How to make "instant" hack that values will change instantly?

Memory scanning, code injection, debugger internals and other gamemodding related discussion
marek1957
Expert Cheater
Expert Cheater
Posts: 283
Joined: Sat Dec 16, 2017 4:46 pm
Reputation: 4

How to make "instant" hack that values will change instantly?

Post by marek1957 » Wed May 09, 2018 8:45 am

Hello People,

I made some hacks for some games like unlimited ammo, unlimited stars and credits and etc. etc. by backtracing and injecting to specific locations in memory region.



But in almost all my hacks, after activating the hack for example for credits, you write a value of the credits and you are activating the script and your CREDITS wont change to the moment when you buy something for credits. When you buy something, then the value of credits will change to the value that you written in the script. The same is for ammo and other hacks.



My question is what to do, what change in script to after activating some hack, the value changes in instant, not after buying something or doing something. Is it possible? if yes, how to do that? What I must add to my script or what to change?



If you need to look on my scripts, write and I will share them.



Best Regards,

Marek.

User avatar
SunBeam
Trouble Makers
Trouble Makers
Posts: 1504
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 222

How to make "instant" hack that values will change instantly?

Post by SunBeam » Wed May 09, 2018 10:22 am

Hi Marek.



You have to also apply some decent logic to what you're asking for. Have you stopped to ask yourself WHY it happens only after you buy stuff or consume ammo? Did it ever occur to you that the reason for this is the spots where you inject your code are instructions that are executed only on WRITE and not on ACCESS? And by write I mean only when your value would change.



How about you try "find out what accesses this value", instead of "what writes", and use one of those instructions? ;)



Let us know how it worked out.
Last edited by SunBeam on Thu Jan 01, 1970 12:00 am, edited 4 times in total.

marek1957
Expert Cheater
Expert Cheater
Posts: 283
Joined: Sat Dec 16, 2017 4:46 pm
Reputation: 4

How to make "instant" hack that values will change instantly?

Post by marek1957 » Wed May 09, 2018 10:46 am

Oh my god, why didnt i think like that? I was only thinking about WRITE WRITE WRITE because I had memorize that if visual value is changing that means something is WRITING to the value - so I was only thinking about WRITE, not about ACCESSING.



Thanks for the TIP SunBeam.



I will check my scripts like you told me and we will see what happens. I will write later when I check it.

[automerge]1525863972[/automerge]

Ok, I checked it. I marked by red the functions which are accesing only when I get credits or when I lost credits. Now what? :p

[img]https://i.imgur.com/Pl65qWh.png[/img]
Last edited by marek1957 on Wed May 09, 2018 11:07 am, edited 2 times in total.

User avatar
FreeER
RCE Fanatics
RCE Fanatics
Posts: 142
Joined: Fri Mar 10, 2017 7:11 pm
Reputation: 12
Contact:

How to make "instant" hack that values will change instantly?

Post by FreeER » Wed May 09, 2018 11:14 am

"Now what?" - now write a script at one of the locations that constantly run so that when you enable the script your code is constantly run rather than only running after something happens.

User avatar
SunBeam
Trouble Makers
Trouble Makers
Posts: 1504
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 222

How to make "instant" hack that values will change instantly?

Post by SunBeam » Wed May 09, 2018 11:22 am

[USER=11389]@marek1957[/USER]: ACCESS means the instructions also access your value without doing anything; sure, there will be some that do that only when you consume or use the amount; but for visuals (displaying amount) you will see that you do nothing - idle - and still get code listed in that debugger window ;) Pick one of those to hook :p Like the one that got hit 4334 times in your picture :P
Last edited by SunBeam on Thu Jan 01, 1970 12:00 am, edited 2 times in total.

User avatar
TheyCallMeTim13
Administration
Administration
Posts: 980
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 154
Contact:

How to make "instant" hack that values will change instantly?

Post by TheyCallMeTim13 » Wed May 09, 2018 11:28 am

The thing I like to do is have the hook at the write instruction, but use the access instruction (one that runs constantly) to just get the address; then in another script you can write to the value with some Lua.

[CODE=cea]//...

[ENABLE]

//...

alloc(memMoneyHook, 0x400, injMoneyHook)



label(ptrMoneyHook)

registerSymbol(ptrMoneyHook)



label(n_code)

label(o_code)

label(exit)

label(return)



memMoneyHook:

ptrMoneyHook:

dd 0

align 10 CC

n_code:

mov [ptrMoneyHook],ebx

o_code:

cmp ecx,[ebx+ABC]

exit:

jmp return



////

//// ---------- Injection Point ----------

injMoneyHook:

jmp n_code

nop

return:

[DISABLE]

//...[/CODE]



[CODE=lua]{$lua}

[ENABLE]

local value = 500

local addr = '[ptrMoneyHook]+ABC'

if syntaxcheck then return end

writeInteger(addr, value + readInteger(addr))

[DISABLE][/CODE]



EDIT:

This way is the "lazy non-reversing" why, so it works; but you won't be known as a "reverser" for this kind of thing.
Last edited by TheyCallMeTim13 on Wed May 09, 2018 11:50 am, edited 3 times in total.

User avatar
STN
Founder
Founder
Posts: 3110
Joined: Thu Mar 02, 2017 7:48 pm
Reputation: 429

How to make "instant" hack that values will change instantly?

Post by STN » Wed May 09, 2018 11:32 am

Sometimes you don't have a choice but to use write only code. If you're particularly bothered you can do something like



-backtrack and use the caller function which usually gets hit real time but you will need to filter out rest of the stuff that gets called or get to your desired address by calculating/fetching the addresses yourself.



- Use some other real time code that's accessing stuff adjacent to your desired address. For example you want health to be realtime, stamina might be getting accessed so you can use that provided health is adjacent i.e offsets are close.



- sometimes you can check for random addresses in your health structure that get accessed real time and offset to health.



- your health base structure might get accessed real time.



Lastly you can create a thread to execute your function. You do need to set the proper params etc.
For site updates, follow FRF's official Twitter, Facebook

User avatar
SunBeam
Trouble Makers
Trouble Makers
Posts: 1504
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 222

How to make "instant" hack that values will change instantly?

Post by SunBeam » Wed May 09, 2018 11:43 am

If you're still at it, learn some decent ASM and create a thread to call in the internal SetHealth or SetMoney functions with parameters ;) :D

marek1957
Expert Cheater
Expert Cheater
Posts: 283
Joined: Sat Dec 16, 2017 4:46 pm
Reputation: 4

How to make "instant" hack that values will change instantly?

Post by marek1957 » Wed May 09, 2018 11:47 am

Ok guys, I understand all but I am not good with writing scripts, can you help me write an example of correct script? This will help me to understand all of this.



This is the original code of function which is constantly accesing:

[code]

{ Game : Asphalt8.exe

Version:

Date : 2018-05-09

Author : A101



This script does blah blah blah

}



[ENABLE]



aobscanmodule(INJECT,Asphalt8.exe,3B 47 08 74 0D 51 8B CF E8 6C) // should be unique

alloc(newmem,$1000)



label(code)

label(return)



newmem:



code:

cmp eax,[edi+08]

je Asphalt8.exe+813C09

jmp return



INJECT:

jmp newmem

return:

registersymbol(INJECT)



[DISABLE]



INJECT:

db 3B 47 08 74 0D



unregistersymbol(INJECT)

dealloc(newmem)



{

// ORIGINAL CODE - INJECTION POINT: "Asphalt8.exe"+813BF7



"Asphalt8.exe"+813BD8: C1 E8 10 - shr eax,10

"Asphalt8.exe"+813BDB: 33 C6 - xor eax,esi

"Asphalt8.exe"+813BDD: 69 C8 3B 9F 5D 04 - imul ecx,eax,045D9F3B

"Asphalt8.exe"+813BE3: 8B C1 - mov eax,ecx

"Asphalt8.exe"+813BE5: C1 E8 10 - shr eax,10

"Asphalt8.exe"+813BE8: 33 C1 - xor eax,ecx

"Asphalt8.exe"+813BEA: 69 D0 3B 9F 5D 04 - imul edx,eax,045D9F3B

"Asphalt8.exe"+813BF0: 8B C2 - mov eax,edx

"Asphalt8.exe"+813BF2: C1 E8 10 - shr eax,10

"Asphalt8.exe"+813BF5: 33 C2 - xor eax,edx

// ---------- INJECTING HERE ----------

"Asphalt8.exe"+813BF7: 3B 47 08 - cmp eax,[edi+08]

"Asphalt8.exe"+813BFA: 74 0D - je Asphalt8.exe+813C09

// ---------- DONE INJECTING ----------

"Asphalt8.exe"+813BFC: 51 - push ecx

"Asphalt8.exe"+813BFD: 8B CF - mov ecx,edi

"Asphalt8.exe"+813BFF: E8 6C 5A 90 FF - call Asphalt8.exe+119670

"Asphalt8.exe"+813C04: 5F - pop edi

"Asphalt8.exe"+813C05: 33 C0 - xor eax,eax

"Asphalt8.exe"+813C07: 5E - pop esi

"Asphalt8.exe"+813C08: C3 - ret

"Asphalt8.exe"+813C09: 5F - pop edi

"Asphalt8.exe"+813C0A: 8B C6 - mov eax,esi

"Asphalt8.exe"+813C0C: 5E - pop esi

}[/code]



and this is the original code of writing function:



[code]

{ Game : Asphalt8.exe

Version:

Date : 2018-05-09

Author : A101



This script does blah blah blah

}



[ENABLE]



aobscanmodule(INJECT,Asphalt8.exe,89 47 08 5F 5E 5B 5D) // should be unique

alloc(newmem,$1000)



label(code)

label(return)



newmem:



code:

mov [edi+08],eax

pop edi

pop esi

jmp return



INJECT:

jmp newmem

return:

registersymbol(INJECT)



[DISABLE]



INJECT:

db 89 47 08 5F 5E



unregistersymbol(INJECT)

dealloc(newmem)



{

// ORIGINAL CODE - INJECTION POINT: "Asphalt8.exe"+11965F



"Asphalt8.exe"+119640: C1 E8 10 - shr eax,10

"Asphalt8.exe"+119643: 33 C2 - xor eax,edx

"Asphalt8.exe"+119645: 69 C8 3B 9F 5D 04 - imul ecx,eax,045D9F3B

"Asphalt8.exe"+11964B: 8B C1 - mov eax,ecx

"Asphalt8.exe"+11964D: C1 E8 10 - shr eax,10

"Asphalt8.exe"+119650: 33 C1 - xor eax,ecx

"Asphalt8.exe"+119652: 69 C8 3B 9F 5D 04 - imul ecx,eax,045D9F3B

"Asphalt8.exe"+119658: 8B C1 - mov eax,ecx

"Asphalt8.exe"+11965A: C1 E8 10 - shr eax,10

"Asphalt8.exe"+11965D: 33 C1 - xor eax,ecx

// ---------- INJECTING HERE ----------

"Asphalt8.exe"+11965F: 89 47 08 - mov [edi+08],eax

"Asphalt8.exe"+119662: 5F - pop edi

"Asphalt8.exe"+119663: 5E - pop esi

// ---------- DONE INJECTING ----------

"Asphalt8.exe"+119664: 5B - pop ebx

"Asphalt8.exe"+119665: 5D - pop ebp

"Asphalt8.exe"+119666: C2 04 00 - ret 0004

"Asphalt8.exe"+119669: CC - int 3

"Asphalt8.exe"+11966A: CC - int 3

"Asphalt8.exe"+11966B: CC - int 3

"Asphalt8.exe"+11966C: CC - int 3

"Asphalt8.exe"+11966D: CC - int 3

"Asphalt8.exe"+11966E: CC - int 3

"Asphalt8.exe"+11966F: CC - int 3

}

[/code]

[automerge]1525866617[/automerge]

I would like to learn but I dont know where I can fing good tutorials or info about it. I like to learn by viewing and examinig correct examples of script. Thanks to that, I can learn how the script is working. This is the best method for me to learning.

[automerge]1525866786[/automerge]

I need only a correct script for this function and then I will learn and study how script is working and thanks to example, I will correct all my scripts by myself :-)



But I need correct example. Without this, I wont learn anything. :-(



Can you provide me correct example of the script that I want?
Last edited by marek1957 on Wed May 09, 2018 11:53 am, edited 2 times in total.

User avatar
TheyCallMeTim13
Administration
Administration
Posts: 980
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 154
Contact:

How to make "instant" hack that values will change instantly?

Post by TheyCallMeTim13 » Wed May 09, 2018 12:02 pm

So first off, having a hardcoded address in the script when using "aobScan" really makes no sense, you might as well just use an address for the injection point. Second you need to use unique symbols for any thing you register with the user symbols list.





"What ever" Hook:

[CODE=cea]{ Game : Asphalt8.exe

Version:

Date : 2018-05-09

Author : Bob

}



[ENABLE]



aobscanmodule(valueAccINJ,Asphalt8.exe,33 C2 3B 47 08 74 0D 51 8B CF E8 6C) // should be unique

registersymbol(valueAccINJ)



alloc(newmem,$1000)



label(code)

label(return)



label(valuePtr)

registersymbol(valuePtr)



newmem:

code:

xor eax,edx

cmp eax,[edi+08]

mov [valuePtr],edi

jmp return

valuePtr:

dd 0



valueAccINJ:

jmp newmem

return:





[DISABLE]

valueAccINJ:

db 3B 47 08 74 0D



unregistersymbol(valueAccINJ)

unregistersymbol(valuePtr)

dealloc(newmem)



{

// ORIGINAL CODE - INJECTION POINT: "Asphalt8.exe"+813BF5



"Asphalt8.exe"+813BD8: C1 E8 10 - shr eax,10

"Asphalt8.exe"+813BDB: 33 C6 - xor eax,esi

"Asphalt8.exe"+813BDD: 69 C8 3B 9F 5D 04 - imul ecx,eax,045D9F3B

"Asphalt8.exe"+813BE3: 8B C1 - mov eax,ecx

"Asphalt8.exe"+813BE5: C1 E8 10 - shr eax,10

"Asphalt8.exe"+813BE8: 33 C1 - xor eax,ecx

"Asphalt8.exe"+813BEA: 69 D0 3B 9F 5D 04 - imul edx,eax,045D9F3B

"Asphalt8.exe"+813BF0: 8B C2 - mov eax,edx

"Asphalt8.exe"+813BF2: C1 E8 10 - shr eax,10

// ---------- INJECTING HERE ----------

"Asphalt8.exe"+813BF5: 33 C2 - xor eax,edx

"Asphalt8.exe"+813BF7: 3B 47 08 - cmp eax,[edi+08]

// ---------- DONE INJECTING ----------

"Asphalt8.exe"+813BFA: 74 0D - je Asphalt8.exe+813C09

"Asphalt8.exe"+813BFC: 51 - push ecx

"Asphalt8.exe"+813BFD: 8B CF - mov ecx,edi //// We know EDI holds the base for the value.

"Asphalt8.exe"+813BFF: E8 6C 5A 90 FF - call Asphalt8.exe+119670 //// This is probably the CALL you were told about

"Asphalt8.exe"+813C04: 5F - pop edi

"Asphalt8.exe"+813C05: 33 C0 - xor eax,eax

"Asphalt8.exe"+813C07: 5E - pop esi

"Asphalt8.exe"+813C08: C3 - ret

"Asphalt8.exe"+813C09: 5F - pop edi

"Asphalt8.exe"+813C0A: 8B C6 - mov eax,esi

"Asphalt8.exe"+813C0C: 5E - pop esi

}[/CODE]



+500 "What ever":

[CODE=lua]{$lua}

[ENABLE]

local value = 500

local addr = '[valuePtr]+8'

if syntaxcheck then return end

writeInteger(addr, value + readInteger(addr))

[DISABLE][/CODE]



Infinite "What ever":

[CODE=cea]{ Game : Asphalt8.exe

Version:

Date : 2018-05-09

Author : Bob

}



[ENABLE]

aobscanmodule(valueWrtINJ,Asphalt8.exe,89 47 08 5F 5E 5B 5D) // should be unique

unregistersymbol(valueWrtINJ)



valueWrtINJ:

nop

nop

nop



[DISABLE]

valueWrtINJ:

db 89 47 08



unregistersymbol(valueWrtINJ)



{

// ORIGINAL CODE - INJECTION POINT: "Asphalt8.exe"+11965F



"Asphalt8.exe"+119640: C1 E8 10 - shr eax,10

"Asphalt8.exe"+119643: 33 C2 - xor eax,edx

"Asphalt8.exe"+119645: 69 C8 3B 9F 5D 04 - imul ecx,eax,045D9F3B

"Asphalt8.exe"+11964B: 8B C1 - mov eax,ecx

"Asphalt8.exe"+11964D: C1 E8 10 - shr eax,10

"Asphalt8.exe"+119650: 33 C1 - xor eax,ecx

"Asphalt8.exe"+119652: 69 C8 3B 9F 5D 04 - imul ecx,eax,045D9F3B

"Asphalt8.exe"+119658: 8B C1 - mov eax,ecx

"Asphalt8.exe"+11965A: C1 E8 10 - shr eax,10

"Asphalt8.exe"+11965D: 33 C1 - xor eax,ecx

// ---------- INJECTING HERE ----------

"Asphalt8.exe"+11965F: 89 47 08 - mov [edi+08],eax

// ---------- DONE INJECTING ----------

"Asphalt8.exe"+119662: 5F - pop edi

"Asphalt8.exe"+119663: 5E - pop esi

"Asphalt8.exe"+119664: 5B - pop ebx

"Asphalt8.exe"+119665: 5D - pop ebp

"Asphalt8.exe"+119666: C2 04 00 - ret 0004

"Asphalt8.exe"+119669: CC - int 3

"Asphalt8.exe"+11966A: CC - int 3

"Asphalt8.exe"+11966B: CC - int 3

"Asphalt8.exe"+11966C: CC - int 3

"Asphalt8.exe"+11966D: CC - int 3

"Asphalt8.exe"+11966E: CC - int 3

"Asphalt8.exe"+11966F: CC - int 3

}[/CODE]
Last edited by TheyCallMeTim13 on Wed May 09, 2018 12:17 pm, edited 8 times in total.

bonzay0
Fearless Donors
Fearless Donors
Posts: 86
Joined: Fri Sep 08, 2017 1:43 pm
Reputation: 3

How to make "instant" hack that values will change instantly?

Post by bonzay0 » Wed May 09, 2018 12:46 pm

you can also do this for the access script:

[CODE=cea]{ Game : Asphalt8.exe

Version:

Date : 2018-05-09

Author : Bob

}



[ENABLE]



aobscanmodule(valueAccINJ,Asphalt8.exe,33 C2 3B 47 08 74 0D 51 8B CF E8 6C) // should be unique

registersymbol(valueAccINJ)

registersymbol(valueToSet)



alloc(newmem,$1000)



label(cheat)

label(orig)

label(return)

label(valueToSet)



newmem:



cheat:

push ecx // Save the value in ecx for later

mov ecx,[valueToSet] // This copies the value we registered to ecx

mov [edi+08],ecx // This will change the value (money for exmp) to whatever we written in valueToSet (default 500)

pop ecx // pop back the value so the code can continue normally



orig:

xor eax,edx

cmp eax,[edi+08]

jmp return



valueToSet:

dd 01 F4



valueAccINJ:

jmp newmem



return:





[DISABLE]

valueAccINJ:

db 3B 47 08 74 0D



unregistersymbol(valueAccINJ)

unregistersymbol(valueToSet)

dealloc(newmem)



{

// ORIGINAL CODE - INJECTION POINT: "Asphalt8.exe"+813BF5



"Asphalt8.exe"+813BD8: C1 E8 10 - shr eax,10

"Asphalt8.exe"+813BDB: 33 C6 - xor eax,esi

"Asphalt8.exe"+813BDD: 69 C8 3B 9F 5D 04 - imul ecx,eax,045D9F3B

"Asphalt8.exe"+813BE3: 8B C1 - mov eax,ecx

"Asphalt8.exe"+813BE5: C1 E8 10 - shr eax,10

"Asphalt8.exe"+813BE8: 33 C1 - xor eax,ecx

"Asphalt8.exe"+813BEA: 69 D0 3B 9F 5D 04 - imul edx,eax,045D9F3B

"Asphalt8.exe"+813BF0: 8B C2 - mov eax,edx

"Asphalt8.exe"+813BF2: C1 E8 10 - shr eax,10

// ---------- INJECTING HERE ----------

"Asphalt8.exe"+813BF5: 33 C2 - xor eax,edx

"Asphalt8.exe"+813BF7: 3B 47 08 - cmp eax,[edi+08]

// ---------- DONE INJECTING ----------

"Asphalt8.exe"+813BFA: 74 0D - je Asphalt8.exe+813C09

"Asphalt8.exe"+813BFC: 51 - push ecx

"Asphalt8.exe"+813BFD: 8B CF - mov ecx,edi //// We know EDI holds the base for the value.

"Asphalt8.exe"+813BFF: E8 6C 5A 90 FF - call Asphalt8.exe+119670 //// This is probably the CALL you where told about

"Asphalt8.exe"+813C04: 5F - pop edi

"Asphalt8.exe"+813C05: 33 C0 - xor eax,eax

"Asphalt8.exe"+813C07: 5E - pop esi

"Asphalt8.exe"+813C08: C3 - ret

"Asphalt8.exe"+813C09: 5F - pop edi

"Asphalt8.exe"+813C0A: 8B C6 - mov eax,esi

"Asphalt8.exe"+813C0C: 5E - pop esi

}[/CODE]



This will also set the value to 500.

And it will enable you to add the registered value to your table and change it. (from 500 to whatever)



The script for the write can stay the same.



EDIT:



Usually you would want the original to be before the cheat section.

It really depends on what the code does.

In this case I just randomly decided to write the cheat first and then the original code, but as you can notice

we compare the value (lets say it's money) to eax, but just before that I changed the value with the cheat section.



This can cause some bugs/unexpected behavior from the game.

So you might need to switch between the sections or save the original value and compare it with eax.
Last edited by bonzay0 on Wed May 09, 2018 1:10 pm, edited 1 time in total.

marek1957
Expert Cheater
Expert Cheater
Posts: 283
Joined: Sat Dec 16, 2017 4:46 pm
Reputation: 4

How to make "instant" hack that values will change instantly?

Post by marek1957 » Wed May 09, 2018 1:17 pm

Guys, thank you for your help but your codes not working at all, in every code that I tried from you, the credits are changing to 0. And I cannot change, I find it that EDX is having credits value here:



[code]

{ Game : Asphalt8.exe

Version:

Date : 2018-05-09

Author : A101



This script does blah blah blah

}



[ENABLE]



aobscanmodule(INJECT,Asphalt8.exe,8B CA F7 D1 33 08) // should be unique

alloc(newmem,$1000)



label(code)

label(return)



newmem:



code:

mov ecx,edx

not ecx

xor ecx,[eax]

jmp return



INJECT:

jmp newmem

nop

return:

registersymbol(INJECT)



[DISABLE]



INJECT:

db 8B CA F7 D1 33 08



unregistersymbol(INJECT)

dealloc(newmem)



{

// ORIGINAL CODE - INJECTION POINT: "Asphalt8.exe"+119634



"Asphalt8.exe"+11961A: 99 - cdq

"Asphalt8.exe"+11961B: F7 F9 - idiv ecx

"Asphalt8.exe"+11961D: 8D 42 01 - lea eax,[edx+01]

"Asphalt8.exe"+119620: 99 - cdq

"Asphalt8.exe"+119621: F7 F9 - idiv ecx

"Asphalt8.exe"+119623: 8B 47 04 - mov eax,[edi+04]

"Asphalt8.exe"+119626: 89 15 40 BC B0 02 - mov [Asphalt8.exe+1A1BC40],edx

"Asphalt8.exe"+11962C: 89 10 - mov [eax],edx

"Asphalt8.exe"+11962E: 8B 47 04 - mov eax,[edi+04]

"Asphalt8.exe"+119631: 8B 55 08 - mov edx,[ebp+08]

// ---------- INJECTING HERE ----------

"Asphalt8.exe"+119634: 8B CA - mov ecx,edx

"Asphalt8.exe"+119636: F7 D1 - not ecx

"Asphalt8.exe"+119638: 33 08 - xor ecx,[eax]

// ---------- DONE INJECTING ----------

"Asphalt8.exe"+11963A: 8B 07 - mov eax,[edi]

"Asphalt8.exe"+11963C: 89 08 - mov [eax],ecx

"Asphalt8.exe"+11963E: 8B C2 - mov eax,edx

"Asphalt8.exe"+119640: C1 E8 10 - shr eax,10

"Asphalt8.exe"+119643: 33 C2 - xor eax,edx

"Asphalt8.exe"+119645: 69 C8 3B 9F 5D 04 - imul ecx,eax,045D9F3B

"Asphalt8.exe"+11964B: 8B C1 - mov eax,ecx

"Asphalt8.exe"+11964D: C1 E8 10 - shr eax,10

"Asphalt8.exe"+119650: 33 C1 - xor eax,ecx

"Asphalt8.exe"+119652: 69 C8 3B 9F 5D 04 - imul ecx,eax,045D9F3B

}

[/code]



when I add code: mov edx,#5000 before mov ecx,edx at "Asphalt8.exe"+119634: it will change the credits to 5000 value after buying something. So now how to use this write script with all-the-time accessing script? But when I tried CHECK WHAT MORE ADDRESSES ACCESING THIS ADDRESS ("Asphalt8.exe"+119634:) its showing nothing. Why?

bonzay0
Fearless Donors
Fearless Donors
Posts: 86
Joined: Fri Sep 08, 2017 1:43 pm
Reputation: 3

How to make "instant" hack that values will change instantly?

Post by bonzay0 » Wed May 09, 2018 4:12 pm

you are being a bit too specific on your problem.



We all gave you a way to find out and write a code that will change the value on a "What Accessing This Address".



I'll try to simplify it a bit:



1) You have the address for money. Lets call the address "MyMoney".

2) you find what access it

3) you check where it's getting the most access from (meaning the number doesn't stop from going up even if you do nothing)

4) you go to "show disassembler"

5) you create a script that either replace directly the address with something new (but keep the original code in your script as well)

or you create an aob script for that section (usually makes updates easier)



in the script you want to change the content of the address. You can debug the code if you need.

Look where "MyMoney" is being accessed from.

Lets say [esi+08] is "MyMoney" address.



You want to change the value this address is holding ("MyMoney"). So you add a code that does just that:

mov [esi+08],#5000 [B]or [/B]add [esi+08],#5000 [B]or [/B]whatever code you want that changes this address.

After that you just run the original code and exit your script (or let original code run and then your script)



I suggest doing the tutorial as it covers this as well.



EDIT:



Just in case I wasn't clear:

You want the address, not the value.



If you found the address for "MyMoney" to be "10ABCDEF"

[esi+08] also needs to be "10ABCDEF".



It's all in the tutorial so I again suggest to try it out at least once.
Last edited by bonzay0 on Wed May 09, 2018 4:29 pm, edited 2 times in total.

User avatar
SunBeam
Trouble Makers
Trouble Makers
Posts: 1504
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 222

How to make "instant" hack that values will change instantly?

Post by SunBeam » Wed May 09, 2018 11:12 pm

His problem is he wants this only for Asphalt. Check out his posts as well ;)

marek1957
Expert Cheater
Expert Cheater
Posts: 283
Joined: Sat Dec 16, 2017 4:46 pm
Reputation: 4

How to make "instant" hack that values will change instantly?

Post by marek1957 » Thu May 10, 2018 8:13 am

BONZAY0 - thank you for this explanation, I understand now. So I must have the same address (for example: "10ABCDEF") for accessing and writing the value right?



So it is impossible to write a script that if for example one address : AAAA is accessing all the time the proccess so using this accessing address, it will make a move to activate the other address, for example BBBB to write the value ?? it is not possible to do that way? That if one address is accessing, then it is activating completely different address to write a value?



SUNBEAM - yes, I only using this advices for Asphalt8 because this is the only game that I want to hack :-D It's old game from 2013 but I like it, and I want to know everything from this game

Post Reply

Who is online

Users browsing this forum: No registered users