Sunday, 8 May 2011

Cheating Red Alert 3

I recently started to play Red Alert 3 (v1.0) just for the amusement. I am not a serious game player, so naturally I needed to cheap my way through some chapters.

Unlike games such as War Craft 3, which have built-in cheat codes, RA3 has none (or at least I could not find any on the net). Fortunately, there is CheatEngine – an very handy open source bundle of tools that have been especially built for cheating in games! Since CE has been built by hacker for hackers, documentation is scarce and not easy to find.

From a quick search, there are a couple of ways to cheat in RA3:

  1. Modify money - use the CE’s memory scanner to search for the memory addresses that store the money amount. Once found, modify them to give yourself virtually unlimited money. This approach has been demonstrated on YouTube. The video is blurry, but the method is exactly the same as the first tutorial of CE, which is bundled with the CE installation.
  2. God Mode, Unlimited Resource and Quick Research – this is done by code injection. The assembly source code is available on the CE Forum. However, the forum does not say how to apply the hack. Here, I will show a step by step guide on applying the hack.

Once both RA3 and CE are running (doesn’t matter which is first),

  1. go to CE and select the process named ‘…ra3_1.0.game’ and open it.
  2. Click the ‘Memory view’ button on CE to open the memory view window.
  3. From the Memory Viewer window, select the menu Tools –> Auto Assemble (Ctrl-A).  This will pop up the Auto assemble window.
  4. Paste the assembly code found in the CE Forum (also listed below) into the Auto assemble window.
  5. Press Execute button. Click Yes on the confirmation message to inject the code. You should get another message saying successful.

That’s it. When you switch back to RA3, you will find that your money is about 100,000, researches are very fast and the units can take a constant pounding for several minutes without losing health.

The assembly code is shown below. Notice the highlighted lines – to turn the particular cheat off, change the value to 0. Also note that the code for later versions of RA3 is different and they can be found on the CE Forum as well.

// Command and Conquer - Red Alert 3 
// Game Version  : 1.0.3174.697 
// Script Version: 1.0 
// CE Version    : 5.4 
// Resource, Research and GodMode 
// 08-Nov-2008 

[ENABLE] 
alloc(MyCode,1024) 

label(_MonResource) 
label(_GodMode) 
label(_MonRPoints) 
label(_MonPlayerID) 
label(_GodM0) 
label(_BackMR) 
label(_BackGM) 
label(_BackMRP) 
label(_BackMPI) 
label(_ExitMR) 
label(_ExitGM) 
label(_ExitMRP) 
label(pResource) 
label(pLastOne) 
label(iPlayerID) 
label(iEnableGM) 
label(iEnableMRP) 
label(iEnableMR) 

registersymbol(MyCode) 
registersymbol(pLastOne) 
registersymbol(iEnableGM) 
registersymbol(iEnableMRP) 
registersymbol(iEnableMR) 
//============================= 
// Hacking Points 
ra3_1.0.game+3e4acc: 
 jmp _MonResource 
 nop 
_BackMR: 

ra3_1.0.game+30d4ae: 
 jmp _GodMode 
_BackGM: 

ra3_1.0.game+4004e5: 
 jmp _MonRPoints 
_BackMRP: 

ra3_1.0.game+58bb45: 
 jmp _MonPlayerID 
 nop 
_BackMPI: 

MyCode: 
//========================================= 
_MonResource: 
 push eax 
 mov eax,[iPlayerID] 
 cmp eax,[ecx+20]           // Player's?... 
 pop eax 
 mov ecx,[ecx+000000e4]     // Original code 
 mov [pResource],ecx        // Save ptr for debugging 
 jne _ExitMR                // ...Jump if false 

 cmp dword ptr [iEnableMR],0 
 je _ExitMR                // Jump if Monitor Resource is disabled 

 mov ecx,[ecx] 

 cmp dword ptr [ecx+04],#100000 
 jge _ExitMR                // Jump if greater then 100000 

 mov dword ptr [ecx+04],#100000 

_ExitMR: 
 mov ecx,[pResource] 
 jmp _BackMR                // back to main code 

//========================================= 
_GodMode: 
 push eax 

 mov eax,[esi-08]           // Get ptr to Unit 
 or eax,eax                 // Null Ptr? 
 jz _ExitGM                 // Jump if true 

 mov eax,[eax+00000418]     // Get ptr to Player 
 mov eax,[eax+20]           // Get ID 

 cmp eax,[iPlayerID]        // Player's?... 
 jne _ExitGM                // Jump if false 

 mov [pLastOne],esi        // Save ptr for debugging 

 mov eax,[esi+30] 
 cmp eax,00000070          // Is it an effect? 
 je _ExitGM                // Jump if true 

_GodM0: 
 cmp dword ptr [iEnableGM],0 
 je _ExitGM                // Jump if God Mode is disabled 

 movss xmm0,[esi+0c]       // Get Maximum HP 

_ExitGM: 
 movss [esi+04],xmm0       // Original code 

 pop eax 
 test eax,eax              // Restore EFLAGS 
 jmp _BackGM               // Back to main code 

//========================================= 
// Quick Research 
_MonRPoints: 
 push edx 

 movss [esi+2c],xmm0       // Original code 

 cmp dword ptr [iEnableMRP],0 
 je _ExitMRP               // Jump if Quick Research is disabled 

 mov edx,[esi+28] 
 mov edx,[edx+20] 
 cmp edx,[iPlayerID]       // Player´s research? 
 jne _ExitMRP              // Jump if false 

 mov edx,43af0000          // 350.0 
 cmp edx,[esi+2c] 
 jle _ExitMRP 

 mov [esi+2c],edx          

_ExitMRP: 
 pop edx 
 jmp _BackMRP              // Back to main code 

//========================================= 
_MonPlayerID: 
 mov eax,[edi+00000080] 
 mov [iPlayerID],eax       // Save Player ID for further use 
 jmp _BackMPI              // Back to main code 

//========================================= 
// Variables 
iPlayerID: 
 dd 0 
pResource: 
 dd 0 
pLastOne: 
 dd 0 
iEnableGM: 
 dd 1 
iEnableMRP: 
 dd 1 
iEnableMR: 
 dd 1 

//========================================= 
// Original Codes 

[DISABLE] 
ra3_1.0.game+3e4acc: 
 mov ecx,[ecx+000000e4] 

ra3_1.0.game+30d4ae: 
 movss [esi+04],xmm0 

ra3_1.0.game+4004e5: 
 movss [esi+2c],xmm0 

ra3_1.0.game+58bb45: 
 mov eax,[edi+00000080] 

unregistersymbol(MyCode) 
unregistersymbol(pLastOne) 
unregistersymbol(iEnableGM) 
unregistersymbol(iEnableMRP) 
unregistersymbol(iEnableMR) 

dealloc(MyCode)
Posted by Romen at 10:40
Labels:

1 comment:

Post a Comment

Subscribe to: Post Comments (Atom)