Devil May Cry 4 - Some Hacks

Hacking Any Other Offline Single-Player Game

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

Devil May Cry 4 - Some Hacks

Postby WhiteHat » Fri Mar 13, 2009 10:04 am

I played this game months ago and enjoyed it much. Lot’s of action and impressive graphics packed...
Link: http://www.gamespot.com/pc/action/devil ... lt;title;1

Decided to share some of its hacks with hope that we can learn something out of it..

EDIT NOTE: Following hacks are for DX9 launcher... Felheart reminded me about this. Thanks to him.

DMC4 - PLAYER’s GAUGES
Gauges’ value are unreadable. But using MHS basic Search for “Unknown Value” followed by “Increased”/“Decreased” and/or “Same As Before”/“Different from Before” and in some cases combined with “Same as Original” Sub-Search, we can determined their values pretty easily...

And here are some details regard Player’s Gauge...

NERO’s GAUGE

Image

Health Gauge
Code: Select all
- Data-Type     : Float (4 bytes)
- Value Range   : 0 - 20000.00
- Complex Addr. : [["DevilMayCry4_DX9.exe"+0xA558B8]+0x24]+0x15CC

Max Health Gauge
Code: Select all
- Data-Type     : Float (4 bytes)
- Value Range   : 0 - 20000.00 (should be divisible by 1000.00)
- Complex Addr. : [["DevilMayCry4_DX9.exe"+0xA558B8]+0x24]+0x15D0

Each block value of Health Gauge value = 1000.00

Demon-Trigger Gauge
Code: Select all
- Data-Type     : Float (4 bytes)
- Value Range   : 0 - 10000.00
- Complex Addr. : [["DevilMayCry4_DX9.exe"+0xA558B8]+0x24]+0x1F24


Max Demon-Trigger Gauge
Code: Select all
- Data-Type     : Float (4 bytes)
- Value Range   : 0 - 10000.00 (should be divisible by 1000.00)
- Complex Addr. : [["DevilMayCry4_DX9.exe"+0xA558B8]+0x24]+0x1F28

Similar to Health Gauge, each block value of Demon-Trigger (DT) Gauge = 1000.00

Exceed Gauge (Ex-Gauge)
Code: Select all
- Data-Type     : Float (4 bytes)
- Value Range   : 0 - 270.00
- Complex Addr. : [["DevilMayCry4_DX9.exe"+0xA558B8]+0x24]+0xCCF4

Ex-Gauge Power Level
Code: Select all
- Data-Type     : Unsigned Long (4 bytes)
- Value Range   : 0 - 3
- Complex Addr. : [["DevilMayCry4_DX9.exe"+0xA558B8]+0x24]+0xCCE8

Neither Ex-Gauge and Ex-Gauge Power Level have max values since theirs are fix...

From the picture above, we can tell Nero’s condition according to his gauges:
Code: Select all
- Current Health : any value between 16000.00 and 17000.00
- Max Health     : 20000.00
- Current DT     : any value between 8000.00 and 9000.00
- Max DT         : 10000.00
- Ex-Gauge       : 270.00
- Ex-Gauge Power : 3



DANTE’s GAUGE

Image

Health Gauge, Max Health Gauge, DT Gauge, and Max DT Gauge of Dante are identic to those of Nero.
They even share the same Complex Address...

Disaster Gauge
Code: Select all
- Data-Type     : Float (4 bytes)
- Value Range   : 0 - 10000.00
- Complex Addr. : [["DevilMayCry4_DX9.exe"+0xA558B8]+0x24]+0x151F4

Each block value of Disaster Gauge = 1000.00

Royal Gauge
Code: Select all
- Data-Type     : Float (4 bytes)
- Value Range   : 0 - 30000.00
- Complex Addr. : [["DevilMayCry4_DX9.exe"+0xA558B8]+0x24]+0x14DAC

Each block value of Disaster Gauge = 3000.00

Neither Disaster Gauge and Royal Gauge have max values since theirs are fix...


From the picture above, we can tell Dante’s condition according to his gauges:
Code: Select all
- Current Health : any value between 17000.00 and 18000.00
- Max Health     : 20000.00
- Current DT     : 10000.00
- Max DT         : 10000.00
- Disaster Gauge : any value between 6000.00 and 7000.00
- Royal Gauge    : any value between 15000.00 and 30000.00


Those who familliar with Pointer Trail or Complex Address would noticed that the ones in DMC4 are pretty shallow. So things are going to be pretty much easy...


Other hacks are coming...
Last edited by WhiteHat on Sat Jun 06, 2009 9:46 am, edited 1 time in total.
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Postby shinnsohai » Fri Mar 13, 2009 12:28 pm

This game sounds fun...but,I think my com cant support the graphic
[even GeForce8800,play with low graphic quality,still lagging though]

"WhiteHat..U brought DVD or Download the game?" :D
-šнιηηšσнαι-
User avatar
shinnsohai
n00b
 
Posts: 973
Joined: Mon Feb 18, 2008 7:31 pm
Location: l_ A /\/ G l< A \/\/ I

Postby WhiteHat » Sat Mar 14, 2009 1:28 pm

I borrowed the game from my friend who borrowed it from his friend. It would take months for me to download 8GB game. Thus i have to replace the executable files (.EXE) with No-CD patch ones... Which reminds me to say that the Complex Address may not work for everyone unless your executable file is identical to mine..

I use Intel QuadCore, 2GB RAM, and GeForce 9800 GTX+. The game works like charm. Though i think 8800 should be enough to run DMC4 with lower resolution maybe ?
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Postby minorutono » Sat Mar 14, 2009 1:45 pm

Whitehat wrote:I borrowed the game from my friend who borrowed it from his friend.



Lol.... It gets around.


So you just installed the CD and then cracked it so it works non-cd?
User avatar
minorutono
i R t3h nUB!!111
 
Posts: 944
Joined: Thu Apr 17, 2008 10:10 am
Location: 2845 Vista Verde Way Cameron Park CA 95682

Postby WhiteHat » Mon Mar 16, 2009 12:58 pm

minorutono wrote:Lol.... It gets around.

Indeed. My other friend borrowed it from me too, and it happened about 2
months ago. And none can guarantee that he won’t borrow it to his friend..

So, basically, the game can be considered as if it’s LOST... :?


minorutono wrote:So you just installed the CD and then cracked it so it works non-cd?

I browsed the net and managed to find the crckd executables, so... yes i did... :oops:
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Postby WhiteHat » Fri Mar 20, 2009 12:35 pm

DMC4 - PLAYER’s COORDINATE

X Coordinate : [["DevilMayCry4_DX9.exe"+0xA558B8]+0x24]+0x30
Y Coordinate : [["DevilMayCry4_DX9.exe"+0xA558B8]+0x24]+0x34
Z Coordinate : [["DevilMayCry4_DX9.exe"+0xA558B8]+0x24]+0x38

Their data-type is FLOAT (4 bytes)...

Please note that Y Coordinate is the one which perpendicular to ground...
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Postby WhiteHat » Fri Mar 20, 2009 12:57 pm

DMC4 - LOCKED DEMON

Ever wonder for the health values of those demons ?
Change the game screen to window mode. Arranged the windows so that both game and MHS’ Expression Evaluator are visible.. Back in game, lock any demon you want.

Put these following Complex Addresses into MHS Expression Evaluator:

The Pointer to Locked Demon :
Code: Select all
[[["DevilMayCry4_DX9.exe"+0xA558B8]+0x24]+0x3080]


Locked Demon, Distance to Player :
Code: Select all
f[[[["DevilMayCry4_DX9.exe"+0xA558B8]+0x24]+0x3080]+0x24]


Locked Demon, Max Health :
Code: Select all
f[[[["DevilMayCry4_DX9.exe"+0xA558B8]+0x24]+0x3080]+0x28]


Locked Demon, Health :
Code: Select all
f[[[["DevilMayCry4_DX9.exe"+0xA558B8]+0x24]+0x3080]+0x2C]


You can also put them into MHS table. Don’t forget to eliminate the outermost brackets to get the address.
They’re all FLOAT data-type except for the pointer...
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Postby Felheart » Fri Jun 05, 2009 7:43 pm

Cool, thanks again WhiteHat, excellent work!!
Saved me alot of time!
Felheart
Acker
 
Posts: 89
Joined: Sun Apr 27, 2008 3:05 am
Location: Germany

Postby WhiteHat » Fri Jun 05, 2009 7:58 pm

It’s good to see you again... Anyway, are you training DMC4 ?

I always wonder if those base address are working for others,
since i’m using the *crckd* module...

There are still lot more hacks actually, such as:
- Damage multiplicator. You can simulate God Mode with this.
- Pace modificator. You can freeze those demons but you.
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Postby Felheart » Fri Jun 05, 2009 10:25 pm

All your pointers work, of course just with the DirectX 9 EXE.
In the dx10 mode those pointer trails dont work.
And yes, i try to make a trainer for DMC4 with several other features
like permanent "bullet-time" mode...
When i found the pointers for DX10 i will post them here.
Felheart
Acker
 
Posts: 89
Joined: Sun Apr 27, 2008 3:05 am
Location: Germany

Postby WhiteHat » Sat Jun 06, 2009 9:48 am

Now that you remind me, those hacks above are for DX9 launcher.
Thanks...

And feel free to post DX10 pointers here. That would be real nice..
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Postby Felheart » Sun Jun 07, 2009 10:34 am

This is the pointer to the DevilTrigger gauge:
Code: Select all
[[DevilMayCry4_DX10.exe + A5C8BC] + 0x24] +0x1F24


I'am sorry, I dont have much time.
But I will work on all other usefull pointers and will post them here as soon as iam finished.

It's really nice to see you still remember me WhiteHat :)
How did you obtain your pointers?
I got the above one like this:
SearchValue -> AutoHack -> pointerseach -> AutoHack...
Basically the same as in Warcraft ;)

I'am pretty sure you have encountered this pice of ASM code too:

Image

The highlighted code is the code wich "writes" the gauge.
But why does MHS show it?
EAX is 05B6A044 there.
This is in now way related with the address of the gauge!

The whole disassembly is very confusing for me.
What does DW mean, and why does MHS sometimes say something about a debugger-trap when i click it?

Is it some sort of debugging or anti-cheat protection??
I hope anyone can explain this to me.

Thanks, Felheart.
Felheart
Acker
 
Posts: 89
Joined: Sun Apr 27, 2008 3:05 am
Location: Germany

Postby WhiteHat » Sun Jun 07, 2009 6:06 pm

Felheart wrote:I'am sorry, I dont have much time.
But I will work on all other usefull pointers and will post them here as soon as iam finished.

It’s okay. Don’t take it as an obligation though.
Just do it when you feel you want to..


Felheart wrote:It's really nice to see you still remember me WhiteHat :)

I don’t have a good memory, actually. But it was you the reason i wrote that actually-well-known-before pointer tutorial in WarCraft 3.


Felheart wrote:How did you obtain your pointers?

Pretty much the same with that WC3 pointer tutorial... ;)


Felheart wrote:The whole disassembly is very confusing for me.
What does DW mean, and why does MHS sometimes say something about a debugger-trap when i click it?

Is it some sort of debugging or anti-cheat protection??
I hope anyone can explain this to me.

I believe that L. Spiro has the most precise answer for this...

All i can say is, MHS has not yet able to translate them the way they are suppose to translated. Please correct me if i’m wrong, but they are what so called SSE Assembler. Read here for similar problem..

I have no choice but to use other tools (such as CE or Olly) to decode them, and eventually ended up with those pointers.

To tell you some other games i know, in which SSE ASM were encountered:
- OUTRUN 2006
- Biohazard 4
- The Last Remnant

Funny thing is, all of them were console games before got ported to PC...
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Postby Felheart » Tue Jun 09, 2009 2:25 am

DMC4 - DirectX_10

Devil Trigger:
Code: Select all
[[DevilMayCry4_DX10.exe + A5C8BC] + 0x24] + 0x1F24


Exceed Gauge (the 3stages of neros sword):
Code: Select all
[[DevilMayCry4_DX10.exe + A5C8BC] + 0x24] + 0xCCE8


Health:
Code: Select all
[[DevilMayCry4_DX10.exe + A5C8BC] + 0x24] + 0x15CC


Disaster Gauge:
Code: Select all
[[DevilMayCry4_DX10.exe + A5C8BC] + 0x24] + 0x151F4
Felheart
Acker
 
Posts: 89
Joined: Sun Apr 27, 2008 3:05 am
Location: Germany

Postby mc.flash » Wed Jun 10, 2009 12:25 am

:D and how to make 1 hit k o in any normal game that dont show u the weapone is damage :P
♣♦☻☺I ♥ MHS ☺☻♦♣
Image
Image
<a href="http://www.starsofwww.com//community_showvideos.php?prdPassId=1820" target="_blank"><center><strong style="font-size:22px;"><img alt="Hit Me To Vote My Videos" hspace=3 src="http://www.starsofwww.com/images/blinkstar1.gif" width=50 height="50" border=0><br />

Click Here to Vote Me
Best (Rapper, Singer) on StarofWWW.com

</strong><br />
</center><img border=1 style="BORDER-LEFT-COLOR: #4D0606; BORDER-BOTTOM-COLOR: #4D0606; BORDER-TOP-COLOR: #4D0606; BORDER-RIGHT-COLOR: #4D0606" src="http://www.starsofwww.com/community/LiLDizY/thumb_prdImg2010_Jan_Wed_06_04_53_281327.jpg"><br />
LiLDizY<br />
<strong>Name:</strong> Loay Ahmed<br />Lil dizy rapper from egypt 15 years old ..
<br />Code of Nominations:<strong>1820c6dbb1</strong><br /></a><br /><center><img alt="Hit Me To Vote My Videos" hspace=3 src="http://www.starsofwww.com/images/blinkstar1.gif" width=50 height="50" border=0></center>
vote for me please!
User avatar
mc.flash
NULL
 
Posts: 171
Joined: Tue Jul 22, 2008 9:27 am
Location: In Da Club!

Next

Return to Others (Offline)

Who is online

Users browsing this forum: No registered users and 0 guests

cron