View previous topic :: View next topic |
Author |
Message |
chochang262 Newbie cheater Reputation: 0
Joined: 31 May 2012 Posts: 20 Location: United States
|
Posted: Mon Jun 29, 2015 3:15 pm Post subject: multiple objects sharing code |
|
|
Hi, I'm back again with yet another question. I'm playing Mortal Kombat: Komplete Edition, and I am faced with another problem. As I have stated in previous posts, I know the simple method to solving most of my issues, however I would like to learn more advanced methods to better my self as a game hacker and programmer. My problem is that I am trying to use code injection to make my health not decrease, while my enemy's health still does. What the real problem is, is that I cannot find anything to CMP against with the Dissect data/Structure tool that would determine what side you are on (ex.Team 1/Team 2) I've done this searching method in tag team, so there were more addresses to put into the structure scanner. I've literally spent over 45 minutes just looking through the addresses for anything that might even seem like it was the right one. Is there a way of doing this that's not as straight forward, because this method is not seeming to lead anywhere. Or perhaps I should ask Is there anything else i could look for that would be able to differentiate between what team I'm on so that I can execute the code at the right time? (sorry for all of the questions I've been asking, but it seems like every time I think I know how to do something, another game comes and shoves it new code right in my face)
____________________________________________________ - - - - - - -
Literally any method that will allow me to still use code injection will be accepted.
The main reason I want to do code injection, and not just use the pointer, is a user in my previous thread suggested it, and I decided that it was time to learn something new.
Edit: (I don't know much about ASM so bear with me) I should mention that the Code that writes to the health(I think) is
Code: |
MKKE.exe+67EB4E - F6 41 68 01 - test byte ptr [ecx+68],01
MKKE.exe+67EB52 - 75 28 - jne MKKE.exe+67EB7C
MKKE.exe+67EB54 - F3 0F10 8E C0780000 - movss xmm1,[esi+000078C0]
MKKE.exe+67EB5C - F3 0F58 C8 - addss xmm1,xmm0
------->>MKKE.exe+67EB60 - F3 0F11 8E C0780000 - movss [esi+000078C0],xmm1<<--------
MKKE.exe+67EB68 - F3 0F10 8F CC0B0000 - movss xmm1,[edi+00000BCC]
MKKE.exe+67EB70 - F3 0F58 C8 - addss xmm1,xmm0
MKKE.exe+67EB74 - F3 0F11 8F CC0B0000 - movss [edi+00000BCC],xmm1
MKKE.exe+67EB7C - D9 44 24 18 - fld dword ptr [esp+18]
MKKE.exe+67EB80 - 51 - push ecx
|
So what I assume from that is, that the value stored in esi is key to finding which player is actually going to receive damage. But I can't figure out how to determine where esi is actually given the specific player to retract health from.
-------------
Again not sure if i'm even close to the right ball-park here
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Mon Jun 29, 2015 4:48 pm Post subject: |
|
|
Well the troubling part is that the instruction shows +78C0.
That means the structure starts at ESI and the health related to that structure is 30,912 bytes away.
So somewhere within those 30k bytes (or beyond) is likely a '0' for player one and a '1' for player two.
That's a large area to search and the values could even be '1' and '2' or anything.
Possibly try doing a search for addresses containing the value of ESI.
See what accesses those. Maybe those instructions won't be shared.
In which case you can save the value in one script and compare ESI against it during the subtract.
You could also do a pointer scan for the health, and then use that static pointer for your compare.
|
|
Back to top |
|
|
vng21092 Grandmaster Cheater Reputation: 15
Joined: 05 Apr 2013 Posts: 644
|
Posted: Mon Jun 29, 2015 7:26 pm Post subject: |
|
|
well, I don't have the game anymore but luckily I keep all my old tables around. I believe offset 10 from the health structure is your ID.
Code: | cmp [esi+10],(int)1000 | In single player it worked fine if I remember correctly, but when I had a buddy over to play 2 player fight, he ended up having infinite health, I think it depends on what player you are. Either way, I'm fairly certain offset 10 is what you're looking for.
Edit: Heres my crappy old table, not an AOB, but judging by the address of your code, we have the same version.
Description: |
|
Download |
Filename: |
Mortal Kombat - Komplete Edition.CT |
Filesize: |
2.6 KB |
Downloaded: |
553 Time(s) |
|
|
Back to top |
|
|
Gniarf Grandmaster Cheater Supreme Reputation: 43
Joined: 12 Mar 2012 Posts: 1285
|
Posted: Tue Jun 30, 2015 5:54 am Post subject: |
|
|
In the current steam version, the health pointers are:
P1:[MKKE.exe+A89D7C+1c]+78c0
P2:[MKKE.exe+A89D7C+c8c+1c]+78c0
So an alternative to vng21092's method is to cmp esi,[MKKE.exe+A89D7C+1c] .It might be a little bit more complicated for tag battles tough.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
Back to top |
|
|
vng21092 Grandmaster Cheater Reputation: 15
Joined: 05 Apr 2013 Posts: 644
|
Posted: Tue Jun 30, 2015 7:36 am Post subject: |
|
|
Gniarf wrote: | In the current steam version, the health pointers are:
P1:[MKKE.exe+A89D7C+1c]+78c0
P2:[MKKE.exe+A89D7C+c8c+1c]+78c0
So an alternative to vng21092's method is to cmp esi,[MKKE.exe+A89D7C+1c] .It might be a little bit more complicated for tag battles tough. |
How would that work though? esi itself isnt holding the health, wouldnt you have to push esi+78C0 into something like eax, and then compare eax to the pointer? Otherwise, esi would never match the health because... It doesn't hold the health... Unless Im missing something I'm thinking something like Code: | push eax
mov eax,[esi+78C0]
cmp eax,[[[MKKE.exe+A89D7C]+1C]+78C0]
pop eax
je infiniteHealth |
|
|
Back to top |
|
|
Gniarf Grandmaster Cheater Supreme Reputation: 43
Joined: 12 Mar 2012 Posts: 1285
|
Posted: Tue Jun 30, 2015 8:50 am Post subject: |
|
|
@vng21092: the thing you're missing is that the check I suggest is based on comparing the address of the health and not the health itself (which wouldn't be reliable since both players start with 1.0 health).
Code: | movss [esi+000078C0],xmm1 | writes the health, so esi holds health's address-78C0 .
[MKKE.exe+A89D7C+1c]+78c0 points to the P1's health, so [MKKE.exe+A89D7C+1c] contains P1 health's address-78C0, the same thing as esi when the above instruction is writing P1's health.
BTW the pointer is [MKKE.exe+A89D7C+1c]+78c0, not [[MKKE.exe+A89D7C]+1c]+78c0 .
MKKE.exe+A89D7C is the base of an array of objects that contains P1/P2-related data, and I wanted to keep that info just in case that's why I wrote MKKE.exe+A89D7C+1c instead of MKKE.exe+A89D98. Each element in this array is c8c byte long which explains how I wrote P2's health pointer.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
Back to top |
|
|
vng21092 Grandmaster Cheater Reputation: 15
Joined: 05 Apr 2013 Posts: 644
|
Posted: Tue Jun 30, 2015 9:28 am Post subject: |
|
|
Hmmm interesting, didnt know you could do that... Good stuff
|
|
Back to top |
|
|
chochang262 Newbie cheater Reputation: 0
Joined: 31 May 2012 Posts: 20 Location: United States
|
Posted: Tue Jun 30, 2015 5:36 pm Post subject: |
|
|
Got it! Thanks for being helpful everyone. I learned something today (hopefully).
|
|
Back to top |
|
|
vng21092 Grandmaster Cheater Reputation: 15
Joined: 05 Apr 2013 Posts: 644
|
Posted: Tue Jun 30, 2015 5:44 pm Post subject: |
|
|
I know it wasn't mentioned above but, in times where you really can't find a player ID in the structure, under the right conditions, it's actually possible to CREATE your own player ID
|
|
Back to top |
|
|
|