[solved] New Cheat

[Xidd]

JNZ = jump if not equal =]

not sure how fkeys apply here tbh - he was asking about cheats like lf2.net. single key cheats could be made via the dll use GetASyncKey without much hassle - kinda like how they do in game Trainers (cheat programs)

anyway - im quite glad to say that im not wrong :twisted: ofc it breaks when you press a button... it has to check every key input to see if you started typing in the cheat

ASM-Code: 0043B54E . 85C0 TEST EAX,EAX ; check if count is 0 0043B550 . B9 02000000 MOV ECX,2 0043B555 . B2 64 MOV DL,64 0043B557 . 8893 78534500 MOV BYTE PTR DS:[EBX+455378],DL 0043B55D . 8D71 01 LEA ESI,DWORD PTR DS:[ECX+1] 0043B560 . 8D79 03 LEA EDI,DWORD PTR DS:[ECX+3] 0043B563 . 75 14 JNZ SHORT 0043B579 ; jump if count isn't 0 0043B565 . 83FB 4C CMP EBX,4C ; L 0043B568 . 0F85 A2000000 JNZ 0043B610 0043B56E . 892D 7C854500 MOV DWORD PTR DS:[45857C],EBP 0043B574 . E9 A1000000 JMP 0043B61A 0043B579 > 3BC5 CMP EAX,EBP ; check if count is 1 0043B57B . 75 10 JNZ SHORT 0043B58D 0043B57D . 83FB 46 CMP EBX,46 ; F 0043B580 . 75 6D JNZ SHORT 0043B5EF 0043B582 . 890D 7C854500 MOV DWORD PTR DS:[45857C],ECX 0043B588 . E9 8D000000 JMP 0043B61A 0043B58D > 3BC1 CMP EAX,ECX ; check if count is 2 0043B58F . 75 0D JNZ SHORT 0043B59E 0043B591 . 83FB 32 CMP EBX,32 ; 2 0043B594 . 75 5E JNZ SHORT 0043B5F4 0043B596 . 8935 7C854500 MOV DWORD PTR DS:[45857C],ESI 0043B59C . EB 7C JMP SHORT 0043B61A 0043B59E > 3BC6 CMP EAX,ESI ; check if count is 3 0043B5A0 . 75 14 JNZ SHORT 0043B5B6 0043B5A2 . 81FB BE000000 CMP EBX,0BE ; . 0043B5A8 . 75 4F JNZ SHORT 0043B5F9 0043B5AA . C705 7C854500>MOV DWORD PTR DS:[45857C],4 0043B5B4 . EB 64 JMP SHORT 0043B61A 0043B5B6 > 83F8 04 CMP EAX,4 ; check if count is 4 0043B5B9 . 75 0D JNZ SHORT 0043B5C8 0043B5BB . 83FB 4E CMP EBX,4E ; N 0043B5BE . 75 3E JNZ SHORT 0043B5FE 0043B5C0 . 893D 7C854500 MOV DWORD PTR DS:[45857C],EDI 0043B5C6 . EB 52 JMP SHORT 0043B61A 0043B5C8 > 3BC7 CMP EAX,EDI ; check if count is 5 0043B5CA . 75 11 JNZ SHORT 0043B5DD 0043B5CC . 83FB 45 CMP EBX,45 ; E 0043B5CF . 75 35 JNZ SHORT 0043B606 0043B5D1 . C705 7C854500>MOV DWORD PTR DS:[45857C],6 0043B5DB . EB 3D JMP SHORT 0043B61A 0043B5DD > 83F8 06 CMP EAX,6 ; check if count is 6 0043B5E0 . 75 2E JNZ SHORT 0043B610 0043B5E2 . 83FB 54 CMP EBX,54 ; T 0043B5E5 . 75 24 JNZ SHORT 0043B60B 0043B5E7 . 8815 71544500 MOV BYTE PTR DS:[455471],DL ; set cheat flag 0043B5ED . EB 2B JMP SHORT 0043B61A 0043B5EF > 83FB 4C CMP EBX,4C ; L 0043B5F2 . EB 1A JMP SHORT 0043B60E 0043B5F4 > 83FB 46 CMP EBX,46 ; F 0043B5F7 . EB 15 JMP SHORT 0043B60E 0043B5F9 > 83FB 32 CMP EBX,32 ; 2 0043B5FC . EB 10 JMP SHORT 0043B60E 0043B5FE > 81FB BE000000 CMP EBX,0BE ; . 0043B604 . EB 08 JMP SHORT 0043B60E 0043B606 > 83FB 4E CMP EBX,4E ; N 0043B609 . EB 03 JMP SHORT 0043B60E 0043B60B > 83FB 45 CMP EBX,45 ; E 0043B60E > 74 0A JE SHORT 0043B61A 0043B610 > C705 7C854500>MOV DWORD PTR DS:[45857C],0 ; reset count

there is a counter which goes up to 6 and a bunch of checks to see if you have pressed the correct key at the correct time. if you didnt the counter is reset to 0.

if everything went well then 455471h becomes 64h - that is the lf2.net cheat flag

it is checked here:

ASM-Code: 0041C669 . 803D 71544500>CMP BYTE PTR DS:[455471],64 ; check the lf2.net flag 0041C670 . 75 17 JNZ SHORT 0041C689 0041C672 . 8D8424 340400>LEA EAX,DWORD PTR SS:[ESP+434] 0041C679 . 50 PUSH EAX 0041C67A . C605 71544500>MOV BYTE PTR DS:[455471],75 0041C681 . E8 EAA5FFFF CALL 00416C70 ; lf2.net

that calls 00416C70 which sets ANOTHER flag to say that the cheat is enabled (this is the actual status of the cheat - not the input flag)

MOV DWORD PTR DS:[458428],EAX

now if you go to the character selection part - I'm sure you will find some check involving the address 458428.

so as you can see im not wrong :D