Wik and the Fable of Souls
Tutorial by: VegitoSSJ
Level: Beginner
Written 08-08-2005
What we will do in this lesson is this:
- Searching our memory
- Setting an breakpoint
- Finding an code cave
- Making the code cave
This tutorial will explain how to make an simple Infinite Life hack.
Get on with the show;)
1. Searching our memory
Well you start with 3 lives so exact value 1 byte, 3. Get back ingame lose an life exact value 1 byte, 2 etc.. Till you have found the right memory value ;)
I came up with 2 locations: C711C8 and C711D4.
C711D4 is the right one for me, Let's get going ;)
2. Setting an breakpoint
I assume you haven’t closed t-searh yet hehe ;)
Press autohack click on enable debugger and after that click on autohack window.
The autohack window looks like this:
So what we do is click on Edit, than click on Set breakpoint
What we do here is setting an read breakpoint on our memory address, we want to have infinite health for us only and not for the enemies. So look at the above picture what to do ;)
After that get back ingame and after a few seconds get back in the autohack window
Wow only one addresses here ;) easy
We will use that one than ;)
3. Finding an code cave
Load up CodeCaver made by spookie to find an nice codecave.
It looks like this:
So select the game wik from the processes and only enable the .data section, always pick an cave from there if there is enough space. It is more stable placing your code in there ;)
Wel browse along an pick an address, an simple health hack is about max 35 bytes long so pick an place where more than 35 bytes are free to write ;)
I picked 6dd055
Now that we have our codecave we can continue building the cave and make us immortal hehe ;)
4. Making the code cave
We are gonna make the code cave in easywrite. Making code caves is like the follow steps:
- First we find some space to make our code:
- Second thing is we are gonna make an jmp from the health pointer to our code cave to write our own code there.
- We rebuild the instructions we destroyed with the jump.
- When we are done writing our code there we jmp back to the original game routine ;)
On with the show.
You need to enable easywrite in t-search by pressing view and than click on easywrite.
We are gonna make the hack one by one so watch closely ;)
Just follow the steps,
Here you go mate this is the injection ass you normally should make it but look closely at address 498a50 in the above screen and the lower screen.
In the above screen address 49a850 E9 00 46 24 00 is 5 bytes long
In the lower screen our original instruction at address 49a850 8B 41 5C is 3 bytes long so we are destroying to much code with the jmp.
How do we fix this? Easy just rebuild the instructions which are also destroyed with the jmp.
So we only need 2 more bytes to balance out the jmp, So back in our autohack window:
You see address 498a53 and address 498a54 both are 1 byte long so we need to rebuild those instructions also.
So back in easywrite:
You see that in the topscreen and the lower screen address 498a50 both are 5 bytes now?
And look out our jmp to the normal game routine is at address 498a55. Why is that you think an normal jmp is 5 bytes long, with this jmp we destroyed 2 more bytes which we had to rebuild in our code cave. So this makes our normal game routine at address 498a55.
Well the whole code should look like this now:
As you can see I left the commenting out ;)
Well I hope you learned something from it.
