Code-Cave still d/cs

bong1934 · 31st March 2006, 01:07

Well, I have been trying to use the code-cave tutorial for gravity, speed, jump that Sunbeam made, and it hasn't worked for me. I searched for other tutorials on the same subject got about 3 or 4, most said basically the same thing as Sunbeam's did. So I figure I must be doing something wrong, so I have been rechecking what I do against the tut for the past hour, cant find anything wrong. I was wondering if anyone could check to see if these steps are right, and if not help me fix.

1. Open CE (I know I'm doing this very slow because I really need it specific appearently :/)
2. Open MS and attach
3. Change scan type to double and search for 125
4. Double click address 00677918 (for v.20 OMS)
5. Right click, click Find out what Accesses this address
6. Alt+tab, move, click the top one and select Show Disassembler (should be 005ee87b)
7. Tools, Scan for Code-Caves
8. I use 004001c5, so goto that address
9. Double click the Cheat-Engine single-line assembler and type "fmul qword ptr [00677918]"
10. Go one address below that (004001c7) and change to "jmp 005ee87b"
11. Goto 005ee87b, right click change register at this location (I have also done these steps with the address that is below 005ee87b which is 005ee881
12. Tick the EIP checkbox, type 004001c7 (I have also tried with 004001c5)
*Note: sometimes MS will stop working and I will have to restart my comp like LuciferGuard was having trouble with, it does this when I change 005ee881 instead of 005ee87b*
13. Click Add Address Manually, type 004001c7 (also tried 004001c5), change type to Double
14. Change value of new address to what you want. (this is where MS just closes)
*Note: Everytime I add it the value I get for it is like -2.387387438743 E23 or something wierd like that. I am pretty sure that this is the problem, just cant figure out how I can fix it.*

Also couldn't I just search for a unknown initial value, take off my +speed shoes, search for decreased, put on search for increased untill I get one address?

BooTheGhost · 31st March 2006, 01:21

At least you can get that far. >___________>

I dc as soon as I try to find out what accesses the adress.

Rache · 31st March 2006, 01:58

Quote:

Originally Posted by BooTheGhost

At least you can get that far. >___________>

I dc as soon as I try to find out what accesses the adress.

Enable "use kernelmode debugger options when possible" and "stealth(kernel)".

For your question, the fmul qword part in your codecave is wrong. Change the [xxxxxxx] to any address 5 addies below your codecave. The one I mainly use is 004001dd. So it'd be fmul qword ptr [004001dd]

004001dd is the address you add to cheat table and change the values.

BooTheGhost · 31st March 2006, 01:59

Quote:

Originally Posted by Rache

Enable "use kernelmode debugger options when possible" and "stealth(kernel)".

For your question, the fmul qword part in your codecave is wrong. Change the [xxxxxxx] to any address 5 addies below your codecave. The one I mainly use is 004001dd. So it'd be fmul qword ptr [004001dd]

004001dd is the address you add to cheat table and change the values.

-______-

Thanks.

bong1934 · 31st March 2006, 02:16

yes very thanks, now i shall try
hopefully it works

31st March 2006, 01:07	#1
bong1934 Hey look a user title Mage Join Date: 12th Mar 2006 Posts: 17	Code-Cave still d/cs Well, I have been trying to use the code-cave tutorial for gravity, speed, jump that Sunbeam made, and it hasn't worked for me. I searched for other tutorials on the same subject got about 3 or 4, most said basically the same thing as Sunbeam's did. So I figure I must be doing something wrong, so I have been rechecking what I do against the tut for the past hour, cant find anything wrong. I was wondering if anyone could check to see if these steps are right, and if not help me fix. 1. Open CE (I know I'm doing this very slow because I really need it specific appearently :/) 2. Open MS and attach 3. Change scan type to double and search for 125 4. Double click address 00677918 (for v.20 OMS) 5. Right click, click Find out what Accesses this address 6. Alt+tab, move, click the top one and select Show Disassembler (should be 005ee87b) 7. Tools, Scan for Code-Caves 8. I use 004001c5, so goto that address 9. Double click the Cheat-Engine single-line assembler and type "fmul qword ptr [00677918]" 10. Go one address below that (004001c7) and change to "jmp 005ee87b" 11. Goto 005ee87b, right click change register at this location (I have also done these steps with the address that is below 005ee87b which is 005ee881 12. Tick the EIP checkbox, type 004001c7 (I have also tried with 004001c5) Note: sometimes MS will stop working and I will have to restart my comp like LuciferGuard was having trouble with, it does this when I change 005ee881 instead of 005ee87b 13. Click Add Address Manually, type 004001c7 (also tried 004001c5), change type to Double 14. Change value of new address to what you want. (this is where MS just closes) Note: Everytime I add it the value I get for it is like -2.387387438743 E23 or something wierd like that. I am pretty sure that this is the problem, just cant figure out how I can fix it. Also couldn't I just search for a unknown initial value, take off my +speed shoes, search for decreased, put on search for increased untill I get one address?

31st March 2006, 01:21	#2
BooTheGhost Lord of Destiny Join Date: 19th Mar 2006 Posts: 52	At least you can get that far. >___________> I dc as soon as I try to find out what accesses the adress.

31st March 2006, 02:16	#5
bong1934 Hey look a user title Mage Join Date: 12th Mar 2006 Posts: 17	yes very thanks, now i shall try hopefully it works