View previous topic :: View next topic |
Author |
Message |
merlin555 Newbie cheater Reputation: 0
Joined: 18 Apr 2017 Posts: 15
|
Posted: Tue Apr 18, 2017 4:04 am Post subject: [REQUEST] Redout v.104 |
|
|
Hello,
I have problems found a possible address for the game Redout v1.04.
First Scan i found 100-140 addresses.
But by NEXT scan is everytime 0.
I search the money, health & energy.
The game is 64bit.
Process name = redout-Win64-shipping
Thanks!
Best regards..
Merlin
|
|
Back to top |
|
|
sbryzl Master Cheater Reputation: 6
Joined: 25 Jul 2016 Posts: 252
|
Posted: Tue Apr 18, 2017 1:12 pm Post subject: |
|
|
I tested on the demo version because I don't have the game but it should be fairly similar. I verified the stats by testing vehicle structure. At a very low setting the car blew up quickly and at a high setting I crashed into the walls the whole time without blowing up.
Here is the block of code that loads the 5 car stats into xmm registers.
Code: | "redout-Win64-Shipping.exe"+19FC15: 48 8B F0 - mov rsi,rax
"redout-Win64-Shipping.exe"+19FC18: 48 85 C0 - test rax,rax
"redout-Win64-Shipping.exe"+19FC1B: 0F 84 96 02 00 00 - je redout-Win64-Shipping.exe+19FEB7
"redout-Win64-Shipping.exe"+19FC21: 0F 29 B4 24 80 00 00 00 - movaps [rsp+00000080],xmm6
"redout-Win64-Shipping.exe"+19FC29: 45 0F B6 C4 - movzx r8d,r12l
"redout-Win64-Shipping.exe"+19FC2D: 0F 29 7C 24 70 - movaps [rsp+70],xmm7
"redout-Win64-Shipping.exe"+19FC32: 41 0F B6 D7 - movzx edx,r15l
"redout-Win64-Shipping.exe"+19FC36: F3 0F 10 B8 78 0C 00 00 - movss xmm7,[rax+00000C78]
"redout-Win64-Shipping.exe"+19FC3E: 48 8B CD - mov rcx,rbp
"redout-Win64-Shipping.exe"+19FC41: 44 0F 29 44 24 60 - movaps [rsp+60],xmm8
"redout-Win64-Shipping.exe"+19FC47: F3 44 0F 10 80 B4 0C 00 00 - movss xmm8,[rax+00000CB4]
"redout-Win64-Shipping.exe"+19FC50: 44 0F 29 4C 24 50 - movaps [rsp+50],xmm9
"redout-Win64-Shipping.exe"+19FC56: F3 44 0F 10 88 D0 06 00 00 - movss xmm9,[rax+000006D0]
"redout-Win64-Shipping.exe"+19FC5F: 44 0F 29 54 24 40 - movaps [rsp+40],xmm10
"redout-Win64-Shipping.exe"+19FC65: F3 44 0F 10 90 90 07 00 00 - movss xmm10,[rax+00000790]
"redout-Win64-Shipping.exe"+19FC6E: 44 0F 29 5C 24 30 - movaps [rsp+30],xmm11
"redout-Win64-Shipping.exe"+19FC74: F3 44 0F 10 98 18 08 00 00 - movss xmm11,[rax+00000818]
"redout-Win64-Shipping.exe"+19FC7D: 44 0F 29 64 24 20 - movaps [rsp+20],xmm12
"redout-Win64-Shipping.exe"+19FC83: F3 44 0F 10 A0 80 0C 00 00 - movss xmm12,[rax+00000C80]
"redout-Win64-Shipping.exe"+19FC8C: E8 4F 02 00 00 - call redout-Win64-Shipping.exe+19FEE0
"redout-Win64-Shipping.exe"+19FC91: 4C 8B B8 50 08 00 00 - mov r15,[rax+00000850] |
There are other references for the same address by submodule.
acceleration:
Code: | redout-Win64-Shipping.URedoutGameInstance::GetShipNormalizedStats+66 - F3 0F10 B8 780C0000 - movss xmm7,[rax+00000C78] |
grip:
Code: | redout-Win64-Shipping.URedoutGameInstance::GetShipNormalizedStats+77 - F3 44 0F10 80 B40C0000 - movss xmm8,[rax+00000CB4] |
structure:
Code: | redout-Win64-Shipping.URedoutGameInstance::GetShipNormalizedStats+86 - F3 44 0F10 88 D0060000 - movss xmm9,[rax+000006D0] |
energy:
Code: | redout-Win64-Shipping.URedoutGameInstance::GetShipNormalizedStats+95 - F3 44 0F10 90 90070000 - movss xmm10,[rax+00000790] |
recharge:
Code: | redout-Win64-Shipping.URedoutGameInstance::GetShipNormalizedStats+A4 - F3 44 0F10 98 18080000 - movss xmm11,[rax+00000818] |
Speed:
Code: | redout-Win64-Shipping.URedoutGameInstance::GetShipNormalizedStats+B3 - F3 44 0F10 A0 800C0000 - movss xmm12,[rax+00000C80] |
Last edited by sbryzl on Tue Apr 18, 2017 2:58 pm; edited 1 time in total |
|
Back to top |
|
|
merlin555 Newbie cheater Reputation: 0
Joined: 18 Apr 2017 Posts: 15
|
Posted: Tue Apr 18, 2017 1:48 pm Post subject: |
|
|
@sbryzl
Thanks for you help!
But i dont understand the programming lines.
Can you build a script for me?
I am not a programmer.
I have the normal steam version and cant download the demo.
Sorry, for my bad english.
|
|
Back to top |
|
|
sbryzl Master Cheater Reputation: 6
Joined: 25 Jul 2016 Posts: 252
|
Posted: Tue Apr 18, 2017 3:08 pm Post subject: |
|
|
I can understand your English fine.
I can tell you how to use the disassembled code.
Energy is the value that is moved to xmm10 so if you look at this:
Code: | "redout-Win64-Shipping.exe"+19FC65: F3 44 0F 10 90 90 07 00 00 - movss xmm10,[rax+00000790] |
You can copy the bytes "F3 44 0F 10 90 90 07 00 00" and start a new search in cheat engine for "array of bytes", paste the copied bytes in the search field and select executable not writable because these are bytes in the executable part of memory.
After searching an address comes up, right click and select "disassemble this memory". Then the disassembly window comes up right click on the code that writes to xmm10 and select "find out what addresses this accesses". The address comes up and double click it to place it in the table. Now you will have the address for energy of the current vehicle.
There is also a table at FearlessRevolution which I haven't tried.
|
|
Back to top |
|
|
merlin555 Newbie cheater Reputation: 0
Joined: 18 Apr 2017 Posts: 15
|
Posted: Tue Apr 18, 2017 4:16 pm Post subject: |
|
|
Thanks!!
But Cheat Engine found 0 addresses.
First, im going into a level.
Wait for the energy is 100% UP and then
i make a search with ""F3 44 0F 10 90 90 07 00 00""
not "Health".
Comes a address by the first scans ?
Whats the energy status first in the game ?
100% UP or 0% down ?
Her a picture from CT.
Description: |
|
Filesize: |
32.3 KB |
Viewed: |
22241 Time(s) |
|
|
|
Back to top |
|
|
sbryzl Master Cheater Reputation: 6
Joined: 25 Jul 2016 Posts: 252
|
Posted: Tue Apr 18, 2017 4:44 pm Post subject: |
|
|
You need to enable "executable" rather than "writable". Then it should work.
The values when you find them will be float anywhere from .1 to 1000. I don't remember energy format, maybe a decimal or maybe in hundreds.
Also the values are all loaded before the race starts so although you can edit them anytime you will want to go into the menu and start a new race for the changes to take effect.
|
|
Back to top |
|
|
merlin555 Newbie cheater Reputation: 0
Joined: 18 Apr 2017 Posts: 15
|
Posted: Tue Apr 18, 2017 6:17 pm Post subject: |
|
|
I download now the DEMO from a test Steam account.
The bytes "F3 44 0F 10 90 90 07 00 00" found now a address. (only DEMO)
See PIC (1)
Then Select the first line and press ""find out what addresses this accesses" PIC (2)
and a new windows appears that is empty.. and now ? PIC (3)
Description: |
|
Filesize: |
101.63 KB |
Viewed: |
22219 Time(s) |
|
Description: |
|
Filesize: |
42.5 KB |
Viewed: |
22219 Time(s) |
|
Description: |
|
Filesize: |
54.16 KB |
Viewed: |
22219 Time(s) |
|
|
|
Back to top |
|
|
sbryzl Master Cheater Reputation: 6
Joined: 25 Jul 2016 Posts: 252
|
Posted: Tue Apr 18, 2017 7:13 pm Post subject: |
|
|
So it doesn't work in the regular game? That kinda sucks.
You need to be in the configuration screen where you choose a car to get the addresses.
As for finding it in the regular game, maybe it has similar code you could find by looking for that submodule.
When you go back to the regular game try right clicking in the disassembler "go to address" and enter:
"redout-Win64-Shipping.URedoutGameInstance::GetShipNormalizedStats". Maybe you can find something similar loading up the xmm registers even if it's not exactly the same.
|
|
Back to top |
|
|
merlin555 Newbie cheater Reputation: 0
Joined: 18 Apr 2017 Posts: 15
|
Posted: Tue Apr 18, 2017 8:13 pm Post subject: |
|
|
You thinks the codes for the ships parameters ?
Or in the level game, unlimited health, Energy.. etc.
Submodule ??
How find it ?
I have no clue.. sorry!
The code script from the "FearLess Cheat Engine" cannot select the,
"Health, "Health MAX" etc.
See PIC 4
Description: |
|
Filesize: |
35.93 KB |
Viewed: |
22193 Time(s) |
|
|
|
Back to top |
|
|
sbryzl Master Cheater Reputation: 6
Joined: 25 Jul 2016 Posts: 252
|
Posted: Tue Apr 18, 2017 8:50 pm Post subject: |
|
|
In the regular game you can right click in the disassembler and select 'go to address'.
Enter this into the address field and click ok:
redout-Win64-Shipping.URedoutGameInstance::GetShipNormalizedStats
If there is an error then the regular game is probably too dissimilar from the demo.
I could look at the table at Fearless but if the 2 versions are so different then it wouldn't matter much.
|
|
Back to top |
|
|
merlin555 Newbie cheater Reputation: 0
Joined: 18 Apr 2017 Posts: 15
|
Posted: Tue Apr 18, 2017 9:02 pm Post subject: |
|
|
Yes.. thats clear.
But i dont understand as i search which value,
to find the submodule.
I must have a address for going to disassembler.
I have no clue..
|
|
Back to top |
|
|
sbryzl Master Cheater Reputation: 6
Joined: 25 Jul 2016 Posts: 252
|
Posted: Tue Apr 18, 2017 9:22 pm Post subject: |
|
|
In the regular version you have to look in the module called:
redout-Win64-Shipping.URedoutGameInstance::GetShipNormalizedStats
Look for entries that load the xmm registers like these :
movss xmm7,[rax+00000C78]
movss xmm8,[rax+00000CB4]
movss xmm9,[rax+000006D0]
movss xmm10,[rax+00000790]
movss xmm11,[rax+00000818]
movss xmm12,[rax+00000C80]
Right click on those and select "find out what addresses these access" while you are looking at the car's stats in the configuration screen. You need to look for operatoins that have xmm registers on the left and brackets on the right because that tells you the bracketed relative address is being loaded into the xmm register.
|
|
Back to top |
|
|
merlin555 Newbie cheater Reputation: 0
Joined: 18 Apr 2017 Posts: 15
|
Posted: Tue Apr 18, 2017 10:44 pm Post subject: |
|
|
I found this.. see PIC 5.
But no lines with:
movss xmm7,[rax+00000C78]
movss xmm8,[rax+00000CB4]
movss xmm9,[rax+000006D0]
movss xmm10,[rax+00000790]
movss xmm11,[rax+00000818]
movss xmm12,[rax+00000C80]
Thats not easy for me.
Description: |
|
Filesize: |
46.31 KB |
Viewed: |
22043 Time(s) |
|
|
|
Back to top |
|
|
sbryzl Master Cheater Reputation: 6
Joined: 25 Jul 2016 Posts: 252
|
Posted: Tue Apr 18, 2017 10:56 pm Post subject: |
|
|
It looks like the same variables are covered there so that is probably it. What does it say below the list of variables?
Further down you should see redout-Win64-Shipping.URedoutGameInstance::GetShipNormalizedStats
+number
Look around a +number between +40 and +100.
|
|
Back to top |
|
|
merlin555 Newbie cheater Reputation: 0
Joined: 18 Apr 2017 Posts: 15
|
Posted: Wed Apr 19, 2017 6:07 am Post subject: |
|
|
First i cheating in the DEMO version,
I found the line, but in the down windows has only ??
Whats the reason ?
Description: |
|
Filesize: |
51.34 KB |
Viewed: |
21982 Time(s) |
|
Description: |
|
Filesize: |
82.08 KB |
Viewed: |
21982 Time(s) |
|
|
|
Back to top |
|
|
|