Making one sided one hit kill hacks - Register compare method
by EEDOK
best read in 800x600 resolution
Mr_eedok@hotmail.com
-------------------------------------------------------------------------------------
Foreword:
Yea I know I've been putting off a lot of gamehacking for my game, and I've been
meaning to do this tutorial for a while, but just for you guys, I'm going to take
some time off my game and write this tutorial for you. :)
-------------------------------------------------------------------------------------
Recommended for this tutorial:
Artmoney
Softice
A game that uses the same routine for both player and npc
Knowing how to find addresses.
Knowing how to make a general 1 hit kill hack.
Basic ASM
-------------------------------------------------------------------------------------
Theory:
The problem with forcing jumps in routines is that the computer ends up getting the
same advantage, and you end up dying instantly too. One way around this is to find
the area of the function which identifies the player being killed and make it so
instant death only runs when it's not you.
-------------------------------------------------------------------------------------
Getting Started:
1. Open up your memory searcher, and find your health address.
2. Open up Softice, and set a on write breakpoint on your health address.
3. make your health decrease so you end up at the health decrementing routine.
4. Moving down the code you may notice something interesting after the health decrementing
routine, looks like cmp _____ , 0x0 and a jump after that.
5. force the jump after that to make sure it's the code to determine death.
6. If the condition of 5 is done look at the register for the area of the memory that's being
compared to 0, there's 3 possibilities: Your health pointer, a static identifier register, or
a dynamic identifier register.
7. Make the:
cmp ___, 0
jle deathroutine
portion of the code
to jump to a code cave, what you enter depends on the result of 6.
If it is your health pointer:
8. In the code cave make it something like this.
cmp [healthpointer], identifier register
jne deathroutine
jmp back
If it's not your health pointer:
8. Search for a pointer to the identifier.
If you can find a pointer:
8a. Make a function like this in your code cave:
cmp [identifier address], identifier
jne deathroutine
jmp back
If it's a static identifier:
If there's an unused register:
8a. Make a function like so:
mov unused register, identifier value
cmp unused register, identifier
jne deathroutine
jmp back
If there isn't an unused register:
8a. function:
push register not used in routine
mov register just pushed, identifier value
cmp unused register, identifier
jne _routine1
pop register pushed at beginning
jmp back
_routine1:
pop register pushed at beginning
jmp deathroutine
-----------------------------------------------------------------
Special note: If you can use your health pointer in this routine, use it!!! as
Identifiers are different on different operating systems!
-----------------------------------------------------------------
Shouts to:
Devious: Stonerifik, Tsongkie, Omega, Synbios, Micral, Mini^Me, brzi, Invader, Sn0w
renzo, bie, ddh, Vortexion, routine_error, [Ginger], Ultimate, Zekk
Web sites:
http://devious.tsongkie.com
http://voidofmind.com/eedok
http://www.ghu.as.ro
Feel free to tell me about corrections, or additions I should make to this tutorial.
If you find a copy of this tutorial on a site not listed above, feel free to contact
me about it, I'll take care of the rest.
|
|