Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Surgeon Simulator Anniversary Edition help required
Goto page 1, 2, 3  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
pferreira
Advanced Cheater
Reputation: 0

Joined: 05 Nov 2014
Posts: 67
Location: United Kingdom

PostPosted: Sun Feb 26, 2017 9:04 am    Post subject: Surgeon Simulator Anniversary Edition help required Reply with quote

I've been trying to create a stable cheat table for the GOG version of this game and I'm really having trouble with it. The problem isn't me not being able to freeze and modify blood loss, the problem is that it doesn't work every time I restart the game. I have tried using the tutorial and finding out what the address writes to, then clicking value to bring up the address I need to add but no new address appears in the debugger.

I have also added a pointer but narrowing down the actual line it accesses is taking forever. This isn't a static value and changes with damage such as blood loss in real life would happen. What am I doing wrong?
Back to top
View user's profile Send private message AIM Address
Filipe_Br
Master Cheater
Reputation: 3

Joined: 07 Jan 2016
Posts: 272
Location: My house

PostPosted: Tue Feb 28, 2017 7:52 am    Post subject: Re: Surgeon Simulator Anniversary Edition help required Reply with quote

If it was not possible to find a pointer, then find who writes at this address, and then do an injection code of type "AOB Scan".
_________________
...
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Tue Feb 28, 2017 12:08 pm    Post subject: Reply with quote

The debugger is not populating results for the tutorial or for the game?

Try 'what accesses' instead of 'what writes'. If you return to the game/tutorial and alter the value again, and results still do not populate the debugger list, then try rebooting your computer and checking your debugger settings in CE.

You need to figure out why the debugger is not showing you any results before continuing.
Back to top
View user's profile Send private message
pferreira
Advanced Cheater
Reputation: 0

Joined: 05 Nov 2014
Posts: 67
Location: United Kingdom

PostPosted: Tue Feb 28, 2017 5:02 pm    Post subject: Reply with quote

++METHOS wrote:
The debugger is not populating results for the tutorial or for the game?

Try 'what accesses' instead of 'what writes'. If you return to the game/tutorial and alter the value again, and results still do not populate the debugger list, then try rebooting your computer and checking your debugger settings in CE.

You need to figure out why the debugger is not showing you any results before continuing.
What debugger do you think I should have it set to? An online video says to deselect the Windows one as it never works. Personally both debugger options make no difference to me.
Back to top
View user's profile Send private message AIM Address
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Tue Feb 28, 2017 6:07 pm    Post subject: Reply with quote

Depends on the target; breakpoint method, debugger method, break location, anti-debugger schemes, built-in debugger (emulators) et al. can all produce different results, depending.

You may just have to experiment. I recommend doing some research first. If there are preexisting tables available that make use of code injection, then you may only have to make some minor adjustment to your CE settings in order to get it working properly.
Back to top
View user's profile Send private message
pferreira
Advanced Cheater
Reputation: 0

Joined: 05 Nov 2014
Posts: 67
Location: United Kingdom

PostPosted: Wed Mar 01, 2017 1:29 pm    Post subject: Reply with quote

I have no idea how to do any of that. I'm not an advanced hacker. I'm just following tutorials. Shocked
Back to top
View user's profile Send private message AIM Address
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Wed Mar 01, 2017 8:16 pm    Post subject: Reply with quote

CE drop-down menu -- Edit/Settings/Debugger Options
Back to top
View user's profile Send private message
pferreira
Advanced Cheater
Reputation: 0

Joined: 05 Nov 2014
Posts: 67
Location: United Kingdom

PostPosted: Sun Mar 05, 2017 9:59 am    Post subject: Reply with quote

++METHOS wrote:
CE drop-down menu -- Edit/Settings/Debugger Options
I have debugger set to 'Use VEH Debugger'. I would keep trying to narrow down the lines with the pointer addresses but Pointer Paths is currently stuck at 2372 and I can't bring that number down any more regardless of how many times I restart a game.

Quote:
If it was not possible to find a pointer, then find who writes at this address, and then do an injection code of type "AOB Scan".
How do I do an injection code? I click to find what writes to the address but all I get is the blank pop-up with just the instruction.
Back to top
View user's profile Send private message AIM Address
TheyCallMeTim13
Wiki Contributor
Reputation: 50

Joined: 24 Feb 2017
Posts: 976
Location: Pluto

PostPosted: Sun Mar 05, 2017 12:53 pm    Post subject: Reply with quote

To Inject:

Find the address in question.

Right click address in address list and select find what accesses this address

The debugger should pop up, go into the game and do some thing that you think will cause it to access the address, i.e.: ammo, shot; Coordinates, move

when you get some instructions showing up then in the debugger window, highlight the instruction that looks best (basically a guess), Show dissembler button should be clickable with instruction highlighted, Click Show dissembler.

Now here is where I will suggest stopping the first debugger then in the disassembler view form highlight the instruction (should already be after clicking Show dissembler), right click and select Find out what addresses are accessed by this instruction (just to make sure it's the only address that is accessed.

If that checks out then in disassembler view go Menu >> Tools >> Auto assembler (or ctrl+A).

then in the auto assembler form go to Menu >> Templates >> AOB injection, when asked for an address if you haven't changed the highlighted instruction in the disassembler view then click OK.

this will give you a base to start form:



Code:

{ Game   : Tutorial-x86_64.exe
  Version:
  Date   : 2017-03-05
  Author : Matt

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(INJECT,Tutorial-x86_64.exe,66 66 90 48 89 74 24 20 45 8B 4D 18 4D 8B 45 10) // should be unique
alloc(newmem,$1000,"Tutorial-x86_64.exe"+16B7D)

label(code)
label(return)

newmem:

code:
  mov r9d,[r13+18]
  mov r8,[r13+10]
  jmp return

INJECT+08:
  jmp newmem
  nop
  nop
  nop
return:
registersymbol(INJECT)

[DISABLE]

INJECT+08:
  db 45 8B 4D 18 4D 8B 45 10

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "Tutorial-x86_64.exe"+16B7D

"Tutorial-x86_64.exe"+16B57: 4C 8B 6C 02 08        -  mov r13,[rdx+rax+08]
"Tutorial-x86_64.exe"+16B5C: 49 8B 4D 00           -  mov rcx,[r13+00]
"Tutorial-x86_64.exe"+16B60: 48 8B 55 F0           -  mov rdx,[rbp-10]
"Tutorial-x86_64.exe"+16B64: E8 D7 35 FF FF        -  call Tutorial-x86_64.exe+A140
"Tutorial-x86_64.exe"+16B69: 48 85 C0              -  test rax,rax
"Tutorial-x86_64.exe"+16B6C: 75 59                 -  jne Tutorial-x86_64.exe+16BC7
"Tutorial-x86_64.exe"+16B6E: 49 83 C5 20           -  add r13,20
"Tutorial-x86_64.exe"+16B72: EB 36                 -  jmp Tutorial-x86_64.exe+16BAA
"Tutorial-x86_64.exe"+16B74: 66 66 66 90           -  nop
"Tutorial-x86_64.exe"+16B78: 48 89 74 24 20        -  mov [rsp+20],rsi
// ---------- INJECTING HERE ----------
"Tutorial-x86_64.exe"+16B7D: 45 8B 4D 18           -  mov r9d,[r13+18]
"Tutorial-x86_64.exe"+16B81: 4D 8B 45 10           -  mov r8,[r13+10]
// ---------- DONE INJECTING  ----------
"Tutorial-x86_64.exe"+16B85: 49 8B 55 00           -  mov rdx,[r13+00]
"Tutorial-x86_64.exe"+16B89: 48 8D 4D F8           -  lea rcx,[rbp-08]
"Tutorial-x86_64.exe"+16B8D: 48 89 D8              -  mov rax,rbx
"Tutorial-x86_64.exe"+16B90: FF D0                 -  call rax
"Tutorial-x86_64.exe"+16B92: 48 83 7D F8 00        -  cmp qword ptr [rbp-08],00
"Tutorial-x86_64.exe"+16B97: 74 0D                 -  je Tutorial-x86_64.exe+16BA6
"Tutorial-x86_64.exe"+16B99: 49 8D 4D 08           -  lea rcx,[r13+08]
"Tutorial-x86_64.exe"+16B9D: 48 8B 55 F8           -  mov rdx,[rbp-08]
"Tutorial-x86_64.exe"+16BA1: E8 4A 28 FF FF        -  call Tutorial-x86_64.exe+93F0
"Tutorial-x86_64.exe"+16BA6: 49 83 C5 20           -  add r13,20
}


So them you need to add a label register it as a symbol then move the suspected base registry to that registered symbol.

i.e.:



Code:

{ Game   : Tutorial-x86_64.exe
  Version:
  Date   : 2017-03-05
  Author : Matt

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(INJECT,Tutorial-x86_64.exe,66 66 90 48 89 74 24 20 45 8B 4D 18 4D 8B 45 10) // should be unique
alloc(newmem,$1000,"Tutorial-x86_64.exe"+16B7D)

label(SomeRegisteredSymbol)
registersymbol(SomeRegisteredSymbol)

label(code)
label(return)

newmem:
  mov [SomeRegisteredSymbol],r13

code:
  mov r9d,[r13+18]
  mov r8,[r13+10]
  jmp return

INJECT+08:
  jmp newmem
  nop
  nop
  nop
return:

SomeRegisteredSymbol:
  dq 0

registersymbol(INJECT)

[DISABLE]

INJECT+08:
  db 45 8B 4D 18 4D 8B 45 10

unregistersymbol(SomeRegisteredSymbol)

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "Tutorial-x86_64.exe"+16B7D

"Tutorial-x86_64.exe"+16B57: 4C 8B 6C 02 08        -  mov r13,[rdx+rax+08]
"Tutorial-x86_64.exe"+16B5C: 49 8B 4D 00           -  mov rcx,[r13+00]
"Tutorial-x86_64.exe"+16B60: 48 8B 55 F0           -  mov rdx,[rbp-10]
"Tutorial-x86_64.exe"+16B64: E8 D7 35 FF FF        -  call Tutorial-x86_64.exe+A140
"Tutorial-x86_64.exe"+16B69: 48 85 C0              -  test rax,rax
"Tutorial-x86_64.exe"+16B6C: 75 59                 -  jne Tutorial-x86_64.exe+16BC7
"Tutorial-x86_64.exe"+16B6E: 49 83 C5 20           -  add r13,20
"Tutorial-x86_64.exe"+16B72: EB 36                 -  jmp Tutorial-x86_64.exe+16BAA
"Tutorial-x86_64.exe"+16B74: 66 66 66 90           -  nop
"Tutorial-x86_64.exe"+16B78: 48 89 74 24 20        -  mov [rsp+20],rsi
// ---------- INJECTING HERE ----------
"Tutorial-x86_64.exe"+16B7D: 45 8B 4D 18           -  mov r9d,[r13+18]
"Tutorial-x86_64.exe"+16B81: 4D 8B 45 10           -  mov r8,[r13+10]
// ---------- DONE INJECTING  ----------
"Tutorial-x86_64.exe"+16B85: 49 8B 55 00           -  mov rdx,[r13+00]
"Tutorial-x86_64.exe"+16B89: 48 8D 4D F8           -  lea rcx,[rbp-08]
"Tutorial-x86_64.exe"+16B8D: 48 89 D8              -  mov rax,rbx
"Tutorial-x86_64.exe"+16B90: FF D0                 -  call rax
"Tutorial-x86_64.exe"+16B92: 48 83 7D F8 00        -  cmp qword ptr [rbp-08],00
"Tutorial-x86_64.exe"+16B97: 74 0D                 -  je Tutorial-x86_64.exe+16BA6
"Tutorial-x86_64.exe"+16B99: 49 8D 4D 08           -  lea rcx,[r13+08]
"Tutorial-x86_64.exe"+16B9D: 48 8B 55 F8           -  mov rdx,[rbp-08]
"Tutorial-x86_64.exe"+16BA1: E8 4A 28 FF FF        -  call Tutorial-x86_64.exe+93F0
"Tutorial-x86_64.exe"+16BA6: 49 83 C5 20           -  add r13,20
}


And that's the basics of injecting.

_________________
Back to top
View user's profile Send private message Visit poster's website
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Sun Mar 05, 2017 3:59 pm    Post subject: Reply with quote

pferreira wrote:
I would keep trying to narrow down the lines with the pointer addresses but Pointer Paths is currently stuck at 2372 and I can't bring that number down any more regardless of how many times I restart a game.
-Having 100,000 pointer results is not a problem, so long as they are reliable. You can have multiple, working pointers. You may have thousands of results, no matter how many times you rescan, depending on the game.

pferreira wrote:
How do I do an injection code? I click to find what writes to the address but all I get is the blank pop-up with just the instruction.
-So you are getting a result to populate inside of the debugger window? Please clarify.
Back to top
View user's profile Send private message
pferreira
Advanced Cheater
Reputation: 0

Joined: 05 Nov 2014
Posts: 67
Location: United Kingdom

PostPosted: Mon Mar 06, 2017 7:12 pm    Post subject: Reply with quote

++METHOS wrote:
-Having 100,000 pointer results is not a problem, so long as they are reliable. You can have multiple, working pointers. You may have thousands of results, no matter how many times you rescan, depending on the game.
I think I'm only supposed to have three or four according to online tutorials. What am I supposed to do with 2000+ lines?

++METHOS wrote:
So you are getting a result to populate inside of the debugger window? Please clarify.
No, I'm getting the standard box with the two headings, no data when I click on the CE tutorial box.
Back to top
View user's profile Send private message AIM Address
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Mon Mar 06, 2017 7:29 pm    Post subject: Reply with quote

pferreira wrote:
...according to online tutorials.

People can be idiots. If you don't know someone, don't trust them.

Different games are different. Some games could give ten valid pointers after many rescans while others could give ten thousand. If you're only making the table for yourself, just pick a pointer that works and use it. Save the last rescan in case the one you picked ever stops working.

If you plan on distributing the table (and are adamant on using the pointer scanner), give the pointer scan files to someone else and have them scan it on their computer a couple times. Any of the remaining pointers should be fine for most people.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Mon Mar 06, 2017 8:52 pm    Post subject: Reply with quote

If the target that you are working on is the CE tutorial, then you may not have any results to populate the debugger list until you perform an action in the tutorial to cause those results to populate (e.g. click the 'hit me' button).
Back to top
View user's profile Send private message
pferreira
Advanced Cheater
Reputation: 0

Joined: 05 Nov 2014
Posts: 67
Location: United Kingdom

PostPosted: Sun Mar 12, 2017 6:58 am    Post subject: Reply with quote

++METHOS wrote:
If the target that you are working on is the CE tutorial, then you may not have any results to populate the debugger list until you perform an action in the tutorial to cause those results to populate (e.g. click the 'hit me' button).
As always I target the game. I bring up the tutorial after I target the game. However clicking the hit box doesn't do anything.
Back to top
View user's profile Send private message AIM Address
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Sun Mar 12, 2017 7:11 am    Post subject: Reply with quote

To clarify: CE (Cheat Engine) is not a tutorial or a game. The CE tutorial is a tutorial. Any game that you are referring to is not relevant and does not apply to my previous comment.

Attach CE to the CE tutorial. Once you find the value for health (or whatever), right-click on it to see what is accessing it. You may not see any results populate the debugger list until you click 'hit me' again (or whatever) and that health value changes inside of the CE tutorial. Once that happens, you should see a result populate the debugger list.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Goto page 1, 2, 3  Next
Page 1 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites