|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
How many of you have h0zed a NFS-MW save game, in the name of haxX0ring? |
Frequently |
|
33% |
[ 1 ] |
A few, but not many... |
|
0% |
[ 0 ] |
This one time... At Band Camp... |
|
0% |
[ 0 ] |
What's an NFS-MW save game? |
|
0% |
[ 0 ] |
Do you have wall hakus!? I NEED WALLLLL HCKUSSS |
|
66% |
[ 2 ] |
|
Total Votes : 3 |
|
Author |
Message |
cparty Expert Cheater Reputation: 0
Joined: 01 Dec 2005 Posts: 219
|
Posted: Tue Dec 06, 2005 6:39 am Post subject: |
|
|
Zhoul wrote: | Where'd you get the one on the right? You sure you didnt create it? Where there is one, there will be more. |
The left one I got from the savegame (of course its also in the memory), the right one I found in the memory here:
Then I used the code as seen in the pic to edit one of my cars: AF 2D C3 C1 6D 80 7C D3
Zhoul wrote: | Also, there are now 2 cross cars in memory, right next to eachother.. Notice that one? | Hmm nope didn't see that one unless you mean the one getting added to your carlist after buying one at the dealership. Slot 50 (last used by the game) is the CopCorvette and Slot 51 (first user slot) contains maybe your bought CopCorvette.
And big thanks for the Tuto
@JONG: They are called "Spike Strips", but I understood what you meant anyway, so no problem
*edit* installing SP2 now wish me luck
|
|
Back to top |
|
|
Zhoul Master Cheater Reputation: 1
Joined: 19 Sep 2005 Posts: 394
|
Posted: Tue Dec 06, 2005 9:56 am Post subject: |
|
|
Cp wrote: | @JONG: They are called "Spike Strips", but I understood what you meant anyway, so no problem
*edit* installing SP2 now wish me luck |
Aye, and I'm writing a larger , more extensive one, but need a few hours sleep before I finish it. The one I gave you wasn't even a tutorial, but its amazing from coding histories, how much over-logical sense assembly makes (sometimes).
I would suggest going back and trying the few other suggestions i gave that would wind up crashing the game, specifically related to the unlocking car solutions. It was my lack of understanding of how Or's and And's worked in ASM, but just think of them as nested If's, (just not happy-tab separated for easy reading.)
Using the disassembler to freeze the game and step through it, watching registers also gives a greater understanding
or sttnig a break point,then hitting 'run' over and over,watching the register changes,
- ZZZZzzzhoul must ZZZZZleeep...
As for SP 2 - I was against it for the longest time.. still semi-am, but once you get the hacked termserv.dll - and tcpip.dll (the latter, not needed, just un-gimps you again), then fix a few of the ghey auto-installed features to not start-up. It's just like XPSP1 imho.
|
|
Back to top |
|
|
JONG Expert Cheater Reputation: 0
Joined: 30 Nov 2005 Posts: 130
|
Posted: Tue Dec 06, 2005 10:46 am Post subject: |
|
|
I have a question:
If I want all car have "Unique Performance Upgrades", how can I do ?
|
|
Back to top |
|
|
JONG Expert Cheater Reputation: 0
Joined: 30 Nov 2005 Posts: 130
|
Posted: Tue Dec 06, 2005 11:57 am Post subject: |
|
|
Also I forget to ask Zhoul:
I saw your player rank trainer, I don't know if change player rank that mean is you can buy all of Unique Performance Upgrades, right ?
|
|
Back to top |
|
|
cparty Expert Cheater Reputation: 0
Joined: 01 Dec 2005 Posts: 219
|
Posted: Wed Dec 07, 2005 4:15 am Post subject: |
|
|
JONG wrote: | If I want all car have "Unique Performance Upgrades", how can I do ? |
Im not sure if there exist an easy way to do it (like only one address changing). As mentioned earlier, there seem 3 car related sections in memory. One for the type of the car, another one for the parts (stock cars don't have that section) and a 3rd one for Career related stuff like bounty/heat (obviously only career cars have that).
One entry of the parts section looks like this (dummy entry, for a real car there are many values filled in):
The big red mark is where all the performance upgrades will be stored in this order: Tires, Brakes, Suspension, Transmission, Engine, Turbo, NOS, and the last one (in blue) containst the uniques. Now the problem, Uniques cannot be applied if there is no regular part of the same category built into your car and usually the number of regular upgrades for one cat is different for most cars. So there is no one-size-fits-all
JONG wrote: | I saw your player rank trainer, I don't know if change player rank that mean is you can buy all of Unique Performance Upgrades, right ? |
Player Rank is the current rank in career mode, which unlocks cars/parts. The unique performace cannot be bought, you get them with bonus markers or outside career unlocked by completing challenge 70 (the burgerking challange).
I just installed patch v1.3, started CE and it looked like the addresses are still the same (except the usual diff of a few bytes I have each time now since SP2), BUT the pointers seem to be different
*edit* if I got it correctly the new base pointer for money/rank is now @ 0091CF90
|
|
Back to top |
|
|
JONG Expert Cheater Reputation: 0
Joined: 30 Nov 2005 Posts: 130
|
Posted: Wed Dec 07, 2005 7:22 am Post subject: |
|
|
Hi cparty, thanks for you reply.
I think that, if we can unlock all of car, maybe we can unlock all of parts.
Only player rank can unlock all of parts, or have another way to unlock it ?
|
|
Back to top |
|
|
JONG Expert Cheater Reputation: 0
Joined: 30 Nov 2005 Posts: 130
|
Posted: Wed Dec 07, 2005 11:50 am Post subject: |
|
|
cparty, I think today Zhoul maybe busy, so I ask you again.
May you can post more information about player rank ?
Because I need it to find in the Chinese version of game.
Thanks for your help.
|
|
Back to top |
|
|
cparty Expert Cheater Reputation: 0
Joined: 01 Dec 2005 Posts: 219
|
|
Back to top |
|
|
cparty Expert Cheater Reputation: 0
Joined: 01 Dec 2005 Posts: 219
|
Posted: Wed Dec 07, 2005 4:43 pm Post subject: |
|
|
I stumbled over a memblock full of AI-controlled cars must have been lucky
Ambulance, typecode: AF 2D C3 C1 F5 F7 67 6F
Undercover Cop, typecode: AF 2D C3 C1 82 D1 A1 A3
Undercover Cop Corvette, typecode: AF 2D C3 C1 88 66 EB A4
WoodTruck, typecode: AF 2D C3 C1 67 CC 92 0A
as you see in the pic you can crash it very easy
and I also found another version of the RX-8
RX-8, typecode: AF 2D C3 C1 D9 3C 12 72
there must be much more I guess for example the firetruck.
Though one thing all those AI cars have... they crash the game if you damage the car... so still need to find a good way to disable collision.
|
|
Back to top |
|
|
noob Cheater Reputation: 0
Joined: 28 Nov 2005 Posts: 40
|
Posted: Wed Dec 07, 2005 7:23 pm Post subject: |
|
|
cparty wrote: | I stumbled over a memblock full of AI-controlled cars must have been lucky
Ambulance, typecode: AF 2D C3 C1 F5 F7 67 6F
Undercover Cop, typecode: AF 2D C3 C1 82 D1 A1 A3
Undercover Cop Corvette, typecode: AF 2D C3 C1 88 66 EB A4
WoodTruck, typecode: AF 2D C3 C1 67 CC 92 0A
as you see in the pic you can crash it very easy
and I also found another version of the RX-8
RX-8, typecode: AF 2D C3 C1 D9 3C 12 72
there must be much more I guess for example the firetruck.
Though one thing all those AI cars have... they crash the game if you damage the car... so still need to find a good way to disable collision. |
sry for this noob questions again.. but where do i type the code in to get those cars?.. mind teaching me step by step? thanks
|
|
Back to top |
|
|
Zhoul Master Cheater Reputation: 1
Joined: 19 Sep 2005 Posts: 394
|
Posted: Wed Dec 07, 2005 7:37 pm Post subject: |
|
|
This is a quick update, and I'll read all of cparty's awesome finds in a sec.
SunBeam pointed out 1 part of a tutorial where i had mistakenly used the wrong register. I have fixed the code and this actually works now!! holy sheet! Also, I found a great code cave location so we can do even more with the game.
Add these two to your address list. Make sure to change Code Cave 1 to its new value before changing Code Cave 2.
Once you change them both, your car will have infinite 'blinky effect' (no collision). To stop the effect, just change Code Cave 2 back to its Orig value. (Remember, it will take 5 seconds to actually turn off after this, as we keep writing 5 seconds to the length of time the blinky will last).
--------------------------------------------------------------
Working No Collision Code:
--------------------------------------------------------------
Address: 0FFD0E48 (Array of Bytes - 32 in length)
Code Cave 1 - (Orig: 0000000000000000000000000000000000000000000000000000000000000000 New: CCCC83FA017510899674010000C786780100000000A0408B8674010000C3CCCC )
Address: 0068C7CA (Array of Bytes - 6 in length)
Code Cave 2 - (Orig: 8B8674010000 New: E87B46940F90 )
cparty wrote: | there must be much more I guess for example the firetruck.
Though one thing all those AI cars have... they crash the game if you damage the car... so still need to find a good way to disable collision. | Dudeee, All I have to do is modify the "Unlock all cars" code to search the memory location you found these at, so it adds them to the purchasable list!!! I'll work on this, as it is indeed a great find.
Once I do that, Simply buy the car/truck/whatever
Last edited by Zhoul on Wed Dec 07, 2005 9:59 pm; edited 1 time in total |
|
Back to top |
|
|
Zhoul Master Cheater Reputation: 1
Joined: 19 Sep 2005 Posts: 394
|
Posted: Wed Dec 07, 2005 9:47 pm Post subject: |
|
|
noob wrote: | sry for this noob questions again.. but where do i type the code in to get those cars?.. mind teaching me step by step? thanks |
There is an easy way to over-write cars in memory that will list when you go to purchase them. Also, they will not cause the game to crash, as long as you buy them *after* you change memory.
First, add this 2 level pointer to your table.
+414
0091BF50 + 10
That is the start of the memory block for cars. Note the address it shows you in CE... Go to this address in memory view.
Make sure you dont have the car you want to replace yet. This is very important. *Edit* - this isnt very important I found you just over-write the car for purchase, for that one time, and this memory is not used to 'load' your currently owned cars.
You can get a list of cars and their values in memory, here.
http://forum.cheatengine.org/viewtopic.php?p=28355#28355
Pick a car from the list you want to replace, then find the hex numbers associated with it IN THIS PLACE IN MEMORY. This is important as these hex numbers appear other places in memory.
Over-write the 8 bytes, with the ones that CParty has given you.
Lets use taxi as an example.
CParty's definition of taxi.
AF 2D C3 C1 F1 1A F0 7A Taxi
I found this, in version 1.2, at this address. 01C8D5C0
I over-wrote those 8 bytes with this...
AF 2D C3 C1 67 CC 92 0A (note, only 4 bytes were actually changed, but you want to over-write all 8 usually)
Then i went to the dealership and instead of a taxi being listed, now the truck with logs on it was. I bought it, then drove it out and voila. I have a truck with logs, that wont crash the game.
*Edit* - actually - the logs truck specifically will crash, if a car runs into the logs part of your truck.. Why? im guessing its because when you usually hit a logs truck, the logs all fall off, and the game is having a problem with doing this to the player car. BUT - other cars should not crash, like the other cop cars, etc.
*edit 2 for cparty*
Dude!! add that address to your list (the 2 level pointer above) - you can go and define cars in memory , after the last car, at the area that the FF FF FF FF 00 00 00 00 starts. Remember that little code tutorial I gave you, on how the "Unlock all cars" code works? There is memory space after the last car, to add more cars. We can make a trainer that injects any cars you find, so get a list, like your other one, of cars that don't show up and ill make a trainer that can inject them into any version, using pointer paths.
Or, make the trainer yourself =)
Last edited by Zhoul on Wed Dec 07, 2005 11:49 pm; edited 1 time in total |
|
Back to top |
|
|
JONG Expert Cheater Reputation: 0
Joined: 30 Nov 2005 Posts: 130
|
Posted: Wed Dec 07, 2005 10:41 pm Post subject: |
|
|
cparty wrote: | If none of the pointers work then you can try searching for your money (4bytes). If you found the address (don't add it to the table) highlight the entry and then right-click in your table the Player Money (not the pointer) and choose "recalculate address". CE should have filled the offset by itself so you only need to press change. After that the Player Money entry should show your Money and the Player Rank your Rank.
This works because the structure in itself doesn't change in memory, it only changes the base address every time you start the game. That said the Rank (only 1 Byte in length) should be 4 Bytes infront of the Money.
I hope you could follow |
Thanks for your kind of help.
I am download your CE table file, but it can't use in Chinese version.
I need to know how many bytes rank address infront of the money address, if I know that, it will be help me to find the rank address.
And I also see your great find, hope you and Zhoul can make more edit on it.
|
|
Back to top |
|
|
JONG Expert Cheater Reputation: 0
Joined: 30 Nov 2005 Posts: 130
|
Posted: Wed Dec 07, 2005 10:53 pm Post subject: |
|
|
Zhoul wrote: | --------------------------------------------------------------
Working No Collision Code:
--------------------------------------------------------------
Address: 0FFD0E48 (Array of Bytes - 32 in length)
Code Cave 1 - (Orig: 0000000000000000000000000000000000000000000000000000000000000000 New: CCCC83FA017510899674010000C786780100000000A0408B8674010000C3CCCC )
Address: 0068C7CA (Array of Bytes - 6 in length)
Code Cave 2 - (Orig: 8B8674010000 New: E87B46940F90 )
|
The code cave 1 of address is too many in memory, I don't know how to find it.
Those code are only use on player's car, or all of game cars ?
|
|
Back to top |
|
|
Zhoul Master Cheater Reputation: 1
Joined: 19 Sep 2005 Posts: 394
|
Posted: Wed Dec 07, 2005 11:36 pm Post subject: |
|
|
JONG wrote: | The code cave 1 of address is too many in memory, I don't know how to find it.
Those code are only use on player's car, or all of game cars ? |
Use the debugger to find a place in memory you can put your code cave. Not all places will work.
- Go into the debugger
- Scan for a code cave (Extra > Scan for code caves)
- For size, put in 3400
- Scan
Some of these places will work great, some won't because the game will eventually use the space for its own stuff. Put the code tword the end of a code cave, but not the very end. It should work, at least for a long time unless the game uses that memory between load screens or whatever.
Good luck sir
Also - this supposedly works just for 1 car.. your car.. I have tested this and that seems to be the case so far, but it might still need some work.
*EDIT*
The other thing you could do is use my original offsets and do the math.
Figure out how far away my codecave 1 and 2's are.
Once you find where the codecave 2 part is.. add the difference.
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|