Easywrite

1024 x 768 PLZ
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: GAMEHACKING TUTORIAL PART 4 ::
:: BY BLIZZARD ::

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

I assume you have also read part 1 and 2 of my tutorial. In the first tutorial you saw a little
what cheating in games actually is, and how fun it is. In the second tutorial I showed you how
to find the STATIC ADDRESS instead of a DMA (DYNAMIC MEMORY ALLOCATION). In the third tutorial
I showed you how to build your trainer.

Now I'm going to tell you how to use the EASYWRITE FUNCTION of TSearch. Do you still
remember what we got from our second tutorial? It was this:

* 464FA2: mov [edi+0xD5A774], ecx

464FA2 is called an OFFSET. An OFFSET is a position in your computers memory. Most of the
time we note an OFFSET like this: 0x464FA2. You see that it moves (MOV) ecx (a value) to
[edi+0xD5A774]. That isn't hard to understand now is it ;-)
For example:

12345: mov [box], book <-- on offset 12345 it says: move "book" into [box]

Now open up TSearch and click the EASYWRITE button. You will see a new part of your screen
is opened. Now press the white icon on the part that appeared which is NEW. You see that
the EASYWRITE INTERPRETER pops up. First thing you must do is give it a name behind
DESCRIPTION. Let's name it Crusader. Now press the button TMK so the screen splits into 4
parts. The two left are white and the two right are grey.

On the left white one type this:

offset 464FA2
mov [edi+0xD5A774], ecx

This is not hard to understand. Like I told you before 464FA2 is an OFFSET. You must tell
EASYWRITE where to start coding so you must always give him an OFFSET.
Under the OFFSET there is our code. Now press the CHECK button. On the right you will see
this appear:
Poke 464FA2 89 8F 74 A7 D5 00

If your memory is okey (and it is ;-) then you remember that is the same as our AUTOHACK
UNPATCHED TMK script from tutorial 2. Don't remember? Here it is again:

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Tmk button script
Copy and Past into tmk using ctrl+V
Ex: Patched script for a ON button
and Unpatched script for a OFF button

Patched script:
Poke 464FA2 90 90 90 90 90 90


UnPatched script:
Poke 464FA2 89 8F 74 A7 D5 00
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

You see. And behind PATCHED SCRIPT is Poke 464FA2 90 90 90 90 90 90. The difference between
the two lines is this:
The first:
90 90 90 90 90 90
The second:
89 8F 74 A7 D5 00

Unpatched means original. So the original instruction was 89 8F 74 A7 D5 00. But we replace
those by 90's. 90 is called a NOP-instruction. NOP means NO Operation or in other words
"do nothing". So this is why PATCHED SCRIPT hacks your game because it just skips the
"remove money" routine (Poke 464FA2 89 8F 74 A7 D5 00 is the remove money routine)

offset 0x464FA2
mov [edi+0xD5A774], ecx

This is called ASM, or Assembly. It is a programming language just like C++, Perl, Delphi or
any other.

You may wonder why I have showed you EASYWRITE because you could have done the same using
the autohack right? Right. Now you can but what if you don't want to stop the money from
decreasing but you want for example that it increases your money? That is where EASYWRITE
comes in. You insert the ASM and EASYWRITE generates the TMK script for you.

Let's use the example that is used at TSearch Help.
We have a small program and when you press a the button it adds 1.
At the start it is 0. When you press the button it becomes 1. When you press again it becomes
2 etc.

Say we use AUTOHACK and we find: 401384 - mov [41d090],eax
This says it will MOV EAX to [41D090]. Since every time your press the button it increases
with 1 we know that EAX=1. We can use EASYHACK to DECREASE the counter everytime we press
the button. To do that we will have to make EAX=-1.

Start EASYHACK. You will have to write this:

offset 0x400000
dec eax
dec eax
mov [41d090],eax
ret
offset 0x4013784
call 0x400000

Now let me explain why. You see "dec eax" two times. logical because 1 has to become -1
1-eax(1)-eax(1)=-1. DEC means DECREASE. (inc is increase).
We are doing maths here and we need memory to do that. We cannot use memory that is being
used by the game so we take an empty part of the memory --> 0x400000
Then when eax=-1 we do the counting --> mov [41d090],eax
To show that we have to do that every time we use RET (return).
And from 0x4013784 we have to CALL the eax value at 0x400000.
So now instead of adding 1 every time you press the button it adds -1 which means it
decreases with 1 every time you press the button.

I'm sure you can think of many more examples like when your health reaches 0 normally
you will jump (JZ=jump if zero) to the "You are dead" part. And when your ammo reaches
0 JZ to "Reload". Now you will know how to beat those ;-)

Ciao
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Greetings go out to all of Computer knightS (EFNET, #computerknights) especially Solata
Greetings go out to all of Extalias members especially Snok
Greetings to [Sheep] for helping me out.
Greetings to #cracking4newbies.
Greetings to #gamehacking.
Greetings for all the others. You know who you are ;-)

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

BliZZard, blizzard_1337@hotmail.com