Leaderboard

This is how the ARM architecture works. Most addresses are not absolute, but relative, relative to the PC. This is done to save space in instructions. The instruction size is 4 bytes. The size of the 32-bit pointer is also 4 bytes. An absolute address almost always requires 4 bytes, since the code can be located in different places. A relative address can be encoded with 2 or 3 bytes. This will give the opportunity to refer to the memory near the code, where this code would not be located. And since .bss is not far from .code (.text), this is enough.

Let me explain this real quick. How they load offset, and calculate address ? Explanation: * PC = (Current Instruction Address + 0x8) 00000000 LDR R0, [PC, 0x1C]; Its calculated like this, R0 = (PC:00000008 + 0x1C = 00000024). Read val at 00000024 which is 0x14, then put into R0. 00000004 ADD R0, PC, R0 ; Again, R0 = (PC:0000000C + 0x14 (Offset) = 00000020) 00000008 MOV R1, #0x1234; Move 0x1234 into R1 0000000C STR R1, [R0]; Store R1:0x1234 value into R0:00000020 address. 00000010 BX LR; Jump into LR (LR is register that store address of this function caller.) 00000014 ALIGN 0x10 00000020 MyValue DCD 0x0 00000024 Offset DCD 0x14 You can find lot of information here, The ARM instruction set

View File Battleland Royal | ESP, Radar, ... Features: ○ ESP ○ Radar ○ Instant Pickup • If you like my script, Don't forget to ❤ it ! Submitter saiaapiz Submitted 06/25/2019 Category LUA scripts  

I never attempted to do a group search. I've always just repeated each process individually when required (low on gold, cash, etc...). I try not to add more than 6 figures of gold to stay under the "radar" (pun intended ... lol). I have been banned in the past and had to create a new account. Also do not play Rivals as its a sure way to get banned as well.

Thank you so much! Will definitely try this when I get home Quick question tho Can I group search my gold / cash / scrap or do I have to do them separately for it to work?

I will do my best to explain and include a video guide I found on YouTube. Let me know if you need more help. Step 1: Open NFS No Limits (take note of your current gold amount, you will need that number later.) Step 2: Open GameGuardian - Main Settings - "Select Process" - "No Limits" .... then while still in the Main Setting scroll down to "Autopause Game:" and change it to "Yes" ... Open the Search tab (magnifying glass icon) and go to settings, scroll down to "Filter" and change the amount under "Show:" to 10000 and "Apply" ... go back to the Main Settings - "Kill the game" and when given the option "Restart the game". Step 3: When the game restarts and is loading there will be a spinning circle in the bottom right corner of the screen which indicates the game is loading. When the loading circle stops spinning (it freezes for a couple of seconds before loading the next screen) quickly open GameGaurdian and go to search and enter the following value - your current gold amount;327680~327699::5 and do a new search as a Dword. Refine your results to show only your current gold amount and then edit to whatever new gold amount you want. Steps 4: Close GameGuardian, let the game finish loading and enjoy your gold! Edit: Take note you can repeat those results with your cash, scrap points and tuning tools.

Do you find the cash value through gold value > addresses? Haven't looked at this in ages I thought it was a lost cause Could you demonstrate how you make those mods work if you don't mind? I love nfs games in general and this made my day

Yep, Ida make we confuse by looking its value pointing directly to target address. Actually, true opcode look like this LDR R0, [PC, #0x4] Idk how to explain it, you can find arm opcode documentation on google. They describe how each instruction work. @Un_Known

I love this nfs, it's one of my daily games. Yes some mods have been patched such as unlock all cars, blueprints and player levels (at least I can no longer get them to work). I can confirm as of today the gold and cash mod still works. Other working mods that I know of include VIP, scrap points, tuning tools and fuel.

Offset from PC in LDR location. Useless in any other place.

Yes, you're correct. This push offset into register, then add it with PC. So PC + Offset lead to dword_36BD38 which is targeted address. R3 is address of dword_36BD38

0000 LDR R3, =(dword_36BD38 - 0x19D86C) -- Load offset to R3 0004 ADD R3, PC, R3 ; dword_36BD38 -- R3 = PC + Offset (R3) 0008 CMP R0, #0 -- Check if R0 value equal to 0 000C STR R0, [R3] -- Store R0 value into R3 (R3 = dword_36BD38) 0010 MOVLT R2, #0x7FFFFFFF -- If R0 value less than 0, then put (0x7FFFFFFF) 2147483647 into R2. 0014 STRLT R2, [R3] -- If R0 value less than 0, then store R2 value which is 2147483647, into R3 (R3 = dword_36BD38) Conclusion is, if R0 value less than 0.. then put 2147483647 into bss:dword_36BD38. Anyway, if you not understand about the logic. F5 hotkey may come handy.

This game is copy paste of HAWK. Play first 5 levels of one, then play first 5 of the other. Greedy, lazy developer... When I get a chance I will get something

Thanks you, i will try.