API tools faq
paste
Advertisement
Guest User

Snocross PC Code Investigation

a guest
Oct 18th, 2019
134
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.11 KB | None | 0 0
raw download clone embed print report
  1. First I found the address area where the text inputs from the code field in the save/load menu go by typing in unique chars then finding it.
  2. I then introduced a breakpoint at that address area, asked cheat engine to record access to the address area filled the field with characters and ran the function by pressing end ingame, the game crashed and gave me this access log
  3.  
  4. Opcodes when checking the value of the code field and returning a failure "address holds characters from field"
  5. "The following opcodes accessed 029A5EFC"
  6. 1st Instruction Set (Count 20) Copy Memory
  7. 00475DE0 - 8A 06 - mov al,[esi]
  8.  
  9. 00475DDB - 8B 71 04 - mov esi,[ecx+04]
  10. 00475DDE - 8B 11 - mov edx,[ecx]
  11. 00475DE0 - 8A 06 - mov al,[esi] <<
  12. 00475DE2 - 84 C0 - test al,al
  13. 00475DE4 - 74 33 - je SnowCross.exe+75E19
  14.  
  15. EAX=0019FC31
  16. EBX=00000003
  17. ECX=0019FCE0
  18. EDX=02EC8340
  19. ESI=029A5EFC
  20. EDI=0019FD04
  21. ESP=0019FCC0
  22. EBP=00000000
  23. EIP=00475DE2
  24.  
  25. 2nd Instruction Set (Count: 300) Copy Memory
  26. 00475E0F - 8A 46 01 - mov al,[esi+01]
  27.  
  28. 00475E0A - 74 03 - je SnowCross.exe+75E0F
  29. 00475E0C - D8 48 04 - fmul dword ptr [eax+04]
  30. 00475E0F - 8A 46 01 - mov al,[esi+01] <<
  31. 00475E12 - 46 - inc esi
  32. 00475E13 - 84 C0 - test al,al
  33.  
  34. EAX=029A5F32
  35. EBX=00000003
  36. ECX=0019FCE0
  37. EDX=02EC8340
  38. ESI=029A5EFC
  39. EDI=0019FD04
  40. ESP=0019FCC0
  41. EBP=00000000
  42. EIP=00475E12
  43.  
  44. 3rd Instruction Set (Count: 42) Copy Memory
  45. 00475E8A - 8A 00 - mov al,[eax]
  46.  
  47. 00475E84 - 8B 44 24 14 - mov eax,[esp+14]
  48. 00475E88 - 8B F0 - mov esi,eax
  49. 00475E8A - 8A 00 - mov al,[eax] <<
  50. 00475E8C - 84 C0 - test al,al
  51. 00475E8E - 74 3D - je SnowCross.exe+75ECD
  52.  
  53. EAX=029A5E31
  54. EBX=00000003
  55. ECX=00000000
  56. EDX=029A5F50
  57. ESI=029A5EFC
  58. EDI=0019FCF4
  59. ESP=0019FCC0
  60. EBP=00000000
  61. EIP=00475E8C
  62.  
  63.  
  64. 4th Instruction Set (Count: 630) Copy Memory
  65. 00475EBF - 8A 46 01 - mov al,[esi+01]
  66.  
  67. 00475EB7 - D9C9 - fxch st(1)
  68. 00475EB9 - D8 82 88040000 - fadd dword ptr [edx+00000488]
  69. 00475EBF - 8A 46 01 - mov al,[esi+01] <<
  70. 00475EC2 - 46 - inc esi
  71. 00475EC3 - 84 C0 - test al,al
  72.  
  73. EAX=00003132
  74. EBX=00000003
  75. ECX=02EC8B98
  76. EDX=02EC8340
  77. ESI=029A5EFC
  78. EDI=0019FCF4
  79. ESP=0019FCC0
  80. EBP=00000000
  81. EIP=00475EC2
  82.  
  83. 5th Instruction Set (Count: 42) Copy Memory
  84. 00475F97 - 8A 06 - mov al,[esi]
  85.  
  86. 00475F92 - 33 C9 - xor ecx,ecx
  87. 00475F94 - 8B 50 04 - mov edx,[eax+04]
  88. 00475F97 - 8A 06 - mov al,[esi] <<
  89. 00475F99 - 89 54 24 30 - mov [esp+30],edx
  90. 00475F9D - 8B 55 00 - mov edx,[ebp+00]
  91.  
  92. EAX=0019FC31
  93. EBX=00000003
  94. ECX=00000000
  95. EDX=43340000
  96. ESI=029A5EFC
  97. EDI=029A5DF8
  98. ESP=0019FC4C
  99. EBP=0019FCD0
  100. EIP=00475F99
  101.  
  102. 6th Instruction Set (Count: 630) Copy Memory
  103. 00476183 - 8A 46 01 - mov al,[esi+01]
  104.  
  105. 0047617B - 8B 74 24 20 - mov esi,[esp+20]
  106. 0047617F - D9 5C 24 38 - fstp dword ptr [esp+38]
  107. 00476183 - 8A 46 01 - mov al,[esi+01] <<
  108. 00476186 - 46 - inc esi
  109. 00476187 - 41 - inc ecx
  110.  
  111. EAX=00000032
  112. EBX=000000C0
  113. ECX=00000000
  114. EDX=02EC8340
  115. ESI=029A5EFC
  116. EDI=029D5114
  117. ESP=0019FC44
  118. EBP=0019FCD0
  119. EIP=00476186
  120.  
  121. 7th Instruction Set (Count: 16) logical exclusive or
  122. 00447D04 - 33 C0 - xor eax,eax
  123.  
  124. 0447CFB - 83 C9 FF - or ecx,-01
  125. 00447CFE - 8D B8 04010000 - lea edi,[eax+00000104]
  126. 00447D04 - 33 C0 - xor eax,eax <<
  127. 00447D06 - F2 AE - repne scasb
  128. 00447D08 - F7 D1 - not ecx
  129.  
  130. EAX=00000000
  131. EBX=00002226
  132. ECX=FFFFFFFE
  133. EDX=0019FBD0
  134. ESI=027FA3A0
  135. EDI=029A5EFD
  136. ESP=0019F9E4
  137. EBP=02985590
  138. EIP=00447D06
  139.  
  140. 8th Instruction Set (Count: 3) unsigned divide by 2 2 times
  141. 00447D16 - C1 E9 02 - shr ecx,02
  142.  
  143. 00447D12 - 8B F7 - mov esi,edi
  144. 00447D14 - 8B FA - mov edi,edx
  145. 00447D16 - C1 E9 02 - shr ecx,02 <<
  146. 00447D19 - F3 A5 - repe movsd
  147. 00447D1B - 8B C8 - mov ecx,eax
  148.  
  149. EAX=00000011
  150. EBX=00002226
  151. ECX=00000003
  152. EDX=0019F9EC
  153. ESI=029A5F00
  154. EDI=0019F9F0
  155. ESP=0019F9E4
  156. EBP=02985590
  157. EIP=00447D19
  158.  
  159. 9th Instruction Set (Count: 1) move data from string to string
  160. 00447D19 - F3 A5 - repe movsd
  161.  
  162. 00447D14 - 8B FA - mov edi,edx
  163. 00447D16 - C1 E9 02 - shr ecx,02
  164. 00447D19 - F3 A5 - repe movsd <<
  165. 00447D1B - 8B C8 - mov ecx,eax
  166. 00447D1D - 83 E1 03 - and ecx,03
  167.  
  168. EAX=00000011
  169. EBX=00002226
  170. ECX=00000000
  171. EDX=0019F9EC
  172. ESI=029A5F0C
  173. EDI=0019F9FC
  174. ESP=0019F9E4
  175. EBP=02985590
  176. EIP=00447D1B
  177.  
  178.  
  179.  
  180. ----------------------------------------------------------------------------
  181.  
  182. Same thing but this is the value where the text message "code failed" is accessed
  183. "the following opcodes accessed 029a5efc"
  184. Opcodes accessing address to retrieve text "code failed"
  185.  
  186. 1st instruction Set (Count:1) copy memory
  187. 004415BD - 8B 15 3C1B4D00 - mov edx,[004D1B3C]
  188.  
  189. 004415BB - 5E - pop esi
  190. 004415BC - C3 - ret
  191. 004415BD - 8B 15 3C1B4D00 - mov edx,[SnowCross.exe+D1B3C] <<
  192. 004415C3 - 81 C6 04010000 - add esi,00000104
  193. 004415C9 - 89 16 - mov [esi],edx
  194.  
  195. EAX=00000000
  196. EBX=00001E2B
  197. ECX=02850C80
  198. EDX=61766E49
  199. ESI=029E0218
  200. EDI=029E0218
  201. ESP=0019FC6C
  202. EBP=00000000
  203. EIP=004415C3
  204.  
  205.  
  206. 2nd Instruction (Count 1) copy memory
  207. 004415CB - A1 401B4D00 - mov eax,[004D1B40]
  208.  
  209. 004415C3 - 81 C6 04010000 - add esi,00000104
  210. 004415C9 - 89 16 - mov [esi],edx
  211. 004415CB - A1 401B4D00 - mov eax,[SnowCross.exe+D1B40] <<
  212. 004415D0 - 89 46 04 - mov [esi+04],eax
  213. 004415D3 - 8B 0D 441B4D00 - mov ecx,[SnowCross.exe+D1B44]
  214.  
  215. EAX=2064696C
  216. EBX=00001E2B
  217. ECX=02850C80
  218. EDX=61766E49
  219. ESI=029E031C
  220. EDI=029E0218
  221. ESP=0019FC6C
  222. EBP=00000000
  223. EIP=004415D0
  224.  
  225. 3rd Instruction (Count 1) copy memory
  226. 004415D3 - 8B 0D 441B4D00 - mov ecx,[004D1B44]
  227.  
  228. 004415CB - A1 401B4D00 - mov eax,[SnowCross.exe+D1B40]
  229. 004415D0 - 89 46 04 - mov [esi+04],eax
  230. 004415D3 - 8B 0D 441B4D00 - mov ecx,[SnowCross.exe+D1B44] <<
  231. 004415D9 - 89 4E 08 - mov [esi+08],ecx
  232. 004415DC - 8A 15 481B4D00 - mov dl,[SnowCross.exe+D1B48]
  233.  
  234. EAX=2064696C
  235. EBX=00001E2B
  236. ECX=65646F43
  237. EDX=61766E49
  238. ESI=029E031C
  239. EDI=029E0218
  240. ESP=0019FC6C
  241. EBP=00000000
  242. EIP=004415D9
  243.  
  244.  
  245. 4th Instruction (Count 1) copy memory
  246. 004415DC - 8A 15 481B4D00 - mov dl,[004D1B48]
  247.  
  248. 004415D3 - 8B 0D 441B4D00 - mov ecx,[SnowCross.exe+D1B44]
  249. 004415D9 - 89 4E 08 - mov [esi+08],ecx
  250. 004415DC - 8A 15 481B4D00 - mov dl,[SnowCross.exe+D1B48] <<
  251. 004415E2 - 88 56 0C - mov [esi+0C],dl
  252. 004415E5 - B8 01000000 - mov eax,00000001
  253.  
  254. EAX=2064696C
  255. EBX=00001E2B
  256. ECX=65646F43
  257. EDX=61766E00
  258. ESI=029E031C
  259. EDI=029E0218
  260. ESP=0019FC6C
  261. EBP=00000000
  262. EIP=004415E2
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!