Memory Hacking Software

by **anacletou** » Mon Nov 10, 2008 10:16 am

Look there.. I can't understand (I'm a little noob):

FarCry 2 1.00:

disassembler in MHS (last version):

memory view in Cheat Engine 5.4:

Why this?

by **L. Spiro** » Mon Nov 10, 2008 10:30 am

MHS does not yet decode SSE and SSE2 instructions (what you see with xmm0).

L. Spiro

by **WhiteHat** » Sun Nov 23, 2008 6:47 pm

L. Spiro,

I’m sorry to ask: Does the new MHS 5.005 support these SSE
instructions yet ? I think i lost the game uses this xmm0 thing,
so i can’t try this by myself... (it was an arcade-style racing)

It’s not like i’m rushing MHS to support it asap..
In fact, i’m glad that you decide to upgrade MHS.

Thank you in advance..

by **L. Spiro** » Sun Nov 23, 2008 10:03 pm

No it does not.

I need to find a process that has these instructions so I can test.

L. Spiro

by **WhiteHat** » Mon Nov 24, 2008 9:01 am

The game is OutRun 2006 Coast to Coast, developed by SEGA AM2.

MHS (this was exactly what i got. non-edited):

Code: Select all: 00500FEE | CC | INT3 | 00500FEF | CC | INT3 | 00500FF0 | 83EC 24 | SUB ESP, 24 | 00500FF3 | 53 | PUSH EBX | 00500FF4 | 55 | PUSH EBP | 00500FF5 | 8BD8 | MOV EBX, EAX | 00500FF7 | 56 | PUSH ESI | 00500FF8 | 81C3 48020000 | ADD EBX, 248 | 00500FFE | BD 02000000 | MOV EBP, 2 | 00501003 | EB 0B | JMP 00501010 | 00501005 | 8DA424 00000000 | LEA ESP, [ESP] | 0050100C | 8D6424 00 | LEA ESP, [ESP] | 00501010 | 8B87 B4020000 | MOV EAX, [EDI+2B4] | 00501016 | 8B33 | MOV ESI, [EBX] | -- 0050101A | 1080 780C0000 | ADC [EAX+C78], AL | 00501020 | 0FBF8E EE000000 | MOVSX ECX, WORD PTR [ESI+EE] | -- -- 0050102A | 44 | INC ESP | Operation causes unaligned stack. 0050102B | 24 20 | AND AL, 20 | -- -- 00501030 | 86D8 | XCHG AL, BL | 00501032 | 0000 | ADD [EAX], AL | 00501034 | 00F3 | ADD BL, DH | -- 00501038 | 44 | INC ESP | Operation causes unaligned stack. 00501039 | 24 24 | AND AL, 24 | -- -- 0050103E | 8048 0B 00 | OR BYTE PTR [EAX+B], 0 | 00501042 | 00F3 | ADD BL, DH | -- -- -- 0050104A | 46 | INC ESI | 0050104B | 38F3 | CMP BL, DH | -- 0050104E | 59 | POP ECX | 0050104F | 05 B4365C00 | ADD EAX, 5C36B4 | -- 00501056 | 114424 1C | ADC [ESP+1C], EAX | 0050105A | E8 4183F4FF | CALL 004493A0 |

Other disassembler:

Code: Select all: 00500FEE - cc - int 3 00500FEF - cc - int 3 00500FF0 - 83 ec 24 - sub esp,24 00500FF3 - 53 - push ebx 00500FF4 - 55 - push ebp 00500FF5 - 8b d8 - mov ebx,eax 00500FF7 - 56 - push esi 00500FF8 - 81 c3 48 02 00 00 - add ebx,00000248 00500FFE - bd 02 00 00 00 - mov ebp,00000002 00501003 - eb 0b - jmp 00501010 00501005 - 8d a4 24 00 00 00 00 - lea esp,[esp+00000000] 0050100C - 8d 64 24 00 - lea esp,[esp+00] 00501010 - 8b 87 b4 02 00 00 - mov eax,[edi+000002b4] 00501016 - 8b 33 - mov esi,[ebx] 00501018 - f3 0f 10 80 78 0c 00 00 - movss xmm0,[eax+00000c78] 00501020 - 0f bf 8e ee 00 00 00 - movsx ecx,word ptr [esi+000000ee] 00501027 - f3 0f 11 44 24 20 - movss [esp+20],xmm0 0050102D - f3 0f 10 86 d8 00 00 00 - movss xmm0,[esi+000000d8] 00501035 - f3 0f 11 44 24 24 - movss [esp+24],xmm0 0050103B - f3 0f 10 80 48 0b 00 00 - movss xmm0,[eax+00000b48] 00501043 - f3 0f 59 c0 - mulss xmm0,xmm0 00501047 - f3 0f 59 46 38 - mulss xmm0,[esi+38] 0050104C - f3 0f 59 05 b4 36 5c 00 - mulss xmm0,[005c36b4] 00501054 - f3 0f 11 44 24 1c - movss [esp+1c],xmm0 0050105A - e8 41 83 f4 ff - call 004493a0

L. Spiro wrote:I need to find a process that has these instructions so I can test.

If it’s in your mood, you may want to use this same game for your research.
In case of emergency, i’ve sent you a PM as to where you can get it...

Memory Hacking Software

MHS shows "??" but Cheat Engine shows correct code

MHS shows "??" but Cheat Engine shows correct code

Who is online