 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Daniil
How do I cheat?
![]() Reputation: 0
Joined: 28 Apr 2013
Posts: 4
|
 Posted: Sun Apr 28, 2013 6:04 am Post subject: Help with DMA |
 |
|
Hello everyone!
I'm using a CheatEngine for hack a Last Chaos MMORPG. It was all OK, but suddenly I found a problem which I can't deal by myself.
I need to modify settings of character attack speed, running speed and casting speed. LastChaos storing all this values locally (not on the server like WoW). So, theoretically we can modify them.
I used CE for search and found following addresses (watch a screen in attachments)
In this table:
-"static" address of variable containing a copy of value of run speed
-address 2 is easy to find by value and last digits, and addresses 3-5 is even more easy to find by offset from address 2. They are always between 03000000 - 04000000 and always have same last digits
But addresses 1-5 have no effect on run speed and attack speed in game.
Meaningful attack and run speed stores in variables somewhere between 18000000-25000000, and addresses of variables changes absolutly randomly. Only permanent conditions with that variables is that, first,
address of "Meaningful RunSpeed" = address of "Meaningful AttackSpeed" + C, and, second
if we change value of "Meaningful RunSpeed", then value of "static" run speed will also change.
So... How I can find addresses of that values automatically (or change that values by any other way)?
(In fact I had a try. In my trainer script I read a value of AttackSpeed1 (row 3 in a table), and then make a memscan trough 18000000-25000000, searching the same value. Then I cyclically walk trough found list and on each record:
- calculating address of probably address of "Meaningful RunSpeed" (i.e., record address + C)
- read value at this address
- IF value at this address is same as at "static" RunSpeed THEN
-generate a random number and write it to our probably address of "Meaningful RunSpeed".
-IF after previous action "static" RunSpeed changed, THEN - Hooray! - we found correct address... Save record address and record address + C for further changing...
ELSE we lose, go to next address and repeat all of this
This algorithm sometimes working, but sometimes fails, because can't find correct address... Also, it's long, heavy and ungraceful. So, back to my question - is there another way to deal with this?)
P.S.: Pointer finding didn't want to work. Don't know why. After I try to "Find out what access this address", LastChaos crashing instantly. Pointer scan also don't work correct - it founds a lot of addresses, and they're sometimes works, but after restarting the game they becomes useless.
P.P.S.: Sorry for my illiteracy if it exists, english isn't my own language.
| Description: |
|
| Filesize: |
59.27 KB |
| Viewed: |
5059 Time(s) |
|
|
|
| Back to top |
|
 |
Daniil
How do I cheat?
![]() Reputation: 0
Joined: 28 Apr 2013
Posts: 4
|
| Posted: Sun Apr 28, 2013 10:34 pm Post subject: |
|
|
| So... Any suggestions? Or it's no way?
|
|
| Back to top |
|
|
daspamer
Grandmaster Cheater Supreme
 Reputation: 54
Joined: 13 Sep 2011
Posts: 1588
|
| Posted: Sun Apr 28, 2013 11:07 pm Post subject: |
|
|
When you're checking what access&writes to this address, it crashes?
Try VEH Debugger, or game being protected.
Generally I'd recommend using assembly.
You could combine assembly&lua easily.
So for example you do
| Code: | alloc(spd_s,10)
registersymbol(spd_s)
...
...
newmem:
mov ebx, [address... or original opcode.. that you should get if you're doing check what accesses this address..]
mov [spd_s], ebx
...
...
spd_s:
dd 0
|
in lua do this:
Do some sort of formula, stuff that effects the speed.. like boosters&levels&pets&weapons or wahtever ( i don't play the game so Idk what effects it).
And then get the value from spd_s (which stores the speed).
And do math..
Like if weapon increases speed by 20%
so get the value from spd_s, for example spd_s = 100
and 100%-20% (to get the speed value without any boost) = 80%
so you do
100 * 0.8 = 80
the original speed is 80.
So you can add few lua functions to set the speed and etc.
like doing this :
| Code: | alloc(spd_s,10)
registersymbol(spd_s)
label(check)
registersymbol(check)
label(hack)
label(hackedvalue)
registersymbol(hackedvalue)
...
...
newmem:
mov ebx, [...] //address... or original opcode.. that you should get if you're doing check what accesses this address..
mov [spd_s], ebx
cmp [check], 1
je hack
jmp exit
hack:
mov ebx, [hackedvalue]
mov [...],ebx address... or original opcode.. that you should get if you're doing check what accesses this address..
jmp exit
...
...
spd_s:
dd 0
check:
db 0
hackedvalue:
dd 0
|
and in lua this:
| Code: |
function hmm()
...
...
--make your formula & whatever you want to obtain and set the value
--writeDouble or whatever you want..
writeDouble('hackedvalue',240)
writeIntegar('check',1)
end
|
You can do it in a way that it would change all addresses of speed.
But the above MOST likely not to work, its an example, hopefully you got my point, because I explain very bad =P.
Could you tell me whats the game size? 1-2gb? installation time length..
I hate to wait alot, thats why I dont hack PC games.
P.S
All I said above, is the "other" way that you requested.
And its the better way for my opinion.
Because it should never fail unless modifications were made in that assembly region.
_________________
I'm rusty and getting older, help me re-learn lua. |
|
| Back to top |
|
|
Daniil
How do I cheat?
![]() Reputation: 0
Joined: 28 Apr 2013
Posts: 4
|
| Posted: Mon Apr 29, 2013 2:41 am Post subject: |
|
|
Thank you for detailed explanation.
If I tried VEH debugger (or Olly Debugger, maybe you heard about it) the game crash immediately.
Look like it's protected somehow. (Also, a request, does anyone know anything about how it can be done?)
For modifying assemble region we must find it somehow (as far as I know). But - I can't find it because of debugger fails to open the game. That's the stuck... Or I'm "doing it wrong"? 
As for the game size - it's 3.79Gb and about 700Mb in-memory image. Also, that's not original "Last Chaos". It's a russian adaptation, modified by some unknown, unusual way. (Because as I read on other forums, in original Korean version of LC speed, attack and cast values stored in addresses 03**D8B4 and other like this, mentioned in my first message).
|
|
| Back to top |
|
|
daspamer
Grandmaster Cheater Supreme
Reputation: 54
Joined: 13 Sep 2011
Posts: 1588
|
| Posted: Mon Apr 29, 2013 8:10 am Post subject: |
|
|
Ugh nearly 4gb...
Check what kind of plugins you might be able to find to bypass the protection
Also in the formula, after doing everything.
You should do Speed / speedstats (that being displayed in the profile or somethin).
and then to increase the speed, just add X times of the result of calculation of the above.
Edit:
Also, Im not gonna help you anymore than this.
Just re-read the first post, and I see that's its an MMORPG.
Good luck mate.
_________________
I'm rusty and getting older, help me re-learn lua. |
|
| Back to top |
|
|
Daniil
How do I cheat?
![]() Reputation: 0
Joined: 28 Apr 2013
Posts: 4
|
| Posted: Wed May 01, 2013 1:34 pm Post subject: |
|
|
Thanks anyway, comrade!
If I'd find a way to resolve this, I'll explain it here.
Also - what's wrong with MMORPG? You said like this is something indecent...
|
|
| Back to top |
|
|
Broomop
How do I cheat?
![]() Reputation: 0
Joined: 06 May 2009
Posts: 2
|
| Posted: Thu May 02, 2013 3:54 am Post subject: |
|
|
| i can help you with this
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
