Teach you how to analyze and crack the XBOX game
reprint this article if you retain full!
Game Name: Dino Crisis 3 (Dino Crisis 3 Edition)
tools used: IDA Pro 4.5 full new decompilation tools the xbe xbox version supports the file format support
uedit v10.x 16 hex editing tools
EvoXDTSR_02 [1] .06.04 xbox fpe of editing tools similar to crack difficult
Analysis: Analysis of general
crack by: Tate
Affiliation: = BCG = = [DCG] =
own work: dog >
I Forum:
Oicq: 79234668
decrypt this article dedicated to all the loving friends!
online does not have an article related to me off the ground, I just generally talk about the idea of change! In fact, about the same and crack the dongle do not want to master laughed Yeah!
we want to help!
(1) first talk EVox Trainer and EvoXDTSR_02 [1] .06.04 use, point to tell you the basics .
cited articles, the author is SpriteZ!
EVox Trainer Report.
hi, I'm SpriteZ. Recently, in a continuous search for and test sites abroad, finally EVox get under the Trainer, in particular to share with the enthusiasts.
any deficiencies, welcome criticism correction (spritez_z@hotmail.com).
1. What is a Trainer?
Trainer fact is that the domestic-called PS/PS2, DC, GBA, which have the appropriate hardware, but the XBOX has been no fine now,
new version of EvolutionX already contains this function, and in the EvolutionX 1.8.3921 and later versions contain the function. because I do not
whole series of EvolutionX, therefore, I'm not sure that this feature is that the version from the start and some short, if you want to
use this feature, please use the latest version of EvolutionX !!!
now, I'm using EvolutionX 1.8.3959, all tests are passed in this release version.
2. How to Start Trainer features?
2.1 is very simple, edit your EVOX. INI file, in your menu, add the following line:
Item Trainers directory created under the root directory will cheat file, copy this directory. EVox the cheat file is. etm
the end of the file you will EvolutionX from
2.2 in the IGR (In Game Reset) option is set to Yes, the TSR option is set to Normal (or Debug).
are ready? Well, now restart your machine (remember, be sure to restart your XBOX).
2.3 XBOX restart, your menu more than a Trainers, if your XBOX in the c: Trainers have been under the cheat file, then you can enter the Trainers
menu item, and cheat to see the list. < br> select the cheat you want to start, this time, will enter a new page, which is the beginning Enable item, general and there are other options.
if you know what these options meaning, can be selected (Yes). If your English is not good, then I suggest you to choose all the options
Yes.
Finally, please remember to select Exit & Save (save and exit) to end your set.
2.4 Congratulations, now you can run your finger in the game start (CD-ROM, hard disk can be). You must have amazed.
3. Note matters:
3.1 you can open multiple finger, such as SoulCalibur 2, Dino Crisis 3, Dead to Rights, etc., EvolutionX will run the game under
you to choose start the cheat.
3.2 cheat file you downloaded, please find out your game version (Japanese version, the U.S. version, release date, etc.), mentioned above, EvolutionX will
automatically based on your run of the game, select Start Goldfinger , if the wrong version will not have any effect. So, please clarify the version.
I began to have committed such a mistake.
3.3 Most of the foreign site is provided for the U.S. version of Goldfinger , so when you buy the game next time to choose a U.S. version of it
EVox Trainer Report (2).
hi, I'm SpriteZ. Recently, in a continuous search for and test sites abroad, and finally Trainer under the EVox get, special to share with the enthusiasts.
any deficiencies, welcome to criticize correction (spritez_z@hotmail.com).
1. a bunch of nonsense have to say:
the Previous articles are resumed, mainly describes the work on the Evox Trainer principle, the problem does not involve the installation settings. So what if you want to know if
installation settings and activate the Trainer's Friend, see the article on it . This hope for a better understanding of Trainer, and have some basic knowledge
friends to read. However, please note the following talk about things, but some of my personal experience, there is no authority directly in the article or machine < br> configuration information for confirmed, it is inevitable errors and omissions, please read those self-correcting, and correct me, thank you.
now, I'm using EvolutionX 1.8.3959, all tests are passed in this release version.
2.EVox Trainer How does it work?
present, we rely almost seen Goldfinger hardware support. The reason is that we must be in a normal procedure (the game) is running
, at the right time to interrupt it, and get control (programs written to run our own). As for the interruption of the method is to rely on the majority of finger
card hardware, and some have their own card cheat processor (MCU), it has its own procedures, can generate an external interrupt. and our PC
machine and there is no corresponding cheat XBOX hardware, how they are using the cheat? The answer is to rely on the system and BIOS interface or back door. PC
Machine FPE, etc. are all familiar with, Windows operating system itself to provide the interface but still need some skills to obtain high-level control. XBOX then we must rely on our EvolutionX
and support of IGR The BIOS of the (details see next section).
from the work point of view, playing most of the cheat is to use timer interrupt, modify the development of memory data (Data section), such as the protagonist of the game of life values,
Ammunition for a specified number of its fixed value. the other is only run once before running the program, modify the game program (Text), the words of a memory cell repair
change (such as the protagonist of the game of life value, the number of ammunition) remove or block out the instructions. EVox Trainer on a number in this way.
Both methods have advantages, the first, simple, can be made into a separate module. junior level people can also make your own finger, just find
memory cell to be modified to specify good data, the module will automatically lock the value of Goldfinger. And the second is complex, making people have to cheat to
read the game program (assembler #) of the corresponding parts, to determine how to modify in order to generate the corresponding cheat program (*. etm) file. but
advantage is that not only can be used to cheat, but also on the program patch ( patch). Therefore, to adapt to a wider range.
3.EVox Trainer is how to start?
then, EVox Trainer is how to start it? remember I was mentioned in the article, in the EvolutionX IGR and TSR settings to open up?
If you're smart, you can think of, IGR can generate an interrupt, and TSR is allowed to load our cheat program (*. etm).
IGR ( In Game Reset) will start EvolutionX IRQ interrupt the monitoring of the handle. to know if we run default.xbe program.
default.xbe XBOX game of all the default implementation procedures, which identifies the game contains two important messages , anastomosis is on the first execution Trainer program (*. etm). At this point, Trainer program will modify the already loaded into memory default.xbe
program. After, EvolutionX will run in memory default.xbe procedures, our the game started.
understand? So, Trainer program is to pick default.xbe file, if the game does not match the version or date and Trainer, Trainer
will not run. Therefore, you can Enable multiple Trainer, EvolutionX will automatically start the appropriate file.
But, on the other hand, if you find that after you download the Trainer Enable does not work, then, can only show the version of the game or date and br> Trainer just not the same set.
on TSR I do not want to say, the concept and then DOS TSR in the same people who are interested can access relevant information.
4 final nonsense:
I do not know how many people are interested in reading this article may be difficult to understand some. But, after all, not a lot of the time I block, so I
while now in one go, write this. do not know the advanced part (Production Trainer) still have the chance to write about. Perhaps, more friends and individual interest in private exchanges
it.
I'm not a real player, there is no excuse to fight off plenty of time to slowly leveling, so carry out some cheat heretical that we should not learn from me
.
From:
with EvoXDTSR_02 [1] .06.04 game this tool to find the data we are interested in study addresses
EVox Trainer (advanced articles on) with Figure
Download:
<1>
< br> <2>
(2) xbox game the main executable file names are default.xbe, now move on to the question of how to modify the xbe file, I said two parts are Tempests ammunition
<1> some
first use of weapons and ammunition EvoXDTSR_02 [1] .06.04 this tool to find the address of weapons and ammunition, will not see SpriteZ articles written about
look after 3 times will find 353,114 after This address poke the address really is the address of the number of Tempests,
Breakpoints window and then double-click with the mouse in the # 0 will pop up a Create a new breakpoint: the window offset: add 353,114 to this address in option byte
size If it is a large number of over 6 on the election dword or word, break on: Select write after this break point is set ok done! now return to the game launch Tempests
EvoXDTSR_02 [1] .06.04 will pop up A new interrupt window! Note the address in item 2 of the 19B0C records compiled by IDA PRO 4.5 Anti-default.xbe program
finished, press G to enter the carriage came to the following sections 19B0C:
mov edx , [esp +28 h + arg_0]
. text: 00019AF1 mov ecx, dword_353114 [edx * 4] to take the data from the memory
. text: 00019AF8 xor eax, eax
. text: 00019AFA add edi, offset unk_203440
. text: 00019B00 cmp ecx, eax determine the ammunition is not used
. text: 00019B02 jle short loc_19B0C = used to jump
. text: 00019B04 dec ecx = ecx-1 Note that this is No amount of ammunition used by a
. text: 00019B05 mov dword_353114 [edx * 4], ecx ammunition write data back to the original address
. text: 00019B0C
. text: 00019B0C loc_19B0C:; CODE XREF: sub_19A60 + A2 u0018j will watch this to find DEC instruction
. text: 00019B0C mov ecx, [ebp +1 DB4h]
. text: 00019B12 mov edx, [ecx +5 E4h]
. text: 00019B18 xorps xmm0, xmm0
. text: 00019B1B inc edx
. text: 00019B1C mov [ecx +5 E4h], edx
. text: 00019B22
change the law, there are two! (1) to 00019B04 to 41 inc ecx into machine code that is to add 1
(2) can also change the nop opcode 00019B04 90 is what is not done!
<2> to change methods and unlimited ammunition
<1 ,],[ammunition storage address
. text: 0005CCDD add esp, 8
. text: 0005CCE0 test eax, eax find no
. text: 0005CCE2 jz short loc_5CD04 ====> not found to jump
. text: 0005CCE4 mov ecx, [eax] ====> found! quantity of ammunition out to ecx
. text: 0005CCE6 test ecx, ecx is not running out of
. text: 0005CCE8 jle short loc_5CCED jump out of the
. text: 0005CCEA dec ecx number of unused ammunition by a
. text: 0005CCEB mov [eax], ecx to write back to address the number of ammunition in the
. text: 0005CCED
. text: 0005CCED loc_5CCED:; CODE XREF: sub_5BDB0 + F38 u0018j
. text: 0005CCED cmp dword ptr [eax], 0 will go to the DEC instruction to the point of view to find
. text: 0005CCF0 jnz short loc_5CD04
. text : 0005CCF2 mov eax, [esi +1 DB4h]
. text: 0005CCF8 mov ecx, [eax +330 h]
. text: 0005CCFE mov [eax +334 h], ecx
also change the law, there are two! (1) the 0005CCEA machine code can be changed is 41 inc ecx is plus 1! changed since then, fire a gun and ammunition when it is not a minus 1 plus 1!
(2) can also 0005CCEA machine into nop Code 90 is what is not done!
tutorial finished! want to read the xbox friends and want to change the way software can not find friends help!
originally wanted to write a Trainer program (*. etm) to dynamically modify the results default.xbe written a paper with MXT_EasyEvoXTrainerMaker 1.0 generated etm difficult to use!
later analysis of the modified files directly money Tempests unlimited ammunition! need of a friend I can go to my site to download! < br> support of friends back to a post! Thank you!
related tools Download! can go to www.baidu.com search!
Tate
04:20 am written in 2004 - 07-20
reprint this article if you retain full!
reprint this article if you retain full!
Game Name: Dino Crisis 3 (Dino Crisis 3 Edition)
tools used: IDA Pro 4.5 full new decompilation tools the xbe xbox version supports the file format support
uedit v10.x 16 hex editing tools
EvoXDTSR_02 [1] .06.04 xbox fpe of editing tools similar to crack difficult
Analysis: Analysis of general
crack by: Tate
Affiliation: = BCG = = [DCG] =
own work: dog >
I Forum:
Oicq: 79234668
decrypt this article dedicated to all the loving friends!
online does not have an article related to me off the ground, I just generally talk about the idea of change! In fact, about the same and crack the dongle do not want to master laughed Yeah!
we want to help!
(1) first talk EVox Trainer and EvoXDTSR_02 [1] .06.04 use, point to tell you the basics .
cited articles, the author is SpriteZ!
EVox Trainer Report.
hi, I'm SpriteZ. Recently, in a continuous search for and test sites abroad, finally EVox get under the Trainer, in particular to share with the enthusiasts.
any deficiencies, welcome criticism correction (spritez_z@hotmail.com).
1. What is a Trainer?
Trainer fact is that the domestic-called PS/PS2, DC, GBA, which have the appropriate hardware, but the XBOX has been no fine now,
new version of EvolutionX already contains this function, and in the EvolutionX 1.8.3921 and later versions contain the function. because I do not
whole series of EvolutionX, therefore, I'm not sure that this feature is that the version from the start and some short, if you want to
use this feature, please use the latest version of EvolutionX !!!
now, I'm using EvolutionX 1.8.3959, all tests are passed in this release version.
2. How to Start Trainer features?
2.1 is very simple, edit your EVOX. INI file, in your menu, add the following line:
Item Trainers directory created under the root directory will cheat file, copy this directory. EVox the cheat file is. etm
the end of the file you will EvolutionX from
2.2 in the IGR (In Game Reset) option is set to Yes, the TSR option is set to Normal (or Debug).
are ready? Well, now restart your machine (remember, be sure to restart your XBOX).
2.3 XBOX restart, your menu more than a Trainers, if your XBOX in the c: Trainers have been under the cheat file, then you can enter the Trainers
menu item, and cheat to see the list. < br> select the cheat you want to start, this time, will enter a new page, which is the beginning Enable item, general and there are other options.
if you know what these options meaning, can be selected (Yes). If your English is not good, then I suggest you to choose all the options
Yes.
Finally, please remember to select Exit & Save (save and exit) to end your set.
2.4 Congratulations, now you can run your finger in the game start (CD-ROM, hard disk can be). You must have amazed.
3. Note matters:
3.1 you can open multiple finger, such as SoulCalibur 2, Dino Crisis 3, Dead to Rights, etc., EvolutionX will run the game under
you to choose start the cheat.
3.2 cheat file you downloaded, please find out your game version (Japanese version, the U.S. version, release date, etc.), mentioned above, EvolutionX will
automatically based on your run of the game, select Start Goldfinger , if the wrong version will not have any effect. So, please clarify the version.
I began to have committed such a mistake.
3.3 Most of the foreign site is provided for the U.S. version of Goldfinger , so when you buy the game next time to choose a U.S. version of it
EVox Trainer Report (2).
hi, I'm SpriteZ. Recently, in a continuous search for and test sites abroad, and finally Trainer under the EVox get, special to share with the enthusiasts.
any deficiencies, welcome to criticize correction (spritez_z@hotmail.com).
1. a bunch of nonsense have to say:
the Previous articles are resumed, mainly describes the work on the Evox Trainer principle, the problem does not involve the installation settings. So what if you want to know if
installation settings and activate the Trainer's Friend, see the article on it . This hope for a better understanding of Trainer, and have some basic knowledge
friends to read. However, please note the following talk about things, but some of my personal experience, there is no authority directly in the article or machine < br> configuration information for confirmed, it is inevitable errors and omissions, please read those self-correcting, and correct me, thank you.
now, I'm using EvolutionX 1.8.3959, all tests are passed in this release version.
2.EVox Trainer How does it work?
present, we rely almost seen Goldfinger hardware support. The reason is that we must be in a normal procedure (the game) is running
, at the right time to interrupt it, and get control (programs written to run our own). As for the interruption of the method is to rely on the majority of finger
card hardware, and some have their own card cheat processor (MCU), it has its own procedures, can generate an external interrupt. and our PC
machine and there is no corresponding cheat XBOX hardware, how they are using the cheat? The answer is to rely on the system and BIOS interface or back door. PC
Machine FPE, etc. are all familiar with, Windows operating system itself to provide the interface but still need some skills to obtain high-level control. XBOX then we must rely on our EvolutionX
and support of IGR The BIOS of the (details see next section).
from the work point of view, playing most of the cheat is to use timer interrupt, modify the development of memory data (Data section), such as the protagonist of the game of life values,
Ammunition for a specified number of its fixed value. the other is only run once before running the program, modify the game program (Text), the words of a memory cell repair
change (such as the protagonist of the game of life value, the number of ammunition) remove or block out the instructions. EVox Trainer on a number in this way.
Both methods have advantages, the first, simple, can be made into a separate module. junior level people can also make your own finger, just find
memory cell to be modified to specify good data, the module will automatically lock the value of Goldfinger. And the second is complex, making people have to cheat to
read the game program (assembler #) of the corresponding parts, to determine how to modify in order to generate the corresponding cheat program (*. etm) file. but
advantage is that not only can be used to cheat, but also on the program patch ( patch). Therefore, to adapt to a wider range.
3.EVox Trainer is how to start?
then, EVox Trainer is how to start it? remember I was mentioned in the article, in the EvolutionX IGR and TSR settings to open up?
If you're smart, you can think of, IGR can generate an interrupt, and TSR is allowed to load our cheat program (*. etm).
IGR ( In Game Reset) will start EvolutionX IRQ interrupt the monitoring of the handle. to know if we run default.xbe program.
default.xbe XBOX game of all the default implementation procedures, which identifies the game contains two important messages , anastomosis is on the first execution Trainer program (*. etm). At this point, Trainer program will modify the already loaded into memory default.xbe
program. After, EvolutionX will run in memory default.xbe procedures, our the game started.
understand? So, Trainer program is to pick default.xbe file, if the game does not match the version or date and Trainer, Trainer
will not run. Therefore, you can Enable multiple Trainer, EvolutionX will automatically start the appropriate file.
But, on the other hand, if you find that after you download the Trainer Enable does not work, then, can only show the version of the game or date and br> Trainer just not the same set.
on TSR I do not want to say, the concept and then DOS TSR in the same people who are interested can access relevant information.
4 final nonsense:
I do not know how many people are interested in reading this article may be difficult to understand some. But, after all, not a lot of the time I block, so I
while now in one go, write this. do not know the advanced part (Production Trainer) still have the chance to write about. Perhaps, more friends and individual interest in private exchanges
it.
I'm not a real player, there is no excuse to fight off plenty of time to slowly leveling, so carry out some cheat heretical that we should not learn from me
.
From:
with EvoXDTSR_02 [1] .06.04 game this tool to find the data we are interested in study addresses
EVox Trainer (advanced articles on) with Figure
Download:
<1>
< br> <2>
(2) xbox game the main executable file names are default.xbe, now move on to the question of how to modify the xbe file, I said two parts are Tempests ammunition
<1> some
first use of weapons and ammunition EvoXDTSR_02 [1] .06.04 this tool to find the address of weapons and ammunition, will not see SpriteZ articles written about
look after 3 times will find 353,114 after This address poke the address really is the address of the number of Tempests,
Breakpoints window and then double-click with the mouse in the # 0 will pop up a Create a new breakpoint: the window offset: add 353,114 to this address in option byte
size If it is a large number of over 6 on the election dword or word, break on: Select write after this break point is set ok done! now return to the game launch Tempests
EvoXDTSR_02 [1] .06.04 will pop up A new interrupt window! Note the address in item 2 of the 19B0C records compiled by IDA PRO 4.5 Anti-default.xbe program
finished, press G to enter the carriage came to the following sections 19B0C:
mov edx , [esp +28 h + arg_0]
. text: 00019AF1 mov ecx, dword_353114 [edx * 4] to take the data from the memory
. text: 00019AF8 xor eax, eax
. text: 00019AFA add edi, offset unk_203440
. text: 00019B00 cmp ecx, eax determine the ammunition is not used
. text: 00019B02 jle short loc_19B0C = used to jump
. text: 00019B04 dec ecx = ecx-1 Note that this is No amount of ammunition used by a
. text: 00019B05 mov dword_353114 [edx * 4], ecx ammunition write data back to the original address
. text: 00019B0C
. text: 00019B0C loc_19B0C:; CODE XREF: sub_19A60 + A2 u0018j will watch this to find DEC instruction
. text: 00019B0C mov ecx, [ebp +1 DB4h]
. text: 00019B12 mov edx, [ecx +5 E4h]
. text: 00019B18 xorps xmm0, xmm0
. text: 00019B1B inc edx
. text: 00019B1C mov [ecx +5 E4h], edx
. text: 00019B22
change the law, there are two! (1) to 00019B04 to 41 inc ecx into machine code that is to add 1
(2) can also change the nop opcode 00019B04 90 is what is not done!
<2> to change methods and unlimited ammunition
<1 ,],[ammunition storage address
. text: 0005CCDD add esp, 8
. text: 0005CCE0 test eax, eax find no
. text: 0005CCE2 jz short loc_5CD04 ====> not found to jump
. text: 0005CCE4 mov ecx, [eax] ====> found! quantity of ammunition out to ecx
. text: 0005CCE6 test ecx, ecx is not running out of
. text: 0005CCE8 jle short loc_5CCED jump out of the
. text: 0005CCEA dec ecx number of unused ammunition by a
. text: 0005CCEB mov [eax], ecx to write back to address the number of ammunition in the
. text: 0005CCED
. text: 0005CCED loc_5CCED:; CODE XREF: sub_5BDB0 + F38 u0018j
. text: 0005CCED cmp dword ptr [eax], 0 will go to the DEC instruction to the point of view to find
. text: 0005CCF0 jnz short loc_5CD04
. text : 0005CCF2 mov eax, [esi +1 DB4h]
. text: 0005CCF8 mov ecx, [eax +330 h]
. text: 0005CCFE mov [eax +334 h], ecx
also change the law, there are two! (1) the 0005CCEA machine code can be changed is 41 inc ecx is plus 1! changed since then, fire a gun and ammunition when it is not a minus 1 plus 1!
(2) can also 0005CCEA machine into nop Code 90 is what is not done!
tutorial finished! want to read the xbox friends and want to change the way software can not find friends help!
originally wanted to write a Trainer program (*. etm) to dynamically modify the results default.xbe written a paper with MXT_EasyEvoXTrainerMaker 1.0 generated etm difficult to use!
later analysis of the modified files directly money Tempests unlimited ammunition! need of a friend I can go to my site to download! < br> support of friends back to a post! Thank you!
related tools Download! can go to www.baidu.com search!
Tate
04:20 am written in 2004 - 07-20
reprint this article if you retain full!
No comments:
Post a Comment