MASS EFFECT 2

Hacking Any Other Offline Single-Player Game

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

MASS EFFECT 2

Postby WhiteHat » Fri Feb 05, 2010 12:09 pm

WEAPON HACKS

Just played this game for less than an hour. Haven’t got enough time to make some complex addresses and/or injection.I began with hacking Ammo (in my inventory) value, with basic searching for Unsigned Long. I studied the values around the address and found some important values that lead me to NO-RECOIL hack.

If the address of Ammo = address_Ammo (UNSIGNED LONG), then:

address_Ammo + 0x004 = WeaponAmmo (FLOAT)
Change the value to 0.00 to make your WeaponAmmo (that is the ammo inside your weapon, not your inventory) unlimited.

address_Ammo - 0x024 = Crosshair #1 for Normal Mode (FLOAT)
address_Ammo - 0x028 = Crosshair #2 for Normal Mode (FLOAT)
address_Ammo - 0x02C = Crosshair #1 for Zoom Mode (FLOAT)
address_Ammo - 0x030 = Crosshair #2 for Zoom Mode (FLOAT)

Change their values to 0.00 float to get an accurate CrossHair

address_Ammo - 0x064 = Vertical Recoil for Normal Mode (FLOAT)
address_Ammo - 0x060 = Vertical Recoil for Zoom Mode (FLOAT)
address_Ammo - 0x05C = Horizontal Recoil #1 (FLOAT)
address_Ammo - 0x054 = Horizontal Recoil #2 (FLOAT)

Change their value to 0.00 float to disable weapon recoil. Provides 99.9% aimming stable.

address_Ammo - 0x180 = Firing Accuracy #1 for Normal Mode (FLOAT)
address_Ammo - 0x15C = Firing Accuracy #2 for Normal Mode (FLOAT)
address_Ammo - 0x138 = Firing Accuracy #1 for Zoom Mode (FLOAT)
address_Ammo - 0x040 = Firing Accuracy #2 for Zoom Mode (FLOAT)

Change their value to 0.00 float to prevent the bullets fired from spreading.

So change all values of Crosshair, Recoil, and Accuracy will give us very accurate shots.

address_Ammo - 0x03C = Shooting Range
This address value determine how far the bullet will go.

address_Ammo - 0x0CC = Fire Delay
Change this address to 0.00 float to eliminate fire delay. Haven’t try this much, but it works for M4 Shuriken Machine Pistol.


That’s all i can share for now..
Everyone are welcome to share their own hacks here, preferably its logic made with MHS...
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Re: MASS EFFECT 2

Postby CoMPMStR » Sat Feb 06, 2010 1:20 am

Well I did find one hack, again with ammo but this is in Auto-ASM. This hack will give you infinite ammo, but not no reload. Your clip ammo will still decrease but when you reload, the total amount will not.

Code: Select all
fullaccess(009054E4, 4)

[enable]
xor eax, eax
nop
nop

[disable]
mov eax, dword ptr [esp+10]


If someone (Whitehat ;)) wants to post the static module address for 009054E4 then be my guest. This game kept giving me problems so I uninstalled it.
Image

______________________________________________________
My Utilities:
CT <-> LSSAVE Converter
LSS Visual Dialog Designer
.NET Trainer Helper Library

~Whether you think you can or you think you can't, you're right.

L. Spiro wrote:In my left hand is a red pill. If you take it I will show you the truth. I lost my right hand in the war, so I’m afraid you’re stuck with the red pill.
User avatar
CoMPMStR
(P)ot (I)n (M)y (P)ipe
 
Posts: 451
Joined: Thu Mar 06, 2008 7:50 am
Location: Best Place

Re: MASS EFFECT 2

Postby WhiteHat » Sat Feb 06, 2010 11:35 am

Following .LSSAVE (MHS Table) contains a code injection to defeat DMA. I copy a pointer value that called ‘MyPointer’ (which i believe a good starting point to other hacks) into address 0x400400 (MassEffect2.exe+0x400). From this address i built series of complex addresses based on my finding in the first post to make some weapon hacks.

Here’s the file: MassEffect2-WeaponHacks.lssave (2.84 KB)

EDIT 01: A newer one: Mass Effect 2 - Weapon Hacks ver 1.1 - WhiteHat (4.84 KB)

To indicate if this .LSSAVE works, the MyPointer Current Value match to its Value When Locked. If it’s not, then we have different version of MassEffect2.exe executable file. Pardon me for forgetting the details of my .exe file. I’ll post it soon after i checked it back at home...

Anyway, here’s how to activate the weapon hacks:
- Sort the Main List, by its Addresses Description
- Lock everything except the first two addresses

Please, study the Auto-Assembler script within MyPointer entry (address 0x400400). I made some comparison there to determine if the Pointer is really belongs to the player, and not every one else (AIs). I’ll post in detail of the logic next time (and, hopefully, new hacks). We really have to play far enough to discover new hacks...


@CoMPMStR
To be honest, i’m a bit hesitate to alter codes that modify our values directly. Affraid of them for being heavily shared, that modify not only one specific value, which is found often in nowadays games.

Never the less, thank you very much for sharing. It’s a valuable input... I’ll try it real soon...

Anyway, from my experiment, the no-reload hack can also be achieved by locking certain address to 0.00 (float). This address resides just 4 bytes after the Spare Ammo.

WhiteHat wrote:address_Ammo + 0x004 = WeaponAmmo (FLOAT)
Change the value to 0.00 to make your WeaponAmmo (that is the ammo inside your weapon, not your inventory) unlimited.

It works something like this:
- If our equiped weapon gets reloaded, this address value changed to 0.00 float
- If we fire the weapon 2x, this address value = 2.00 float
- If we fire the weapon 10x, this address value = 10.00 float
- etc

So, by locking this value to 0.00, the ammo in our currently weapon will never get reduced. Thus eliminate the needs to reload it...

One huge advantage of this method is that it also lock the ammo of our grenade launcher, which apparently uses a slightly different method from other weapons in term of ammo... Oh, and this hack is included in my .LSSAVE... Demolition-Man Mode: ON... :twisted:
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Re: MASS EFFECT 2

Postby WhiteHat » Sun Feb 07, 2010 1:08 pm

The .LSSAVE does not work smoothly. I’ve just re-test it, and apparently either i haven’t done enough comparison or injected the code in the wrong place. However, i’m quite sure for being in the right direction to hack it...

Anyhow, here is the fixed executable detail that i use:
Code: Select all
MassEffect2.exe
Size         : 15.6 MB (16,405,736 bytes)
Size on disk : 15.6 MB (16,408,576 bytes)
Created      : February 04, 2010, 11:05:48 PM


Will fix the .LSSAVE real soon...


[EDIT: Fixing Code-Injection]

I found a better place to inject to MyPointer entry which somehow i believe will be a base structure for many yet unknown hacks ...

Completely replace the code-injection (Auto-Assembler) for ‘MyPointer’ entry (address 0x400400) from my previous .LSSAVE file with this one, so the weapon hacks works a lot smoother...

Code: Select all
FullAccess( "MassEffect2.exe"+0x00000400, 256 )
FullAccess( "MassEffect2.exe"+0x00671CB4, 6 )

Alloc   ( MyCode, 2048 )
Label   ( OverwrittenCode )
Label   ( Exit )
Label   ( Return )

MassEffect2.exe+0x00671CB4 :
jmp     MyCode
nop
Return :

MyCode :
cmp     dword ptr [ecx], 01185F40
jne     OverwrittenCode
cmp     dword ptr [ecx+8], 00100004
jne     OverwrittenCode
cmp     dword ptr [ecx+24], FFFFFFFF
jne     OverwrittenCode
mov     dword ptr ["MassEffect2.exe"+00000400], ecx

OverwrittenCode :
mov     eax, dword ptr [edx+4A0]

Exit :
jmp     Return
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Re: MASS EFFECT 2

Postby WhiteHat » Sun Feb 07, 2010 9:05 pm

‘LOGISTIC’ Hacks

Everything looks good with ‘MyPointer’ up until now, some hacks i found based on previous hacks are:
[["MassEffect2.exe"+0x400]+0x3C8]+0x218 = Credits / Money
[["MassEffect2.exe"+0x400]+0x3C8]+0x21C = Medi-Gel
[["MassEffect2.exe"+0x400]+0x3C8]+0x220 = Element Zero
[["MassEffect2.exe"+0x400]+0x3C8]+0x224 = Iridium
[["MassEffect2.exe"+0x400]+0x3C8]+0x228 = Palladium
[["MassEffect2.exe"+0x400]+0x3C8]+0x22C = Platinum


For information, the Complex Address for current Spare Ammo in the .LSSAVE is:
[["MassEffect2.exe"+0x400]+0x3CC]+0x60C

For logistic hacks we use offset of 0x3C8, while Weapon hacks use offset of 0x3CC.
So, few studies around this address should be interesting...
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Re: MASS EFFECT 2

Postby WhiteHat » Mon Feb 08, 2010 8:30 am

A newer .LSSAVE of Weapons Hacks: Mass Effect 2 - Weapon Hacks ver 1.1 - WhiteHat (4.84 KB)
Modified from the old one, after conducted some experiments via Hex Editor. There are still lots and lots values left to try...

New entry added:
- Damage of Weapon in-use.
- Credits/Money


[EDIT: February 10th, 2010 - 9:23 GMT+7]

Here is a new .LSSAVE of Mass Effect Hacks: MassEffect2_-_WhiteHat.lssave (5.21KB)

I made it based on .LSSAVE for Weapon Hacks. Removed some silly entries of pointers and added following entries:
- Logistics (Credits, Medi-Gel, Element Zero, Iridium, Palladium, Platinum)
- Player Coordinates (X,Y,Z). The working ones !

Have the game finished last night with this .LSSAVE (table), so it should be enough. Yet, might added some more entries...



[EDIT: February 11th, 2010 - 13:59 GMT+7]

Using the .LSSAVE above (the Code-Injection at address MassEffect2.exe+0x400 is the only one we need), here are some additions:

Shepard’s Squad Points :
["MassEffect2.exe"+0x400]+0x558 ... (unsigned long)

Shepard’s Current HP :
[[["MassEffect2.exe"+0x400]+0x48]+0xC]+0x84 ... (float)


Shepard’s Max HP :
[[["MassEffect2.exe"+0x400]+0x48]+0xC]+0x98 ... (float)

Now that we have Hacks for Health, Skill Points, and Weapon. All basic needs are covered...



[EDIT: February 12th, 2010 - 11:55 GMT+7]

Sprint Timer :
[["MassEffect2.exe"+0x400]+0x48]+0x630 ... (unsigned long)

Lock this address’ value to 0.00 (float) to be able to do infinite Sprint.
This one is quite useful for fast exploration...
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Re: MASS EFFECT 2

Postby WhiteHat » Mon Feb 15, 2010 8:53 am

I’ve made some modification the code injection for address MassEffect2.exe+0x400 to ‘shorten’ complex addresses (pointer trails) for:
- MassEffect2.exe+0x400 : Points to Shepard base structure.
- MassEffect2.exe+0x404 : Points to Henchman #1 base structure.
- MassEffect2.exe+0x408 : Points to Henchman #2 base structure.
...provide them to be ready for building the heroes structure...

And here is the newest screenshot i made. Showing MHS main list (.LSSAVE link available below) in action: (pardon for the size)
Image

At the lower part, we can see MHS real-time expression evaluator showing the working Complex Addresses for Heroes’ health utilizing Heroes’ Base Structure which are stored at address 0x400400 ~ 0x400408. This is accomplished with Code-Injection. Also, an experiment of Shepard’s Shield which works pretty smooth but is not included yet in my LSSAVE since it does not work in the prologue mission...

And here’s the code-injection at 0x400400:
Code: Select all
; SET MODUL ACCESS
;-------------------------------------------------------------------------------------
FullAccess( "MassEffect2.exe"+0x00000400, 256 )
FullAccess( "MassEffect2.exe"+0x00671CB4, 6 )         ; My Base Address
FullAccess( "MassEffect2.exe"+0x0074D8C5, 5 )         ; My Henchmen Base Address
FullAccess( "MassEffect2.exe"+0x00673E97, 8 )         ; If Henchmen Base Address fail


; ALLOCS
;-------------------------------------------------------------------------------------
Alloc   ( MyBaseAddress_Code, 1024 )
Alloc   ( MyHenchmenBaseAddresses_Code, 1024 )
Alloc   ( BailOut_Code, 2048 )


; LABELS
;-------------------------------------------------------------------------------------
Label   ( MyBaseAddress_OverwrittenCode )
Label   ( MyBaseAddress_Exit )
Label   ( MyBaseAddress_Return )
Label   ( MyHenchmenBaseAddresses_Henchman2 )
Label   ( MyHenchmenBaseAddresses_OverwrittenCode )
Label   ( MyHenchmenBaseAddresses_Exit )
Label   ( MyHenchmenBaseAddresses_Return )
Label   ( BailOut_OverwrittenCode )
Label   ( BailOut_Exit )
Label   ( BailOut_Return )


; INJECTED CODES
;-------------------------------------------------------------------------------------
MassEffect2.exe+0x00671CB4 :
jmp     MyBaseAddress_Code
nop
MyBaseAddress_Return :

"MassEffect2.exe"+0x0074D8C5 :
jmp     MyHenchmenBaseAddresses_Code
MyHenchmenBaseAddresses_Return :

"MassEffect2.exe"+0x00673E97 :
jmp     BailOut_Code
nop
nop
nop
BailOut_Return :


; CODE INJECTION: MY BASE ADDRESS
;-------------------------------------------------------------------------------------
MyBaseAddress_Code :
cmp     ecx, dword ptr ["MassEffect2.exe"+0x00000400]
mov     dword ptr ["MassEffect2.exe"+0x00000400], ecx
je      MyBaseAddress_OverwrittenCode
mov     dword ptr ["MassEffect2.exe"+0x00000404], 0
mov     dword ptr ["MassEffect2.exe"+0x00000408], 0

MyBaseAddress_OverwrittenCode :
mov     eax, dword ptr [edx+4A0]

MyBaseAddress_Exit :
jmp     MyBaseAddress_Return


; CODE INJECTION: MY HENCHMEN BASE ADDRESSES
;-------------------------------------------------------------------------------------
MyHenchmenBaseAddresses_Code :
cmp     esi, dword ptr ["MassEffect2.exe"+0x00000400]
je      MyHenchmenBaseAddresses_OverwrittenCode
cmp     dword ptr ["MassEffect2.exe"+0x00000404], 0
jne     MyHenchmenBaseAddresses_Henchman2
mov     dword ptr ["MassEffect2.exe"+0x00000404], esi
jmp     MyHenchmenBaseAddresses_OverwrittenCode

MyHenchmenBaseAddresses_Henchman2 :
cmp     esi, dword ptr ["MassEffect2.exe"+0x00000404]
je      MyHenchmenBaseAddresses_OverwrittenCode
cmp     dword ptr ["MassEffect2.exe"+0x00000408], 0
jne     MyHenchmenBaseAddresses_OverwrittenCode
mov     dword ptr ["MassEffect2.exe"+0x00000408], esi

MyHenchmenBaseAddresses_OverwrittenCode :
mov     edi, dword ptr [esi]
setne   al

MyHenchmenBaseAddresses_Exit :
jmp     MyHenchmenBaseAddresses_Return


; CODE INJECTION: BAIL OUT
;-------------------------------------------------------------------------------------
BailOut_Code :
mov     dword ptr ["MassEffect2.exe"+0x00000404], 0
mov     dword ptr ["MassEffect2.exe"+0x00000408], 0

BailOut_OverwrittenCode :
mov     eax, dword ptr [esi]
mov     edx, dword ptr [eax+4A0]

BailOut_Exit :
jmp     BailOut_Return

;-------------------------------------------------------------------------------------
I’m not good at scripting, so please correct me for mistakes (though i can confirm this Auto-ASM is working) or suggestion for more effective (sexier) injection. Thanks in advance...

And here’s the .LSSAVE file: MassEffect2_ver2.0_-_WhiteHat.LSSAVE
It’s the same as in above screenshot with minor changes...

Now we can modify the same thing we have done with Shepard for his henchmen. Please note there are times that the Base Addresses for Shepard’s Henchmen will not working. Should this occur, just press ‘C’ key to Order your henchmen to Form Up during the game, then the addresses should be fixed immediately...
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Re: MASS EFFECT 2

Postby WhiteHat » Wed Feb 17, 2010 12:39 pm

I have missed some Complex Addresses which are quite important:

SQUAD’s EXPERIENCE:
["MassEffect2.exe"+0x400]+0x994 ... (float)

Shepard’s PARAGON points:
[[[["MassEffect2.exe"+0x400]+0xBC]+x4D0]+0x48]+0x8 ... (Unsigned Long)

Shepard’s RENEGADE points:
[[[["MassEffect2.exe"+0x400]+0xBC]+x4D0]+0x48]+0xC ... (Unsigned Long)


Important Note:

I just found some ‘glitches’ in my Complex Addresses for HP (Current&Max) from the latest .LSSAVE file:
WhiteHat wrote:Shepard’s Current HP :
[[["MassEffect2.exe"+0x400]+0x48]+0xC]+0x84 ... (float)

Shepard’s Max HP :
[[["MassEffect2.exe"+0x400]+0x48]+0xC]+0x98 ... (float)


The red-colored offsets (+0xC) are actually (0x3*0x4) based on the code via debugging, so the glitches are:
- In early stages of the game, apparently we have to use +0x4 (= 0x1*0x4) instead +0xC for both Miranda and Jacob’s Health and maybe some Henchmen.
- Specifically for Legion, the offset should be +0x4 for the rest of the game.
For Shepard’s Healths (which are the real matters), the offset is always 0xC (=0x3*0x4) so there’s nothing to be worried about...

I have not figured out yet how to solve these matters. However, the base address for those henchman are correct in any ways as i have checked this by constructing their Squad Points and Active Weapon Hacks.

Maybe Shepard’s Henchmen base address are copied (stored) somewhere inside Shepard’s structure? If this is the case, then it is much better than using my previous code-injection as we can acquire them in Complex Address way...
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Re: MASS EFFECT 2

Postby Aspras » Thu Feb 25, 2010 12:04 am

Great job on this , I haven't had enough time to work on it and probably wont have any more so I have only managed to write an injection for a resources pointer which also takes care of code shifting. The pointer Im getting through the injection is [["MassEffect2.exe"+0x400]+0x3C8] , I tried to see which other instructions access that address and also checked what accesses pointers to it but I don't remember anything at all popping up so I wasn't able to go deeper :? Do you happen to remember which in-game action had the instruction which accessed ["MassEffect2.exe"+0x400]+0x3C8 pop up ?
User avatar
Aspras
NULL
 
Posts: 100
Joined: Mon Jan 05, 2009 12:42 am

Re: MASS EFFECT 2

Postby WhiteHat » Thu Feb 25, 2010 1:32 am

I can’t remember what codes accesses them, but guess i have posted this earlier (about the +0x3C8 thingy) which related to Resources:
WhiteHat wrote:‘LOGISTIC’ Hacks

Everything looks good with ‘MyPointer’ up until now, some hacks i found based on previous hacks are:
[["MassEffect2.exe"+0x400]+0x3C8]+0x218 = Credits / Money
[["MassEffect2.exe"+0x400]+0x3C8]+0x21C = Medi-Gel
[["MassEffect2.exe"+0x400]+0x3C8]+0x220 = Element Zero
[["MassEffect2.exe"+0x400]+0x3C8]+0x224 = Iridium
[["MassEffect2.exe"+0x400]+0x3C8]+0x228 = Palladium
[["MassEffect2.exe"+0x400]+0x3C8]+0x22C = Platinum


For information, the Complex Address for current Spare Ammo in the .LSSAVE is:
[["MassEffect2.exe"+0x400]+0x3CC]+0x60C

For logistic hacks we use offset of 0x3C8, while Weapon hacks use offset of 0x3CC.
So, few studies around this address should be interesting...

However as far as i can remember, the only back-tracing i did was until few layers deep from the ammo thingy which result happened to be the base-structure address for Shepard. From this address, i did some extensive studies and experiments via MHS Hex Editor (please believe me, the pointer highlight in it is extremely useful) which was then lead me to other complex addresses.

I was quite hesitated to use auto-hack since some values are written by the very same code (to borrow the term the experts: heavily shared), so i decided to utilize MHS Hex Editor instead...

Take example from those complex addresses in above quotes:
- The first complex address i found was [["MassEffect2.exe"+0x400]+0x3CC]+0x60C, which happened to be the value of Spare Ammo.
- Next i was curious and try to study the value around address ["MassEffect2.exe"+0x400]+0x3CC, and i was lucky to find that just before it (["MassEffect2.exe"+0x400]+0x3C8) is a pointer (thanks to MHS Hex Editor for being able to highlight pointers value! A brilliant feature !).
- So i followed that pointer and found logistic (resources) address several bytes after the address show by the pointer at b]["MassEffect2.exe"+0x400]+0x3C8[/b]...
So, there were no auto-hack involved in finding those resource address...


By the way, i’ve just found the complex address for Shepard’s Target Base Structure address (or so i believe), with which i can extract the targeted object’s XYZ coordinates. I will post them soon...
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Re: MASS EFFECT 2

Postby WhiteHat » Thu Feb 25, 2010 10:44 am

Alright, here’s the screen shot of MHS main list for Mass Effect 2 showing Target XYZ Coordinate in the Expression Evaluator window:
Image

I was ‘targeting’ Kelly Chambers, and the Complex Addresses in MHS Expression Evaluator showed these results:
- Kelly’s Base Structure Address
- Kelly’s X Coordinate
- Kelly’s Y Coordinate
- Kelly’s Z Coordinate

The address which hold the pointer to Shepard’s Target is reside few layers deep from his/her base structure:
[[["MassEffect2.exe"+0x400]+0x84]+0x684]+0x50,
which value will be the base structure of Shepard’s Target:
[[[["MassEffect2.exe"+0x400]+0x84]+0x684]+0x50].

Now if the complex address of Shepard’s X Coordinate is ["MassEffect2.exe"+0x400]+0x110, then we can expect that his/her target complex address for their X coordinate is similar.
The difference should only be at the base structure address: [[[["MassEffect2.exe"+0x400]+0x84]+0x684]+0x50]+0x110.
(...the blue one is the complex address for base structure, while the red one is the offset for x coordinate...)

The term ‘targeted’ for private usage in this game is to point to any objects (creatures or not) which are available to interacted with.
Not those which being aimed with Shepard’s Weapons, which probably use different pointer trails (complex address).

Now that we can see if Shepard is close to Kelly in that screen shot, then we can compare both XYZ coordinates:
- Shepard’s XYZ coordinates (from main list) are: -2.003; 3357.009; 131.171
- Kelly’s XYZ coordinates (from expression evaluator) are: 212.249; 3486.137; 71.150
Since they are quite close to each other, then their XYZ coordinates differences are quite little...

Form this point, there is chance for us to extract other values such as target’s HP, target’s Ammo, etc... Haven’t try it yet...
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Re: MASS EFFECT 2

Postby Aspras » Thu Feb 25, 2010 7:43 pm

The hex editor is indeed very useful once you already have a complex address with pointers and offsets. By the way you could make an aimbot with those coordinates so that you always do headshots while in combat.
User avatar
Aspras
NULL
 
Posts: 100
Joined: Mon Jan 05, 2009 12:42 am

Re: MASS EFFECT 2

Postby WhiteHat » Fri Feb 26, 2010 8:30 am

Aspras wrote:The hex editor is indeed very useful once you already have a complex address with pointers and offsets.
On contrary, i often make complex addresses based on what i see in MHS Hex Editor. It’s, once again, because MHS highlight values which are pointers... :wink:

Aspras wrote:By the way you could make an aimbot with those coordinates so that you always do headshots while in combat.
Yes i’m aware of that already for quite a while, which makes me always interested to find enemies’ coordinates. We can also make the so called vaccume hack out of it, or we can teleport our hero to his target location, etc. There are simply numerous hacks possibilities... However it’s advanced matters. Beside i don’t script that much and have very limited knowledge about that...

Anyway, i’ve make a little progress here regard target’s HP...
In following screen-shots, i’d like you to focus on the Expression Evaluator while examining the game progress. The expressions are actually complex addresses for (orderly):
- Shepard Target’s address of Base Structure
- Shepard Target’s X Coordinate
- Shepard Target’s Y Coordinate
- Shepard Target’s Z Coordinate
- Shepard Target’s Current Health (HP)

Progress #1: I was targeting Hacked Mech but had not shot it yet. Its current Health was at its max value, that is 113.000000 (float)
Image


Progress #2: I shot it once, reducing its health to 68.947815.
Image


Progress #3: I shot off its left hand which was holding its weapon, rendered it unable to attack. It was dying as its health dropped to 8.538649.
Image


Progress #4: I finally killed it, made me lost a target. It was no longer my target, so the Target Base address is NULL and the other stats were unresolvable.
Image


Now that there’s another possibility to make One Hit Kill that is by modifying every target’s HP to real low value such as 0.001 which will make him very fragile and will die with single attack...

However, for the complex address of Shepard Target’s HP, the red-colored offset still need more works: [[[[[["MassEffect2.exe"+0x400]+0x84]+0x684]+0x50]+0x48]+0x0]+0x84, as i stated before in earlier posts...
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Re: MASS EFFECT 2

Postby Aspras » Fri Feb 26, 2010 8:40 pm

I have never used the hex editor in such a way :o I will definitely look into this. Also teleport hacks are not at all hard to make as long as you have the addresses you found, you shouldn't limit yourself to scripting and MHS hacks though.
If I remember correctly you were going to start learning programming and you were trying to decide which language to start off with. As long as you are decent with using a language and have some knowledge of the windows library you can write great hacks and release entirely custom trainers.
User avatar
Aspras
NULL
 
Posts: 100
Joined: Mon Jan 05, 2009 12:42 am

Re: MASS EFFECT 2

Postby WhiteHat » Fri Feb 26, 2010 8:45 pm

I’m planning to learn C/C++ intensively, yes... But doing visual art digitally, 3D modeling in particular,
got the better of me, and that’s exactly what i’m doing for now when i’m not game hacking...

Thanks for your suggestion, though... :)
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Next

Return to Others (Offline)

Who is online

Users browsing this forum: No registered users and 0 guests

cron