Page 1 of 1

Cheat Engine to MHS help

PostPosted: Tue May 19, 2009 3:41 am
by mynameisjack
Ok I was doing great with cheatengine hacking away at this game and then suddenly bam my account gets banned for 'using cheatengine tons of times' apparently they have an anti cheat spyware bundled with their game that scans the current processes and application TITLES/icons screenshot w/e maybe more advanced.. then calls home. Fudge.

So this whole MHS anti-anti-cheat thing is perfect I made it firefox.exe and in application title it says Mozilla Firefox and the icon is the firefox icon :) I think this will keep me covered but now I'm in trouble cause the hacks I got on CE, cant find a way to get them over to MHS, for example I have like 50 codes in CE I usually just NOP them when I start the game or change je to jne for maphack, cant do any of this in MHS since there's no 'codelist' that I can rightclick and NOP. I see that you can open disassembler, and NOP it from there, doing this 50 times each time I open a game would take hours.. I've clicked thru every single tool on MHs and the code filter gives me bluescreen. So I reallyy need help here how the hell do I do this automatically at start of game?

Thanks

PostPosted: Tue May 19, 2009 3:55 am
by SpeedWing
make a script with lss( in the script editor) that does this for you auto.

PostPosted: Tue May 19, 2009 4:00 am
by liqmysaq
here u go: http://www.memoryhacking.com/forums/vie ... php?t=2174
this will convert ur CT into a LSSAVE. there is no codelist your right, instead each address in the table can do anything. in effect.. it is your codelist. lock the 50 or so things u want to use (or set them all to the same hotkey so they all lock at once when u press it) and save ur table. now whenever u attach your mhs with that table loaded it will auto inject eveything u have locked. you dont even have to do anything.

double click the item in the table and click on the auto assemble tab.

PostPosted: Tue May 19, 2009 4:51 am
by mynameisjack
thanks for the help guys, got all my codes converted and loading in MHS however Im confused how I NOP them now.. do I have to write
[Enable] NOP

on each one or something?

PostPosted: Tue May 19, 2009 4:54 am
by L. Spiro
I do not know if it will convert the Auto-Assemble things or not (maybe it will).

If not, you can still use the same Auto-Assembles in MHS. Add an address to the main list, double-click it, and add your Auto-Assemble code to the Auto-Assemble tab in the Modify Address window.

Alternatively you can make a script that does all of your Auto-Assemble work. The advantage is that it becomes 100% customizable.


L. Spiro

PostPosted: Tue May 19, 2009 5:18 am
by mynameisjack
so very confused now lol, im sorry for being so newb

this is what it looks like in disassembler (cheat-engine)

017A379C - 89 86 10 03 00 00 - mov [esi+00000310],eax
once i NOP this I get unlimited ammo (it stops decreasing)
can you show me how to do this in the auto assembler for MHS (i didnt use auto assembler on CE i just right click in code list - replace with code that does nothing)

thanks

PostPosted: Tue May 19, 2009 6:41 am
by minorutono
NOP
Just some easy ways to NOP.


Disassembler

Right Click > NOP Selected

Image

Auto Hack
Right Panel ~ NOP

Image

PostPosted: Tue May 19, 2009 7:11 am
by liqmysaq
mynameisjack wrote:so very confused now lol, im sorry for being so newb

this is what it looks like in disassembler (cheat-engine)

017A379C - 89 86 10 03 00 00 - mov [esi+00000310],eax
once i NOP this I get unlimited ammo (it stops decreasing)
can you show me how to do this in the auto assembler for MHS (i didnt use auto assembler on CE i just right click in code list - replace with code that does nothing)

thanks

i think it would look like this (if im wrong somebody correct me plz) :
Code: Select all
[Enable]
17A379C:
nop
nop
nop
nop
nop
nop

[Disable]
17A379C:
mov [esi+00000310],eax

the bytes are 89 86 10 03 00 00, you need to NOP all the bytes. there are 6 bytes there so u put 6 NOP's.
check out the help file that came with MHS, you will learn alot.

PostPosted: Tue May 19, 2009 12:36 pm
by WhiteHat
Don’t forget to set the target process’ property to Full Access.
Mine is very much the same as liqmysaq’s

Code: Select all
FullAccess( 0x17A379C, 6 )

[ENABLE]
17A379C:
nop
nop
nop
nop
nop
nop

[DISABLE]
17A379C:
mov [esi+00000310],eax


It’s strongly suggest (and also good habbit) to ‘convert’ the address of 0x17A379C into ‘module+offset’ format...

PostPosted: Sat May 23, 2009 8:52 pm
by mynameisjack
what does setting it to full access do?

what is module+offset format? what's the advantage? is that what keeps it from changing?

PostPosted: Sun May 24, 2009 12:29 am
by spunge
mynameisjack wrote:what does setting it to full access do?

what is module+offset format? what's the advantage? is that what keeps it from changing?
FullAccess is a wrapper for VirtualProtect. It makes a certain portion of memory have certain rights, e.g read/write/execute. There is no advantage towards the ModuleBase+Offset format. Rarely have I ever seen a module be relocated.

PostPosted: Sun May 24, 2009 7:58 am
by L. Spiro
The advantage of module+offset is that it always stays on the correct address even of the module containing that address moves, which happens quite frequently. Games are more frequently using .DLL engines and keeping the .EXE as a wrapper for the OS. Refer to Doom 3 for an example.

There is no difference in speed inside MHS between processing [address] and [module+address]. Therefore there is no advantage in not using module+offset.


L. Spiro

PostPosted: Sun May 24, 2009 11:22 pm
by liqmysaq
one game i know for a fact that u must use module+offset is F.E.A.R. no others games really "need" module+offset that i have played. some games the module is different in different operating systems, like XP vs VISTA. Operation 7 hacks i made using just address would only work on XP systems and not Vista (i use XP not Vista). for the pointers to work for both OS i had to use module+offset. its always best to use module+offset in all cases, not only cuz its better, but also because it looks cooler and if newbies see it they are all impressed cuz they dont know wtf they are looking at vs an address LOL. so even if ur just a copy and paste hacker, u can still look sort of pro to your fellow newbies haha :P