Xlive (GFWL) Memory Integrity Check Bypass
Posted: Tue Aug 18, 2009 3:03 am
Hi folks.
I had come up with a way of bypassing the memory checks of xlive. As many will know, if you try and alter gamecode on a live-enabled game (such as gears of war, fallout 3, street fighter, fuel etc) it will crash. Perhaps not immediately, but it will at some stage.
Anyway, I had only shared this method with certain people, because it was a certain 'rarity'. However, now H4x0r (the now-famous trainer-ripper) has skanked it from a cheathappens release recently. So now, suprise suprise, many more people know. So I have decided to post it and make this known, so other people can benefit from it.
There is a byte-sequence you should search for (took a while to track down obviously, seen as though no-one else has done one):
8B EC 83 EC 20 53 56 57 8D 45 E0 33 F6 50 FF 75 0C 8B F9
Search for this in the xlive module and this will land you at the start of the routine which deals with the checking. All you have to do is prevent it from doing it's stuff, so placing a RETN 0C at the start of the code is one way to achieve this.
This byte pattern has been present since the earliest versions of xlive and still works for the very latest v3 version. I worked very carefully to find a 'universal pattern'. So find that in the game, patch it and modify memory with your hacks. Done!
Feel free to share and use in your releases. A note of some kind would be nice though to show where you got it from and so I know who's making use of it.
~Psych
I had come up with a way of bypassing the memory checks of xlive. As many will know, if you try and alter gamecode on a live-enabled game (such as gears of war, fallout 3, street fighter, fuel etc) it will crash. Perhaps not immediately, but it will at some stage.
Anyway, I had only shared this method with certain people, because it was a certain 'rarity'. However, now H4x0r (the now-famous trainer-ripper) has skanked it from a cheathappens release recently. So now, suprise suprise, many more people know. So I have decided to post it and make this known, so other people can benefit from it.
There is a byte-sequence you should search for (took a while to track down obviously, seen as though no-one else has done one):
8B EC 83 EC 20 53 56 57 8D 45 E0 33 F6 50 FF 75 0C 8B F9
Search for this in the xlive module and this will land you at the start of the routine which deals with the checking. All you have to do is prevent it from doing it's stuff, so placing a RETN 0C at the start of the code is one way to achieve this.
This byte pattern has been present since the earliest versions of xlive and still works for the very latest v3 version. I worked very carefully to find a 'universal pattern'. So find that in the game, patch it and modify memory with your hacks. Done!
Feel free to share and use in your releases. A note of some kind would be nice though to show where you got it from and so I know who's making use of it.
~Psych