Problem with a NO CRASH script - Asphalt 8: Airborne v3.3.2a

Z

zajechax

Guest
#1
Hello Everyone!

I have a problem with a script that I made in Cheat Engine for the newest version of the game: Asphalt 8: Airborne v3.3.2a.

I have two scripts:
NO CRASH SCRIPT - Not perfect, you can still be crushed when hit the invisible wall with your side or back of the car
PERFECT NO CRASH - you cannot be crashed but it slowing you down.


I found already the 100% NO CRASH Address - 100% means that when you hit the invisible wall with your back or side you never be crushed - but there is a small problem.

When I activate this script/address - this script is slowing me down in race and when I jump, my Jump is very short - likely a car weight a tons more than normal - and when you are jumping with this script activated - you are going down very fast like as you dive, the front falls faster than the back like a stone.

I don't why is this happening. Can someone help me?

Scripts are below:

NO CRASH Script:
Code:
////NO CRASH SCRIPT - Not perfect, you can still be crushed when hit the invisible wall with your side or back of the car 

[ENABLE] 
//code from here to '[DISABLE]' will be used to enable the cheat 
alloc(newmem,2048) 
label(returnhere) 
label(originalcode) 
label(exit) 

newmem: //this is allocated memory, you have read,write,execute access 
//place your code here 

originalcode: 
mov byte ptr [edi+00000184],00 

exit: 
jmp returnhere 

"Asphalt8.exe"+7B3FFA: 
jmp newmem 
nop 
nop 
returnhere: 




[DISABLE] 
//code from here till the end of the code will be used to disable the cheat 
dealloc(newmem) 
"Asphalt8.exe"+7B3FFA: 
mov byte ptr [edi+00000184],01 
//Alt: db C6 87 84 01 00 00 01
---------------------------------------------------------------------------

PERFECT NO CRASH Script:
Code:
//// PERFECT NO CRASH - you cannot be crashed but it slowing you down. 

[ENABLE] 
//code from here to '[DISABLE]' will be used to enable the cheat 
alloc(newmem,2048) 
label(returnhere) 
label(originalcode) 
label(exit) 

newmem: //this is allocated memory, you have read,write,execute access 
//place your code here 

originalcode: 
mov [esi+000001BB],00 

exit: 
jmp returnhere 

"Asphalt8.exe"+7B118E: 
jmp newmem 
nop 
returnhere: 




[DISABLE] 
//code from here till the end of the code will be used to disable the cheat 
dealloc(newmem) 
"Asphalt8.exe"+7B118E: 
mov [esi+000001BB],cl 
//Alt: db 88 8E BB 01 00 00
 

Cielos

RCE Fanatics
Talents
Mar 3, 2017
322
46
28
#2
2 possible reasons:
1. this write code:
Code:
"Asphalt8.exe"+7B118E:
mov [esi+000001BB],cl
isn't only writing to the crash-allowed flag you found. use the "what writes to this address" to see if there are other addresses that this opcode writes to:
- if there is, do some back trace to see where this line of codes ret to, and see if you can locate the code that call this write code to WRITE A BYTE VALUE TO THIS CRASH-ALLOWED FLAG. then implement your aa script based on this new-found info.
- if there isn't (i.e., this write code ONLY writes to the crash-allowed flag you found), it's most likely the case below then:

2. the byte value of [esi+1bb] is used for multiple modifiers, that means not only the crash bit is using this byte to determine if you can be crashed or not, but some other game element is using this byte to determine something else as well.
try doing a "what read from this address":
- if there are multiple instance that READ from this address, do some experiment to see which opcodes read this byte (crash-allowed flag you found) to determine if you can be crashed or not. e.g., see which instance read from this address when the plane (?) bump into something and are supposed to crash.
- if there are only one instance that READ from this address, do some back tracing to see where the code that call this READ function when you make a crash is.

that's about the gist of it, as I don't have the game, there's not much specific suggestion I can make.
hope that helps~
 
Z

zajechax

Guest
#3
I already fixed my no crash script :-D You were right Cielos - this address what I found earlier and modified is mixed with other elements in game such a gravity, knockdowns, no crash for other players and etc.

The 100% correct address is below:
Code:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here

originalcode:
jne Asphalt8.exe+7B1242

exit:
jmp returnhere

"Asphalt8.exe"+7B1185:
jmp newmem
nop
returnhere:


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"Asphalt8.exe"+7B1185:
je Asphalt8.exe+7B1242
//Alt: db 0F 84 B7 00 00 00

I have now NEW problem ;-) I just wanna find again the address that I froze and then I was having all the time DAMAGED car when I was driving! It was super-cool cheat for fun! I just wanna find it again but I don't know how to start finding... from what place I must start? :-(

Please watch this video below, I only record my found address by mistake and it effects. And I just wanna make the fun again, but I don't know how to do it, Can you help me???

[youtube]https://www.youtube.com/watch?v=ahMRPshgKkY[/youtube]
 

STN

Pleb
Staff member
Administrator
Mar 2, 2017
3,032
62
48
#5
Just so everyone knows, i banned him (IP) so he won't be responding.

Only a total asshole with no respect for this place would go and spam the whole place up begging in every thread. And i hate those type of people. I mean have some respect for this place.
 

jungletek

Reality Bytes
Oct 17, 2017
155
6
18
#6
STN post_id=26637 time=1512047863 user_id=48 said:
Just so everyone knows, i banned him (IP) so he won't be responding.
Who, zajec? So glad I wasted 10 minutes responding to him in the other thread about how he has to teach himself the basics so that he can ask better questions about what he needs help with :rolleyes:

Agreed though, that such intellectual laziness and question spamming because nobody has answered his basic and done-to-death questions doesn't belong.
 
Top Bottom