Jump to content


Photo
- - - - -

Gangster2 Godmode - Pls help


  • Please log in to reply
9 replies to this topic

#1 Sandokhan

Sandokhan

    n00bie

  • Members
  • PipPip
  • 22 posts

Posted 20 August 2011 - 04:31 PM

Game : Gangsters 2 version 1.7

Hi friends i know its a pretty old game, but i wanted learn how to make trainer with Godmode. so i started with this game wich i like alot.

im editing my old topic..i have learned much but still im stuck at some points..i feel its almost done,

i found player health player 2 and enemy health.
noobing freezes both, me and enemys health so i have done the structure dissect like its told in tutorial.

but in this game seems the IDs have to found with pointers (im not sure)

and at last im stuck at assemble ...code injection

sub eax,esi
mov ecx,edi
mov [edi+5C],ax <---- find out what writes to this adress


alloc(godmode,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(godcode)
godmode: //this is allocated memory, you have read,write,execute access
cmp [edi+BC],P->002E0005 <--- pointer different at dissect structure
je godcode
jmp orginalcode
originalcode:
sub eax,esi
mov ecx,edi
mov [edi+5C],ax
jmp returnhere
godcode:
*what comes here?? add eax,esi i tried it crashes game* need add health back but how??*
"Gangsters2.exe"+213BFB:
jmp godmode
returnhere:

add [esi+5C],ax <----- heals my gangsters at safehouse

i sent pics from structures etc..please experienced grand masters help me out..im sure this would be a great tutorial

thanks.


Posted Image
------------------------------------------------------------------------------------------------------------------------------------------------
Posted Image

----------------------------------------------------------------------------------------------------------------------------------------------
Posted Image
---------------------------------------------------------------------------------------------------------------------------------------------------
Posted Image
would nice if someone can help me...thanks

#2 KEMiCZA

KEMiCZA

    Administrator

  • Administrators
  • 400 posts
  • LocationBelgium

Posted 21 August 2011 - 12:23 PM

Look into code injection tutorials. Nopping an instruction will only make it not functional. You need to find a way to separate your health from the enemies.

#3 Sandokhan

Sandokhan

    n00bie

  • Members
  • PipPip
  • 22 posts

Posted 22 August 2011 - 01:08 PM

yes i know. with setting breakpoint right? i tried this but the game freezes and F9 not working.
how can i do it another way?


Done! but not with Cheatengine.
with "Tsearch's disambler" was it pretty easy.
Had only to autohack and Nop the adress : mov [edi+c],ax
And all my Gansters are invincible :)

Thanks KEMÄ°CZA

#4 brell

brell

    n00bie

  • Members
  • 2 posts

Posted 16 May 2012 - 06:52 AM

Any luck with the god mode trainer? would love to have a go of that!

#5 Omega

Omega

    Legendary

  • Staff
  • 612 posts
  • LocationThere's no place like 127.0.0.1

Posted 16 May 2012 - 09:51 AM

There shouldn't be any difference between nopping the address in Cheat Engine and TSearch!
If it uses the same routine for both enemy and you units then you need to find the register which contains the unit ID's.. IE.. the last game i hacked used 450000 (or something similar) to identify if its my character or not, so I just put a compare on that register and if it equaled my ID then don't decrease, and if it equaled the other ID's I found the max health of the char (usually within the same data structure and then removed it from their health (1 hit kill).
Omega - The perfection everything comes to speak.

#6 matzu

matzu

    n00bie

  • Members
  • 3 posts

Posted 23 September 2012 - 10:16 AM

wow, do you successfully godmode your gangster? nice, i'm still stranded in the outerspace hehhe

#7 KEMiCZA

KEMiCZA

    Administrator

  • Administrators
  • 400 posts
  • LocationBelgium

Posted 02 March 2013 - 01:19 PM

How did you find the "mov [edi+5C],ax"? Try setting another read/write breakpoint on your players health address and see at what instructions it breaks. Usually it's more than just one. And if you're lucky One of those instructions will only access/write your players health and another will access/write both your players and enemies (called shared instruction).

If you find such an instruction where it only reads/writes your players health then you can get the base address and use this for comparison in the shared instruction.

I hope this makes sense, if not just show me all the instructions you can find that access/write to your players health address.

EDIT: I misread the title, I thought you needed a One Hit Kill option.

#8 KEMiCZA

KEMiCZA

    Administrator

  • Administrators
  • 400 posts
  • LocationBelgium

Posted 02 March 2013 - 03:11 PM

This is what I did.

When you get hit this instruction gets executed: mov [edi+5C],ax

The problem of course is that when you hit your enemies this instruction gets executed as well. So we can't make an injection unless we can somehow separate us from the enemy. Also from this instruction you know that our players health is stored in a 2byte address because of the "ax" register, which is a sub-register of eax and ax can be divided into ah/al (one byte).

EDI holds our base address in this case. If EDI was 0x09B53FB0 for example, 0x09B53FB0 + 0x5C would be our health address. So instead of putting a breakpoint (find out what accesses this address) on our health address try putting one on the base address. This should result into multiple results.

Posted Image

Copy the first address and go into Memory Viewer, ctrl+g and paste the address, right click and "Find out what addresses this instruction accesses". Go back into the game and if you're not around enemies it might show you only one or two results (depending on how many guys you have). But once you locate enemies you will see the list increase.

Posted Image

This means that this instruction is shared. So let's try the other one we found.
Posted Image

In this example I had two gangsters (I assume you can have more while the game progresses). And you can see the count is relatively high, because I've tried things like selecting enemy units shooting at them etc.. But nothing came back, except the results of our gangsters. One thing I noticed is that the count will only go up if the gangster is visible on the screen. So your gangster can die if you're not looking at him. But it basically works. Maybe you can find a better method to solve this issue. This is the final script:

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov eax,[edi]
mov word ptr [edi+5c], 200
mov ecx,edi
originalcode:
call dword ptr [eax+000000FC]
exit:
jmp returnhere
"Gangsters2.exe"+3CDE:
jmp newmem
nop
nop
nop
nop
nop
returnhere:

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"Gangsters2.exe"+3CDE:
mov eax,[edi]
mov ecx,edi
call dword ptr [eax+000000FC]
//Alt: db 8B 07 8B CF FF 90 FC 00 00 00


#9 Sandokhan

Sandokhan

    n00bie

  • Members
  • PipPip
  • 22 posts

Posted 02 March 2013 - 03:44 PM

uh thanks dear friend i was about to reply you that i get this code when my player gets a shoot. :)
i try to seperate if u look above pictures .. enemy 0 myplayers 1 but and the one with pointers. are different.


but you are great. this was the code which i suspected ** call dword ptr [eax+000000FC] ** - ... tryed it but without this of course :)) and it crashed. i have to learn much i see. but i make progress i think :)

mov eax,[edi]
mov word ptr [edi+5c], 200
mov ecx,edi
its work perfect ..i will work little on it as you say..


#10 Sandokhan

Sandokhan

    n00bie

  • Members
  • PipPip
  • 22 posts

Posted 02 March 2013 - 09:12 PM

i noticed something else...when i inject it from autoassemble manualy it works.but when i enable it from saved cheattable it noobs again me and enemy.
must add aob scan i think :) but great work you did it .you are the best. i asked it in cheatengine forum too but nobody even answered me you are a good man.
i will help here too as much i can.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users