| View previous topic :: View next topic |
| Author |
Message |
Barrin
Newbie cheater
![]() Reputation: 0
Joined: 08 Sep 2008
Posts: 15
Location: The Netherlands
|
 Posted: Sun Jan 19, 2014 7:48 am Post subject: Finding a code that closes a game |
 |
|
Firstly I have to admit my knowledge with cheat engine debugging and assembly is not the best by far. (I have so far only completed the tutorial till LUA scripting *so not LUA scripting and/or after that*).
This game uses a static address for HP (for some reason), but if you alter the amount of HP you have or freeze the HP, some function in the game closes the game.
I thought this could be easily fixed by just using the debugger with "Find out what accesses this address" but the address that makes sure that the game does not crash totally disables HP for you and enemies (by NOPPING it) so you can't use the static address to edit your HP anymore.
I thought that in memory view you could quite easily find the instuction that closes the game close to the "Browse this memory region" of the static address but I can't seem to find any instructions close to it that would close the game.
Is there a tutorial (I have not found it so far) or is someone willing to explain how to disable that "close the game on address change" function?
So in short what I want to do is:
Disable the code that closes the game on writing to the static address.
Use the static address to increase, decrease or freeze hp.
|
|
| Back to top |
|
 |
zm0d
Master Cheater
 Reputation: 7
Joined: 06 Nov 2013
Posts: 423
|
| Posted: Sun Jan 19, 2014 12:20 pm Post subject: |
|
|
The problem is, that the game checks if there is a debugger present.
If it finds one, it automatically closes itself.
Try different debuggers and debugging methods (e.g. Page exceptions)
Often using the VEH debugger with hardware breakpoints does the trick.
If you're one of the lucky guys, who is able to use DBVM, then use the DBVM debugger.
To change your debugger start CE, click on Edit, left side Debugger Options, choose "Use VEH Debugger" in the lower window half.
Good luck mate 
|
|
| Back to top |
|
|
Barrin
Newbie cheater
![]() Reputation: 0
Joined: 08 Sep 2008
Posts: 15
Location: The Netherlands
|
| Posted: Sun Jan 19, 2014 1:35 pm Post subject: |
|
|
| zm0d wrote: | The problem is, that the game checks if there is a debugger present.
If it finds one, it automatically closes itself.
Try different debuggers and debugging methods (e.g. Page exceptions)
Often using the VEH debugger with hardware breakpoints does the trick.
If you're one of the lucky guys, who is able to use DBVM, then use the DBVM debugger.
To change your debugger start CE, click on Edit, left side Debugger Options, choose "Use VEH Debugger" in the lower window half.
Good luck mate |
Apperantly I have not been clear enough in my starting message. Debugging (using VEH debugger with Hardware Breakpoints) works find and I can still nop codes that write (or access) the static address I'm talking about HP in this case. (Unfortunatly I cannot use DVBM but so far I have not needed to use it luckely, it's something to keep in mind when I build/or upgrade my computer).
But if I change the static address (or freeze it) -> With this I mean if I for example set the HP to 3200 while it was 2600 the game crashes (without warning or error message what so ever).
(With a static address I mean a certain address you found using the Cheat Engine search function but this address is the same each time you start the game, or the address you found has the same function each time you start the game).
So I was thinking that there is a code or something that writes or compares the static address to what it should be and if it isn't that the game closes.
Using the VEH debugger I can find the address that influences HP but if I disable/NOP it the HP of me and the enemies is frozen. (And with this because the HP function is replaced by a NOP I cannot change the HP anymore using the static address found in Cheat Engine).
As such I want to see if I can find the code or function that Closes the game when I change or Freeze HP and disable it so I can just change the HP without the game crashing (without warning what so ever, but it is likely a function put in the game itself as no hackguard program or stuff seem present, shouldn't be anyhow since it isn't an online game).
|
|
| Back to top |
|
|
UnIoN
Expert Cheater
![]() Reputation: 2
Joined: 17 May 2011
Posts: 146
|
| Posted: Mon Jan 20, 2014 6:10 am Post subject: |
|
|
| try ollydbg, if the game exe loads up and you can start it through olly proceed until the game crashes, olly will breakpoint at that point
|
|
| Back to top |
|
|
Barrin
Newbie cheater
![]() Reputation: 0
Joined: 08 Sep 2008
Posts: 15
Location: The Netherlands
|
| Posted: Mon Jan 20, 2014 7:01 am Post subject: |
|
|
| UnIoN wrote: | | try ollydbg, if the game exe loads up and you can start it through olly proceed until the game crashes, olly will breakpoint at that point |
OllyDBG is no option unfortunatly game has protection against it. (Probably because olly uses Windows Debugging?).
Ah well one day or another I will find it it's unfortunate that Olly does not have other debugging options (like Cheat Engine) but it's not the end of the world. If I ever find out the instruction I'll update this thread with the information of how I found the information and what I did in Cheat Engine to just disable the instruction.
Thanks for the advice though
|
|
| Back to top |
|
|
Hatschi
Master Cheater
![]() Reputation: 2
Joined: 28 Jan 2010
Posts: 327
|
| Posted: Mon Jan 20, 2014 7:19 am Post subject: |
|
|
| Ollydb has several plugins available that hides Ollydb from anti-debugger-technics.
|
|
| Back to top |
|
|
Barrin
Newbie cheater
![]() Reputation: 0
Joined: 08 Sep 2008
Posts: 15
Location: The Netherlands
|
| Posted: Mon Jan 20, 2014 8:31 am Post subject: |
|
|
| Hatschi wrote: | | Ollydb has several plugins available that hides Ollydb from anti-debugger-technics. |
I have 4 of these (or tried 4 of these) and they don't work unfortunatly. Like I said I'll post if I can find someting out. The plugins I have for hiding the Debugger are: HideDebug, IsDebugPresent, aadp4olly and AttachAnyway (which is not really for debugging). But none of these seem to work against the anti-debugging the game uses.
|
|
| Back to top |
|
|
UnIoN
Expert Cheater
![]() Reputation: 2
Joined: 17 May 2011
Posts: 146
|
| Posted: Mon Jan 20, 2014 8:40 am Post subject: |
|
|
i think your game hase some protections still on (not only antidebugger?), until you disable them you cannot use code injection/editing
crc check is one possibility
|
|
| Back to top |
|
|
zm0d
Master Cheater
Reputation: 7
Joined: 06 Nov 2013
Posts: 423
|
| Posted: Mon Jan 20, 2014 9:58 am Post subject: |
|
|
| could you tell us/me the game title?
|
|
| Back to top |
|
|
Barrin
Newbie cheater
![]() Reputation: 0
Joined: 08 Sep 2008
Posts: 15
Location: The Netherlands
|
| Posted: Mon Jan 20, 2014 9:59 am Post subject: |
|
|
| UnIoN wrote: | i think your game hase some protections still on (not only antidebugger?), until you disable them you cannot use code injection/editing
crc check is one possibility |
I don't really know what kind of protections all I know is that OllyDBG breaks on ntdll.DbgBreakPoint when debugging with OllyDBG.
After that it just starts generating a whole lot of exceptions and the game eventually crashes.
On the other hand debugging using Cheat Engine does not cause a problem (with VEH debugger), but I doubt I can get the breakpoint of the exit instruction that way (if there is a way for using Cheat Engine like this do tell).
Auto Assembly and NOPPING does work for certain addresses/instructions.
But like I said I will add information once I get more. I just hoped there was a possibility to get that breakpoint by using Cheat Engine somehow (although that's probably not an easy task).
The funny thing is that the address was able to be modified until an update of a few days (5 or 6 now) back (thank you Steam). But than again the update fixes enough bugs that not installing the update is more or less not an option.
It could also be that because the HP address is read only now? But normally in games this is not a problem since Cheat Engine just tries to force read only addresses to become writeable. I think like I said some kind of weird instruction has been added to prevent change of the address (although I find it weird it doesn't show up with "Find out what accesses this address" or at least not the way I want, disable the instruction and you can edit the address but the address has no function at all anymore).
|
|
| Back to top |
|
|
pellik
Advanced Cheater
![]() Reputation: 0
Joined: 14 Jun 2013
Posts: 93
|
|
| Back to top |
|
|
Hatschi
Master Cheater
![]() Reputation: 2
Joined: 28 Jan 2010
Posts: 327
|
| Posted: Tue Jan 21, 2014 7:29 am Post subject: |
|
|
The plugins you have are not really good. You might use a custom ollydb version or take a look around. The site http://tuts4you.com/ is a good starting point.
@pellik: This only helps against scanners or CRC checks I believe.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
