Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


I need help Logging Dice rolls

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions
View previous topic :: View next topic  
Author Message
peddroelm
Cheater
Reputation: 0

Joined: 03 Oct 2014
Posts: 48

PostPosted: Wed Jan 03, 2018 1:53 am    Post subject: I need help Logging Dice rolls Reply with quote

In my quest for perfecting game mechanics reverse engineering techniques / bug hunting the next hurdle is being able to view/log dice rolls.

Dice rolls are a VERY COMMON ELEMENT :

roll to hit , roll to crit, roll to trigger effect on swing, roll do dodge, .

Problem this instruction is often a comparison between two unknowns: the RNG 'roll' but also what it rolls against is often not known about (if they logged it I wouldn't need to log it Smile . There are many time transitory bonuses in play. And of course they there is a question of multiplication / interval . They roll between 0 and 1 ; between 1 and 100 .. etc)

How do I begin approaching something like this ?

No escape running the code step by step [get an execution breakpoint close enough somehow ?] and praying I can make sense of the assembler code (fat chance) ?

EDIT: I can handle the logging. What I need help with is finding the instruction that does the comparison between the stat rolled against and the RNG dice roll.
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater
Reputation: 23

Joined: 09 Aug 2013
Posts: 617

PostPosted: Wed Jan 03, 2018 10:42 am    Post subject: Reply with quote

Not something I've done or know much about but I'd probably start by looking at CE's github and seeing how the unrandomizer works and/or looking up common random number generators.

Once you can find the rng in the game you can find where it's used and thus where the numbers are used and therefore the cmp, at least in theory you would eventually Smile
Back to top
View user's profile Send private message
peddroelm
Cheater
Reputation: 0

Joined: 03 Oct 2014
Posts: 48

PostPosted: Thu Jan 04, 2018 10:11 pm    Post subject: Reply with quote

Code:
AbilityInstance:CritTest+2 - 8B EC                 - mov ebp,esp
AbilityInstance:CritTest+4 - 57                    - push rdi
AbilityInstance:CritTest+5 - 48 83 EC 18           - sub rsp,18 { 24 }
AbilityInstance:CritTest+9 - 48 8B F9              - mov rdi,rcx
AbilityInstance:CritTest+c - 48 89 55 E8           - mov [rbp-18],rdx
AbilityInstance:CritTest+10- 41 BA 40E1E417        - mov r10d,17E4E140 { [17B28A70] }
AbilityInstance:CritTest+16- 48 83 EC 20           - sub rsp,20 { 32 }
AbilityInstance:CritTest+1a- 49 BB E075650600000000 - mov r11,Singleton`1:get_Instance { [EC8B4855] }
AbilityInstance:CritTest+24- 41 FF D3              - call r11
AbilityInstance:CritTest+27- 48 83 C4 20           - add rsp,20 { 32 }
AbilityInstance:CritTest+2b- 48 8B C8              - mov rcx,rax
AbilityInstance:CritTest+2e- 83 39 00              - cmp dword ptr [rcx],00 { 0 }
AbilityInstance:CritTest+31- 0FB6 80 C1010000      - movzx eax,byte ptr [rax+000001C1]
AbilityInstance:CritTest+38- 85 C0                 - test eax,eax
AbilityInstance:CritTest+3a- 74 0A                 - je AbilityInstance:CritTest+46
AbilityInstance:CritTest+3c- B8 01000000           - mov eax,00000001 { 1 }
AbilityInstance:CritTest+41- E9 C9000000           - jmp AbilityInstance:CritTest+10f
AbilityInstance:CritTest+46- 48 8B 47 18           - mov rax,[rdi+18]
AbilityInstance:CritTest+4a- 48 8B C8              - mov rcx,rax
AbilityInstance:CritTest+4d- 83 39 00              - cmp dword ptr [rcx],00 { 0 }
AbilityInstance:CritTest+50- 48 8B 40 18           - mov rax,[rax+18]
AbilityInstance:CritTest+54- 48 8B C8              - mov rcx,rax
AbilityInstance:CritTest+57- 48 63 55 E8           - movsxd  rdx,dword ptr [rbp-18]
AbilityInstance:CritTest+5b- 45 33 C0              - xor r8d,r8d
AbilityInstance:CritTest+5e- 48 83 EC 20           - sub rsp,20 { 32 }
AbilityInstance:CritTest+62- 83 38 00              - cmp dword ptr [rax],00 { 0 }
AbilityInstance:CritTest+65- 49 BB 405ADC0000000000 - mov r11,FighterStats:CalculateCritRating { [EC8B4855] }
AbilityInstance:CritTest+6f- 41 FF D3              - call r11
AbilityInstance:CritTest+72- 48 83 C4 20           - add rsp,20 { 32 }
AbilityInstance:CritTest+76- F3 0F5A C0            - cvtss2sd xmm0,xmm0
AbilityInstance:CritTest+7a- F2 0F5A E8            - cvtsd2ss xmm5,xmm0
AbilityInstance:CritTest+7e- F3 0F11 6D F4         - movss [rbp-0C],xmm5
AbilityInstance:CritTest+83- 48 8B 47 18           - mov rax,[rdi+18]
AbilityInstance:CritTest+87- 48 8B C8              - mov rcx,rax
AbilityInstance:CritTest+8a- 83 39 00              - cmp dword ptr [rcx],00 { 0 }
AbilityInstance:CritTest+8d- 48 8B 40 18           - mov rax,[rax+18]
AbilityInstance:CritTest+91- F3 0F10 45 F4         - movss xmm0,[rbp-0C]
AbilityInstance:CritTest+96- F3 0F5A C0            - cvtss2sd xmm0,xmm0
AbilityInstance:CritTest+9a- 48 8B C8              - mov rcx,rax
AbilityInstance:CritTest+9d- F2 0F10 C8            - movsd xmm1,xmm0
AbilityInstance:CritTest+a1- F2 0F5A C9            - cvtsd2ss xmm1,xmm1
AbilityInstance:CritTest+a5- 48 83 EC 20           - sub rsp,20 { 32 }
AbilityInstance:CritTest+a9- 83 38 00              - cmp dword ptr [rax],00 { 0 }
AbilityInstance:CritTest+ac- 49 BB E05CDC0000000000 - mov r11,FighterStats:CalculateCritPercentChance { [EC8B4855] }
AbilityInstance:CritTest+b6- 41 FF D3              - call r11
AbilityInstance:CritTest+b9- 48 83 C4 20           - add rsp,20 { 32 }
AbilityInstance:CritTest+bd- F3 0F5A C0            - cvtss2sd xmm0,xmm0
AbilityInstance:CritTest+c1- F2 0F5A E8            - cvtsd2ss xmm5,xmm0
AbilityInstance:CritTest+c5- F3 0F11 6D F0         - movss [rbp-10],xmm5
AbilityInstance:CritTest+ca- 66 0F57 C0            - xorpd xmm0,xmm0
AbilityInstance:CritTest+ce- F3 0F10 0D 4A000000   - movss xmm1,[AbilityInstance:CritTest+120] { [100.00] }
AbilityInstance:CritTest+d6- F3 0F5A C9            - cvtss2sd xmm1,xmm1
AbilityInstance:CritTest+da- F2 0F5A C9            - cvtsd2ss xmm1,xmm1
AbilityInstance:CritTest+de- F2 0F5A C0            - cvtsd2ss xmm0,xmm0
AbilityInstance:CritTest+e2- 48 83 EC 20           - sub rsp,20 { 32 }
AbilityInstance:CritTest+e6- 49 BB 702EF64100000000 - mov r11,UnityEngine:Random:Range { [EC8B4855] }
AbilityInstance:CritTest+f0- 41 FF D3              - call r11
AbilityInstance:CritTest+f3- 48 83 C4 20           - add rsp,20 { 32 }
AbilityInstance:CritTest+f7- F3 0F5A C0            - cvtss2sd xmm0,xmm0
AbilityInstance:CritTest+fb- F3 0F10 4D F0         - movss xmm1,[rbp-10]
AbilityInstance:CritTest+100- F3 0F5A C9            - cvtss2sd xmm1,xmm1
AbilityInstance:CritTest+104- 48 33 C0              - xor rax,rax
AbilityInstance:CritTest+107- 66 0F2F C8            - comisd xmm1,xmm0
AbilityInstance:CritTest+10b- 40 0F97 C0            - seta al
AbilityInstance:CritTest+10f- 48 8B 7D F8           - mov rdi,[rbp-08]
AbilityInstance:CritTest+113- C9                    - leave
AbilityInstance:CritTest+114- C3                    - ret
AbilityInstance:CritTest+115- 02 00                 - add al,[rax]
AbilityInstance:CritTest+117- 00 00                 - add [rax],al
AbilityInstance:CritTest+119- 48 83 EC 20           - sub rsp,20 { 32 }
AbilityInstance:CritTest+11d- 49 BB 000000C842000000 - mov r11,00000042C8000000 { -939524096 }



was extremely lucky that this is a Unity game and mono dissector

Have only a vague idea how to proceed from here but I have a strong feeling I'm in the right place.
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 8

Joined: 01 Feb 2016
Posts: 862

PostPosted: Thu Jan 04, 2018 10:22 pm    Post subject: Reply with quote

Code:
AbilityInstance:CritTest+e6- 49 BB 702EF64100000000 - mov r11,UnityEngine:Random:Range { [EC8B4855] }
AbilityInstance:CritTest+f0- 41 FF D3              - call r11

dive in and patch it there.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
patched cheat engine tutorials
Memory Hacker
Back to top
View user's profile Send private message Visit poster's website
peddroelm
Cheater
Reputation: 0

Joined: 03 Oct 2014
Posts: 48

PostPosted: Thu Jan 04, 2018 10:35 pm    Post subject: Reply with quote

My assembler knowledge is way bellow basic. I currently don't know what ~80% of the instructions there do.

I would like to read up on them so I can fallow the execution with the parameters (do I need an external tool to transform the hex values [non address] from the registers into floats ) ?

Now that I got here I found another thing that interests me game mechanics wise - the conversion from sum of critical rating stat to critical chance. Pretty certain this function can help with that too ..

It will just take me a long time.. Its been over 20 years since I've step by stepped assembler code :blush: . (My recollection of the mechanics of parameters transmission /recovery between function calls is beyond hazy)
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 8

Joined: 01 Feb 2016
Posts: 862

PostPosted: Thu Jan 04, 2018 10:39 pm    Post subject: Reply with quote

feel free to post snapshots here (if others dont mind) me or anyone else wil probably help.

peddroelm wrote:
I would like to read up on them so I can fallow the execution with the parameters (do I need an external tool to transform the hex values [non address] from the registers into floats ) ?

if the float value in memory location (address) then CE should display it as a float on the right-hand-side of the instruction, otherwise you might would to do it manually.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
patched cheat engine tutorials
Memory Hacker
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites