|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
pferreira Advanced Cheater Reputation: 0
Joined: 05 Nov 2014 Posts: 67 Location: United Kingdom
|
Posted: Sun Feb 26, 2017 9:04 am Post subject: Surgeon Simulator Anniversary Edition help required |
|
|
I've been trying to create a stable cheat table for the GOG version of this game and I'm really having trouble with it. The problem isn't me not being able to freeze and modify blood loss, the problem is that it doesn't work every time I restart the game. I have tried using the tutorial and finding out what the address writes to, then clicking value to bring up the address I need to add but no new address appears in the debugger.
I have also added a pointer but narrowing down the actual line it accesses is taking forever. This isn't a static value and changes with damage such as blood loss in real life would happen. What am I doing wrong?
|
|
Back to top |
|
|
Filipe_Br Master Cheater Reputation: 3
Joined: 07 Jan 2016 Posts: 272 Location: My house
|
Posted: Tue Feb 28, 2017 7:52 am Post subject: Re: Surgeon Simulator Anniversary Edition help required |
|
|
If it was not possible to find a pointer, then find who writes at this address, and then do an injection code of type "AOB Scan".
_________________
... |
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Tue Feb 28, 2017 12:08 pm Post subject: |
|
|
The debugger is not populating results for the tutorial or for the game?
Try 'what accesses' instead of 'what writes'. If you return to the game/tutorial and alter the value again, and results still do not populate the debugger list, then try rebooting your computer and checking your debugger settings in CE.
You need to figure out why the debugger is not showing you any results before continuing.
|
|
Back to top |
|
|
pferreira Advanced Cheater Reputation: 0
Joined: 05 Nov 2014 Posts: 67 Location: United Kingdom
|
Posted: Tue Feb 28, 2017 5:02 pm Post subject: |
|
|
++METHOS wrote: | The debugger is not populating results for the tutorial or for the game?
Try 'what accesses' instead of 'what writes'. If you return to the game/tutorial and alter the value again, and results still do not populate the debugger list, then try rebooting your computer and checking your debugger settings in CE.
You need to figure out why the debugger is not showing you any results before continuing. | What debugger do you think I should have it set to? An online video says to deselect the Windows one as it never works. Personally both debugger options make no difference to me.
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Tue Feb 28, 2017 6:07 pm Post subject: |
|
|
Depends on the target; breakpoint method, debugger method, break location, anti-debugger schemes, built-in debugger (emulators) et al. can all produce different results, depending.
You may just have to experiment. I recommend doing some research first. If there are preexisting tables available that make use of code injection, then you may only have to make some minor adjustment to your CE settings in order to get it working properly.
|
|
Back to top |
|
|
pferreira Advanced Cheater Reputation: 0
Joined: 05 Nov 2014 Posts: 67 Location: United Kingdom
|
Posted: Wed Mar 01, 2017 1:29 pm Post subject: |
|
|
I have no idea how to do any of that. I'm not an advanced hacker. I'm just following tutorials.
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Wed Mar 01, 2017 8:16 pm Post subject: |
|
|
CE drop-down menu -- Edit/Settings/Debugger Options
|
|
Back to top |
|
|
pferreira Advanced Cheater Reputation: 0
Joined: 05 Nov 2014 Posts: 67 Location: United Kingdom
|
Posted: Sun Mar 05, 2017 9:59 am Post subject: |
|
|
++METHOS wrote: | CE drop-down menu -- Edit/Settings/Debugger Options | I have debugger set to 'Use VEH Debugger'. I would keep trying to narrow down the lines with the pointer addresses but Pointer Paths is currently stuck at 2372 and I can't bring that number down any more regardless of how many times I restart a game.
Quote: | If it was not possible to find a pointer, then find who writes at this address, and then do an injection code of type "AOB Scan". | How do I do an injection code? I click to find what writes to the address but all I get is the blank pop-up with just the instruction.
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Sun Mar 05, 2017 12:53 pm Post subject: |
|
|
To Inject:
Find the address in question.
Right click address in address list and select find what accesses this address
The debugger should pop up, go into the game and do some thing that you think will cause it to access the address, i.e.: ammo, shot; Coordinates, move
when you get some instructions showing up then in the debugger window, highlight the instruction that looks best (basically a guess), Show dissembler button should be clickable with instruction highlighted, Click Show dissembler.
Now here is where I will suggest stopping the first debugger then in the disassembler view form highlight the instruction (should already be after clicking Show dissembler), right click and select Find out what addresses are accessed by this instruction (just to make sure it's the only address that is accessed.
If that checks out then in disassembler view go Menu >> Tools >> Auto assembler (or ctrl+A).
then in the auto assembler form go to Menu >> Templates >> AOB injection, when asked for an address if you haven't changed the highlighted instruction in the disassembler view then click OK.
this will give you a base to start form:
Code: |
{ Game : Tutorial-x86_64.exe
Version:
Date : 2017-03-05
Author : Matt
This script does blah blah blah
}
[ENABLE]
aobscanmodule(INJECT,Tutorial-x86_64.exe,66 66 90 48 89 74 24 20 45 8B 4D 18 4D 8B 45 10) // should be unique
alloc(newmem,$1000,"Tutorial-x86_64.exe"+16B7D)
label(code)
label(return)
newmem:
code:
mov r9d,[r13+18]
mov r8,[r13+10]
jmp return
INJECT+08:
jmp newmem
nop
nop
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT+08:
db 45 8B 4D 18 4D 8B 45 10
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Tutorial-x86_64.exe"+16B7D
"Tutorial-x86_64.exe"+16B57: 4C 8B 6C 02 08 - mov r13,[rdx+rax+08]
"Tutorial-x86_64.exe"+16B5C: 49 8B 4D 00 - mov rcx,[r13+00]
"Tutorial-x86_64.exe"+16B60: 48 8B 55 F0 - mov rdx,[rbp-10]
"Tutorial-x86_64.exe"+16B64: E8 D7 35 FF FF - call Tutorial-x86_64.exe+A140
"Tutorial-x86_64.exe"+16B69: 48 85 C0 - test rax,rax
"Tutorial-x86_64.exe"+16B6C: 75 59 - jne Tutorial-x86_64.exe+16BC7
"Tutorial-x86_64.exe"+16B6E: 49 83 C5 20 - add r13,20
"Tutorial-x86_64.exe"+16B72: EB 36 - jmp Tutorial-x86_64.exe+16BAA
"Tutorial-x86_64.exe"+16B74: 66 66 66 90 - nop
"Tutorial-x86_64.exe"+16B78: 48 89 74 24 20 - mov [rsp+20],rsi
// ---------- INJECTING HERE ----------
"Tutorial-x86_64.exe"+16B7D: 45 8B 4D 18 - mov r9d,[r13+18]
"Tutorial-x86_64.exe"+16B81: 4D 8B 45 10 - mov r8,[r13+10]
// ---------- DONE INJECTING ----------
"Tutorial-x86_64.exe"+16B85: 49 8B 55 00 - mov rdx,[r13+00]
"Tutorial-x86_64.exe"+16B89: 48 8D 4D F8 - lea rcx,[rbp-08]
"Tutorial-x86_64.exe"+16B8D: 48 89 D8 - mov rax,rbx
"Tutorial-x86_64.exe"+16B90: FF D0 - call rax
"Tutorial-x86_64.exe"+16B92: 48 83 7D F8 00 - cmp qword ptr [rbp-08],00
"Tutorial-x86_64.exe"+16B97: 74 0D - je Tutorial-x86_64.exe+16BA6
"Tutorial-x86_64.exe"+16B99: 49 8D 4D 08 - lea rcx,[r13+08]
"Tutorial-x86_64.exe"+16B9D: 48 8B 55 F8 - mov rdx,[rbp-08]
"Tutorial-x86_64.exe"+16BA1: E8 4A 28 FF FF - call Tutorial-x86_64.exe+93F0
"Tutorial-x86_64.exe"+16BA6: 49 83 C5 20 - add r13,20
}
|
So them you need to add a label register it as a symbol then move the suspected base registry to that registered symbol.
i.e.:
Code: |
{ Game : Tutorial-x86_64.exe
Version:
Date : 2017-03-05
Author : Matt
This script does blah blah blah
}
[ENABLE]
aobscanmodule(INJECT,Tutorial-x86_64.exe,66 66 90 48 89 74 24 20 45 8B 4D 18 4D 8B 45 10) // should be unique
alloc(newmem,$1000,"Tutorial-x86_64.exe"+16B7D)
label(SomeRegisteredSymbol)
registersymbol(SomeRegisteredSymbol)
label(code)
label(return)
newmem:
mov [SomeRegisteredSymbol],r13
code:
mov r9d,[r13+18]
mov r8,[r13+10]
jmp return
INJECT+08:
jmp newmem
nop
nop
nop
return:
SomeRegisteredSymbol:
dq 0
registersymbol(INJECT)
[DISABLE]
INJECT+08:
db 45 8B 4D 18 4D 8B 45 10
unregistersymbol(SomeRegisteredSymbol)
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Tutorial-x86_64.exe"+16B7D
"Tutorial-x86_64.exe"+16B57: 4C 8B 6C 02 08 - mov r13,[rdx+rax+08]
"Tutorial-x86_64.exe"+16B5C: 49 8B 4D 00 - mov rcx,[r13+00]
"Tutorial-x86_64.exe"+16B60: 48 8B 55 F0 - mov rdx,[rbp-10]
"Tutorial-x86_64.exe"+16B64: E8 D7 35 FF FF - call Tutorial-x86_64.exe+A140
"Tutorial-x86_64.exe"+16B69: 48 85 C0 - test rax,rax
"Tutorial-x86_64.exe"+16B6C: 75 59 - jne Tutorial-x86_64.exe+16BC7
"Tutorial-x86_64.exe"+16B6E: 49 83 C5 20 - add r13,20
"Tutorial-x86_64.exe"+16B72: EB 36 - jmp Tutorial-x86_64.exe+16BAA
"Tutorial-x86_64.exe"+16B74: 66 66 66 90 - nop
"Tutorial-x86_64.exe"+16B78: 48 89 74 24 20 - mov [rsp+20],rsi
// ---------- INJECTING HERE ----------
"Tutorial-x86_64.exe"+16B7D: 45 8B 4D 18 - mov r9d,[r13+18]
"Tutorial-x86_64.exe"+16B81: 4D 8B 45 10 - mov r8,[r13+10]
// ---------- DONE INJECTING ----------
"Tutorial-x86_64.exe"+16B85: 49 8B 55 00 - mov rdx,[r13+00]
"Tutorial-x86_64.exe"+16B89: 48 8D 4D F8 - lea rcx,[rbp-08]
"Tutorial-x86_64.exe"+16B8D: 48 89 D8 - mov rax,rbx
"Tutorial-x86_64.exe"+16B90: FF D0 - call rax
"Tutorial-x86_64.exe"+16B92: 48 83 7D F8 00 - cmp qword ptr [rbp-08],00
"Tutorial-x86_64.exe"+16B97: 74 0D - je Tutorial-x86_64.exe+16BA6
"Tutorial-x86_64.exe"+16B99: 49 8D 4D 08 - lea rcx,[r13+08]
"Tutorial-x86_64.exe"+16B9D: 48 8B 55 F8 - mov rdx,[rbp-08]
"Tutorial-x86_64.exe"+16BA1: E8 4A 28 FF FF - call Tutorial-x86_64.exe+93F0
"Tutorial-x86_64.exe"+16BA6: 49 83 C5 20 - add r13,20
}
|
And that's the basics of injecting.
_________________
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Sun Mar 05, 2017 3:59 pm Post subject: |
|
|
pferreira wrote: | I would keep trying to narrow down the lines with the pointer addresses but Pointer Paths is currently stuck at 2372 and I can't bring that number down any more regardless of how many times I restart a game. | -Having 100,000 pointer results is not a problem, so long as they are reliable. You can have multiple, working pointers. You may have thousands of results, no matter how many times you rescan, depending on the game.
pferreira wrote: | How do I do an injection code? I click to find what writes to the address but all I get is the blank pop-up with just the instruction. | -So you are getting a result to populate inside of the debugger window? Please clarify.
|
|
Back to top |
|
|
pferreira Advanced Cheater Reputation: 0
Joined: 05 Nov 2014 Posts: 67 Location: United Kingdom
|
Posted: Mon Mar 06, 2017 7:12 pm Post subject: |
|
|
++METHOS wrote: | -Having 100,000 pointer results is not a problem, so long as they are reliable. You can have multiple, working pointers. You may have thousands of results, no matter how many times you rescan, depending on the game. | I think I'm only supposed to have three or four according to online tutorials. What am I supposed to do with 2000+ lines?
++METHOS wrote: | So you are getting a result to populate inside of the debugger window? Please clarify. | No, I'm getting the standard box with the two headings, no data when I click on the CE tutorial box.
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4297
|
Posted: Mon Mar 06, 2017 7:29 pm Post subject: |
|
|
pferreira wrote: | ...according to online tutorials. |
People can be idiots. If you don't know someone, don't trust them.
Different games are different. Some games could give ten valid pointers after many rescans while others could give ten thousand. If you're only making the table for yourself, just pick a pointer that works and use it. Save the last rescan in case the one you picked ever stops working.
If you plan on distributing the table (and are adamant on using the pointer scanner), give the pointer scan files to someone else and have them scan it on their computer a couple times. Any of the remaining pointers should be fine for most people.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Mon Mar 06, 2017 8:52 pm Post subject: |
|
|
If the target that you are working on is the CE tutorial, then you may not have any results to populate the debugger list until you perform an action in the tutorial to cause those results to populate (e.g. click the 'hit me' button).
|
|
Back to top |
|
|
pferreira Advanced Cheater Reputation: 0
Joined: 05 Nov 2014 Posts: 67 Location: United Kingdom
|
Posted: Sun Mar 12, 2017 6:58 am Post subject: |
|
|
++METHOS wrote: | If the target that you are working on is the CE tutorial, then you may not have any results to populate the debugger list until you perform an action in the tutorial to cause those results to populate (e.g. click the 'hit me' button). | As always I target the game. I bring up the tutorial after I target the game. However clicking the hit box doesn't do anything.
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Sun Mar 12, 2017 7:11 am Post subject: |
|
|
To clarify: CE (Cheat Engine) is not a tutorial or a game. The CE tutorial is a tutorial. Any game that you are referring to is not relevant and does not apply to my previous comment.
Attach CE to the CE tutorial. Once you find the value for health (or whatever), right-click on it to see what is accessing it. You may not see any results populate the debugger list until you click 'hit me' again (or whatever) and that health value changes inside of the CE tutorial. Once that happens, you should see a result populate the debugger list.
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|