Making one sided one hit kill hacks - Register compare method by EEDOK best read in 800x600 resolution Mr_eedok@hotmail.com ------------------------------------------------------------------------------------- Foreword: Yea I know I've been putting off a lot of gamehacking for my game, and I've been meaning to do this tutorial for a while, but just for you guys, I'm going to take some time off my game and write this tutorial for you. :) ------------------------------------------------------------------------------------- Recommended for this tutorial: Artmoney Softice A game that uses the same routine for both player and npc Knowing how to find addresses. Knowing how to make a general 1 hit kill hack. Basic ASM ------------------------------------------------------------------------------------- Theory: The problem with forcing jumps in routines is that the computer ends up getting the same advantage, and you end up dying instantly too. One way around this is to find the area of the function which identifies the player being killed and make it so instant death only runs when it's not you. ------------------------------------------------------------------------------------- Getting Started: 1. Open up your memory searcher, and find your health address. 2. Open up Softice, and set a on write breakpoint on your health address. 3. make your health decrease so you end up at the health decrementing routine. 4. Moving down the code you may notice something interesting after the health decrementing routine, looks like cmp _____ , 0x0 and a jump after that. 5. force the jump after that to make sure it's the code to determine death. 6. If the condition of 5 is done look at the register for the area of the memory that's being compared to 0, there's 3 possibilities: Your health pointer, a static identifier register, or a dynamic identifier register. 7. Make the: cmp ___, 0 jle deathroutine portion of the code to jump to a code cave, what you enter depends on the result of 6. If it is your health pointer: 8. In the code cave make it something like this. cmp [healthpointer], identifier register jne deathroutine jmp back If it's not your health pointer: 8. Search for a pointer to the identifier. If you can find a pointer: 8a. Make a function like this in your code cave: cmp [identifier address], identifier jne deathroutine jmp back If it's a static identifier: If there's an unused register: 8a. Make a function like so: mov unused register, identifier value cmp unused register, identifier jne deathroutine jmp back If there isn't an unused register: 8a. function: push register not used in routine mov register just pushed, identifier value cmp unused register, identifier jne _routine1 pop register pushed at beginning jmp back _routine1: pop register pushed at beginning jmp deathroutine ----------------------------------------------------------------- Special note: If you can use your health pointer in this routine, use it!!! as Identifiers are different on different operating systems! ----------------------------------------------------------------- Shouts to: Devious: Stonerifik, Tsongkie, Omega, Synbios, Micral, Mini^Me, brzi, Invader, Sn0w renzo, bie, ddh, Vortexion, routine_error, [Ginger], Ultimate, Zekk Web sites: http://devious.tsongkie.com http://voidofmind.com/eedok http://www.ghu.as.ro Feel free to tell me about corrections, or additions I should make to this tutorial. If you find a copy of this tutorial on a site not listed above, feel free to contact me about it, I'll take care of the rest.