this game im trying to hack is need for speed high stakes on windows 7. im using cheat engine. in pursuit mode i have 4 ai back up cops and myself. all 4 ai cars seem to be on a loop and there program runs separate from mine. they get extra pursuit time b4 they call it off. (i dont.) which ever one of there cars are closes to who they are pulling over that cop makes the stop and gets out and the rest stop with lights on. (if im in pursuit with them my guys always gets out of his car and makes the stop no matter what)-sick of being supervisor. haha. if another cop makes a traffic stop. and i just roll up on it lights off and then turns my lights on they dont stay on. but the other ai cars do. if i already have my lights on the ai cop wont get out of his car an make a stop, they wait for me. anyways as u can see ai favoritism. and its annoying. lol. so here is the code.. 00662420 is the memory address these codes write to it,------------------->0040C627,0040C72D,0040C79E,0040C7CD @values 2,3,4, and 2 all explained below.. please if anyone can truly help me here id appreciate it. ive been trying to hack this game for 10 years!!
0040C627 - C7 80 88060000 02000000 - mov [eax+00000688],00000002- begin race
0040C631 - 8B 45 F8 - mov eax,[ebp-08]
0040C634 - C7 80 B0050000 00000000 - mov [eax+000005B0],00000000
0040C63E - 8B 45 F8 - mov eax,[ebp-08]
0040C641 - C7 80 B4050000 00000000 - mov [eax+000005B4],00000000
0040C64B - E9 8A030000 - jmp 0040C9DA
0040C650 - 8B 45 F8 - mov eax,[ebp-08]
0040C653 - C7 80 88060000 01000000 - mov [eax+00000688],00000001
0040C65D - 89 EC - mov esp,ebp
0040C65F - 5D - pop ebp
0040C660 - 5A - pop edx
0040C661 - 5B - pop ebx
0040C662 - C3 - ret
0040C663 - 8B 45 F8 - mov eax,[ebp-08]
0040C666 - E8 650A0100 - call 0041D0D0
0040C66B - 8B 45 F8 - mov eax,[ebp-08]
0040C66E - E8 1D490000 - call 00410F90
0040C673 - 8B 45 F8 - mov eax,[ebp-08]
0040C676 - E8 C55B0000 - call 00412240
0040C67B - 8B 45 F8 - mov eax,[ebp-08]
0040C67E - E8 ED50FFFF - call 00401770
0040C683 - 85 C0 - test eax,eax
0040C685 - 0F84 4F030000 - je 0040C9DA
0040C68B - 8B 45 F8 - mov eax,[ebp-08]
0040C68E - 8B 15 5C3B8500 - mov edx,[00853B5C] : [00000000]
0040C694 - C7 80 88060000 05000000 - mov [eax+00000688],00000005
0040C69E - 81 C2 40010000 - add edx,00000140
0040C6A4 - 8B 45 F8 - mov eax,[ebp-08]
0040C6A7 - 8B 80 B4050000 - mov eax,[eax+000005B4]
0040C6AD - 89 50 34 - mov [eax+34],edx
0040C6B0 - 8B 45 F8 - mov eax,[ebp-08]
0040C6B3 - 80 88 F8010000 02 - or byte ptr [eax+000001F8],02
0040C6BA - 89 EC - mov esp,ebp
0040C6BC - 5D - pop ebp
0040C6BD - 5A - pop edx
0040C6BE - 5B - pop ebx
0040C6BF - C3 - ret
0040C6C0 - 8B 45 F8 - mov eax,[ebp-08]
0040C6C3 - E8 38F1FFFF - call 0040B800
0040C6C8 - 89 45 FC - mov [ebp-04],eax
0040C6CB - 83 7D FC 00 - cmp dword ptr [ebp-04],00
0040C6CF - 74 11 - je 0040C6E2
0040C6D1 - 8B 55 FC - mov edx,[ebp-04]
0040C6D4 - 8B 45 F8 - mov eax,[ebp-08]
0040C6D7 - E8 74F0FFFF - call 0040B750
0040C6DC - 89 EC - mov esp,ebp
0040C6DE - 5D - pop ebp
0040C6DF - 5A - pop edx
0040C6E0 - 5B - pop ebx
0040C6E1 - C3 - ret
0040C6E2 - 8B 45 F8 - mov eax,[ebp-08]
0040C6E5 - E8 E6090100 - call 0041D0D0
0040C6EA - 8B 45 F8 - mov eax,[ebp-08]
0040C6ED - E8 BEFAFFFF - call 0040C1B0
0040C6F2 - 8B 45 F8 - mov eax,[ebp-08]
0040C6F5 - E8 D6F4FFFF - call 0040BBD0
0040C6FA - 8B 45 F8 - mov eax,[ebp-08]
0040C6FD - E8 4EF4FFFF - call 0040BB50
0040C702 - 8B 45 F8 - mov eax,[ebp-08]
0040C705 - E8 16F2FFFF - call 0040B920
0040C70A - 8B 45 F8 - mov eax,[ebp-08]
0040C70D - E8 9EFBFFFF - call 0040C2B0
0040C712 - 8B 45 F8 - mov eax,[ebp-08]
0040C715 - E8 F6EDFFFF - call 0040B510==this is the condition for 0040C72D - C7 80 88060000 03000000 - mov [eax+00000688],00000003. but as you can see in my case here because of what i want to do with this game i just cant simply use nops. i dont want indefinite pursuit. i just want some extra time before and then i want the program to return to its original function.
0040C71A - 8B 45 F8 - mov eax,[ebp-08]
0040C71D - 83 B8 B4050000 00 - cmp dword ptr [eax+000005B4],00
0040C724 - 0F84 B0020000 - je 0040C9DA
0040C72A - 8B 45 F8 - mov eax,[ebp-08]
0040C72D - C7 80 88060000 03000000 - mov [eax+00000688],00000003==radar and target up on suspect. (i want to write my own code to allow my pursuit time to be a little before the game calls it off. just like the ai cars. when the suspect is gone out of my view. the value @00662420 goes from 3 back to 2.
0040C737 - 89 EC - mov esp,ebp
0040C739 - 5D - pop ebp
0040C73A - 5A - pop edx
0040C73B - 5B - pop ebx
0040C73C - C3 - ret
0040C73D - 8B 45 F8 - mov eax,[ebp-08]
0040C740 - E8 BBF0FFFF - call 0040B800
0040C745 - 89 45 FC - mov [ebp-04],eax
0040C748 - 83 7D FC 00 - cmp dword ptr [ebp-04],00
0040C74C - 74 11 - je 0040C75F
0040C74E - 8B 55 FC - mov edx,[ebp-04]
0040C751 - 8B 45 F8 - mov eax,[ebp-08]
0040C754 - E8 F7EFFFFF - call 0040B750
0040C759 - 89 EC - mov esp,ebp
0040C75B - 5D - pop ebp
0040C75C - 5A - pop edx
0040C75D - 5B - pop ebx
0040C75E - C3 - ret
0040C75F - 8B 45 F8 - mov eax,[ebp-08]
0040C762 - E8 69090100 - call 0041D0D0
0040C767 - 8B 45 F8 - mov eax,[ebp-08]
0040C76A - E8 41FAFFFF - call 0040C1B0
0040C76F - 8B 45 F8 - mov eax,[ebp-08]
0040C772 - E8 59F4FFFF - call 0040BBD0
0040C777 - 8B 45 F8 - mov eax,[ebp-08]
0040C77A - E8 D1F3FFFF - call 0040BB50
0040C77F - 8B 45 F8 - mov eax,[ebp-08]
0040C782 - E8 99F1FFFF - call 0040B920
0040C787 - 8B 45 F8 - mov eax,[ebp-08]
0040C78A - E8 81EDFFFF - call 0040B510
0040C78F - 8B 45 F8 - mov eax,[ebp-08]
0040C792 - E8 79FBFFFF - call 0040C310
0040C797 - 85 C0 - test eax,eax
0040C799 - 74 1B - je 0040C7B6
0040C79B - 8B 45 F8 - mov eax,[ebp-08]
0040C79E - C7 80 88060000 04000000 - mov [eax+00000688],00000004==my cop out of car on traffic stop. i want my cop to only get out when im closest to the suspect within the group of ai cars. just like when the ai are in pursuit who ever is closer gets out and makes the stop.
0040C7A8 - 8B 45 F8 - mov eax,[ebp-08]
0040C7AB - E8 A058FFFF - call 00402050
0040C7B0 - 89 EC - mov esp,ebp
0040C7B2 - 5D - pop ebp
0040C7B3 - 5A - pop edx
0040C7B4 - 5B - pop ebx
0040C7B5 - C3 - ret
0040C7B6 - 8B 45 F8 - mov eax,[ebp-08]
0040C7B9 - E8 B2FDFFFF - call 0040C570
0040C7BE - 85 C0 - test eax,eax
0040C7C0 - 74 1B - je 0040C7DD
0040C7C2 - 8B 45 F8 - mov eax,[ebp-08]
0040C7C5 - E8 C654FFFF - call 00401C90
0040C7CA - 8B 45 F8 - mov eax,[ebp-08]
0040C7CD - C7 80 88060000 02000000 - mov [eax+00000688],00000002 --this code pops up in the debugger only if i roll up on another officer already making a stop and again like i stated above my lights go off if i get to close and try to turn them on. as the program wont allow me to roll up on another officer and stop there if that cop is already out of his car. cause the program wont execute this code in that situation. ->0040C79E - C7 80 88060000 04000000 - mov [eax+00000688],00000004
0040C627 - C7 80 88060000 02000000 - mov [eax+00000688],00000002- begin race
0040C631 - 8B 45 F8 - mov eax,[ebp-08]
0040C634 - C7 80 B0050000 00000000 - mov [eax+000005B0],00000000
0040C63E - 8B 45 F8 - mov eax,[ebp-08]
0040C641 - C7 80 B4050000 00000000 - mov [eax+000005B4],00000000
0040C64B - E9 8A030000 - jmp 0040C9DA
0040C650 - 8B 45 F8 - mov eax,[ebp-08]
0040C653 - C7 80 88060000 01000000 - mov [eax+00000688],00000001
0040C65D - 89 EC - mov esp,ebp
0040C65F - 5D - pop ebp
0040C660 - 5A - pop edx
0040C661 - 5B - pop ebx
0040C662 - C3 - ret
0040C663 - 8B 45 F8 - mov eax,[ebp-08]
0040C666 - E8 650A0100 - call 0041D0D0
0040C66B - 8B 45 F8 - mov eax,[ebp-08]
0040C66E - E8 1D490000 - call 00410F90
0040C673 - 8B 45 F8 - mov eax,[ebp-08]
0040C676 - E8 C55B0000 - call 00412240
0040C67B - 8B 45 F8 - mov eax,[ebp-08]
0040C67E - E8 ED50FFFF - call 00401770
0040C683 - 85 C0 - test eax,eax
0040C685 - 0F84 4F030000 - je 0040C9DA
0040C68B - 8B 45 F8 - mov eax,[ebp-08]
0040C68E - 8B 15 5C3B8500 - mov edx,[00853B5C] : [00000000]
0040C694 - C7 80 88060000 05000000 - mov [eax+00000688],00000005
0040C69E - 81 C2 40010000 - add edx,00000140
0040C6A4 - 8B 45 F8 - mov eax,[ebp-08]
0040C6A7 - 8B 80 B4050000 - mov eax,[eax+000005B4]
0040C6AD - 89 50 34 - mov [eax+34],edx
0040C6B0 - 8B 45 F8 - mov eax,[ebp-08]
0040C6B3 - 80 88 F8010000 02 - or byte ptr [eax+000001F8],02
0040C6BA - 89 EC - mov esp,ebp
0040C6BC - 5D - pop ebp
0040C6BD - 5A - pop edx
0040C6BE - 5B - pop ebx
0040C6BF - C3 - ret
0040C6C0 - 8B 45 F8 - mov eax,[ebp-08]
0040C6C3 - E8 38F1FFFF - call 0040B800
0040C6C8 - 89 45 FC - mov [ebp-04],eax
0040C6CB - 83 7D FC 00 - cmp dword ptr [ebp-04],00
0040C6CF - 74 11 - je 0040C6E2
0040C6D1 - 8B 55 FC - mov edx,[ebp-04]
0040C6D4 - 8B 45 F8 - mov eax,[ebp-08]
0040C6D7 - E8 74F0FFFF - call 0040B750
0040C6DC - 89 EC - mov esp,ebp
0040C6DE - 5D - pop ebp
0040C6DF - 5A - pop edx
0040C6E0 - 5B - pop ebx
0040C6E1 - C3 - ret
0040C6E2 - 8B 45 F8 - mov eax,[ebp-08]
0040C6E5 - E8 E6090100 - call 0041D0D0
0040C6EA - 8B 45 F8 - mov eax,[ebp-08]
0040C6ED - E8 BEFAFFFF - call 0040C1B0
0040C6F2 - 8B 45 F8 - mov eax,[ebp-08]
0040C6F5 - E8 D6F4FFFF - call 0040BBD0
0040C6FA - 8B 45 F8 - mov eax,[ebp-08]
0040C6FD - E8 4EF4FFFF - call 0040BB50
0040C702 - 8B 45 F8 - mov eax,[ebp-08]
0040C705 - E8 16F2FFFF - call 0040B920
0040C70A - 8B 45 F8 - mov eax,[ebp-08]
0040C70D - E8 9EFBFFFF - call 0040C2B0
0040C712 - 8B 45 F8 - mov eax,[ebp-08]
0040C715 - E8 F6EDFFFF - call 0040B510==this is the condition for 0040C72D - C7 80 88060000 03000000 - mov [eax+00000688],00000003. but as you can see in my case here because of what i want to do with this game i just cant simply use nops. i dont want indefinite pursuit. i just want some extra time before and then i want the program to return to its original function.
0040C71A - 8B 45 F8 - mov eax,[ebp-08]
0040C71D - 83 B8 B4050000 00 - cmp dword ptr [eax+000005B4],00
0040C724 - 0F84 B0020000 - je 0040C9DA
0040C72A - 8B 45 F8 - mov eax,[ebp-08]
0040C72D - C7 80 88060000 03000000 - mov [eax+00000688],00000003==radar and target up on suspect. (i want to write my own code to allow my pursuit time to be a little before the game calls it off. just like the ai cars. when the suspect is gone out of my view. the value @00662420 goes from 3 back to 2.
0040C737 - 89 EC - mov esp,ebp
0040C739 - 5D - pop ebp
0040C73A - 5A - pop edx
0040C73B - 5B - pop ebx
0040C73C - C3 - ret
0040C73D - 8B 45 F8 - mov eax,[ebp-08]
0040C740 - E8 BBF0FFFF - call 0040B800
0040C745 - 89 45 FC - mov [ebp-04],eax
0040C748 - 83 7D FC 00 - cmp dword ptr [ebp-04],00
0040C74C - 74 11 - je 0040C75F
0040C74E - 8B 55 FC - mov edx,[ebp-04]
0040C751 - 8B 45 F8 - mov eax,[ebp-08]
0040C754 - E8 F7EFFFFF - call 0040B750
0040C759 - 89 EC - mov esp,ebp
0040C75B - 5D - pop ebp
0040C75C - 5A - pop edx
0040C75D - 5B - pop ebx
0040C75E - C3 - ret
0040C75F - 8B 45 F8 - mov eax,[ebp-08]
0040C762 - E8 69090100 - call 0041D0D0
0040C767 - 8B 45 F8 - mov eax,[ebp-08]
0040C76A - E8 41FAFFFF - call 0040C1B0
0040C76F - 8B 45 F8 - mov eax,[ebp-08]
0040C772 - E8 59F4FFFF - call 0040BBD0
0040C777 - 8B 45 F8 - mov eax,[ebp-08]
0040C77A - E8 D1F3FFFF - call 0040BB50
0040C77F - 8B 45 F8 - mov eax,[ebp-08]
0040C782 - E8 99F1FFFF - call 0040B920
0040C787 - 8B 45 F8 - mov eax,[ebp-08]
0040C78A - E8 81EDFFFF - call 0040B510
0040C78F - 8B 45 F8 - mov eax,[ebp-08]
0040C792 - E8 79FBFFFF - call 0040C310
0040C797 - 85 C0 - test eax,eax
0040C799 - 74 1B - je 0040C7B6
0040C79B - 8B 45 F8 - mov eax,[ebp-08]
0040C79E - C7 80 88060000 04000000 - mov [eax+00000688],00000004==my cop out of car on traffic stop. i want my cop to only get out when im closest to the suspect within the group of ai cars. just like when the ai are in pursuit who ever is closer gets out and makes the stop.
0040C7A8 - 8B 45 F8 - mov eax,[ebp-08]
0040C7AB - E8 A058FFFF - call 00402050
0040C7B0 - 89 EC - mov esp,ebp
0040C7B2 - 5D - pop ebp
0040C7B3 - 5A - pop edx
0040C7B4 - 5B - pop ebx
0040C7B5 - C3 - ret
0040C7B6 - 8B 45 F8 - mov eax,[ebp-08]
0040C7B9 - E8 B2FDFFFF - call 0040C570
0040C7BE - 85 C0 - test eax,eax
0040C7C0 - 74 1B - je 0040C7DD
0040C7C2 - 8B 45 F8 - mov eax,[ebp-08]
0040C7C5 - E8 C654FFFF - call 00401C90
0040C7CA - 8B 45 F8 - mov eax,[ebp-08]
0040C7CD - C7 80 88060000 02000000 - mov [eax+00000688],00000002 --this code pops up in the debugger only if i roll up on another officer already making a stop and again like i stated above my lights go off if i get to close and try to turn them on. as the program wont allow me to roll up on another officer and stop there if that cop is already out of his car. cause the program wont execute this code in that situation. ->0040C79E - C7 80 88060000 04000000 - mov [eax+00000688],00000004
Comment