i will give some tips here which could help :
1- learn using some winapis .. learning what LoadLibrary and GetModuleHandle do is a good idea
2- learn basics of assembly.. you will need some of them which iam going to explain:
registers : acts like variables in coding , but they are stored in the cpu not the ram
in x86 there is 9 32 bit registers : EAX, EBX, ECX, EDX, ESI, EDI, ESP, EBP, EIP
a 16 bit version of them is also available (without the E)
and AX, BX, CX, DX is formed of two 8 bit registers (replacing the X with either L or H)
MOV dest, source command: copies the value of source to dest can appear in different forms like :
MOV [dest], source : copies the value of source to the variable stored in address dest
MOV dest, [source] : copies the value stored in address source to dest
the signs + and * can also appear, only with the []
examples:
mov eax, eax ; nothing happens
mov eax, 100 ; eax equals 0x100 after this operation
mov [40EA00], eax ;value at 0x40EA00 becomes 0x100 after this operation
mov ecx, 40EA00 ;ecx will equal 0x40EA00
mov edx, [ecx] ;edx will equal 0x100
lea dest, [source] command :
almost like mov, but the difference it calculates source expression but without reading a value from it
example:
lea esi, [ecx+edx*2] ; esi equals 0x40EA00 + 0x100 * 2 = 0x40EC00
lea eax, [eax] ; nothing will happen ofc
fld [source] and fstp [dest] :
acts like mov but with floats.
3- download and try to practice ollydbg
OllyDbg v1.10
after finishing these steps get latest unpacked cshell.dll from here
https://www.mpgh.net/forum/242-crossf...-7-2012-a.html
and try to load it in ollydbg .. the stats bar should say "entry point of debugged dll"
if it doesnt say that try making a program that loads the unpacked cshell (if you read info about LoadLibrary you will find it easy!)
make sure you are viewing cshell by right click -> view -> module cshell_whatever
try to search common string refrences used in cshell.. to do that right click then pick search for -> all refrenced text strings
then right click in the new window and pick find then type a string.. u may use these:
ReloadAnimRatio : no reload delay
ChangeWeaponAnimRatio : no change delay
AmmoDamage : no need to explain
CharacterHiddenAlpha / CharacterHiddenWalkAlpha / CharacterHiddenRunAlpha : see ghosts
DistFallDamageStartFrom /DamagePerMeter : no fall damage
for example iam going to DistFallDamageStartFrom as its very easy
so u type DistFallDamageStartFrom in the search box and press enter twice to go to the code
you would see something like this :
there is two useful commands here
MOV EDX,DWORD PTR DS:[10B740F8]
FSTP DWORD PTR DS:[EDX]
translating to c++ will give something like that:
Code:
DWORD myEDX = *(0x10B740F8);
*(myEDX) = something; // (lets say 99999.0f)
correct? no it isnt because in first line you are trying to read from a dword
and in the second line you are trying to write a float value to a dword
lets fix that by type casting to other types:
Code:
DWORD myEDX = *(DWORD*)(0x10B740F8);
*(float*)(myEDX) = 99999.0f;
now thats better but still a problem.. what if the pointer myEDX is not valid?
it will cause the game to crash so we will add a check of NULL pointer
Code:
DWORD myEDX = *(DWORD*)(0x10B740F8);
if (myEDX)
{
*(float*)(myEDX) = 99999.0f;
}
almost correct! there is only one problem
cshell is loaded at 0x10000000 (press alt + E in ollydbg to check) .. but when the game loads it .. it will probably go to different address
so the easiest way is to convert the address 0x10B740F8 to offset by subtracting 0x10000000 (the result is 0xB740F8)
then convert it back to an address ingame
if you already read about GetModuleHandle, you would have known it takes module name as a parameter and returns base address as HMODULE on success
again, we will type cast the result to DWORD so we can add it to 0xB740F8
so the final code will look like this:
Code:
DWORD CShell = (DWORD)GetModuleHandle(L"CShell.dll");
if (CShell)
{
DWORD myEDX = *(DWORD*)(0x10B740F8);
if (myEDX)
{
*(float*)(myEDX) = 99999.0f;
}
}
if you have any problem in any of this steps tell me through pm or in msn
good luck