How do you stop something from moving

ie stopping the move of the source from going into the destination

mov byte ptr [destination], source

You could NOP that instruction.

But the best way is to create a code cave, and jump to it.

in your code cave you can have

MOV BYTE PTR [dest], yourvalue

Since its a byte pointer, you will only be able to use 00 up to FF as a value.

Then jump back to the main game.

For example say 00500000h had this

MOV [eax+45h], ecx

You can put in your code cave say address 010abc

10abc:

MOV [eax+45h], FF
JMP 00500006h

500000:

JMP 10abc
NOP

In essence when the game is running it will jump to 10abc and run your own coding, which always forces a value (in this example FFh = 255 decimal) into that pointer address and then jumps back to the game to carry on.

Exactly how will I codecave. I remember finding the space for codecave and that's it.

Read a bit more on tuts like defeating DMA etc.

and I auto assemble this?

For example say 00500000h, had this

is that a typo?

I searched for defeating DMA and came up with a thread about making trainers

is that a typo?

lol, no. when typing with hex, you add a 'h' on the end of the string to show hexadecimal, same with binary, you add a 'b', and a 'd' with decimal.

05000000h
0110110b
12345678d

for example.

look at my GTA:SA tut

www.vwaskar.pwp.blueyonder.co.uk/asm4FF/gtasa.txt

It will show you how to do code caves etc

Or my http://www.vwaskar.pwp.blueyonder.co.uk/asm4FF/tr1d1.txt

Which gives a bit more explanation

You could NOP that instruction.

But the best way is to create a code cave, and jump to it.

in your code cave you can have

MOV BYTE PTR [dest], yourvalue

Since its a byte pointer, you will only be able to use 00 up to FF as a value.

Then jump back to the main game.

For example say 00500000h had this

MOV [eax+45h], ecx

You can put in your code cave say address 010abc

10abc:

MOV [eax+45h], FF
JMP 00500006h

500000:

JMP 10abc
NOP

In essence when the game is running it will jump to 10abc and run your own coding, which always forces a value (in this example FFh = 255 decimal) into that pointer address and then jumps back to the game to carry on.

You'll get an error and the game will crash in few min after you received an error "Game or Gameguard Corrupted" or something like that.

This problem is same when you try to NOP or modify the hex.

I think it's due to GG CRC Protection, am I correct? If not, maybe I might have done something wrong that caused error to appear.

So if GG CRC protection is the one that caused it, we will need to bypass CRC.

look at my GTA:SA tut

www.vwaskar.pwp.blueyonder.co.uk/asm4FF/gtasa.txt

It will show you how to do code caves etc

Or my http://www.vwaskar.pwp.blueyonder.co.uk/asm4FF/tr1d1.txt

Which gives a bit more explanation

Good tutorial, I tried using your method on Trickster and got an error.

But thanks for your amazing tutorials.

Thanks for the tutorial, but when I tried it, it either didn't work, or I got disconnected. I remember doing code caves differently in Maplestory. Does anyone remember?


In other ASM help, what does ticking ZF [x] do and what does ticking ZF [x] [x] do?

In other ASM help, what does ticking ZF [x] do and what does ticking ZF [x] [x] do?


CF - Carry flag [checks if there is any carry over for arithmetic operations]
PF - Parity flag [indicates if the bits of an operation is even or odd, 0 for odd, 1 for even]
AF - Adjust flag [aka Auxiliary Flag; set on a carry or borrow to the value of the lower order 4 bits]
ZF - Zero flag
[B]SF - Sign flag [determines the sign, negative or positive]
TP - Trap flag [single step, for 80886 emulation. When TP is enabled, interrupts are trapped]
IF - Interrupt enable flag [interrupts the enable flag]
DF - Direction flag [determines the direction to move through the code (specific to repeat instructions)]
OF - Overflow flag [determines if an operation results in an overflow]

ZF - Zero flag [basically a boolean flag, determines if a conditional jump is executed

so if you tick zf once then it jumps if you tick it twice it...

You'll get an error and the game will crash in few min after you received an error "Game or Gameguard Corrupted" or something like that.

This problem is same when you try to NOP or modify the hex.

I think it's due to GG CRC Protection, am I correct? If not, maybe I might have done something wrong that caused error to appear.

So if GG CRC protection is the one that caused it, we will need to bypass CRC.

Quite possible yes. Dont know Trickster and im not interested in hacking it shreds, but if you cant manipulate the file, then you can write a trainer using ReadProcessMemory, bit more tricky but hey :P

(and no I wont tell you how :P as it is more tricky and a bit more advanced)



Good tutorial, I tried using your method on Trickster and got an error.

But thanks for your amazing tutorials.

No problem.