Threaded Mode | Linear Mode

***cw2k*** · (This post was last modified: 11-05-2012 04:41 PM by cw2k.)

(11-05-2012 03:26 AM)punjab5 Wrote: can u pls help me in this file also http://rghost.net/41311119

NFSW_SpeedHack build1207_by_gmz_analyse by cw2k.7z (Size: 17.47 KB / Downloads: 101)

Code:

Loader __NFSW_03.11.2012.exe 

-> looks for Window "GameFrame NEED FOR SPEEDÖ WORLD"

gets

  https://sites.google.com/site/nfswhackhome/NFSW.BIN

and start it inside the the NFS-process

NFSW.BIN_00BF0000.exe unpacked

Patch data

==========

Initial Patch

Nr    Len         PatchData         VAdress in Proess NFSW.exe

#15    06            9059EB42D233    dest = 1025328E

#14    01                      EB    dest = 10231F79

#13    05              9090C3C033    dest = 10284400

#12    01                      C3    dest = 102535D0

#11    02                    C03A    dest = 103CE19C

#10    01                      C3    dest = 103CB4C0

#0F    10            FA771E3C310F    dest = 10252CF3

#0E    01                      EB    dest = 1020386A

#0D    02                    12EB    dest = 10124E5B

#0C    01                      EB    dest = 1050F4FC

#0B    05              9090909090    dest = 10137DC5

#0A    05              9090909090    dest = 10137DF8

#09    05              9090909090    dest = 10137E2B

#08    05              9090909090    dest = 10137E5E

#07    10        xxxxxxxx000035FF    dest = 1027F573

#06    03                  90C03A    dest = 103D4263

#05    01                      EB    dest = 103E1D41

#04    02                    10EB    dest = 1008E118

#03    04                9040C033    dest = 100C3A17

#02    01                      EB    dest = 1011F91D

#01    02                    C03A    dest = 10089AA6

#xx    04                 00000000          1027F575

#yy    04                 00000000          1027F57B

Some patch data details:

#07    10        xxxxxxxx000035FF    dest = 1027F573

          $ ==>      FF35 00000000   PUSH    [DWORD 0]

          $+6        FF15 00000000   CALL    [0]

          $+C        EB 50           JMP     SHORT 100032A0

          $+E        90              NOP

          $+F        90              NOP

#0F    10            FA771E3C310F    dest = 10252CF3

                  $ ==>    0F31            RDTSC

                  $+2      3C 1E           CMP     AL, 1E

                  $+4      77 FA           JA      SHORT <RDTSC>

                  $+6      0FB6D0          MOVZX   EDX, AL

                  $+9      83FA 01         CMP     EDX, 1

                  $+C      77 02           JA      SHORT <End>

                  $+E      42              INC     EDX

                  $+F      42              INC     EDX

#15    06            9059EB42D233    dest = 1025328E

                            33D2            XOR     EDX, EDX

                            42              INC     EDX

                            EB 59           JMP     SHORT 10003268

Incomplete there are more - use IDA the get them out

Quote:can you please give me a step wise descripton how you convert exe to .ct and what the tools i need ?, i would be very thankful to u

:-/What steps ya need?

Plz try at least to make the first and start.
Tongue

Tools are Winhex, FlexHex or some other Hexeditor that supports to open the memory of a process.

Quote
from my last post there I Wrote:Just dump uncompressed data from memory while script/Trainer is loaded.
open "NFSW Mega Trainer.EXE" Process in Winhex / Entired RAM

Search for CheatEngineTableVersion
copy&paste the data around and into *.CT.
Done.

More specific question are welcome.

What ya like to do - any concrete target.