Rift - Memory Editing

get your superiourity here ! be an offline or online GOD of the game. infinite ammo, unlimited nitro, turbo boost, god mode, you name it !
Post Reply
V0gelz
Newbie..
Newbie..
Posts: 6
Joined: Fri Mar 04, 2011 10:29 pm

Rift - Memory Editing

Post by V0gelz »

RIFT

This is another mmorpg game and i'm trying to actualy try to hack this game.
I'm pretty poor in reversing and this is my first game i actualy tryed to find xyz coordinates on my own. Now i'm not sure if i'm actualy doing this right and could use some help.

Firstly i search for the values of the x and y coordinates. I found the pointers and i was succesfull to alter the xyz floats in CE. Ofc this game has DMA (dynamic memory allocation) so i have to search for esi register address everytime i want the pointer to work. So i tought to analize rift.exe with my static debugger (IDA) and then search for my pointer again. Ofc i hit a wall when i realised that i can't do much there because i have no way ( no idea actualy ) to find the ESI. When i debug in olly and see the ESI it goes outside the rift.exe module and use that address as my pointer address to make my pointer to work. To go back to the DMA problem i tought to do the same as they did in World of Warcraft to rebase the program in ida to 0x1000 and then find the address. However ida gets stuck alot and it takes ages to rebase.. but still think this is the best solution.

Anyway,
So when i make a pointer in CE, esi + D0 it find the X coordinates and i can changes them in CE to my liking and it will put me there.

Now my question is, how can i find the address ( ESI ) in ida for my pointer to work?

Linked the fuction underhere if you want to take a look. This is from ida.

Code: Select all

.text:00C39800 ; =============== S U B R O U T I N E =======================================
.text:00C39800
.text:00C39800 ; Attributes: bp-based frame
.text:00C39800
.text:00C39800 ; int __stdcall sub_C39800(int, float)
.text:00C39800 sub_C39800      proc near               ; CODE XREF: sub_89FA80+193p
.text:00C39800                                         ; sub_CC1880+1Bp ...
.text:00C39800
.text:00C39800 var_38          = dword ptr -38h
.text:00C39800 var_24          = dword ptr -24h
.text:00C39800 var_20          = byte ptr -20h
.text:00C39800 arg_0           = dword ptr  8
.text:00C39800 arg_4           = dword ptr  0Ch
.text:00C39800
.text:00C39800                 push    ebp
.text:00C39801                 mov     ebp, esp
.text:00C39803                 and     esp, 0FFFFFFF0h
.text:00C39806                 mov     eax, [ebp+arg_0]
.text:00C39809                 fld     dword ptr [eax]
.text:00C3980B                 sub     esp, 28h
.text:00C3980E                 push    esi
.text:00C3980F                 mov     esi, ecx
.text:00C39811                 fstp    dword ptr [esi+0D0h] ; X coordinates
.text:00C39817                 push    edi
.text:00C39818                 fld     dword ptr [eax+4]
.text:00C3981B                 fstp    dword ptr [esi+0D4h] ; Y coordinates
.text:00C39821                 fld     dword ptr [eax+8]
.text:00C39824                 fstp    dword ptr [esi+0D8h] ; Z coordinates
.text:00C3982A                 fld     dword ptr [eax+0Ch]
.text:00C3982D                 fstp    dword ptr [esi+0DCh]
.text:00C39833                 mov     eax, [esi+8]
.text:00C39836                 test    eax, eax
.text:00C39838                 jz      short loc_C3987D
.text:00C3983A                 mov     eax, [eax+74h]
.text:00C3983D                 fld     dword ptr [eax+4]
.text:00C39840                 mov     ecx, [esi+10h]
.text:00C39843                 fmul    ds:dbl_1071108
.text:00C39849                 mov     edx, [ecx]
.text:00C3984B                 mov     edx, [edx+1Ch]
.text:00C3984E                 lea     edi, [esp+30h+var_20]
.text:00C39852                 fstp    [esp+30h+var_24]
.text:00C39856                 push    edi
.text:00C39857                 fld     [esp+34h+var_24]
.text:00C3985B                 push    ecx
.text:00C3985C                 fadd    [ebp+arg_4]
.text:00C3985F                 lea     eax, [esi+0A0h]
.text:00C39865                 fstp    [esp+38h+var_24]
.text:00C39869                 fld     [esp+38h+var_24]
.text:00C3986D                 fstp    [esp+38h+var_38]
.text:00C39870                 push    eax
.text:00C39871                 call    edx
.text:00C39873                 mov     eax, edi
.text:00C39875                 push    eax
.text:00C39876                 mov     ecx, esi
.text:00C39878                 call    sub_C4C3A0
.text:00C3987D
.text:00C3987D loc_C3987D:                             ; CODE XREF: sub_C39800+38j
.text:00C3987D                 pop     edi
.text:00C3987E                 pop     esi
.text:00C3987F                 mov     esp, ebp
.text:00C39881                 pop     ebp
.text:00C39882                 retn    8
.text:00C39882 sub_C39800      endp
.text:00C39882
.text:00C39882 ; ---------------------------------------------------------------------------
.text:00C39885                 align 10h
.text:00C39890
Thanks in advance i hope someone can help me so i can figger out what i'm doing wrong here. I'm pretty new to this as you prolly have noticed. I haven't read everything here on this forum. I just found it and i looks promising to find some help.

PS: Addresses shown here are from ida and rift.exe Patch date of 04/03/2011.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Rift - Memory Editing

Post by Sethioz »

i dont exactly understand what you are saying with the pointers. breakpoint is what you need.
breakpoint of x, y and z.
lets say you want to get to 100 on x. so you first find the coordinates on x, then you breakpoint the address and move, you will find the breakpoint.
thats all you need. now you can write ASM script or complete trainer with the values.

i dont use IDA or CE, so i know nearly nothing about them. that part from IDA tells me nearly nothing, cuz i dont really know what it suppouse to be, just lots of instructions. as said, you only need breakpoint for X (y and z too)

i have loads of articles on wiki and tutorials on forum on how to write ASM script in Tsearch.
in short:
1. find the x coordinate
2. enable debugger
3. right click the x coordinate address
4. select "autohack"
5. move in game to change the coordinates
6. in autohack window (debugger) look for a breakpoint that has popped up
7. based on that, you can write a script.


see this article, it should help you understand how i do things in Tsearch. in there, i wrote scripts to change some stuff.
http://sethioz.com/mediawiki/index.php5 ... nd_Hacking

also see this. here i have used ASM script (easywrite in tsearch) to change weapon attributes, based ONLY on ammo i have found breakpoints for other addresses too and changed them with a quite simple script.
http://sethioz.com/mediawiki/index.php5 ... exploitsjk


EDIT: im afraid that it aint that easy, cuz obviously the instruction / function that changes X coordinates, also changes y and z and most likely other things. so its bit harder to seperate it and make it only write to X, instead of all, but give it a shot based on those guides or if i mistunderstood you, then feel free to explain.
V0gelz
Newbie..
Newbie..
Posts: 6
Joined: Fri Mar 04, 2011 10:29 pm

Re: Rift - Memory Editing

Post by V0gelz »

Yeah its actualy exactly what your saying what i'm looking for. However someone told me to search up and go find where the ESI is coming from. Now iv tryed that and well... i got lost :P. Anyhow i guess somewhere there is a playerstatic address where we can find everything.. including xyz coordinates but i'm far to noobish and iv read the tutorials you wrote but as you said already. It aint realy what i need :P. I'm not sure if you are intrested in rift or anyone else here to help reversing this!

Also seen that Drakefish on mmowned wrote down that the xyz coordinates are 12 bytes.
" XYZ position would be 12 bytes together in memory."
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Rift - Memory Editing

Post by Sethioz »

maybe that somebody knows already that breakpoint only points to instruction that controls general movement and other things, so making that instruction to write certain values, will make it change ALL address values, which maybe like 20. which most likely causes crash or some unusual behaviour.
never the less, give it a try and see what happens.

is rift free ? post some info, i know its easy to google but im annoyed.
V0gelz
Newbie..
Newbie..
Posts: 6
Joined: Fri Mar 04, 2011 10:29 pm

Re: Rift - Memory Editing

Post by V0gelz »

Well yeah i think they already have it tho i think they keep it private.

No, rift aint free i'm afraid. It's with a monthy fee. :<
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Rift - Memory Editing

Post by Sethioz »

if you want me to check into this, then i need your account and also the current progress with your hacks. like values for coordinates. range from to what and what it is. float, bytes..etc and anything else you think would come in handy.
if you decide to borrow your account, PM me the details.

however i dont think i can check before next weekend.
it would help if you can breakpoint the X coordinate address using Tsearch or Olly and show me the instruction of the breakpoint.
in case there are more than 1 breakpoint, show me all of them. its best to use Tsearch not olly. CE also works, but i cant say in detail what to click.
i think its "find out what writes to this address" in CE. you do this, then it asks to attach debugger, you attach it and then it shows the breakpoint once the value changes on the breakpointed address (X coordinate on your case).

it doesnt have to be X tho, can be any of the 3.
V0gelz
Newbie..
Newbie..
Posts: 6
Joined: Fri Mar 04, 2011 10:29 pm

Re: Rift - Memory Editing

Post by V0gelz »

I'm sending you everything in a PM.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Rift - Memory Editing

Post by Sethioz »

dont send everything in pm, just your account details. rest post here. the hack progress and such leave in public. there are others out there who would like to know these things too or maybe somebody wants to try and post their results here too..etc
V0gelz
Newbie..
Newbie..
Posts: 6
Joined: Fri Mar 04, 2011 10:29 pm

Re: Rift - Memory Editing

Post by V0gelz »

Yeah fine with me, ill post my findings here =)
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Rift - Memory Editing

Post by Sethioz »

as said post it here, not in pm. it isnt just for you, there are others out there who are interested in rift hacking too, im sure of it.
the part you sent me

Code: Select all

01AC99E1 |. D99E D0000000 FSTP DWORD PTR DS:[ESI+0D0] ; X Coordinates
01AC99E7 |. 57 PUSH EDI
01AC99E8 |. D940 04 FLD DWORD PTR DS:[EAX+4]
01AC99EB |. D99E D4000000 FSTP DWORD PTR DS:[ESI+0D4] ; Z Coordinates
01AC99F1 |. D940 08 FLD DWORD PTR DS:[EAX+8]
01AC99F4 |. D99E D8000000 FSTP DWORD PTR DS:[ESI+0D8] ; Y Coordinates
is already right. you simply change the instruction to write the coordinates for you.
what i dont understand, is the "D99E D8000000" parts before the instructions. are they values or something ?
anyways, as you see they are always close in registry and whoever said 12 bytes is a retard, look what you posted and use common sense.
if one of them is ESI+0D0 and next one is ESI+0D4, what does it make then ? 0 + 4 in hex = 4. so it means game allocates/uses 4 bytes for coordinates.
if im correct, in tsearch you write the following to change X coordinates to whatever you want, without any searching:

Code: Select all

offset 0xEmpty_Memory_location_address
mov dword ptr [ESI+0D0],0xYOUR_VALUE_HERE
offset 0x1AC99E1
call 0xEmpty_Memory_location_address
here's example with random addresses

Code: Select all

offset 0x123456
mov dword ptr [ESI+0D0],0x64
offset 0x1AC99E1
call 0x123456
This will write to memory location "123456" and it writes X coordinates with the value of 100 (64 in hex)
then it replaces the coordinates on your current X with 64 that it just wrote into empty memory location.

so you must first find empty memory location to write into. just search for 00000000000000000000000000000000000000 using any memory editor.
make sure its quite empty, not a small place of 00. if you get instant crash, then check the address it gives in error, if it is the same where you tried to write it (emtpy place), then you know that it wasnt really empty and game uses it.

read avp2010 hacking article in my wiki, there are detailed examples of what im talking about. how game allocates memory and how i made those ASM scripts in Tsearch.
V0gelz
Newbie..
Newbie..
Posts: 6
Joined: Fri Mar 04, 2011 10:29 pm

Re: Rift - Memory Editing

Post by V0gelz »

Well no, the parts of that are just the hex of that instruction. And doesn't hold the values cuz they are somewhere else. That function just write the addresses somewhere else. Also don't forget that DMA (dynamic memory allocation) witch makes this pretty annoying. We can use IDA ofc and rebase it to 0x1000 but not sure if that will work. Well i think it will work out fine when we just inject anyway.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Rift - Memory Editing

Post by Sethioz »

you're not listening.

01AC99E1 |. D99E D0000000 FSTP DWORD PTR DS:[ESI+0D0] ; X Coordinates

01AC99E1 > address
D99E D0000000 > value of the address (instruction in hex)
FSTP DWORD PTR DS:[ESI+0D0] > instruction (value of address)

have you tried the script example i gave you ? test and see what will happen, because this is what i would try.

DMA ? what dma, instructions DO NOT change ! thats what "ESI+0D0" does. it writes coordinates of the X to the ESI register +0D0 which = DMA address
get it ?
DMA address is written where the ESI+0D0 puts it, if you CHANGE the instruction, then you dont need to even find the address, who cares if its dynamic or not, you dont even find it. you change the instruction to make it write your own value to that dynamic address.
Beas
Newbie..
Newbie..
Posts: 2
Joined: Sun Mar 13, 2011 9:55 am

Re: Rift - Memory Editing

Post by Beas »

There any way to create some filters to WPE Pro to buy items without the need to buy it?

Greetings
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Rift - Memory Editing

Post by Sethioz »

i dont fully understand your question. are you asking about WPE pro, that is there a way to set filters or are you asking for specific hack that buys things ?
if the first one, yes you can set filters in WPE pro and you can also use proxocket for that, but i havent chekced into rift yet, so dont know about specifc hacks.
Beas
Newbie..
Newbie..
Posts: 2
Joined: Sun Mar 13, 2011 9:55 am

Re: Rift - Memory Editing

Post by Beas »

Can you please help me try do some filters for rift?

Thanks you so much for answer
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Rift - Memory Editing

Post by Sethioz »

i have already replied to this and i also said i dont understand which one you asking.
jsurfer
Newbie..
Newbie..
Posts: 4
Joined: Thu May 12, 2011 5:15 am

Re: Rift - Memory Editing

Post by jsurfer »

I know this is an old post, but I was looking to get some help on this matter....

currently for patch 1.2 hotfix#0 the Z axis coordinate (actually Y in rift but its the vertical axis) basicly I just want to achieve teleporting up and down using the easy write script and then once I understand how it works more, port it over to pure ASM and do some code injection via C#... however when I try the script in question I get an instant crash.. most likely its ethier because im not doing it in the right spot or instruction too big... erm..?

ok so on to some real infos....

heres the memory loc... looks the same from before (same offsets)

Code: Select all

0116682F  |.  8BF1          mov     esi, ecx
01166831  |.  D99E D0000000 fstp    dword ptr [esi+D0] //X coordinate
01166837  |.  57            push    edi
01166838  |.  D940 04       fld     dword ptr [eax+4]
0116683B  |.  D99E D4000000 fstp    dword ptr [esi+D4] // Y (Vertical) Coordinate
01166841  |.  D940 08       fld     dword ptr [eax+8]
01166844  |.  D99E D8000000 fstp    dword ptr [esi+D8] // Z Coordinate
ok so..

I just want to increment the value of the Y coord by 1 so that everytime I execute the script, the player teleports up by 1...

offset 0x004001CD <--- used CE to Scan for code caves
inc esi
mov dword ptr [ESI+0D0],esi
offset 0x0116683B <----address for Y coord
call 0x004001CD <-- code cave addy

I get a crash everytime I try to run the script. any help is well appreciated! :)
thanks alot

edit * this also didnt work ><
offset 0x004001CD
inc esi
fstp dword ptr [esi+000000D4]
offset 0x0116683B
call 0x004001CD
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Rift - Memory Editing

Post by Sethioz »

01166844 |. D99E D8000000 fstp dword ptr [esi+D8] // Z Coordinate
ler me explain this one.
first is the address / offset
next is the instruction and value in HEX. which means that in order to restore it to normal, all you need to do is:

offset 0x1166844
hex D99ED8000000

and this should reset all changes back to normal.

next part is the instruction in "text" and the esi+D8 means that in esi register, is added D8
so anyway, let me explain what i think you did wrong, but before that, what is the error address ?
it should say something like "access violation at xxxxxxx" where xxxxx is address. if its your "empty space" then it means it isnt empty.
however .. read:

1. first of, you do not play a zero game with 00, this is why 0x is there for.
lets say address is 00000001, then all you do is "0x1"
0x means that it fills the missing places with 0. CE might work differently tho, but i highly doubt, its general coding.

2. "mov dword ptr [ESI+0D0],esi < where did you got that from and why is it there in the first place ? in the list, it says D4 not 0D0
next .. why do you even use this ? it is the original command, "inc esi" already says that "esi" is increased by 1 when this instruction is exectued.
what you are doing, is adding 1 to esi and the resetting it back to normal or well into invalid, this is most likely why it crashes.

3. do not scan for anything, use tsearch or ce and simply search for bunch of 000000, like as many as you are allowed to enter. in tsearch is about 15 of 0.
then use that as offset to write your code.
again note that if you get instant crash, check the address.

4. again, it should be:
offset 0x116683B
and last one same, without 00000 just 0x and address without any 0s.


does it even work when you change the value on the address ? lets say you put 10, will you jump off the ground ?
this should be right. if you get a crash, check the error message / code.

Code: Select all

offset 0x4001CD
inc esi
offset 0x116683B
call 0x4001CD
additionally, check my wiki and other game hacks. such as "aliens vs predator 2010" and "resident evil 5" on my wiki.
i have detailed tutorials there on how to write ASM scripts in tsearch (easywrite). those might come in handy.
also check "unlimited ammo hack"
cant bother to put links, cuz you will find them instantly when you use search on my wiki (knowledge database)

EDIT
i got confused cuz of your mess, where the heck are you getting this from?

Code: Select all

mov dword ptr [ESI+0D0],esi
i dont see it anywhere, you cant just change the instruction around like that.
debug it with tsearch and show me the breakpoint (whole thing, not just breakpoint, but full, with command)
if it doesnt have ",esi" at end, my code wotn work.
jsurfer
Newbie..
Newbie..
Posts: 4
Joined: Thu May 12, 2011 5:15 am

Re: Rift - Memory Editing

Post by jsurfer »

Ya I was wayyyy to tired posting that, theres actually errors in my post for the D4 and D0... lol so sorry about that, ill refrain from sleep typing lol...
I still need to read over your post some more and ill test this...

Is there anyway we can chat on aim or msn? PM me ur info , You seem willing to help and thats hard to find. Im trying to figure out the bext way to read/change the value that the instruction for Y(vertical coord) in asm, My ultimate goal would be to get inject asm code with my C# app that will return the value of the Y coordinate. Hope that makes sense..

my main goal is to be able to get the values of the player XYZ coords via injected asm, or through an injected DLL.... then once I achieve that, I want to modify the values in the same way.. (unless vice versa is easier)'

(i figured starting with learning how these injected scripts work would be good start.. although im not "new" just havent breached my full potential yet :) )

Hope this helps explain my goal here. Thank you so much!


Edit*** I tryed the script below... and it didnt crash the game but nothing happens.. I posted the poke stuff below
offset 0x4001CD
inc esi
offset 0x116683B
call 0x4001CD

Poke 4001CD 46
Poke 116683B E8 8D 99 29 FF

edit and that came from your post above....

Code: Select all

offset 0xEmpty_Memory_location_address
mov dword ptr [ESI+0D0],0xYOUR_VALUE_HERE
offset 0x1AC99E1
call 0xEmpty_Memory_location_address

edit again (and screw the 0xD0 instruction .. i was tired as hells lets just move on ill try to keep it cleaner! :)
is there anyway in my script to get the current Y value (vertical axis 0xD4) then rtell the instruction to just add +5(dec) to it? basicly a +5 step up teleport each time it executes?.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Rift - Memory Editing

Post by Sethioz »

offset 0x4001CD
inc esi
offset 0x116683B
call 0x4001CD

this should work. as i said, do it with Tsearch and post me what it shows in the debugger, not the poke.
i want to see the full instruction (see my tutorials on wiki).

poke is nothing but a simple "write to address"
so if you have this:

Code: Select all

Poke 4001CD 46
Poke 116683B E8 8D 99 29 FF
and you want to use asm, just do this:
its equal to that poke thingy above.

Code: Select all

offset 0x4001C
hex 46
offset 0x116683B
hex E88D9929FF

* you are making it too chaotic. in order to see value, you simply use tsearch's "autohack". the instruction you want to get value for, right click and register.
then on register tab you can choose which register you want to see (in your case ESI). and you can replace it there. however if you replace it there, then it will constantly be that value.

* if you want to increase it by 5 with each button press, just put "inc esi" 5 times (1 per line).


i do have msn and skype, but i prefer to keep it on forum. so everyone can read and learn. however i might do some live testing if you want, only if you post results here later (once you get it working). check your PM
jsurfer
Newbie..
Newbie..
Posts: 4
Joined: Thu May 12, 2011 5:15 am

Re: Rift - Memory Editing

Post by jsurfer »

lol I dont think your understanding my main goal here... I know how to see what the value is manually, I mean in ASM to get the value returned. since my goal isnt to use Tsearch for the rest of hacking lol I want to inject ASM code that will retrieve and return the value of the XYZ coords, and also code that can be injected and excuted to write values to the players XYZ.

I know theres a slight language barrier which is prob. what it is..... the only reason Im using tsearch is for testing to see how injected code works and such. Maybe I need to explain this differently... but telling me how to see the value in a debugger doesnt help, I already know how to do that, I want the ASM to do it for me... that way I can use it in my application... hope that helps some. thanks!
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Rift - Memory Editing

Post by Sethioz »

this is going bit offtopic, lets not discuss ASM here. keep in mind that it is still only about Rift, not general coding and debugging.
lets only discuss Rift here, the ASM script and if its working or not ..etc. not the part how to convert it into something and then write a trainer or something else ..etc.

so did it work ? check the memory address and see if value changed. cuz if you change the instruction of breakpoint, it has to have effect.
jsurfer
Newbie..
Newbie..
Posts: 4
Joined: Thu May 12, 2011 5:15 am

Re: Rift - Memory Editing

Post by jsurfer »

Ya the script did not work, the value stayed the same. Ill see if I can get you the debugger notes which I havent seen yet, Im trying to update a fly hack atm.. ill post here soon with results.
Post Reply