Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Help with a noclip cheat

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Hayjamieoliver
Newbie cheater
Reputation: 0

Joined: 29 Nov 2016
Posts: 16
Location: idk

PostPosted: Wed Nov 30, 2016 12:59 am    Post subject: Help with a noclip cheat Reply with quote

I'm not really sure where to submit this, and I generally prefer figuring things out via vids and such, but I'm kinda stumped as to how to figure this out.

Basically, I'm trying to make a noclip for self hosted servers of a lil' online game, just so I can explore maps fully, and get the general thrill of walking through walls and such, as well as general transport convenience and messing around with friends. It won't work on the official servers or other ppl's servers, just on ones I host, so I'm not trying to ruin anyone else's fun (there are much more broken and super easy and insane exploits that I found that also stupidly work on official servers, so this one would be tame and useless in comparison)


Now, I managed to find an address that seems to have the value that stores the current "state", 0 is touching nothing, 1 is touching the floor, and 2 is touching a wall.

Now that's great, I cant get any pointers at 5 levels, and 6 levels would take too long, but I don't really need it anyway. So now I look at the Opcodes that write to it, seeing as locking the value at 1 or 2 just makes me fall much more slowly with a very fast jitter.

Opcodes that write to it are:

----------------------------------------------------------------------
144D97E60 - FF 47 18 - inc [rdi+18]

144D97CE1 - FF 47 18 - inc [rdi + 18]

144D97B92 - FF 4F 18 - dec [rdi+18]

144D97EE2 - C7 47 18 00000000 - mov [rdi +18],00000000
----------------------------------------------------------------------

all standard stuff, incrementing and decrementing and subbing in zero. Now the problem is, I can't just nop these opcodes, because doing so crashes the game, due to the fact that these instructions access other addresses. I know it doesn't have anything against code injection, because I was able to Nop and sub code into the opcode that causes damage with no issues. So basically, I want to know how I can make a bit of code to inject that Nops these instructions, but ONLY when they are changing this specific address, which I can't realistically get through a pointer scan (I guess there's AOB scans or w/e they are called for that, I can look into that easy peasy Smile )


I don't need the stuff written for me (would be nice though Smile ), I just need some general advice as to what stuff to look into and use, as I dont really feel like learning assembly just for this one cheat, and my lua knowledge (idk if that applies here, very new to code injection) is pretty basic. Sorry if I posted this in the wrong place or did anything I'm not supposed to.


I can't post screenshots yet on this forum it seems, I can try to give the closely surrounding opcodes if needed, but the only one that actually seems to do something different is the first one, which has these opcodes surrounding it:

--------------------------------------------------Bytes:-----Opcode:--

(insertprogramname.exe) - 144D97E60 - FF 47 18 inc [rdi+18]
(insertprogramname.exe) - 144D97E63 - 8B 77 18 mov esi,[rdi+18]
(insertprogramname.exe) - 144D97E66 - FF CE dec esi
(insertprogramname.exe) - 144D97E68 - 85 F6 test esi, esi
---------------------------------------------------------------------------

_________________
Smile
Back to top
View user's profile Send private message
Betcha
Expert Cheater
Reputation: 4

Joined: 13 Aug 2015
Posts: 232
Location: Somewhere In Space

PostPosted: Wed Nov 30, 2016 1:51 am    Post subject: Re: Help with a noclip cheat Reply with quote

I dont think that this will be that simple:
(insertprogramname.exe) - 144D97E63 - 8B 77 18 mov esi,[rdi+18]
Code:
mov [rdi+18],1
mov esi,[rdi+18]


Do dissect data structure on value you mentioned, and look around by changing every 0 into 1.
Hayjamieoliver wrote:
0 is touching nothing, 1 is touching the floor, and 2 is touching a wall.
Back to top
View user's profile Send private message
Hayjamieoliver
Newbie cheater
Reputation: 0

Joined: 29 Nov 2016
Posts: 16
Location: idk

PostPosted: Wed Nov 30, 2016 1:42 pm    Post subject: Reply with quote

I have tried doing a dissect data on the address that holds the 1, 2 and 0, and changed the values of the addresses that popped up, even the float ones, that were at 1 to 0. One of them, which I think was a 4 byte one, made me levitate slightly above the ground, but constantly fall the tiny bit I was above it over and over, I assume I have to work with that? I've never used the feature before, so if you can point me to a tutorial or something that could be nice Smile


Also I found I was able to nop the move 0 into rdi+18 opcode without any immediately apparent issues, because it seems to usually only access two addresses, one of which is just an address that mimics the one with the 1, 2 and 0, but doesnt have any apprent effect or crash the game by being changed. I guess that's a flyhack almost finished right there lol.

_________________
Smile
Back to top
View user's profile Send private message
Betcha
Expert Cheater
Reputation: 4

Joined: 13 Aug 2015
Posts: 232
Location: Somewhere In Space

PostPosted: Wed Nov 30, 2016 3:38 pm    Post subject: Reply with quote

How Dissect data structure works and tutorials in this Link.
Find your coordinates x,y,z and check what accesses them.
And of course Dissect data structure for any of x,y,z.
Back to top
View user's profile Send private message
Hayjamieoliver
Newbie cheater
Reputation: 0

Joined: 29 Nov 2016
Posts: 16
Location: idk

PostPosted: Wed May 10, 2017 3:01 pm    Post subject: Reply with quote

I had taken a break from this, so sorry for the huge gap in time.

Looking at the red vid in that list of videos, it would appear I am using dissect data structure to find close addresses in the structure to differentiate? I.E finding a value that is under the address I am trying to prevent being written to, that does not change even when restarting the game/computer, and is not the same in every other address of the same row?

I can most certainly understand that, but I am unaware as to what purpose finding X, Y and Z serves. The current address is clearly functional, as it is able to slow my fall both client and server side. I suppose you are saying it would perhaps be easier to figure out than the address I am currently working with?


I am going to try and use the video with the red thumbnail, as it appears to meet my needs. My ideal endgame is for nothing to write to the address at all, and then to simply change it via hot keys. I don't really want to simply increase y, X or z, as that tends to cause jittering.

Of course I realise there's a good chance I am making some sort of mistake, but currently I am unaware of what exactly is happening. If it is possible for anyone to explain that would be ideal.

_________________
Smile
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites