Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- First I found the address area where the text inputs from the code field in the save/load menu go by typing in unique chars then finding it.
- I then introduced a breakpoint at that address area, asked cheat engine to record access to the address area filled the field with characters and ran the function by pressing end ingame, the game crashed and gave me this access log
- Opcodes when checking the value of the code field and returning a failure "address holds characters from field"
- "The following opcodes accessed 029A5EFC"
- 1st Instruction Set (Count 20) Copy Memory
- 00475DE0 - 8A 06 - mov al,[esi]
- 00475DDB - 8B 71 04 - mov esi,[ecx+04]
- 00475DDE - 8B 11 - mov edx,[ecx]
- 00475DE0 - 8A 06 - mov al,[esi] <<
- 00475DE2 - 84 C0 - test al,al
- 00475DE4 - 74 33 - je SnowCross.exe+75E19
- EAX=0019FC31
- EBX=00000003
- ECX=0019FCE0
- EDX=02EC8340
- ESI=029A5EFC
- EDI=0019FD04
- ESP=0019FCC0
- EBP=00000000
- EIP=00475DE2
- 2nd Instruction Set (Count: 300) Copy Memory
- 00475E0F - 8A 46 01 - mov al,[esi+01]
- 00475E0A - 74 03 - je SnowCross.exe+75E0F
- 00475E0C - D8 48 04 - fmul dword ptr [eax+04]
- 00475E0F - 8A 46 01 - mov al,[esi+01] <<
- 00475E12 - 46 - inc esi
- 00475E13 - 84 C0 - test al,al
- EAX=029A5F32
- EBX=00000003
- ECX=0019FCE0
- EDX=02EC8340
- ESI=029A5EFC
- EDI=0019FD04
- ESP=0019FCC0
- EBP=00000000
- EIP=00475E12
- 3rd Instruction Set (Count: 42) Copy Memory
- 00475E8A - 8A 00 - mov al,[eax]
- 00475E84 - 8B 44 24 14 - mov eax,[esp+14]
- 00475E88 - 8B F0 - mov esi,eax
- 00475E8A - 8A 00 - mov al,[eax] <<
- 00475E8C - 84 C0 - test al,al
- 00475E8E - 74 3D - je SnowCross.exe+75ECD
- EAX=029A5E31
- EBX=00000003
- ECX=00000000
- EDX=029A5F50
- ESI=029A5EFC
- EDI=0019FCF4
- ESP=0019FCC0
- EBP=00000000
- EIP=00475E8C
- 4th Instruction Set (Count: 630) Copy Memory
- 00475EBF - 8A 46 01 - mov al,[esi+01]
- 00475EB7 - D9C9 - fxch st(1)
- 00475EB9 - D8 82 88040000 - fadd dword ptr [edx+00000488]
- 00475EBF - 8A 46 01 - mov al,[esi+01] <<
- 00475EC2 - 46 - inc esi
- 00475EC3 - 84 C0 - test al,al
- EAX=00003132
- EBX=00000003
- ECX=02EC8B98
- EDX=02EC8340
- ESI=029A5EFC
- EDI=0019FCF4
- ESP=0019FCC0
- EBP=00000000
- EIP=00475EC2
- 5th Instruction Set (Count: 42) Copy Memory
- 00475F97 - 8A 06 - mov al,[esi]
- 00475F92 - 33 C9 - xor ecx,ecx
- 00475F94 - 8B 50 04 - mov edx,[eax+04]
- 00475F97 - 8A 06 - mov al,[esi] <<
- 00475F99 - 89 54 24 30 - mov [esp+30],edx
- 00475F9D - 8B 55 00 - mov edx,[ebp+00]
- EAX=0019FC31
- EBX=00000003
- ECX=00000000
- EDX=43340000
- ESI=029A5EFC
- EDI=029A5DF8
- ESP=0019FC4C
- EBP=0019FCD0
- EIP=00475F99
- 6th Instruction Set (Count: 630) Copy Memory
- 00476183 - 8A 46 01 - mov al,[esi+01]
- 0047617B - 8B 74 24 20 - mov esi,[esp+20]
- 0047617F - D9 5C 24 38 - fstp dword ptr [esp+38]
- 00476183 - 8A 46 01 - mov al,[esi+01] <<
- 00476186 - 46 - inc esi
- 00476187 - 41 - inc ecx
- EAX=00000032
- EBX=000000C0
- ECX=00000000
- EDX=02EC8340
- ESI=029A5EFC
- EDI=029D5114
- ESP=0019FC44
- EBP=0019FCD0
- EIP=00476186
- 7th Instruction Set (Count: 16) logical exclusive or
- 00447D04 - 33 C0 - xor eax,eax
- 0447CFB - 83 C9 FF - or ecx,-01
- 00447CFE - 8D B8 04010000 - lea edi,[eax+00000104]
- 00447D04 - 33 C0 - xor eax,eax <<
- 00447D06 - F2 AE - repne scasb
- 00447D08 - F7 D1 - not ecx
- EAX=00000000
- EBX=00002226
- ECX=FFFFFFFE
- EDX=0019FBD0
- ESI=027FA3A0
- EDI=029A5EFD
- ESP=0019F9E4
- EBP=02985590
- EIP=00447D06
- 8th Instruction Set (Count: 3) unsigned divide by 2 2 times
- 00447D16 - C1 E9 02 - shr ecx,02
- 00447D12 - 8B F7 - mov esi,edi
- 00447D14 - 8B FA - mov edi,edx
- 00447D16 - C1 E9 02 - shr ecx,02 <<
- 00447D19 - F3 A5 - repe movsd
- 00447D1B - 8B C8 - mov ecx,eax
- EAX=00000011
- EBX=00002226
- ECX=00000003
- EDX=0019F9EC
- ESI=029A5F00
- EDI=0019F9F0
- ESP=0019F9E4
- EBP=02985590
- EIP=00447D19
- 9th Instruction Set (Count: 1) move data from string to string
- 00447D19 - F3 A5 - repe movsd
- 00447D14 - 8B FA - mov edi,edx
- 00447D16 - C1 E9 02 - shr ecx,02
- 00447D19 - F3 A5 - repe movsd <<
- 00447D1B - 8B C8 - mov ecx,eax
- 00447D1D - 83 E1 03 - and ecx,03
- EAX=00000011
- EBX=00002226
- ECX=00000000
- EDX=0019F9EC
- ESI=029A5F0C
- EDI=0019F9FC
- ESP=0019F9E4
- EBP=02985590
- EIP=00447D1B
- ----------------------------------------------------------------------------
- Same thing but this is the value where the text message "code failed" is accessed
- "the following opcodes accessed 029a5efc"
- Opcodes accessing address to retrieve text "code failed"
- 1st instruction Set (Count:1) copy memory
- 004415BD - 8B 15 3C1B4D00 - mov edx,[004D1B3C]
- 004415BB - 5E - pop esi
- 004415BC - C3 - ret
- 004415BD - 8B 15 3C1B4D00 - mov edx,[SnowCross.exe+D1B3C] <<
- 004415C3 - 81 C6 04010000 - add esi,00000104
- 004415C9 - 89 16 - mov [esi],edx
- EAX=00000000
- EBX=00001E2B
- ECX=02850C80
- EDX=61766E49
- ESI=029E0218
- EDI=029E0218
- ESP=0019FC6C
- EBP=00000000
- EIP=004415C3
- 2nd Instruction (Count 1) copy memory
- 004415CB - A1 401B4D00 - mov eax,[004D1B40]
- 004415C3 - 81 C6 04010000 - add esi,00000104
- 004415C9 - 89 16 - mov [esi],edx
- 004415CB - A1 401B4D00 - mov eax,[SnowCross.exe+D1B40] <<
- 004415D0 - 89 46 04 - mov [esi+04],eax
- 004415D3 - 8B 0D 441B4D00 - mov ecx,[SnowCross.exe+D1B44]
- EAX=2064696C
- EBX=00001E2B
- ECX=02850C80
- EDX=61766E49
- ESI=029E031C
- EDI=029E0218
- ESP=0019FC6C
- EBP=00000000
- EIP=004415D0
- 3rd Instruction (Count 1) copy memory
- 004415D3 - 8B 0D 441B4D00 - mov ecx,[004D1B44]
- 004415CB - A1 401B4D00 - mov eax,[SnowCross.exe+D1B40]
- 004415D0 - 89 46 04 - mov [esi+04],eax
- 004415D3 - 8B 0D 441B4D00 - mov ecx,[SnowCross.exe+D1B44] <<
- 004415D9 - 89 4E 08 - mov [esi+08],ecx
- 004415DC - 8A 15 481B4D00 - mov dl,[SnowCross.exe+D1B48]
- EAX=2064696C
- EBX=00001E2B
- ECX=65646F43
- EDX=61766E49
- ESI=029E031C
- EDI=029E0218
- ESP=0019FC6C
- EBP=00000000
- EIP=004415D9
- 4th Instruction (Count 1) copy memory
- 004415DC - 8A 15 481B4D00 - mov dl,[004D1B48]
- 004415D3 - 8B 0D 441B4D00 - mov ecx,[SnowCross.exe+D1B44]
- 004415D9 - 89 4E 08 - mov [esi+08],ecx
- 004415DC - 8A 15 481B4D00 - mov dl,[SnowCross.exe+D1B48] <<
- 004415E2 - 88 56 0C - mov [esi+0C],dl
- 004415E5 - B8 01000000 - mov eax,00000001
- EAX=2064696C
- EBX=00001E2B
- ECX=65646F43
- EDX=61766E00
- ESI=029E031C
- EDI=029E0218
- ESP=0019FC6C
- EBP=00000000
- EIP=004415E2
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement