Page 2 of 4
Re: RISE OF THE TOMB RAIDER Health hacking
Posted: Mon Sep 18, 2017 8:23 pm
by TheByteSize
pharaon wrote: ↑Mon Sep 18, 2017 8:08 pm
how are you displaying your memory that way because mine look like this
[Link]
but the code didn't work it decrease my health then crash the game
right click on bottom windows and choose Display Type > 4 Bytes Hex
Re: RISE OF THE TOMB RAIDER Health hacking
Posted: Mon Sep 18, 2017 8:40 pm
by pharaon
[Link]
if you notice the bytes are inverted dunno why
so why about that the code is not working
what could be wrong
Re: RISE OF THE TOMB RAIDER Health hacking
Posted: Mon Sep 18, 2017 8:50 pm
by TheByteSize
12C is hex decimal for 300 float which is your health so using that would be bad.
Re: RISE OF THE TOMB RAIDER Health hacking
Posted: Mon Sep 18, 2017 8:57 pm
by pharaon
ok i got it ,i'll find the new register
but what about the memory display thing
Re: RISE OF THE TOMB RAIDER Health hacking
Posted: Mon Sep 18, 2017 10:24 pm
by TheByteSize
Try with this code. I don't have access to the game at the moment so I cannot verify.
as for your Memory Address display in backward, I don't know how that happened.
Code: Select all
[ENABLE]
aobscanmodule(health1,ROTTR.exe,F3 0F 11 70 2C 48 8B 8B A8) // should be unique
alloc(newmem,$1000,health1)
label(prepare2exit)
label(code)
label(return)
newmem:
push rdi //preserve rdi
lea rdi,[rax] //copy effective address of rax
cmp [rdi],xxxxxx //replace this with the hex you see at rax
jne prepare2exit
//start check on new health if health change belong to player
pop rdi //return rdi to original state
push rdi //borrow this register again
movq [rdi],xmm6 //copy new health
cmp [rax+2C],rdi //check old vs new
jge prepare2exit //ignore if old health is higher
//end of health chang check
code:
movss [rax+2C],xmm6
// jmp return
prepare2exit:
pop rdi //return rdi to original state
jmp return
health1:
jmp newmem
return:
registersymbol(health1)
[DISABLE]
health1:
db F3 0F 11 70 2C
unregistersymbol(health1)
dealloc(newmem)
Re: RISE OF THE TOMB RAIDER Health hacking
Posted: Mon Sep 18, 2017 11:29 pm
by pharaon
this is the registers of my hero health address
RAX=00000000C590D060
RBX=00000000C590C8D0
RCX=00000000858496A0
RDX=00000000000001C2
RSI=0000000000000080
RDI=000000000000012C
RBP=00000000C5B6AE50
RSP=000000000014E390
RIP=0000000143356C18
R8 =00000000B4793538
R9 =FFFFFFFF00000000
R10=00000000ABB87890
R11=0000000000000030
R12=0000000000000001
R13=0000000000000000
R14=000000000000FFFF
R15=0000000142276930
your code made all enemies in god mode
i also hope if you can explain your code little to me
Re: RISE OF THE TOMB RAIDER Health hacking
Posted: Mon Sep 18, 2017 11:49 pm
by TheByteSize
change
cmp [rdi],xxxxxx
to
cmp [rdi],40CDFEA0
Re: RISE OF THE TOMB RAIDER Health hacking
Posted: Tue Sep 19, 2017 12:07 am
by pharaon
why 40CDFEA0??
how you get it
Re: RISE OF THE TOMB RAIDER Health hacking
Posted: Tue Sep 19, 2017 12:26 am
by TheByteSize
[rax+2c] which point to an address that contains lara's hp. So I looked back at [rax] which has address that contains something. That hex was there and I assume that's the ID for lara.
anyway, which part of the code don't you understand?
Re: RISE OF THE TOMB RAIDER Health hacking
Posted: Tue Sep 19, 2017 6:35 am
by Kalas
Could you check if the code you inject at Is even writing to your real value instead for a graphical cause It may just be a display value which could explain why you are having issues.
Just don't use cmp or anything,
If It does work then try to cmp with: RSI=0000000000000080 // Try even R12 I believe I saw It has a unique offset.
PS: Downloading right now just to test this issue, I think I made a CT for this game back then so I remember making Unlimited Health as well.
Re: RISE OF THE TOMB RAIDER Health hacking
Posted: Wed Sep 20, 2017 8:11 pm
by pharaon
TheByteSize wrote: ↑Mon Sep 18, 2017 11:49 pm
change
cmp [rdi],xxxxxx
to
cmp [rdi],40CDFEA0
infinite health for all enemies as well
Re: RISE OF THE TOMB RAIDER Health hacking
Posted: Wed Sep 20, 2017 8:13 pm
by pharaon
Kalas wrote: ↑Tue Sep 19, 2017 6:35 am
Could you check if the code you inject at Is even writing to your real value instead for a graphical cause It may just be a display value which could explain why you are having issues.
Just don't use cmp or anything,
If It does work then try to cmp with: RSI=0000000000000080 // Try even R12 I believe I saw It has a unique offset.
PS: Downloading right now just to test this issue, I think I made a CT for this game back then so I remember making Unlimited Health as well.
it write to the real health value
Re: RISE OF THE TOMB RAIDER Health hacking
Posted: Wed Sep 20, 2017 8:20 pm
by pharaon
Code: Select all
[ENABLE]
aobscanmodule(health1,ROTTR.exe,F3 0F 11 70 2C 48 8B 8B A8) // should be unique
alloc(newmem,$1000,"ROTTR.exe"+3356C18)
label(code)
label(return)
label(laraGODmode)
newmem:
cmp R12,1
je laraGODmode
code:
movss [rax+2C],xmm6
jmp return
laraGODmode:
mov [rax+2C],(float)450
jmp return
health1:
jmp newmem
return:
registersymbol(health1)
[DISABLE]
health1:
db F3 0F 11 70 2C
unregistersymbol(health1)
dealloc(newmem)
working fine so far although a little bit lagging
Re: RISE OF THE TOMB RAIDER Health hacking
Posted: Wed Sep 20, 2017 10:36 pm
by TheByteSize
pharaon wrote: ↑Wed Sep 20, 2017 8:11 pm
TheByteSize wrote: ↑Mon Sep 18, 2017 11:49 pm
change
cmp [rdi],xxxxxx
to
cmp [rdi],40CDFEA0
infinite health for all enemies as well
That's odd. I was hitting the patrols with climber pickaxes without taking any damage and still manage to kill them.
Re: RISE OF THE TOMB RAIDER Health hacking
Posted: Fri Sep 22, 2017 4:37 pm
by pharaon
this on work
Code: Select all
[ENABLE]
aobscanmodule(health1,ROTTR.exe,F3 0F 11 70 2C 48 8B 8B A8) // should be unique
alloc(newmem,$1000,"ROTTR.exe"+3356C18)
label(code)
label(return)
label(laraGODmode)
newmem:
cmp R12,1
je laraGODmode
code:
movss [rax+2C],xmm6
jmp return
laraGODmode:
mov [rax+2C],(float)450
jmp return
health1:
jmp newmem
return:
registersymbol(health1)
[DISABLE]
health1:
db F3 0F 11 70 2C
unregistersymbol(health1)
dealloc(newmem)
but this one does not work
Code: Select all
[ENABLE]
aobscanmodule(health1,ROTTR.exe,F3 0F 11 70 2C 48 8B 8B A8) // should be unique
alloc(newmem,$1000,"ROTTR.exe"+3356C18)
label(code)
label(return)
label(laraGODmode)
newmem:
cmp R13,0
je laraGODmode
code:
movss [rax+2C],xmm6
jmp return
laraGODmode:
mov [rax+2C],(float)450
jmp return
health1:
jmp newmem
return:
registersymbol(health1)
[DISABLE]
health1:
db F3 0F 11 70 2C
unregistersymbol(health1)
dealloc(newmem)
any explanation