[Solved] Steel Division: Normandy 44

Memory scanning, code injection, debugger internals and other gamemodding related discussion
Post Reply
ShadowOps
Noobzor
Noobzor
Posts: 12
Joined: Wed May 24, 2017 4:49 pm
Reputation: 0

[Solved] Steel Division: Normandy 44

Post by ShadowOps » Thu May 25, 2017 7:13 pm

Hello everbody,

Wrapping my head around CE/Assembly is hard :lol:

I'm trying to create a script that gives me unlimited units; you get a value on a certain troops and if you used that up you cannot spawn it anymore.

Now i found: 14126CFFE - FF 48 38 - dec [rax+38] and 14126D37F - 44 01 60 38 - add [rax+38],r12d. I tried this for my script:

After spawning a new unit the game crashed :lol: What i'm trying to do with my script is: After spawning a unit increase value by 1.

Code: Select all

[ENABLE]

aobscanmodule(INJECT,SteelDivision.exe,FF 48 38 F7 45 28 FF FF FF 07) // should be unique
alloc(newmem,$1000,"SteelDivision.exe"+126CFFE)

label(code)
label(return)

newmem:
push eax
mov eax,[rax+38]
add eax,1
jmp return


code:
  dec [rax+38]
  test [rbp+28],7FFFFFF
  jmp return

INJECT:
  jmp newmem
  nop
  nop
  nop
  nop
  nop
return:
registersymbol(INJECT)

[DISABLE]

INJECT:
  db FF 48 38 F7 45 28 FF FF FF 07

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "SteelDivision.exe"+126CFFE

"SteelDivision.exe"+126CFE4: 39 48 2C                 -  cmp [rax+2C],ecx
"SteelDivision.exe"+126CFE7: 75 0D                    -  jne SteelDivision.exe+126CFF6
"SteelDivision.exe"+126CFE9: 8B 4B 30                 -  mov ecx,[rbx+30]
"SteelDivision.exe"+126CFEC: 83 F9 FF                 -  cmp ecx,-01
"SteelDivision.exe"+126CFEF: 74 0D                    -  je SteelDivision.exe+126CFFE
"SteelDivision.exe"+126CFF1: 3B 48 30                 -  cmp ecx,[rax+30]
"SteelDivision.exe"+126CFF4: 74 08                    -  je SteelDivision.exe+126CFFE
"SteelDivision.exe"+126CFF6: 33 D2                    -  xor edx,edx
"SteelDivision.exe"+126CFF8: 48 83 C0 40              -  add rax,40
"SteelDivision.exe"+126CFFC: EB 82                    -  jmp SteelDivision.exe+126CF80
// ---------- INJECTING HERE ----------
"SteelDivision.exe"+126CFFE: FF 48 38                 -  dec [rax+38]
"SteelDivision.exe"+126D001: F7 45 28 FF FF FF 07     -  test [rbp+28],7FFFFFF
// ---------- DONE INJECTING  ----------
"SteelDivision.exe"+126D008: 0F 84 7D 00 00 00        -  je SteelDivision.exe+126D08B
"SteelDivision.exe"+126D00E: 48 8B CB                 -  mov rcx,rbx
"SteelDivision.exe"+126D011: E8 0A EB FF FF           -  call SteelDivision.exe+126BB20
"SteelDivision.exe"+126D016: 4C 8B C0                 -  mov r8,rax
"SteelDivision.exe"+126D019: 4C 8D 4C 24 30           -  lea r9,[rsp+30]
"SteelDivision.exe"+126D01E: 48 8B D3                 -  mov rdx,rbx
"SteelDivision.exe"+126D021: 48 8D 4D 28              -  lea rcx,[rbp+28]
"SteelDivision.exe"+126D025: E8 D6 C2 2E FF           -  call SteelDivision.exe+559300
"SteelDivision.exe"+126D02A: 4C 8B 4C 24 30           -  mov r9,[rsp+30]
"SteelDivision.exe"+126D02F: 4D 85 C9                 -  test r9,r9
}
Can you guys give me some tips?

Thanks a lot
Last edited by ShadowOps on Thu May 25, 2017 7:47 pm, edited 1 time in total.

NotJustSomeGuy
What is cheating?
What is cheating?
Posts: 3
Joined: Mon May 22, 2017 12:41 pm
Reputation: 0

Re: [Need Help] Steel Division: Normandy 44

Post by NotJustSomeGuy » Thu May 25, 2017 7:31 pm

Yeah no that code isn't supposed to be directly bellow newmem (I don't think anyway). (I could be completely wrong about this but every script i've made is like this) You can make a label like this:

Code: Select all

[ENABLE]

aobscanmodule(INJECT,SteelDivision.exe,FF 48 38 F7 45 28 FF FF FF 07) // should be unique
alloc(newmem,$1000,"SteelDivision.exe"+126CFFE)

label(code)
label(return)
label(hax)

newmem:


hax:
 add [rax+38],1
 jmp return //This should be the format anyway.

code:
  dec [rax+38]
  test [rbp+28],7FFFFFF
  jmp return

INJECT:
  jmp newmem
  nop
  nop
  nop
  nop
  nop
return:
registersymbol(INJECT)

[DISABLE]

INJECT:
  db FF 48 38 F7 45 28 FF FF FF 07

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "SteelDivision.exe"+126CFFE

"SteelDivision.exe"+126CFE4: 39 48 2C                 -  cmp [rax+2C],ecx
"SteelDivision.exe"+126CFE7: 75 0D                    -  jne SteelDivision.exe+126CFF6
"SteelDivision.exe"+126CFE9: 8B 4B 30                 -  mov ecx,[rbx+30]
"SteelDivision.exe"+126CFEC: 83 F9 FF                 -  cmp ecx,-01
"SteelDivision.exe"+126CFEF: 74 0D                    -  je SteelDivision.exe+126CFFE
"SteelDivision.exe"+126CFF1: 3B 48 30                 -  cmp ecx,[rax+30]
"SteelDivision.exe"+126CFF4: 74 08                    -  je SteelDivision.exe+126CFFE
"SteelDivision.exe"+126CFF6: 33 D2                    -  xor edx,edx
"SteelDivision.exe"+126CFF8: 48 83 C0 40              -  add rax,40
"SteelDivision.exe"+126CFFC: EB 82                    -  jmp SteelDivision.exe+126CF80
// ---------- INJECTING HERE ----------
"SteelDivision.exe"+126CFFE: FF 48 38                 -  dec [rax+38]
"SteelDivision.exe"+126D001: F7 45 28 FF FF FF 07     -  test [rbp+28],7FFFFFF
// ---------- DONE INJECTING  ----------
"SteelDivision.exe"+126D008: 0F 84 7D 00 00 00        -  je SteelDivision.exe+126D08B
"SteelDivision.exe"+126D00E: 48 8B CB                 -  mov rcx,rbx
"SteelDivision.exe"+126D011: E8 0A EB FF FF           -  call SteelDivision.exe+126BB20
"SteelDivision.exe"+126D016: 4C 8B C0                 -  mov r8,rax
"SteelDivision.exe"+126D019: 4C 8D 4C 24 30           -  lea r9,[rsp+30]
"SteelDivision.exe"+126D01E: 48 8B D3                 -  mov rdx,rbx
"SteelDivision.exe"+126D021: 48 8D 4D 28              -  lea rcx,[rbp+28]
"SteelDivision.exe"+126D025: E8 D6 C2 2E FF           -  call SteelDivision.exe+559300
"SteelDivision.exe"+126D02A: 4C 8B 4C 24 30           -  mov r9,[rsp+30]
"SteelDivision.exe"+126D02F: 4D 85 C9                 -  test r9,r9
} 
Last edited by NotJustSomeGuy on Thu May 25, 2017 7:40 pm, edited 4 times in total.

STN
Founder
Founder
Posts: 2702
Joined: Thu Mar 02, 2017 7:48 pm
Reputation: 140

Re: [Need Help] Steel Division: Normandy 44

Post by STN » Thu May 25, 2017 7:34 pm

just do this
code:
inc [rax+38]
test [rbp+28],7FFFFFF

it was crashing btw because you didn't pop eax. But even if you had popped eax, it wasn't going to do anything (you forgot to write back to game address).

PS: This game has encrypted values, i forgot if units values was encrypted but income was.
For site updates, follow FRF's official Twitter, Facebook

ShadowOps
Noobzor
Noobzor
Posts: 12
Joined: Wed May 24, 2017 4:49 pm
Reputation: 0

Re: [Need Help] Steel Division: Normandy 44

Post by ShadowOps » Thu May 25, 2017 7:45 pm

STN wrote:
Thu May 25, 2017 7:34 pm
just do this
code:
inc [rax+38]
test [rbp+28],7FFFFFF

it was crashing btw because you didn't pop eax. But even if you had popped eax, it wasn't going to do anything (you forgot to write back to game address).

PS: This game has encrypted values, i forgot if units values was encrypted but income was.
Ahh it was that easy ha! That also fixed my problem with multiple unit spawns at once, it adds it automatically back with this ;) Thanks a lot.

Post Reply

Who is online

Users browsing this forum: No registered users