Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo
fullaccess(009054E4, 4)
[enable]
xor eax, eax
nop
nop
[disable]
mov eax, dword ptr [esp+10]
L. Spiro wrote:In my left hand is a red pill. If you take it I will show you the truth. I lost my right hand in the war, so I’m afraid you’re stuck with the red pill.
WhiteHat wrote:address_Ammo + 0x004 = WeaponAmmo (FLOAT)
Change the value to 0.00 to make your WeaponAmmo (that is the ammo inside your weapon, not your inventory) unlimited.
MassEffect2.exe
Size : 15.6 MB (16,405,736 bytes)
Size on disk : 15.6 MB (16,408,576 bytes)
Created : February 04, 2010, 11:05:48 PM
FullAccess( "MassEffect2.exe"+0x00000400, 256 )
FullAccess( "MassEffect2.exe"+0x00671CB4, 6 )
Alloc ( MyCode, 2048 )
Label ( OverwrittenCode )
Label ( Exit )
Label ( Return )
MassEffect2.exe+0x00671CB4 :
jmp MyCode
nop
Return :
MyCode :
cmp dword ptr [ecx], 01185F40
jne OverwrittenCode
cmp dword ptr [ecx+8], 00100004
jne OverwrittenCode
cmp dword ptr [ecx+24], FFFFFFFF
jne OverwrittenCode
mov dword ptr ["MassEffect2.exe"+00000400], ecx
OverwrittenCode :
mov eax, dword ptr [edx+4A0]
Exit :
jmp Return
; SET MODUL ACCESS
;-------------------------------------------------------------------------------------
FullAccess( "MassEffect2.exe"+0x00000400, 256 )
FullAccess( "MassEffect2.exe"+0x00671CB4, 6 ) ; My Base Address
FullAccess( "MassEffect2.exe"+0x0074D8C5, 5 ) ; My Henchmen Base Address
FullAccess( "MassEffect2.exe"+0x00673E97, 8 ) ; If Henchmen Base Address fail
; ALLOCS
;-------------------------------------------------------------------------------------
Alloc ( MyBaseAddress_Code, 1024 )
Alloc ( MyHenchmenBaseAddresses_Code, 1024 )
Alloc ( BailOut_Code, 2048 )
; LABELS
;-------------------------------------------------------------------------------------
Label ( MyBaseAddress_OverwrittenCode )
Label ( MyBaseAddress_Exit )
Label ( MyBaseAddress_Return )
Label ( MyHenchmenBaseAddresses_Henchman2 )
Label ( MyHenchmenBaseAddresses_OverwrittenCode )
Label ( MyHenchmenBaseAddresses_Exit )
Label ( MyHenchmenBaseAddresses_Return )
Label ( BailOut_OverwrittenCode )
Label ( BailOut_Exit )
Label ( BailOut_Return )
; INJECTED CODES
;-------------------------------------------------------------------------------------
MassEffect2.exe+0x00671CB4 :
jmp MyBaseAddress_Code
nop
MyBaseAddress_Return :
"MassEffect2.exe"+0x0074D8C5 :
jmp MyHenchmenBaseAddresses_Code
MyHenchmenBaseAddresses_Return :
"MassEffect2.exe"+0x00673E97 :
jmp BailOut_Code
nop
nop
nop
BailOut_Return :
; CODE INJECTION: MY BASE ADDRESS
;-------------------------------------------------------------------------------------
MyBaseAddress_Code :
cmp ecx, dword ptr ["MassEffect2.exe"+0x00000400]
mov dword ptr ["MassEffect2.exe"+0x00000400], ecx
je MyBaseAddress_OverwrittenCode
mov dword ptr ["MassEffect2.exe"+0x00000404], 0
mov dword ptr ["MassEffect2.exe"+0x00000408], 0
MyBaseAddress_OverwrittenCode :
mov eax, dword ptr [edx+4A0]
MyBaseAddress_Exit :
jmp MyBaseAddress_Return
; CODE INJECTION: MY HENCHMEN BASE ADDRESSES
;-------------------------------------------------------------------------------------
MyHenchmenBaseAddresses_Code :
cmp esi, dword ptr ["MassEffect2.exe"+0x00000400]
je MyHenchmenBaseAddresses_OverwrittenCode
cmp dword ptr ["MassEffect2.exe"+0x00000404], 0
jne MyHenchmenBaseAddresses_Henchman2
mov dword ptr ["MassEffect2.exe"+0x00000404], esi
jmp MyHenchmenBaseAddresses_OverwrittenCode
MyHenchmenBaseAddresses_Henchman2 :
cmp esi, dword ptr ["MassEffect2.exe"+0x00000404]
je MyHenchmenBaseAddresses_OverwrittenCode
cmp dword ptr ["MassEffect2.exe"+0x00000408], 0
jne MyHenchmenBaseAddresses_OverwrittenCode
mov dword ptr ["MassEffect2.exe"+0x00000408], esi
MyHenchmenBaseAddresses_OverwrittenCode :
mov edi, dword ptr [esi]
setne al
MyHenchmenBaseAddresses_Exit :
jmp MyHenchmenBaseAddresses_Return
; CODE INJECTION: BAIL OUT
;-------------------------------------------------------------------------------------
BailOut_Code :
mov dword ptr ["MassEffect2.exe"+0x00000404], 0
mov dword ptr ["MassEffect2.exe"+0x00000408], 0
BailOut_OverwrittenCode :
mov eax, dword ptr [esi]
mov edx, dword ptr [eax+4A0]
BailOut_Exit :
jmp BailOut_Return
;-------------------------------------------------------------------------------------
WhiteHat wrote:Shepard’s Current HP :
[[["MassEffect2.exe"+0x400]+0x48]+0xC]+0x84 ... (float)
Shepard’s Max HP :
[[["MassEffect2.exe"+0x400]+0x48]+0xC]+0x98 ... (float)
WhiteHat wrote:‘LOGISTIC’ Hacks
Everything looks good with ‘MyPointer’ up until now, some hacks i found based on previous hacks are:
[["MassEffect2.exe"+0x400]+0x3C8]+0x218 = Credits / Money
[["MassEffect2.exe"+0x400]+0x3C8]+0x21C = Medi-Gel
[["MassEffect2.exe"+0x400]+0x3C8]+0x220 = Element Zero
[["MassEffect2.exe"+0x400]+0x3C8]+0x224 = Iridium
[["MassEffect2.exe"+0x400]+0x3C8]+0x228 = Palladium
[["MassEffect2.exe"+0x400]+0x3C8]+0x22C = Platinum
For information, the Complex Address for current Spare Ammo in the .LSSAVE is:
[["MassEffect2.exe"+0x400]+0x3CC]+0x60C
For logistic hacks we use offset of 0x3C8, while Weapon hacks use offset of 0x3CC.
So, few studies around this address should be interesting...
On contrary, i often make complex addresses based on what i see in MHS Hex Editor. It’s, once again, because MHS highlight values which are pointers...Aspras wrote:The hex editor is indeed very useful once you already have a complex address with pointers and offsets.
Yes i’m aware of that already for quite a while, which makes me always interested to find enemies’ coordinates. We can also make the so called vaccume hack out of it, or we can teleport our hero to his target location, etc. There are simply numerous hacks possibilities... However it’s advanced matters. Beside i don’t script that much and have very limited knowledge about that...Aspras wrote:By the way you could make an aimbot with those coordinates so that you always do headshots while in combat.
Users browsing this forum: No registered users and 0 guests