For example,
MOV EAX, DWORD PTR [XXXXXXXX]
Might be something like
A8 XX XX XX XX
Where XX is some address you care about getting.
The signiture might be
A8 ?? ?? ?? ?? where ?? is a wild card meaning anything could be here we don't know what it will be. Of course for a signiture to be good you want to match a stronger and larger pattern but hopefully this gets the idea across.
Once the scanner finds the pattern you can get to work doing w/e you want from the address and offsets from it.
For example to get the address or "pointer" in the above example you might scan for
DWORD* address = *(DWORD**)(Scan("A8????????")+1)
At least I think this is right I havent done C++ for ages actually. (Node.js and such for the win)
You would want to put these into your own dll and inject it into the ts2 game.
To see how you might structure a DLL hack you could look at my TSX DLL Client thread.
I have a signiture scanner here that you could use.
You would want to change the format of these to be a format like this
"3AB2DFAB????????3FBACD300200A1XXXXXXXXB1C4DA" rather than seperated out and having the \x parts. *Yeah I got annoyed at writing \x all the time and seperating it and counting where the wild cards were lol.
Anyway Enjoy! (-_-) (if you cant figure it out learn more ASM, Hex and how memory in program works) And also learn about casting and decasting and data types.
Speed Hack Address
Code:
DWORD address = Scan('\x89\x45\xFC\x83\x3D\x00\x00\x00\x00\x00\x7E\x20',"xxxxx????xxx")+0x05
address = *(DWORD*)address;
Autopill
Code:
DWORD address = Scan("\x55\x8b\xec\x83\xec\x10\x89\x4d\xf0\x0f\xb6\x00\x00\x00\x00\x00\x83\xf8\x01","xxxxxxxxxxx?????xxx")+0x8A;
address = (*DWORD)address;
After that there is the HP value and the Chi Value. this is like the % to pill on.
By default the game lets you do 0 to 5 so 0% to 50%. These are also integer.
You can access it all by doing something like DWORD* AutoPill = (DWORD*)address;
AutoPill[0] = 1; // Turn it on
AutoPill[1] = 5; // at 50% hp
AutoPill[2] = 3; // 30% Chi etc.
Incase your curious, the origional signiture address without the +0x8A can be used to set the autopill to goto 100% max.
+0x8E is the value for HP max and +0x1A7 is the value for Chi
it is in code and is 1 byte. Its in a CMP I think.
But if the game has anti hack which checks code integrity you won't be able to modify this. *You would also have to make page writable etc.*
Please keep in mind these signitures are at least 4 years old. But they probably still work.
GM Sight/Level
Code:
DWORD address = Scan("\xD8\x35\x00\x00\x00\x00\x51\xD9\x1C\x24\x6A\x00\x6A\x00","xx????xxxxxxxx")+2;
DWORD* GMLevel = (DWORD*)(address + 80);
Fun fact from the address above +120 will take you to an array of Character structures *the like of which you see at the character select and the character stats screen in game*
Screen Address
This one has the value of the current screen the game is on.
Code:
Scan("\x55\x8B\xEC\x81\xEC\x00\x00\x00\x00\x89\x8D\x00\x00\x00\x00\x83\x3D\x00\x00\x00\x00\x06","xxxxx????xx????xx????x")+17;
Get the address treet it as a DWORD* or int*
*Mouse wheel*
Code:
Scan("\x80\x3F\x00\x00\xC8\x41\x00\x00\x16\x43\x00\x00","xxxxxxxxxxxx")
Encryption Key *1 byte unsigned xor the packet*
Code:
Scan("\x8D\x94\x01\x00\x05\x00\x00\x52\xb9\x00\x00\x00\x00","xxxxxxxxx????")+9
Ehhh.. Have fun
