We’ll restart the entire game and then use this code in the injection instead: How we can patch this is by only setting ecx if eax is equal to the score’s address. We’ll then need a Code Injection template in the new Auto Assemble window in Template -> Code Injection, then the address to inject is the blue-highlighted line.Įnter in our assembly code to change ecx and then press execute.Įasy! But what’s this? Our ball number has also changed to exactly the same value? Okay, because I’m lazy and I can’t be bothered taking too many screenshots, basically, what happens if we scan for the address of the ball (like we did for our score), we end up at the same piece of code but with eax holding the value of the ball number (instead of the score). So how do we get to a score of 696969 then? Well, let’s try injecting some code to constantly set ecx to our desired value in Tools -> Auto Assemble. Instead, the score being passed to ecx is moved to the location to where eax points. In the bottom right window, we see the address of eax which is the same one from the scan but eax doesn’t actually keep track of the value. Right here, we can see that the score value that we captured from the scan was not what we wanted. Okay, it’s not as easy in this scenario because it probably works differently than we expected, so let’s see what’s actually happening in the code. Now, we can try editing this value to see what happens to our score. Like so:Īfter typing in 6000 as our value and clicking First Scan, CE instantly finds a corresponding value and its address. Since our score is currently 0 and there are more than likely a billion 0s in memory, we will start off the game and get a number which is less likely to already exist in memory. we want to scan for our score so we can edit its value in memory. In the value box, we need to do a First Scan to find the value we want in memory, i.e. For those who do know and have used Cheat Engine before (as a kid), the first couple of steps might be familiar.įirst, we’ll open up the game and Cheat Engine, then proceed to load the pinball.exe process like so: For those who aren’t familiar with Cheat Engine, it’s basically a memory-hacking tool which accesses another process’s memory space for disassembling and debugging… and causing mayhem by changing values everywhere. The tool we are going to use is the classic Cheat Engine (I’ll be using version 6.6), infamous (especially around kids) for being used to hack game scores on their favourite games. Well, it’s actually pretty easy if you have the right tool and the relevent skills (obviously). What we’re going to do first is exploring how one could go about and change their game score. Enjoy! Hacking 3D Pinball - Space Cadet Hacking the In-game Score This write up is motivational material for other reverse engineers out there and just lulz for everybody else who is interested. I’ve been getting more into reverse engineering these few days and I thought I’d give my skills a shot at a real application and see how far I could go. When someone has too much time on their hands (and usually also has a lot of work to do), their productivity sometimes slips… and by “slips”, I mean it completely collapses into itself and implodes.ĪNYWAY, back to the focus of this thread, I decided to have some fun with my newly installed Windows XP OS on my VM, and by fun, I mean screwing around with this wonderful game which brings me back so many memories: 3D Pinball - Space Cadet.
0 Comments
Leave a Reply. |