Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Need help with hacking a game that uses DMA

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
kjmarket
Grandmaster Cheater
Reputation: 0

Joined: 11 Oct 2006
Posts: 600

PostPosted: Tue Apr 10, 2007 7:36 pm    Post subject: Need help with hacking a game that uses DMA Reply with quote

I can find the addresses and find out what writes to them, but it all changes everytime, so I need help, or a tut on defeating DMA....and not one saying the only way is with softice. It's an older game...Shadowflare...that I've had forever...btw...


EDIT


Ok, I'm gonna try and post some info hoping someone can help me. Seems like this forum is overrunw ith newbs that know nothing and only a few knowledgeable people that know their stuff. Guess I really have no room to talk as I don't know how to figure this out....Razz

Anyway..the game is ShadowFlare, and for my example I
ll show you health. It shows HP(health) as health left/max health. Mine is currently 310/310. So I go and get hit and drop down, search for the new value, find one, change ti back to 310, and bam..its the right one. As newbish as newbish gets. The address is 05C243BC, though this changes everytime the game is run...obviously. I find out what writes to this address, and find the following:

00443edc - 29 be a4 01 00 00 - sub [esi+000001a4],edi

No I'm not asking what this does...I know some assembly, and I know this is subtracting the amount of damage, and that theres a pointer. I can replace this with code that does nothing and ti works great, which is ultimately what I want to do, but this addy changes too, so that is my dilemma. I go further by searching for the value it says is probably the value of the pointer, and I get a bunch of results. 13 addy's that stay the same and a bunch that change constantly. All 13 point to the address I found for health once I add em to the list. Add manually, click pointer, add address that I found, then add the offset and it points to my addy. Dandy. This value is black, and changes as well...so where do you go from here? I've done pointer scans on every one of them with no results, and on the original addy...all nothing. Finding out what reads from the addy that the pointer points to is worthless, as its the same thing as finding out what writes to the original addy. I tried finding out what writes to the pointer and I get hits on a bunch of them..as soon as I goto what writes tot hem..dont even have to go into game..and th epointer begins pointing at all different places. A few give results when i get hit, but point to a different address. Where do I go from here? I want to eventually nop the original sub command so I just dont lose health, not freeze the original value. Suggestions? Auto Assemble stuff maybe? Thanks.
Back to top
View user's profile Send private message MSN Messenger
Labyrnth
Moderator
Reputation: 10

Joined: 28 Nov 2006
Posts: 6301

PostPosted: Wed Apr 11, 2007 6:06 pm    Post subject: Reply with quote

If this address is changing, Your are getting code shifting.
Most likely it maybe finding this address in a dll file.
There are some tutorials around the net on how to deal with code shifting and it is not going to be a fun trip.

00443edc - 29 be a4 01 00 00 - sub [esi+000001a4],edi


Here is one such post about it.
http://www.extalia.com/forum/viewtopic.php?t=2048
Back to top
View user's profile Send private message
kjmarket
Grandmaster Cheater
Reputation: 0

Joined: 11 Oct 2006
Posts: 600

PostPosted: Wed Apr 11, 2007 7:16 pm    Post subject: Reply with quote

What I mean is that the addy's change everytime the game is run, not while the game is running.
Back to top
View user's profile Send private message MSN Messenger
Labyrnth
Moderator
Reputation: 10

Joined: 28 Nov 2006
Posts: 6301

PostPosted: Thu Apr 12, 2007 5:55 pm    Post subject: Reply with quote

And that is code shifting.......

Another game i have seen that does this is Navy Seals.
Except it does it every time you reinstall it.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25796
Location: The netherlands

PostPosted: Thu Apr 12, 2007 8:52 pm    Post subject: Reply with quote

thats just normal DMA, dynamic memory allocation
Stuff that can affect the location of the memory can be the position of your mouse, other programs that may have loaded in a different order, etc...

Try the pointer tutorial, or code injection, they teach you the basics needed to fix this.

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
kjmarket
Grandmaster Cheater
Reputation: 0

Joined: 11 Oct 2006
Posts: 600

PostPosted: Thu Apr 12, 2007 9:46 pm    Post subject: Reply with quote

I am trying tuts, but how do I do code injection that works everytime I play, rather than have to redo the code to inject everytime I start the game.
Back to top
View user's profile Send private message MSN Messenger
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25796
Location: The netherlands

PostPosted: Fri Apr 13, 2007 5:25 am    Post subject: Reply with quote

sorry, just read it again, you're saying that the location of the code that decreases the address as well changes too?
e.g one time is's
00443edc - 29 be a4 01 00 00 - sub [esi+000001a4],edi
next time it's
00667edc - 29 be a4 01 00 00 - sub [esi+000001a4],edi
3th time it's
22abcedc - 29 be a4 01 00 00 - sub [esi+000001a4],edi
?

if so, then if you've found the instruction again, check in which module that code is. (e.g gamex.dll) You can find that out by looking in the memoryview and choose the option to show modules, and then use the notation of modulename.bla+offset to get to that address.

Also, if you do replace with code that does nothing, the codelist will also use that method to find the address

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites