi+74]
jmp returnhere
highJump: // not tested, don't have this game
fsubr ST(0), ST(1) // ST(0):=newValue - oldValue = delta
fld ST(0)
fld ST(0)
faddp
faddp
// now ST(0):=3*delta
faddp // ST(0):=oldValue + 3delta
fstp dword ptr [esi+74]
jmp returnhere
"LEGOBatman3.exe"+CFFAA4:
jmp newmem
nop
nop
returnhere:
[DISABLE]
dealloc(newmem)
"LEGOBatman3.exe"+CFFAA4:
fld dword ptr [esp+34]
fstp dword ptr [esi+74]
//Alt: db D9 44 24 34 D9 5E 74
|
warning: not tested.
_________________
|
|
| Back to top |
|
|
sreeragh2009
Cheater
![]() Reputation: 0
Joined: 21 Oct 2014
Posts: 33
Location: UNKNOWN
|
| Posted: Wed Nov 19, 2014 11:53 pm Post subject: B) |
|
|
Easy way
--> Find height coordinate (darkbyte told this )
-->Find what writes to this address (told this too)
-->Now try nopping codes one by one (not all together)(some nops will crash the game)(try watching the counts of code when you jump, probably that's the one you are looking for). At one point you may be not able to jump. Thats the code you want.(Dont forget to restore with original code)
--> The code may access the jump distance from some memory. So you can change it.
-->Or you can change the code itself. Open disassembler. Move up and down through the code and change the values of RHS which are copied in "mov". This step can give awesome results. You will find walk through walls etc ..
_________________
PROFESSIONAL "LEARNER" |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
