|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
maskelilincoln How do I cheat? Reputation: 0
Joined: 15 Apr 2014 Posts: 2
|
Posted: Tue Apr 15, 2014 6:56 am Post subject: [HELP] Magnet,LockMob,Monster Pull,Opk Hack] |
|
|
Code: | Test.exe+288756 - 74 45 - je Test.exe+28879D
Test.exe+288758 - 8B 97 A0000000 - mov edx,[edi+000000A0]
Test.exe+28875E - 83 EC 0C - sub esp,0C
Test.exe+288761 - 8B CC - mov ecx,esp
Test.exe+288763 - 89 11 - mov [ecx],edx
Test.exe+288765 - 8B 97 A4000000 - mov edx,[edi+000000A4]
Test.exe+28876B - 89 51 04 - mov [ecx+04],edx
Test.exe+28876E - 8B 97 A8000000 - mov edx,[edi+000000A8]
Test.exe+288774 - 8D B4 24 98000000 - lea esi,[esp+00000098]
Test.exe+28877B - 89 51 08 - mov [ecx+08],edx
Test.exe+28877E - E8 ED1F0900 - call Test.exe+31A770
Test.exe+288783 - 8B 08 - mov ecx,[eax]
Test.exe+288785 - 89 8F A0000000 - mov [edi+000000A0],ecx //Player Teleport Y
Test.exe+28878B - 8B 50 04 - mov edx,[eax+04]
Test.exe+28878E - 89 97 A4000000 - mov [edi+000000A4],edx //Player Teleport Z
Test.exe+288794 - 8B 40 08 - mov eax,[eax+08]
Test.exe+288797 - 89 87 A8000000 - mov [edi+000000A8],eax //Player Teleport X
Test.exe+28879D - 8B 87 A8000000 - mov eax,[edi+000000A8] //Monster Teleport X
Test.exe+2887A3 - 8B 8F A0000000 - mov ecx,[edi+000000A0] //Monster Teleport Y
Test.exe+2887A9 - 8B 97 A4000000 - mov edx,[edi+000000A4] //Monster Teleport Z
Test.exe+2887AF - 89 84 24 80000000 - mov [esp+00000080],eax
Test.exe+2887B6 - 8B 47 08 - mov eax,[edi+08]
Test.exe+2887B9 - 89 4C 24 78 - mov [esp+78],ecx
Test.exe+2887BD - 89 54 24 7C - mov [esp+7C],edx
Test.exe+2887C1 - 85 C0 - test eax,eax
|
Help Lock : Monster coordinate = Player coordinate ??? |
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Tue Apr 15, 2014 9:51 am Post subject: |
|
|
If you're looking to make an enemy vac cheat, I posted a table around here somewhere that you can follow as a guide.
Nonetheless, the first thing that you need to do is find an instruction that handles ALL enemy coordinates. Most likely, such an instruction will also handle hero/player coordinates, so you will need to filter that out. After that, it's simply a matter of setting up the script/table to function properly for the vac cheat. Again, I posted a table that you can use if you can find it. |
|
Back to top |
|
|
lamafao Expert Cheater Reputation: 1
Joined: 17 Apr 2013 Posts: 130
|
Posted: Thu Apr 24, 2014 2:15 pm Post subject: |
|
|
++METHOS wrote: | If you're looking to make an enemy vac cheat, I posted a table around here somewhere that you can follow as a guide.
Nonetheless, the first thing that you need to do is find an instruction that handles ALL enemy coordinates. Most likely, such an instruction will also handle hero/player coordinates, so you will need to filter that out. After that, it's simply a matter of setting up the script/table to function properly for the vac cheat. Again, I posted a table that you can use if you can find it. |
Hey, im trying to do the same thing as OP, how would i 'filter' those addresses?
I think im gonna create my own thread in general gamehacking |
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Thu Apr 24, 2014 4:34 pm Post subject: |
|
|
Refer to the CE tutorial regarding structure dissection. Geri published a tutorial that will walk you through it. |
|
Back to top |
|
|
lamafao Expert Cheater Reputation: 1
Joined: 17 Apr 2013 Posts: 130
|
Posted: Thu Apr 24, 2014 10:40 pm Post subject: |
|
|
++METHOS wrote: | Refer to the CE tutorial regarding structure dissection. Geri published a tutorial that will walk you through it. |
Well after 6 hours or so i finally did it, looked at your code too.
Lots of questions..
Is there a way to calculate how far do i have to jump to an address if have something like je/jne?
Is this a safe method? I have no idea what edi does in my game/code.
Is there a way to add to my x,y,z so that bots appear above me or something like that?
And.. how would i do this with compare? I tried cmp [esi],#5130904 <-- thats player, but i just crash the game. //figured out how to do it with cmp, added new code
Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(x)
label(y)
label(z)
label(hp)
newmem:
push edi
cmp [esi],#5130904
je +56
mov edi,1
mov [hp],edi
mov edi,[["ac_client.exe"+00109B74]+34]
mov [x],edi
mov edi,[["ac_client.exe"+00109B74]+38]
mov [y],edi
mov edi,[["ac_client.exe"+00109B74]+3C]
mov [z],edi
mov edi,[hp]
mov [esi+F8],edi
mov edi,[x]
mov [esi+34],edi
mov edi,[y]
mov [esi+38],edi
mov edi,[z]
mov [esi+3C],edi
pop edi
mov ecx,[esi+34]
fld dword ptr [esi+5C]
jmp returnhere
x:
dd 0
y:
dd 0
z:
dd 0
hp:
dd 0
"ac_client.exe"+5BD64:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
"ac_client.exe"+5BD64:
mov ecx,[esi+34]
fld dword ptr [esi+5C] |
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Fri Apr 25, 2014 12:10 pm Post subject: |
|
|
It is best to follow the format that I used. It will be easier to explain things to you if I know what you are trying to do, as well as where you are injecting your code. For example, for a vac cheat, it is best to inject at an instruction that handles coordinates so that you do not have to rely on potentially unreliable pointers.
Quote: | Is there a way to calculate how far do i have to jump to an address if have something like je/jne? | -You do not have to. Just create a label (such as 'hero') and jump to that. For example:
Code: | label(hp)
label(hero)
newmem:
push edi
cmp [esi],#5130904
je hero
//code
hero:
//hero code here |
alternatively, you can just jump to originalcode if you do not want the hero player affected by anything.
Quote: | Is this a safe method? I have no idea what edi does in my game/code. | -When you push/pop a register, it allows you to use it temporarily for handling values. You do not have to use edi, you can use esi, edx or any other register that won't interfere with the original instruction.
Quote: | Is there a way to add to my x,y,z so that bots appear above me or something like that? | -Yes. You can do anything you want. For example, I created a mass-kill cheat by throwing all of the enemies in to the air by manipulating their Y coordinate value. On one game, I created a vac cheat that would vac all enemies to my bullets...so, I could shoot my gun out in to the ocean, and all of the enemies would be vac'd to the bullet and would fly out in to the ocean. I also created a teleport-to-bullet cheat that allowed me to shoot anywhere, then teleport to that location. |
|
Back to top |
|
|
lamafao Expert Cheater Reputation: 1
Joined: 17 Apr 2013 Posts: 130
|
Posted: Fri Apr 25, 2014 1:47 pm Post subject: |
|
|
++METHOS wrote: | -You do not have to. Just create a label (such as 'hero') and jump to that. |
Yea, found that on my own yesterday after looking a bit more at your code.
++METHOS wrote: | -Yes. You can do anything you want. For example, I created a mass-kill cheat by throwing all of the enemies in to the air by manipulating their Y coordinate value. On one game, I created a vac cheat that would vac all enemies to my bullets...so, I could shoot my gun out in to the ocean, and all of the enemies would be vac'd to the bullet and would fly out in to the ocean. I also created a teleport-to-bullet cheat that allowed me to shoot anywhere, then teleport to that location. | This might sound stupid, but how do i add +10 to lets say my X coordinate so that enemies spawn near me, not on top of me?
Code: | playerX to edi -> mov edi,[["ac_client.exe"+00109B74]+34]
edi to label x -> mov [x],edi
label x + 10?
label x to edi -> mov edi,[x]
edi(with playerX) to enemyX -> mov [esi+34],edi |
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Sat Apr 26, 2014 1:33 pm Post subject: |
|
|
There are different ways of doing it, depending on your preference. I recommend learning assembly.
Personally, I prefer to not limit myself. For example, when writing a vac cheat, I typically like to set it up so that I have at least one save slot that I can use to save my coordinates to...then, whenever I want, I can vac enemies to that location. By doing so, I do not have to worry about enemies swarming around me...instead, I can choose where I want them to go first...then, when I am ready, vac them to that spot. It is better this way, because I can set myself up beforehand, plant an explosive and/or freely move around them and away from them as I want. I can force enemies to stay in one location while I freely move about. I do not have to worry about enemies harming me this way, and, I can generally have a lot more fun with it (e.g. set a vac point in the street, then vac all enemies to that location right as a bus is about to drive over it). Anyway, it is better to have more control, in my opinion. |
|
Back to top |
|
|
lamafao Expert Cheater Reputation: 1
Joined: 17 Apr 2013 Posts: 130
|
Posted: Sat Apr 26, 2014 3:27 pm Post subject: |
|
|
++METHOS wrote: | There are different ways of doing it, depending on your preference. I recommend learning assembly.
Personally, I prefer to not limit myself. For example, when writing a vac cheat, I typically like to set it up so that I have at least one save slot that I can use to save my coordinates to...then, whenever I want, I can vac enemies to that location. By doing so, I do not have to worry about enemies swarming around me...instead, I can choose where I want them to go first...then, when I am ready, vac them to that spot. It is better this way, because I can set myself up beforehand, plant an explosive and/or freely move around them and away from them as I want. I can force enemies to stay in one location while I freely move about. I do not have to worry about enemies harming me this way, and, I can generally have a lot more fun with it (e.g. set a vac point in the street, then vac all enemies to that location right as a bus is about to drive over it). Anyway, it is better to have more control, in my opinion. |
Well i know only the basic stuff.. any examples?
There's way too many instructions on the wiki |
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Sat Apr 26, 2014 4:27 pm Post subject: |
|
|
Yes. |
|
Back to top |
|
|
lamafao Expert Cheater Reputation: 1
Joined: 17 Apr 2013 Posts: 130
|
Posted: Sat Apr 26, 2014 6:20 pm Post subject: |
|
|
After looking at some teleport scripts i made this one, most of it was just copy/paste, it's really effing long but at least i know how to do it now.
What do you do if you can't find a difference between mobs and player? I've tried to dissect 3-4 different mobs + player at a time, but stuff changes after i restart the game.
I didn't try to go backwards from coordinate offset yet, i guess i am gonna try that.
Also, is it possible to compare just 1 byte?
Edit: nvm it's cmp byte [bla],bla
Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
//label(originalcode)
label(x)
label(y)
registersymbol(x)
registersymbol(y)
label(save_coord)
label(load_coord)
label(s_enable)
label(l_enable)
registersymbol(s_enable)
registersymbol(l_enable)
0AC6EFA3:
jmp newmem
returnhere:
newmem:
fstp dword ptr [esi]
fstp dword ptr [esi+04]
cmp [esi+70],#51460332
jne returnhere
cmp [s_enable],1
je save_coord
cmp [l_enable],1
je load_coord
jmp returnhere
save_coord:
mov [s_enable],0
push edi
mov edi,[esi]
mov [x],edi
mov edi,[esi+04]
mov [y],edi
pop edi
jmp returnhere
load_coord:
mov [l_enable],0
cmp [x],0
je returnhere
push edi
mov edi,[x]
mov [esi],edi
mov edi,[y]
mov [esi+04],edi
pop edi
jmp returnhere
/*
originalcode:
fstp dword ptr [esi]
fstp dword ptr [esi+04]
jmp returnhere
*/
x:
dd 0
y:
dd 0
s_enable:
dd 0
l_enable:
dd 0
[DISABLE]
dealloc(newmem)
unregistersymbol(saveEnable)
unregistersymbol(loadEnable)
unregistersymbol(x)
unregistersymbol(y)
0AC6EFA3:
fstp dword ptr [esi]
fstp dword ptr [esi+04] |
Last edited by lamafao on Sat Apr 26, 2014 7:00 pm; edited 1 time in total |
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Sat Apr 26, 2014 6:51 pm Post subject: |
|
|
lamafao wrote: | What do you do if you can't find a difference between mobs and player? | -Dig deeper...use pointer trees, multiple injection points etc.
lamafao wrote: | Also, is it possible to compare just 1 byte? | -Yes. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|