now we dont need patched game or unimod!!!

Everything related to modding, mapping and software or hacks

now we dont need patched game or unimod!!!

Postby panic » Sun Sep 29, 2019 11:47 pm

memory read and write on original.

principle:
The game supports 211 built-in script functions.
Built-in functions are internally managed as arrays of function pointers.
builtins function index: 0 to 210

According to the code at offset 0x508c16, this code receives the parameter of the index number.

but, A security flaw has occurred in this code.

What if you enter a value greater than 210?
the game will be crash.

but this is good news for me.
Suppose there is a valid function pointer in a position beyond the specified range.

The game will not crash anymore and perform it.
(if code is correct)

If so, write valid function pointer on specific memory address.

It is recommended to set the target memory to position 0x979740.

When a script function is executed, the variables declared in the function are temporarily stored here.
0x979740- This space is the script stack area.

Calculate the index value between the target address and the base address.
targetIndex = (target address-builtinsBaseAddress)/4

Edit the compiled script file with the hex editor.

The built-in function call opcode is 0x45. Enter a value that is calculated after this opcode.


import it!
Attachments
29sep20191743.jpeg.jpg
opcode
29sep20191743.jpeg.jpg (50.07 KiB) Viewed 85 times
panic
Veteran
Posts: 316
Joined: Thu Nov 12, 2015 3:47 pm

Re: now we dont need patched game or unimod!!!

Postby panic » Mon Sep 30, 2019 12:02 am

array overflow?
>> fail... base address is random.

string overflow?
>> fail... The base address is fixed at 0x97bb40.
>> but You can't do anything with the string type!!

function call overflow?
>> Yes it is!!

If you use well, it becomes a medicine, but if abused, it becomes poison.
panic
Veteran
Posts: 316
Joined: Thu Nov 12, 2015 3:47 pm


Return to Modding & Mapping

Who is online

Users browsing this forum: No registered users and 1 guest

cron