Ответить 
 
Оценка темы:
  • 20 голосов - 3.35 в среднем
  • 1
  • 2
  • 3
  • 4
  • 5
[Question for Devs/Coders/Programmers] - Car hash id found
10.10.2014, 05:31 AM
Сообщение: #1
[Question for Devs/Coders/Programmers] - Car hash id found
PaganiZondaRoadster: C57E3786

I was using the NFSW_CarChanger from vityac and is amazing.

I just had curiosity how he found C57E3786 because, when i tried it with cheat engine to build the structure of all cars i didn't found any string related to "ZONDAROADSTER"

And after some research with olly i found this:

00330669 - 8B 47 48 - mov eax,[edi+48]

edi = the base of my actual car + 48 = my car id hash

so if i change that value to C57E3786 i get that pagani lol

Anyone that can understand how he did it, please help me XD
Like Пост Цитировать это сообщение в ответе
[-] 1 пользователь "Liked" сообщение Quantum5olaris'a :
Zapiliment (01-21-2015)
10.10.2014, 02:11 PM
Сообщение: #2
RE: [Question for Devs/Coders/Programmers] - Car hash id found
how? he reverse all code for change vehicle..
that hack use direct access to game car struct
Like Пост Цитировать это сообщение в ответе
10.10.2014, 03:21 PM
Сообщение: #3
RE: [Question for Devs/Coders/Programmers] - Car hash id found
so by reversing my own car struct i can get others hash id by entering new car string right? :D
Like Пост Цитировать это сообщение в ответе
10.10.2014, 05:43 PM
Сообщение: #4
RE: [Question for Devs/Coders/Programmers] - Car hash id found
(10.10.2014 03:21 PM)Quantum5olaris : so by reversing my own car struct i can get others hash id by entering new car string right? :D

+u can generate it. name -> hash. game have spec proc for that...
Like Пост Цитировать это сообщение в ответе
[-] 1 пользователь "Liked" сообщение GamerZ'a :
AeroAqua (10-10-2014)
10.10.2014, 10:34 PM
Сообщение: #5
RE: [Question for Devs/Coders/Programmers] - Car hash id found
HEHE, this conversation is great :)

I don't know what spec proc is lol, so i suppose to use reclass or dissect structure from cheat engine.

I have ida pro 6.1 but i'm not so advanced to generate that struct by using that software, all i can do is try to understand the code by using hexrays plug :)

can you give me some light on it please?
Like Пост Цитировать это сообщение в ответе
10.10.2014, 11:16 PM
Сообщение: #6
RE: [Question for Devs/Coders/Programmers] - Car hash id found
what... he use only ollydbg2

here carArray
C7 45 FC ?? ?? ?? ?? 84 DB 74 ?? 8B 0D
....
MOV ECX,carArray
MOV ECX,DWORD PTR[ECX]
MOV EAX,DWORD PTR[ECX]
MOV EAX,DWORD PTR[EAX]
PUSH 0x4A97EC8F
CALL EAX
Like Пост Цитировать это сообщение в ответе
11.10.2014, 10:18 AM
Сообщение: #7
RE: [Question for Devs/Coders/Programmers] - Car hash id found
010D3AC0 /$ 55 PUSH EBP
010D3AC1 |. 8BEC MOV EBP,ESP
010D3AC3 |. 83EC 0C SUB ESP,0xC
010D3AC6 |. 833D 80CD7A01 >CMP DWORD PTR DS:[0x17ACD80],0x0
010D3ACD |. 0F85 EE000000 JNZ nfsw.010D3BC1
010D3AD3 |. 53 PUSH EBX
010D3AD4 |. 8A5D 08 MOV BL,BYTE PTR SS:[EBP+0x8]
010D3AD7 |. 33C0 XOR EAX,EAX
010D3AD9 |. 84DB TEST BL,BL
010D3ADB |. 0F95C0 SETNE AL
010D3ADE |. 56 PUSH ESI
010D3ADF |. 57 PUSH EDI
010D3AE0 |. 8D4D F4 LEA ECX,DWORD PTR SS:[EBP-0xC]
010D3AE3 |. 48 DEC EAX
010D3AE4 |. 83E0 40 AND EAX,0x40
010D3AE7 |. 0D 00100000 OR EAX,0x1000
010D3AEC |. 50 PUSH EAX ; /Arg3
010D3AED |. 51 PUSH ECX ; |Arg2
010D3AEE |. 68 D42E6601 PUSH nfsw.01662ED4 ; |Arg1 = 01662ED4 ASCII "GLOBAL\FE_ATTRIB.BIN"
010D3AF3 |. E8 C8A4FFFF CALL nfsw.010CDFC0 ; \nfsw.010CDFC0
010D3AF8 |. 0FB6F3 MOVZX ESI,BL
010D3AFB |. 83C4 0C ADD ESP,0xC
010D3AFE |. F7DE NEG ESI
010D3B00 |. 1BF6 SBB ESI,ESI
010D3B02 |. 83E6 40 AND ESI,0x40
010D3B05 |. 33FF XOR EDI,EDI
010D3B07 |. 8945 F4 MOV DWORD PTR SS:[EBP-0xC],EAX
010D3B0A |. 881D 3BCD7A01 MOV BYTE PTR DS:[0x17ACD3B],BL
010D3B10 |. C745 FC 54E465>MOV DWORD PTR SS:[EBP-0x4],nfsw.0165E454
010D3B17 |. 84DB TEST BL,BL
010D3B19 |. 74 1C JE SHORT nfsw.010D3B37
010D3B1B |. 8B0D B4237C01 MOV ECX,DWORD PTR DS:[0x17C23B4]
010D3B21 |. 8B11 MOV EDX,DWORD PTR DS:[ECX]
010D3B23 |. 8B42 1C MOV EAX,DWORD PTR DS:[EDX+0x1C]
010D3B26 |. FFD0 CALL EAX
010D3B28 |. 8B3D 68CD7A01 MOV EDI,DWORD PTR DS:[0x17ACD68]
010D3B2E |. 8D4D FC LEA ECX,DWORD PTR SS:[EBP-0x4]
010D3B31 |. 890D 68CD7A01 MOV DWORD PTR DS:[0x17ACD68],ECX
010D3B37 |> 8B0D B4237C01 MOV ECX,DWORD PTR DS:[0x17C23B4]
010D3B3D |. 8B11 MOV EDX,DWORD PTR DS:[ECX]
010D3B3F |. 8B02 MOV EAX,DWORD PTR DS:[EDX]
010D3B41 |. 68 1B7B4138 PUSH 0x38417B1B
010D3B46 |. FFD0 CALL EAX
010D3B48 |. 8B0D 40307B01 MOV ECX,DWORD PTR DS:[0x17B3040]

Here:
|. C745 FC 54E465>MOV DWORD PTR SS:[EBP-0x4],nfsw.0165E454
010D3B17 |. 84DB TEST BL,BL
010D3B19 |. 74 1C JE SHORT nfsw.010D3B37
010D3B1B |. 8B0D B4237C01 MOV ECX,DWORD PTR DS:[0x17C23B4]

and Here:
010D3B37 |> 8B0D B4237C01 MOV ECX,DWORD PTR DS:[0x17C23B4]
010D3B3D |. 8B11 MOV EDX,DWORD PTR DS:[ECX]
010D3B3F |. 8B02 MOV EAX,DWORD PTR DS:[EDX]
010D3B41 |. 68 1B7B4138 PUSH 0x38417B1B

you mean that the complete struct for car is inside 0x17C23B4 or inside 0x165E454? :)
Like Пост Цитировать это сообщение в ответе
[-] 1 пользователь "Liked" сообщение Quantum5olaris'a :
thanasis123432 (02-23-2015)
13.10.2014, 10:39 AM
Сообщение: #8
RE: [Question for Devs/Coders/Programmers] - Car hash id found
ask author. maybe 0x17C23B4 end data...
Like Пост Цитировать это сообщение в ответе
Ответить 




Просматривают: Гости: 1


Обратная связь и сотрудничество | Dark Team | Вернуться в начало | Вернуться к содержанию | Мобильная Версия | RSS Синдикация