|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Hayjamieoliver Newbie cheater Reputation: 0
Joined: 29 Nov 2016 Posts: 16 Location: idk
|
Posted: Wed Nov 30, 2016 12:59 am Post subject: Help with a noclip cheat |
|
|
I'm not really sure where to submit this, and I generally prefer figuring things out via vids and such, but I'm kinda stumped as to how to figure this out.
Basically, I'm trying to make a noclip for self hosted servers of a lil' online game, just so I can explore maps fully, and get the general thrill of walking through walls and such, as well as general transport convenience and messing around with friends. It won't work on the official servers or other ppl's servers, just on ones I host, so I'm not trying to ruin anyone else's fun (there are much more broken and super easy and insane exploits that I found that also stupidly work on official servers, so this one would be tame and useless in comparison)
Now, I managed to find an address that seems to have the value that stores the current "state", 0 is touching nothing, 1 is touching the floor, and 2 is touching a wall.
Now that's great, I cant get any pointers at 5 levels, and 6 levels would take too long, but I don't really need it anyway. So now I look at the Opcodes that write to it, seeing as locking the value at 1 or 2 just makes me fall much more slowly with a very fast jitter.
Opcodes that write to it are:
----------------------------------------------------------------------
144D97E60 - FF 47 18 - inc [rdi+18]
144D97CE1 - FF 47 18 - inc [rdi + 18]
144D97B92 - FF 4F 18 - dec [rdi+18]
144D97EE2 - C7 47 18 00000000 - mov [rdi +18],00000000
----------------------------------------------------------------------
all standard stuff, incrementing and decrementing and subbing in zero. Now the problem is, I can't just nop these opcodes, because doing so crashes the game, due to the fact that these instructions access other addresses. I know it doesn't have anything against code injection, because I was able to Nop and sub code into the opcode that causes damage with no issues. So basically, I want to know how I can make a bit of code to inject that Nops these instructions, but ONLY when they are changing this specific address, which I can't realistically get through a pointer scan (I guess there's AOB scans or w/e they are called for that, I can look into that easy peasy )
I don't need the stuff written for me (would be nice though ), I just need some general advice as to what stuff to look into and use, as I dont really feel like learning assembly just for this one cheat, and my lua knowledge (idk if that applies here, very new to code injection) is pretty basic. Sorry if I posted this in the wrong place or did anything I'm not supposed to.
I can't post screenshots yet on this forum it seems, I can try to give the closely surrounding opcodes if needed, but the only one that actually seems to do something different is the first one, which has these opcodes surrounding it:
--------------------------------------------------Bytes:-----Opcode:--
(insertprogramname.exe) - 144D97E60 - FF 47 18 inc [rdi+18]
(insertprogramname.exe) - 144D97E63 - 8B 77 18 mov esi,[rdi+18]
(insertprogramname.exe) - 144D97E66 - FF CE dec esi
(insertprogramname.exe) - 144D97E68 - 85 F6 test esi, esi
---------------------------------------------------------------------------
_________________
|
|
Back to top |
|
|
Betcha Expert Cheater Reputation: 4
Joined: 13 Aug 2015 Posts: 232 Location: Somewhere In Space
|
Posted: Wed Nov 30, 2016 1:51 am Post subject: Re: Help with a noclip cheat |
|
|
I dont think that this will be that simple:
(insertprogramname.exe) - 144D97E63 - 8B 77 18 mov esi,[rdi+18]
Code: | mov [rdi+18],1
mov esi,[rdi+18] |
Do dissect data structure on value you mentioned, and look around by changing every 0 into 1.
Hayjamieoliver wrote: | 0 is touching nothing, 1 is touching the floor, and 2 is touching a wall. |
|
|
Back to top |
|
|
Hayjamieoliver Newbie cheater Reputation: 0
Joined: 29 Nov 2016 Posts: 16 Location: idk
|
Posted: Wed Nov 30, 2016 1:42 pm Post subject: |
|
|
I have tried doing a dissect data on the address that holds the 1, 2 and 0, and changed the values of the addresses that popped up, even the float ones, that were at 1 to 0. One of them, which I think was a 4 byte one, made me levitate slightly above the ground, but constantly fall the tiny bit I was above it over and over, I assume I have to work with that? I've never used the feature before, so if you can point me to a tutorial or something that could be nice
Also I found I was able to nop the move 0 into rdi+18 opcode without any immediately apparent issues, because it seems to usually only access two addresses, one of which is just an address that mimics the one with the 1, 2 and 0, but doesnt have any apprent effect or crash the game by being changed. I guess that's a flyhack almost finished right there lol.
_________________
|
|
Back to top |
|
|
Betcha Expert Cheater Reputation: 4
Joined: 13 Aug 2015 Posts: 232 Location: Somewhere In Space
|
Posted: Wed Nov 30, 2016 3:38 pm Post subject: |
|
|
How Dissect data structure works and tutorials in this Link.
Find your coordinates x,y,z and check what accesses them.
And of course Dissect data structure for any of x,y,z.
|
|
Back to top |
|
|
Hayjamieoliver Newbie cheater Reputation: 0
Joined: 29 Nov 2016 Posts: 16 Location: idk
|
Posted: Wed May 10, 2017 3:01 pm Post subject: |
|
|
I had taken a break from this, so sorry for the huge gap in time.
Looking at the red vid in that list of videos, it would appear I am using dissect data structure to find close addresses in the structure to differentiate? I.E finding a value that is under the address I am trying to prevent being written to, that does not change even when restarting the game/computer, and is not the same in every other address of the same row?
I can most certainly understand that, but I am unaware as to what purpose finding X, Y and Z serves. The current address is clearly functional, as it is able to slow my fall both client and server side. I suppose you are saying it would perhaps be easier to figure out than the address I am currently working with?
I am going to try and use the video with the red thumbnail, as it appears to meet my needs. My ideal endgame is for nothing to write to the address at all, and then to simply change it via hot keys. I don't really want to simply increase y, X or z, as that tends to cause jittering.
Of course I realise there's a good chance I am making some sort of mistake, but currently I am unaware of what exactly is happening. If it is possible for anyone to explain that would be ideal.
_________________
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|