View previous topic :: View next topic |
Author |
Message |
SteveFlanders2 How do I cheat? Reputation: 0
Joined: 22 Mar 2024 Posts: 2
|
Posted: Fri Mar 22, 2024 12:36 pm Post subject: Is there any way to find out "What writes to this.... F |
|
|
So. I know that Cheat Engine has the "Find out what writes to this memory address" feature, which is useful for finding, disabling, or changing what writes to a memory address.
But that is only useful for finding scripts in memory that write to other addresses in memory.
What I'm looking to do, is try and find the script in memory, that writes to my hard drive. (Basically I'm looking for the script that writes save files, so I can write my own script to forge them).
Unfortunately I don't think this is possible, but before I completely give up I'm here to ask you guys.
If It changes anything, I know exactly where the save files are written to (their path) and they're written to a .sav, but they contain just plain text, so I can just open it with notepad no problem. (I can't edit it though, there's a checksum or something. Hence why I need to find the code that writes to the save file).
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4307
|
Posted: Fri Mar 22, 2024 1:49 pm Post subject: |
|
|
The kernel is the thing that actually modifies the bytes on the hard disk. You'd have to hook the relevant API. Maybe NtOpenFile is a good place to start.
There might be some program out there that does it for you. strace is for linux; I don't know of any windows equivalent.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
SteveFlanders2 How do I cheat? Reputation: 0
Joined: 22 Mar 2024 Posts: 2
|
Posted: Fri Mar 22, 2024 2:41 pm Post subject: |
|
|
ParkourPenguin wrote: | The kernel is the thing that actually modifies the bytes on the hard disk. You'd have to hook the relevant API. Maybe NtOpenFile is a good place to start.
There might be some program out there that does it for you. strace is for linux; I don't know of any windows equivalent. |
this might sound stupid, but that sounds like it would tell me what is writing, but not how it is being written.... if that makes any sense.
The what-I-suspect-is-a-checksum-of-some-sort is being computed in memory, and then written to a file (I assume), strace would tell me what is writing to the file (the process), but not how its being written (the computations in the background)
...if that makes any sense.
unless one could help me get to the other?
(don't I already know whats writing to the file though? its the .exe that is open)
im a complete noob at cheating/hacking please dont smite me for my ignorance :(
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4307
|
Posted: Fri Mar 22, 2024 3:02 pm Post subject: |
|
|
Set a conditional breakpoint at some API that will break when the file you're interested in is written to. Then, go up the callstack and start reverse engineering the checksum algorithm from there.
Or you could try ultimap / code filter to search for code.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
kulik_alex How do I cheat? Reputation: 0
Joined: 19 Mar 2024 Posts: 9
|
Posted: Sat Mar 23, 2024 9:45 am Post subject: |
|
|
I recently tried something similar. In my case, the game was loading from memory, not from a file, a separate code was responsible for reading and writing to disk. Too difficult.
|
|
Back to top |
|
|
|