[COMPLETED] The Disney Afternoon Collection

Pur

Noobzor
Dec 31, 2017
13
0
1
#1
A simple table with infinite health for all games would be nice.
 

Slade

Expert Cheater
Apr 29, 2017
97
5
8
#2
I actually bought this game to take a look at it, and I'll be stuffed if I know what they're doing.

I didn't see any sub processes running, and I can't find squat in the main process. I thought I'd take a look at the save state, but that was a bit of a bust too. I'm going to have to put my thinking cap on and see if I can work out a way to find out what processes launch when I run the game. Just in case some sort of "odd" sub process is being spawned (adobe air, etc) that I'm not seeing.

I would have thought this would be easy if they're running some sort of NES emulation - even the files don't seem to harbour NES headers.
 

Pur

Noobzor
Dec 31, 2017
13
0
1
#3
Slade post_id=29446 time=1514977481 user_id=3704 said:
I actually bought this game to take a look at it, and I'll be stuffed if I know what they're doing.

I didn't see any sub processes running, and I can't find squat in the main process. I thought I'd take a look at the save state, but that was a bit of a bust too. I'm going to have to put my thinking cap on and see if I can work out a way to find out what processes launch when I run the game. Just in case some sort of "odd" sub process is being spawned (adobe air, etc) that I'm not seeing.

I would have thought this would be easy if they're running some sort of NES emulation - even the files don't seem to harbour NES headers.
Thanks, I hope you figure out something, I tried but I couldn't find anything, so I asked here.
 

erfg12

Novice Cheater
Mar 16, 2017
24
0
1
#4
Are you sure it's not using encrypted values? I can try this later when I get home.
 

Pur

Noobzor
Dec 31, 2017
13
0
1
#5
I don't know, I'm not an expert, I tried to simply lock the health but I didn't manage to do it, can't find the value.
 

erfg12

Novice Cheater
Mar 16, 2017
24
0
1
#6
Kinda like this http://forum.cheatengine.org/viewtopic.php?t=500641

Here's 1 way to test http://forum.cheatengine.org/viewtopic.php?t=605216
 

Slade

Expert Cheater
Apr 29, 2017
97
5
8
#7
Pur post_id=29520 time=1515096435 user_id=11766 said:
Thanks, I hope you figure out something, I tried but I couldn't find anything, so I asked here.
I took a second run at this, and used a process watcher to see what the game is loading / running. And it hits up a few Microsoft crypto dll's. I'm starting to think the game encrypts its ram or data, as well as the save data. I went for something simple - score and tried searching the save data for that. I couldn't find anything, sadly.

Someone a little smarter than I am will have to take a run at this one. Sorry.
 

erfg12

Novice Cheater
Mar 16, 2017
24
0
1
#8
Here are some AoB scans to get the temp addresses with encrypted values. Once you find the addresses, store them in a table as 4 Byte values. Freeze the values to give infinite HP.

CHIP 'n DALE Rescue Rangers 1 - HP Address = ?? 2B 00 20 F8 2A 01 D0 F8 29 01 E0 F8 2B 00 D0 F8 2B 00 D8 F8 2B 00 E0 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? (second address found)

Duck Tales 1 - HP Address = 2D ?? 40 FF 2D 00 48 20 2D 00 50 FF 00 00 00 20 19 00 78 20 2E 00 80 20 ?? 00 88 FF 00 00 00 00 00 00 00 00 00 00 00 ?? ?? ?? ?? ?? ?? ?? (third address found) (only freeze when you have full HP)

I'll try to find more later and make a proper cheat table.

How did I find these?
- Open Edit > Settings. Go to Scan Settings. Check the MEM_MAPPED option.

To Find HP
- Search for changed/unchanged values when hit. (no increase/decrease searches)
- Once encrypted value is found, right click, what writes to it. Get hit, copy the address shown. (this helps find the address again. See below.)
- Copy at least 2 rows of memory viewer, any bytes changing mark with ??. Now you have an AoB scan item.

Find HP address again easily with bad AoB search
- Go to copied memory address in memory viewer. Right click > Find what accesses this address.
- Get hit 3 times, look for the 3 count address that was triggered. Now you found the temp address again.
 

Attachments

Top Bottom