I don't know if you looked at his window but it didn't have the 0x,
meaning there never was a 0x and you have wasted lots of time.
Lol.
meaning there never was a 0x and you have wasted lots of time.
Lol.
[Guide] Finding Cone of Fire Revamped
02/11/2008 08:59
j00b#16
02/11/2008 22:32
The1nk#17
If you do enough things, such as:Quote:
I'm going to have to say this was mildly interesting... until the 'look for specific asm out of list of well over a million other very similiar ones which are sorted by address and not in any useful way, which only might be there if you didn't screw up earlier. enjoy your next 72 hours' part.
Guess I'll try out jolt's seems more complete and do-able for anyone with patience that doesn't rival that of a mountain. A~nd if I can't get that to work I'll probably just pack it in and be thankful I didn't take up coding as a hobby.
Edit: Well that worked out, though auto-ban was swift and ammusing, so I guess I'll lurk more and see if I can ever figure this one out.
Edit 2: Can you verify that mov [esi+0x19C],eax still exists... I sorta found a way to 'find' my way through the entire disassembler list (My clipboard hates you and says you should sleep with your eyes open :/) without finding it. Is there any particular action one must take during that running and jumping and gunning step to make it show itself?
..Crouch, Has Changed
..Stand, Has Changed
......., Has Not Changed
..(while) Running, Has Changed
etc etc etc.. it should be narrowed down to only a few. The more searches you do [without screwing up] the less you will have to siphon through.
And [I think] its generally better to do Has Changed and Has Not Changed instead of "Has Increased" or "Has Decreased" because theoretically, SOE could have used one of two concepts for each variable. "Half Full" or "Half Empty". (Ie: CoF could be: "How tight are the bullets?"(Higher=Better), or "How much recoil do you have?"(Lower=Better))
LoL! True. According to the pic, there was no 0x infront. In the text he wrote, there was. That may have been to throw off web-searching h4x who aren't interested in a community, only want to leech. :PQuote:
meaning there never was a 0x and you have wasted lots of time.
Lol.
02/13/2008 18:59
Obbi75#18
I think you might be correct about the screenshot dealie... it worked going by what was in the SS but I was doing everything word for word the first time around. Still haven't figured out how to turn it off yet though. xD
02/14/2008 00:10
j00b#19
ya, me neither, not sure which part of the code I'm supposed to change :/
03/02/2008 09:43
StewartJohnson#20
I got my poke values but they are prolly not correct. When I load them into the trainer, save it and press the ON button, Planetside closes... actually crashes. Any suggestions as to what I am doing wrong. Or are my poke values just incorrect? I followed the cof guide correctly to find the 2 addresses and followed the AB guide to help me the rest of the way to find the pokes but i must be doing something wrong. Any help will be much appreciated.
EDIT 2... ok, I followed the cof guide and got the 2 addresses - right clicked and chose the option "find what writes this address" on both. then went into planetside and jumped crouch shot and ran. came back into MHS and saw the correct values after i did the go to new tab part from the AB guide.
MOV ECX, DWORD PTR [ESI+20]
MOV DWORD PTR [ESI+19C], EAX
LEA EAX, DWORD PTR [EBP-C]
now on the other tab i scrolled down to the part where it says "Add Byte PTR [EAX], AL" and I picked one that had 5 of the same above and below. which was "7C97B7A8". then i right clicked on "MOV ECX, DWORD PTR [ESI+20]" and selected inject. I put "7C97B7A8" in the code cave and put MOV ECX, DWORD PTR [ESI+20],MOV DWORD PTR [ESI+19C], EAX,LEA EAX, DWORD PTR [EBP-C] in the box to get the poke addys and i got 2 pokes.
Poke 7C97B7A8 8B 4E 20 89 86 9C 01 00 00 8D 45 F4 8B 4E 20 89 86 9C 01 00 00 8D 45 F4 E9 63 C4 F8 83
Poke 907C1C E9 87 3B 07 7C
I then put those pokes in my trainer for the "ON"" button saved it and opened the trainer and clicked the on button. went into planetside and i still have a cof.
Am I missing something because it seems like I didn't miss any steps?
EDIT 2... ok, I followed the cof guide and got the 2 addresses - right clicked and chose the option "find what writes this address" on both. then went into planetside and jumped crouch shot and ran. came back into MHS and saw the correct values after i did the go to new tab part from the AB guide.
MOV ECX, DWORD PTR [ESI+20]
MOV DWORD PTR [ESI+19C], EAX
LEA EAX, DWORD PTR [EBP-C]
now on the other tab i scrolled down to the part where it says "Add Byte PTR [EAX], AL" and I picked one that had 5 of the same above and below. which was "7C97B7A8". then i right clicked on "MOV ECX, DWORD PTR [ESI+20]" and selected inject. I put "7C97B7A8" in the code cave and put MOV ECX, DWORD PTR [ESI+20],MOV DWORD PTR [ESI+19C], EAX,LEA EAX, DWORD PTR [EBP-C] in the box to get the poke addys and i got 2 pokes.
Poke 7C97B7A8 8B 4E 20 89 86 9C 01 00 00 8D 45 F4 8B 4E 20 89 86 9C 01 00 00 8D 45 F4 E9 63 C4 F8 83
Poke 907C1C E9 87 3B 07 7C
I then put those pokes in my trainer for the "ON"" button saved it and opened the trainer and clicked the on button. went into planetside and i still have a cof.
Am I missing something because it seems like I didn't miss any steps?
03/03/2008 13:58
The1nk#21
I dunno how anyone else did it here, but on the way I did it- I don't see a zero in there anywhere. :-PQuote:
That code right thurr sets up your cof. The "Mov dword ptr [esi+19c], eax" is putting the value that's in EAX into the pointer ESI+19c. So... If that's what increases your coF.. what do you do?
I set it the value that is going to be put into the Cof 0 before that happens. :P Works for me!
03/04/2008 02:06
cookiemonster22#22
MOV ECX, DWORD PTR [ESI+20]
MOV EAX, 0
MOV DWORD PTR [ESI+19C], EAX
LEA EAX, DWORD PTR [EBP-C]
and presto you got urself nocof
MOV EAX, 0
MOV DWORD PTR [ESI+19C], EAX
LEA EAX, DWORD PTR [EBP-C]
and presto you got urself nocof
03/04/2008 03:53
faken1337#23
MOV ECX, DWORD PTR [ESI+20]
MOV DWORD PTR [ESI+19C], EAX
LEA EAX, DWORD PTR [EBP-C]
That's how I roll. Don't even need MOV EAX, 0. Now if you wanted to say, have a pin size COF, you could add MOV EAX, XXXXXXXX
XXXXXXXX = Hex Value you get from your Converter that came with TMK.
Example. MOV EAX, 40A00000 <====== This would give you a COF of 5.
This way for all you sneaky cheaters, you can appear to have a COF. :D
MOV DWORD PTR [ESI+19C], EAX
LEA EAX, DWORD PTR [EBP-C]
That's how I roll. Don't even need MOV EAX, 0. Now if you wanted to say, have a pin size COF, you could add MOV EAX, XXXXXXXX
XXXXXXXX = Hex Value you get from your Converter that came with TMK.
Example. MOV EAX, 40A00000 <====== This would give you a COF of 5.
This way for all you sneaky cheaters, you can appear to have a COF. :D
03/04/2008 03:57
j00b#24
just give 'em the pokes why don't you.
03/04/2008 06:41
faken1337#25
There is your problem. You don't need the Address from ADD Byte PTP. When you are code caving, just leave it on Auto-Address. Add the ASM and you'll be fine.Quote:
03/04/2008 10:08
StewartJohnson#26
still not working. i'll keep tryin... even tried the hex value and still not working. I understand how everything works now I just need some guidance as to what I am doing wrong. I have TS and Vent.
04/17/2009 17:01
Alpha492#27
this is a total newb question but I am very new to hacking
I wrote my own code cave (Which is long messy and horrible) and screwed up so many times I have memory slots in allydbg filled with random lines of useless code I put in on my first few attempts to come up with a working code cave
Can I just erase these some how ...
when I didn't know what NOP's were I filled messed up lines with them and its a disaster pls help if you can....
I wrote my own code cave (Which is long messy and horrible) and screwed up so many times I have memory slots in allydbg filled with random lines of useless code I put in on my first few attempts to come up with a working code cave
Can I just erase these some how ...
when I didn't know what NOP's were I filled messed up lines with them and its a disaster pls help if you can....