Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Issue with pointer scan. Quick question.
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Emorrow
How do I cheat?
Reputation: 0

Joined: 17 Mar 2017
Posts: 9

PostPosted: Sat Mar 18, 2017 4:44 pm    Post subject: Issue with pointer scan. Quick question. Reply with quote

Game is Vermintide. Trying to make unlimited ammo.

I can find the address easily (obviously). I did a pointer scan to try and find the base address but it found nothing after a few restarts.

I tried the "find what accesses" which gave me two entries. one with an offset of 04 and another with no offeset.

When I try and search the hex it gave me, i get no results.

I've followed basic tutorials and thought this game would be a good starting point because of no anti cheat but im stumped.

Is there a reason the hex I search from the find what accesses would show up nothing?

Id be willing to pay for some assistance if thats what it takes. Trying to learn, and i realize that if you want something, you have to pay for it.
Back to top
View user's profile Send private message AIM Address
TheyCallMeTim13
Wiki Contributor
Reputation: 50

Joined: 24 Feb 2017
Posts: 976
Location: Pluto

PostPosted: Sat Mar 18, 2017 5:15 pm    Post subject: Reply with quote

No payments at this forum, donate to Dark Byte if you want.

But I sounds like you're aren't getting the real base address.

With ammo, and inventory like items, it will often be stored in an array.

So look above that code for some thing like this:

Code:

mov [eax+ecx*4+10],edx
//Really look for this:  [eax+ecx*4+XX] or  [eax+ecx*4]


Code:

mov [rax+rcx*8+10],edx
//Really look for this:  [rax+rcx*8+XX] or  [rax+rcx*8]


So with [eax+ecx*X+XX] ether eax or ecx is the base address and the other is the index in the array.

_________________
Back to top
View user's profile Send private message Visit poster's website
Emorrow
How do I cheat?
Reputation: 0

Joined: 17 Mar 2017
Posts: 9

PostPosted: Sat Mar 18, 2017 5:35 pm    Post subject: Reply with quote

TheyCallMeTim13 wrote:
No payments at this forum, donate to Dark Byte if you want.

But I sounds like you're aren't getting the real base address.

With ammo, and inventory like items, it will often be stored in an array.

So look above that code for some thing like this:

Code:

mov [eax+ecx*4+10],edx
//Really look for this:  [eax+ecx*4+XX] or  [eax+ecx*4]


Code:

mov [rax+rcx*8+10],edx
//Really look for this:  [rax+rcx*8+XX] or  [rax+rcx*8]


So with [eax+ecx*X+XX] ether eax or ecx is the base address and the other is the index in the array.


Appreciate you trying to help and I will 100% donate to him (ill provide proof) if you can assist me with learning this. I don't want answers really, just kind of pointed in the right direction.

Okay so lets say I'm trying to find ammo. I get 2C98CA50 (double) for the ammo address.

I go to "find what accesses" and I get this (first screenshot)

going to more info on the first entry I get this: (second screenshot)

Trying all the addresses I get no results in the search.

Just not sure what I'm doing wrong here.

Thanks again for your help.



Capture2.PNG
 Description:
 Filesize:  13.32 KB
 Viewed:  10080 Time(s)

Capture2.PNG



Capture.PNG
 Description:
 Filesize:  13.32 KB
 Viewed:  10080 Time(s)

Capture.PNG


Back to top
View user's profile Send private message AIM Address
TheyCallMeTim13
Wiki Contributor
Reputation: 50

Joined: 24 Feb 2017
Posts: 976
Location: Pluto

PostPosted: Sat Mar 18, 2017 5:50 pm    Post subject: Reply with quote

I would look at this instruction:
Code:
726141EE - mov ebp,[edx+eax*8+04]


Based on the pictures I would say: EDX is your ammo (or inventory) array start, EAX is the array index, and an array slot is 8 bytes wide (maybe count and max for each slot).

So as long as EAX is always the same for some given ammo then you can use that to buld an array on the table.

Code:

alloc(ptrAmmoBase,4)
...
mov [ptrAmmoBase],edx
...


Then on the table you can set up some pointers, using '[ptrAmmoBase]' as the base address and Index*8 as the offset.

EDIT:
If EAX is always the same for some given ammo, you can find a static base for EDX then build pointers on the table.

_________________
Back to top
View user's profile Send private message Visit poster's website
Emorrow
How do I cheat?
Reputation: 0

Joined: 17 Mar 2017
Posts: 9

PostPosted: Sat Mar 18, 2017 5:59 pm    Post subject: Reply with quote

TheyCallMeTim13 wrote:
I would look at this instruction:
Code:
726141EE - mov ebp,[edx+eax*8+04]


Based on the pictures I would say: EDX is your ammo (or inventory) array start, EAX is the array index, and an array slot is 8 bytes wide (maybe count and max for each slot).

So as long as EAX is always the same for some given ammo then you can use that to buld an array on the table.

Code:

alloc(ptrAmmoBase,4)
...
mov [ptrAmmoBase],edx
...


Then on the table you can set up some pointers, using '[ptrAmmoBase]' as the base address and Index*8 as the offset.

EDIT:
If EAX is always the same for some given ammo, you can find a static base for EDX then build pointers on the table.


Eh thanks for the help. I'm not one to quit but this all seems a little over my head. Gonna keep pounding it out and reading/watching more tutorials and stuff because as soon as I read what you said, I had no idea what I had to do with that info.

I donated 5$ to CE just because of the help you tried to give me. Appreciate it a lot.



Capture2.PNG
 Description:
 Filesize:  18.57 KB
 Viewed:  10061 Time(s)

Capture2.PNG


Back to top
View user's profile Send private message AIM Address
TheyCallMeTim13
Wiki Contributor
Reputation: 50

Joined: 24 Feb 2017
Posts: 976
Location: Pluto

PostPosted: Sat Mar 18, 2017 6:01 pm    Post subject: Reply with quote

Try the Cheat Engine Tutorial.

Here is a guide to help:

http://wiki.cheatengine.org/index.php?title=Tutorials:Cheat_Engine_Tutorial_Guide_x32

_________________
Back to top
View user's profile Send private message Visit poster's website
Emorrow
How do I cheat?
Reputation: 0

Joined: 17 Mar 2017
Posts: 9

PostPosted: Sat Mar 18, 2017 6:06 pm    Post subject: Reply with quote

[quote="TheyCallMeTim13"]Try the Cheat Engine Tutorial.

Here is a guide to help:



Ya I did up to 8 on my own. The last one was a little more complicated and when I looked for a guide it was all 32 bit and i was using 64 bit.
Back to top
View user's profile Send private message AIM Address
TheyCallMeTim13
Wiki Contributor
Reputation: 50

Joined: 24 Feb 2017
Posts: 976
Location: Pluto

PostPosted: Sat Mar 18, 2017 6:14 pm    Post subject: Reply with quote

I am planning on adding a 64 bit guide but try the 32 bit for now.

The steps are basically the same, but with different register sizes.

This may help to explain the register sizes:

http://wiki.cheatengine.org/index.php?title=Assembler#Registers


EDIT:
Just looked up the game 'Vermintide'.


The game is multiplayer-only[1]

[1]https://en.wikipedia.org/wiki/Warhammer:_End_Times_%E2%80%93_Vermintide

You can't hack sever side values!

And you are not allowed to ask for help with online games, unallowed manipulation of data and sending it over a wire is a prison-able offense in many countries.

_________________


Last edited by TheyCallMeTim13 on Sat Mar 18, 2017 6:24 pm; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
Emorrow
How do I cheat?
Reputation: 0

Joined: 17 Mar 2017
Posts: 9

PostPosted: Sat Mar 18, 2017 6:22 pm    Post subject: Reply with quote

TheyCallMeTim13 wrote:
I am planning on adding a 64 bit guide but try the 32 bit for now.

The steps are basically the same, but with different register sizes.

This may help to explain the register sizes:



I just finished the tutorial for step 9.

Added all the health to the table and labeled by name. Found the offset 014 was the team using structure dissect.

code injected :

Code:
cmp [rbx+14],1
je team1
cmp [rbx+14],2
jmp team2
team1:
mov [rbx+08],(float)5000
jmp exit
team2:
mov [rbx+08],(float)0
jmp exit


done and done.
Back to top
View user's profile Send private message AIM Address
TheyCallMeTim13
Wiki Contributor
Reputation: 50

Joined: 24 Feb 2017
Posts: 976
Location: Pluto

PostPosted: Sat Mar 18, 2017 6:31 pm    Post subject: Reply with quote

Keep going just pick an offline game, (see edit in last post)
_________________
Back to top
View user's profile Send private message Visit poster's website
Emorrow
How do I cheat?
Reputation: 0

Joined: 17 Mar 2017
Posts: 9

PostPosted: Sat Mar 18, 2017 6:33 pm    Post subject: Reply with quote

TheyCallMeTim13 wrote:
Keep going just pick an offline game, (see edit in last post)


I'm well aware you can't hack server sided values, thats the whole point of server sided values. Its not online only, you can play private and none of the values are server sided. I can change Ammo for example and it takes effect, i just have to redo it every time the game closes (which is what im trying to figure out here).

not sending anything "over the wire".
Back to top
View user's profile Send private message AIM Address
TheyCallMeTim13
Wiki Contributor
Reputation: 50

Joined: 24 Feb 2017
Posts: 976
Location: Pluto

PostPosted: Sat Mar 18, 2017 6:37 pm    Post subject: Reply with quote

Yeah I haven't played it, read that line, and thought oh no.

It's just that the forum and Dark Byte have recently had some legal issues and online game hacking was a part of it.

_________________
Back to top
View user's profile Send private message Visit poster's website
Emorrow
How do I cheat?
Reputation: 0

Joined: 17 Mar 2017
Posts: 9

PostPosted: Sat Mar 18, 2017 6:40 pm    Post subject: Reply with quote

TheyCallMeTim13 wrote:
Yeah I haven't played it, read that line, and thought oh no.

It's just that the forum and Dark Byte have recently had some legal issues and online game hacking was a part of it.


No problem, i understand. You kind of pointed me in the right direction and maybe ill figure it out. who knows. Anyone else that reads this and feels like helping me out, or working together to figure it out if youre new aswell, you can talk to me on skype at em0rr0w.
Back to top
View user's profile Send private message AIM Address
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Sat Mar 18, 2017 7:19 pm    Post subject: Reply with quote

Online games are prohibited for discussion.
Back to top
View user's profile Send private message
Emorrow
How do I cheat?
Reputation: 0

Joined: 17 Mar 2017
Posts: 9

PostPosted: Sat Mar 18, 2017 9:58 pm    Post subject: Reply with quote

++METHOS wrote:
Online games are prohibited for discussion.


not really sure if you just didnt bother reading or what, but we've already established that. Thanks for joining in, very helpful post.
Back to top
View user's profile Send private message AIM Address
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites