RISE OF THE TOMB RAIDER Health hacking

Memory scanning, code injection, debugger internals and other gamemodding related discussion
TheByteSize
Expert Cheater
Expert Cheater
Posts: 71
Joined: Sat Mar 04, 2017 7:28 am
Reputation: 32

Re: RISE OF THE TOMB RAIDER Health hacking

Post by TheByteSize » Mon Sep 18, 2017 8:23 pm

pharaon wrote:
Mon Sep 18, 2017 8:08 pm
how are you displaying your memory that way because mine look like this

https://imgur.com/a/Ld9Mr

but the code didn't work it decrease my health then crash the game
right click on bottom windows and choose Display Type > 4 Bytes Hex

pharaon
Cheater
Cheater
Posts: 29
Joined: Sat Aug 05, 2017 1:42 pm
Reputation: 0

Re: RISE OF THE TOMB RAIDER Health hacking

Post by pharaon » Mon Sep 18, 2017 8:40 pm

https://imgur.com/a/O2swW
if you notice the bytes are inverted dunno why

so why about that the code is not working

what could be wrong

TheByteSize
Expert Cheater
Expert Cheater
Posts: 71
Joined: Sat Mar 04, 2017 7:28 am
Reputation: 32

Re: RISE OF THE TOMB RAIDER Health hacking

Post by TheByteSize » Mon Sep 18, 2017 8:50 pm

12C is hex decimal for 300 float which is your health so using that would be bad.

pharaon
Cheater
Cheater
Posts: 29
Joined: Sat Aug 05, 2017 1:42 pm
Reputation: 0

Re: RISE OF THE TOMB RAIDER Health hacking

Post by pharaon » Mon Sep 18, 2017 8:57 pm

ok i got it ,i'll find the new register
but what about the memory display thing

TheByteSize
Expert Cheater
Expert Cheater
Posts: 71
Joined: Sat Mar 04, 2017 7:28 am
Reputation: 32

Re: RISE OF THE TOMB RAIDER Health hacking

Post by TheByteSize » Mon Sep 18, 2017 10:24 pm

Try with this code. I don't have access to the game at the moment so I cannot verify.
as for your Memory Address display in backward, I don't know how that happened.

Code: Select all

[ENABLE]

aobscanmodule(health1,ROTTR.exe,F3 0F 11 70 2C 48 8B 8B A8) // should be unique
alloc(newmem,$1000,health1)

label(prepare2exit)
label(code)
label(return)

newmem:
  push rdi  //preserve rdi
  lea rdi,[rax]  //copy effective address of rax
  cmp [rdi],xxxxxx  //replace this with the hex you see at rax
  jne prepare2exit
  //start check on new health if health change belong to player
  pop rdi  //return rdi to original state
  push rdi  //borrow this register again
  movq [rdi],xmm6  //copy new health
  cmp  [rax+2C],rdi  //check old vs new
  jge prepare2exit  //ignore if old health is higher
  //end of health chang check
code:
  movss [rax+2C],xmm6
// jmp return
prepare2exit:
  pop rdi //return rdi to original state
  jmp return

health1:
  jmp newmem
return:
registersymbol(health1)

[DISABLE]

health1:
  db F3 0F 11 70 2C

unregistersymbol(health1)
dealloc(newmem)

pharaon
Cheater
Cheater
Posts: 29
Joined: Sat Aug 05, 2017 1:42 pm
Reputation: 0

Re: RISE OF THE TOMB RAIDER Health hacking

Post by pharaon » Mon Sep 18, 2017 11:29 pm

this is the registers of my hero health address
RAX=00000000C590D060
RBX=00000000C590C8D0
RCX=00000000858496A0
RDX=00000000000001C2
RSI=0000000000000080
RDI=000000000000012C
RBP=00000000C5B6AE50
RSP=000000000014E390
RIP=0000000143356C18
R8 =00000000B4793538
R9 =FFFFFFFF00000000
R10=00000000ABB87890
R11=0000000000000030
R12=0000000000000001
R13=0000000000000000
R14=000000000000FFFF
R15=0000000142276930

your code made all enemies in god mode :)

i also hope if you can explain your code little to me

TheByteSize
Expert Cheater
Expert Cheater
Posts: 71
Joined: Sat Mar 04, 2017 7:28 am
Reputation: 32

Re: RISE OF THE TOMB RAIDER Health hacking

Post by TheByteSize » Mon Sep 18, 2017 11:49 pm

change
cmp [rdi],xxxxxx
to
cmp [rdi],40CDFEA0

pharaon
Cheater
Cheater
Posts: 29
Joined: Sat Aug 05, 2017 1:42 pm
Reputation: 0

Re: RISE OF THE TOMB RAIDER Health hacking

Post by pharaon » Tue Sep 19, 2017 12:07 am

why 40CDFEA0??
how you get it

TheByteSize
Expert Cheater
Expert Cheater
Posts: 71
Joined: Sat Mar 04, 2017 7:28 am
Reputation: 32

Re: RISE OF THE TOMB RAIDER Health hacking

Post by TheByteSize » Tue Sep 19, 2017 12:26 am

[rax+2c] which point to an address that contains lara's hp. So I looked back at [rax] which has address that contains something. That hex was there and I assume that's the ID for lara.
anyway, which part of the code don't you understand?

User avatar
Kalas
Expert Cheater
Expert Cheater
Posts: 386
Joined: Fri Mar 03, 2017 9:49 am
Reputation: 69

Re: RISE OF THE TOMB RAIDER Health hacking

Post by Kalas » Tue Sep 19, 2017 6:35 am

Could you check if the code you inject at Is even writing to your real value instead for a graphical cause It may just be a display value which could explain why you are having issues.

Just don't use cmp or anything,

Code: Select all

mov [rax+2C],(float)999
If It does work then try to cmp with: RSI=0000000000000080 // Try even R12 I believe I saw It has a unique offset.


PS: Downloading right now just to test this issue, I think I made a CT for this game back then so I remember making Unlimited Health as well.

pharaon
Cheater
Cheater
Posts: 29
Joined: Sat Aug 05, 2017 1:42 pm
Reputation: 0

Re: RISE OF THE TOMB RAIDER Health hacking

Post by pharaon » Wed Sep 20, 2017 8:11 pm

TheByteSize wrote:
Mon Sep 18, 2017 11:49 pm
change
cmp [rdi],xxxxxx
to
cmp [rdi],40CDFEA0
infinite health for all enemies as well

pharaon
Cheater
Cheater
Posts: 29
Joined: Sat Aug 05, 2017 1:42 pm
Reputation: 0

Re: RISE OF THE TOMB RAIDER Health hacking

Post by pharaon » Wed Sep 20, 2017 8:13 pm

Kalas wrote:
Tue Sep 19, 2017 6:35 am
Could you check if the code you inject at Is even writing to your real value instead for a graphical cause It may just be a display value which could explain why you are having issues.

Just don't use cmp or anything,

Code: Select all

mov [rax+2C],(float)999
If It does work then try to cmp with: RSI=0000000000000080 // Try even R12 I believe I saw It has a unique offset.


PS: Downloading right now just to test this issue, I think I made a CT for this game back then so I remember making Unlimited Health as well.
it write to the real health value

pharaon
Cheater
Cheater
Posts: 29
Joined: Sat Aug 05, 2017 1:42 pm
Reputation: 0

Re: RISE OF THE TOMB RAIDER Health hacking

Post by pharaon » Wed Sep 20, 2017 8:20 pm

Code: Select all

[ENABLE]

aobscanmodule(health1,ROTTR.exe,F3 0F 11 70 2C 48 8B 8B A8) // should be unique
alloc(newmem,$1000,"ROTTR.exe"+3356C18)

label(code)
label(return)
label(laraGODmode)

newmem:
cmp R12,1
je laraGODmode

code:
movss [rax+2C],xmm6
jmp return

laraGODmode:
mov [rax+2C],(float)450
jmp return

health1:
  jmp newmem
return:
registersymbol(health1)

[DISABLE]

health1:
  db F3 0F 11 70 2C

unregistersymbol(health1)
dealloc(newmem)
working fine so far although a little bit lagging

TheByteSize
Expert Cheater
Expert Cheater
Posts: 71
Joined: Sat Mar 04, 2017 7:28 am
Reputation: 32

Re: RISE OF THE TOMB RAIDER Health hacking

Post by TheByteSize » Wed Sep 20, 2017 10:36 pm

pharaon wrote:
Wed Sep 20, 2017 8:11 pm
TheByteSize wrote:
Mon Sep 18, 2017 11:49 pm
change
cmp [rdi],xxxxxx
to
cmp [rdi],40CDFEA0
infinite health for all enemies as well
That's odd. I was hitting the patrols with climber pickaxes without taking any damage and still manage to kill them.

pharaon
Cheater
Cheater
Posts: 29
Joined: Sat Aug 05, 2017 1:42 pm
Reputation: 0

Re: RISE OF THE TOMB RAIDER Health hacking

Post by pharaon » Fri Sep 22, 2017 4:37 pm

this on work

Code: Select all

[ENABLE]

aobscanmodule(health1,ROTTR.exe,F3 0F 11 70 2C 48 8B 8B A8) // should be unique
alloc(newmem,$1000,"ROTTR.exe"+3356C18)

label(code)
label(return)
label(laraGODmode)

newmem:
cmp R12,1
je laraGODmode

code:
movss [rax+2C],xmm6
jmp return

laraGODmode:
mov [rax+2C],(float)450
jmp return

health1:
  jmp newmem
return:
registersymbol(health1)

[DISABLE]

health1:
  db F3 0F 11 70 2C

unregistersymbol(health1)
dealloc(newmem)
but this one does not work

Code: Select all

[ENABLE]

aobscanmodule(health1,ROTTR.exe,F3 0F 11 70 2C 48 8B 8B A8) // should be unique
alloc(newmem,$1000,"ROTTR.exe"+3356C18)

label(code)
label(return)
label(laraGODmode)

newmem:
cmp R13,0
je laraGODmode

code:
movss [rax+2C],xmm6
jmp return

laraGODmode:
mov [rax+2C],(float)450
jmp return

health1:
  jmp newmem
return:
registersymbol(health1)

[DISABLE]

health1:
  db F3 0F 11 70 2C

unregistersymbol(health1)
dealloc(newmem)
any explanation

Post Reply

Who is online

Users browsing this forum: No registered users