This should be just the file name and extension, not the full path. Tick this box and enter the full path name of the x64dbg. Click Apply and launch the target game. You should get x64dbg instead of the game. We're now "attached" and debugging the game in real-time. So earlier we identified the string "Corrupted index offset in pak file. The next window with have a progress bar at the bottom.
Is is best to wait for this to finish before continuing! Once done, type "Corrupted index offset in pak file. We've got a few hits. These are in the same rough memory area, so it looks like this actually the same code block. Double-click one of these to jump to that area of the EXE to have a look.
An important part of this process to to understand roughly what's going on here. This is the low-level code of the EXE. Important things to note:. In the above screenshot, we can see the x64dbg is being very helpful and showing us the jumps on the left side of the window. We can see the line starting with "jge" will jump over our error message if a condition is true jge means " jump if greater or equal to".
Because this is jumping straight over our error message, it looks like we're in the correct spot. Those lines correspond exactly to the code we saw earlier:. And this is the main part of the puzzle now. We're going to debug this game gradually, following the structure of the EXE and comparing it to UE4 to figure out where we are. Once we're at the DecryptData function, we can look up our memory values and get our key.
Clicking the bobbles at the side of the window will set breakpoints. You will want to set a breakpoint within this area of the code we've found, and hit the "Run" button until we hit our breakpoint.
Note: by default x64dbg breaks on lots of various events. This will save having to continue past lots of breakpoints. Our decryption step will be within a pretty small jump and call a module function somewhere.
This should be easy to spot. The SHA hashing has a bunch of memory setup, a huge branch, and a for loop which is just a complex jump when you're this low-level. What's up with the two jumps? The last section is clearly the SHA hash starting, but there is only one if statement before that? Above we had a call to "AddUninitialized". This is what is called an "inline function". When it is called, it's execution is basically injected into where it was called from, rather than jumping around in memory.
As we can see, this function has its own if statement. So if it's inlined into the calling function, it will add this branch there. This explains the first branch we see. Because of this, we can assume that the second small branch is the one that does the encryption. You can see I have already added a breakpoint at the module function call, as this is where I want to start debugging. Now we're attached, debugging, and in the right place. Make sure we've got our breakpoint at the module call and we've run through the application until we hit it.
Now we want to run "Step Into" F7. This will jump into the function we're currently on, then immediately halt the game again. We have a key variable initialisation, then it is fetched, then we decrypt the data. The check should be compiled out of Shipping builds, so we can ignore that bit. Because the variable initialisation might be fairly complex, let's start at the bottom of the EXE code and work back up. Working upwards, there are a few module calls, I reckon these are the final DecryptData function call.
The goal now is to step through and start looking at our memory. Above I have added a breakpoint where I think we're getting the decryption key. So I continue running until I hit that point, then I hit the "Step Over" F8 debug button to run the module function in it's entirety I don't care how it gets the key, I just want it to get it.
If it is then back it up in a usb drive. Press ps button and go back to playstation network and sign back 4. Reply to this thread. Twitch Stream. Mortal Kombat Iamking Iamking. Scott Scott-Howell. Bowzersbuddy Bowzersbuddy. Latest Discussion.
Scott vs Iamking in Mortal Kombat Mick-Lucifer Mick-Lucifer. Rain Portrait thanks to Jesse Keiper. Fighting stance and walking animation the same as Reptile — consistent with MK Trilogy for N64, and to differentiate him from other male ninja. Audio voice, grunts, etc same as Reptile — consistent with MK Trilogy. Custom graphics and palettes created for Rain:. RAIN life bar — previously in attract mode the life bar was blank with text characters of a different font overlaid.
P1 and P2 Vs screen palettes created. Arm raise on lightning strike is reused Ermac lift animation, arm lowering in recovery is custom animation, reverse of raising arm. Super Roundhouse behaves like MK Trilogy, with some exceptions. Greater cooldown period between super roundhouse and regular roundhouse reaction.
Roundhouse, anti air punch, roundhouse will still trigger another super roundhouse. The trajectory of the super roundhouse is conducive to allowing multiple super round house moves in a combo. The super roundhouse reaction also triggers double damage protection in any combo it starts or is involved in. After the 10 th hit in a combo, the roundhouse will trigger a standard roundhouse reaction. This is to prevent infinite combos. Does 9h damage on hit, 3h on block. Triggers damage protection on hit.
Hit limit of 2 — disabled after 3 hits in combo. Jade is NOT immune when using projectile invincibility. Maximum and minimum height limits in place for control. Sets boundary and will not drag Rain across screen when controlling opponent away from Rain at full screen. If Nightwolf reflects projectile he will gain control of Rain. If hit with another projectile trade , Rain will lose control of opponent. Jade is immune with projectile invincibility.
If CPU Rain, Nightwolf reflect or Motaro reflect gain control of human player, they will drag him up and across the screen to them. Does 14h damage on hit, 3h on block. Hit limit of 3 — disabled after 4 hits. Human Smoke:. Human Smoke given a second Fatality! Similar to but replaces Trilogy Cheese Smoke Stretch fatality. Classic Sub Zero:. NOTE: Will not work if opponent is near corner.
Similar to Trilogy fatal, with a nice twist at the end. Classic Sub Zero Friendship restored! Palette created for stalk of jack in the box. Input — Down, Back, Back, Forward inside sweep distance. Custom animation for Ermac and victim created. Use start button to tag a character in! Push direction corresponding to side of screen you want character to enter along with start to have the character tag in from that side. Cool down time between tags is approximately 5 seconds.
May not tag if you are being damaged. New Character Select Screen Option:. New character select screen option available! See test menu section on how to enable. Rearranged portraits with fighter Vs screen poses instead of fighters themselves. Tournament Kombat will force classic character select screen. No random select implemented, will be for Beta 2.
Brutalities have been included! New Kombat Kodes:. New Kombat Kodes have been created! Will only take chip damage first hit of auto combo. Run Meter will remain at 0 during match. Flurry of jabs will stop when block button is pressed. Literally knock the soul out of your opponent. Sends your opponent very high in the air! Like Paintball Mode, but for blood!
Single Player Kombat Kodes. Single Player Kombat Kodes have been added! To activate, perform the correct inputs before the match starts. A confirmation of kombat kode success will be indicated by kombat kode being displayed at bottom of screen at round start. Some Single Player Kombat Kodes are disabled versus bosses. You will receive your just deserts. Arcade Tower Options:.
Randomizer Option makes all 4 towers random at choose your destiny screen, where default action is to pull from several arrays of static tower opponents. Greatly increases replay value!! Pressing start before selecting the tower of your choice will create an Endurance Tower. All opponents besides bosses will change to endurance battles. Difficulty setting will determine possibility of 3 person endurance matches to be incorporated during the arcade mode run up towers.
MK3 Storyboards:. Amazingly brings stunning artwork back to UMK3 that was sorely missing. MK3 Storyboards, when selected, will show MK3 storyboards with graphics as well as character bios.
The MK3 storyboards effectively replace the multiple, quick scene transition action fights with UMK3 attract mode music. Characters still fight as they did previously with a Vs screen prior. Character bios continue to be shown. Best winning streaks screen continues to be shown. Ending Kredits:. To all our Kontributors and Supporters! We could not do this without you. Randomizer: Randomizes Arcade Mode Tower opponents.
Enables ability to press start and change to endurance tower. Endurance battles prior to bosses will be story line relevant. Attract Mode: Original and Improved. Original is UMK3 style attract mode. Improved is MK3 style, with MK3 storyboards. Off: Ability to change game mode between matches. On: Game mode stays between matches 1v1, 2v2. Off: 2v2 gameplay as standard in UMK3.
Original: Original Fighter Select Screen. Improved: New Fighter Select Screen.
0コメント