View previous topic :: View next topic |
Author |
Message |
SAMASAL Newbie cheater Reputation: 0
Joined: 02 Apr 2015 Posts: 11
|
Posted: Sun Dec 24, 2017 11:44 am Post subject: What is the equivalent to Game Guardian xor search in CE? |
|
|
(Edit: Forum does NOT allow me to post a youtube link about how it is done sorry)
GG is very useful for finding xor values, once you know the xor values are 4 bytes apart for example, you can search the value directly as a dword x4, and will get you the result in less than a minute, I am not fond of game guardian and would like to know if it is possible to do so in Cheat Engine.
Thanks everyone for your answer.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25300 Location: The netherlands
|
Posted: Sun Dec 24, 2017 12:01 pm Post subject: |
|
|
use custom types
e.g:
open the process, rightclick the value type and choose the option to define a new assembler type
and paste this in:
Code: |
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(UsesFloat,1)
alloc(CallMethod,1)
TypeName:
db 'dword xor +4',0
ByteSize:
dd 8
UsesFloat:
db 0 //Change to 1 if this custom type should be treated as a float
CallMethod:
db 1 //Remove or change to 0 for legacy call mechanism
//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: cdecl int ConvertRoutine(unsigned char *input, PTR_UINT address);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
//rdx=address
mov eax,[rcx] //eax now contains the bytes 'input' pointed to
xor eax,[rcx+4]
ret
[/64-bit]
[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=address of input
//[ebp+c]=address
//example:
push ebx
mov ebx,[ebp+8] //place the address that contains the bytes into eax
mov eax,[ebx] //place the bytes into eax so it's handled as a normal 4 byte value
xor eax,[ebx+4]
pop ebx
pop ebp
ret
[/32-bit]
//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: cdecl void ConvertBackRoutine(int i, PTR_UINT address, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address
//r8=address of output
//example:
xor ecx,[r8+4]
mov [r8],ecx //place the integer at the 4 bytes pointed to by r8
ret
[/64-bit]
[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address
//[ebp+10]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+10] //load the output address into ebx
xor eax,[ebx+4]
mov [ebx],eax //write the value into the address
pop ebx
pop eax
pop ebp
ret
[/32-bit]
|
from then on, you can use the dword xor +4 type when you like
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping
Last edited by Dark Byte on Sun Dec 24, 2017 12:25 pm; edited 1 time in total |
|
Back to top |
|
|
SAMASAL Newbie cheater Reputation: 0
Joined: 02 Apr 2015 Posts: 11
|
Posted: Sun Dec 24, 2017 12:05 pm Post subject: |
|
|
Edit: I will read a bit about custom types and check why it does not work, thank you.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25300 Location: The netherlands
|
Posted: Sun Dec 24, 2017 12:22 pm Post subject: |
|
|
Sorry, I copy pasted the wrong script and deleted the right one afterwards...
let me rewrite it
edit: fixed the above post
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
SAMASAL Newbie cheater Reputation: 0
Joined: 02 Apr 2015 Posts: 11
|
Posted: Sun Dec 24, 2017 12:34 pm Post subject: |
|
|
Dark Byte wrote: | Sorry, I copy pasted the wrong script and deleted the right one afterwards...
let me rewrite it
edit: fixed the above post |
Thanks for helping out, before I try trial and error can you let me now which values in the code needs to be modified for x8, x16 and x24?.
This really helps out a ton thanks.
Edit: I think I found them, this is trivial for you of course thanks again Dark.
Change Xor 4 for Xor 16:
xor **x,[**+4]
xor **x,[**+16]
Edit2: nevermind does not work need to check again what am I doing.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25300 Location: The netherlands
|
Posted: Sun Dec 24, 2017 2:31 pm Post subject: |
|
|
don't forget to adjust
also, you may want to disable fastscan
(or add
Code: |
alloc(PREFEREDALIGNMENT,4)
PREFEREDALIGNMENT:
dd 4
|
)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
SAMASAL Newbie cheater Reputation: 0
Joined: 02 Apr 2015 Posts: 11
|
Posted: Sun Dec 24, 2017 5:45 pm Post subject: |
|
|
Dark Byte wrote: | don't forget to adjust
also, you may want to disable fastscan
(or add
Code: |
alloc(PREFEREDALIGNMENT,4)
PREFEREDALIGNMENT:
dd 4
|
) |
Yes It is working! the bytesize was the missing step, thanks and merry christmas!, thanks for taking time to make this happen.
|
|
Back to top |
|
|
Guccina5678 Newbie cheater Reputation: 0
Joined: 24 Feb 2024 Posts: 10
|
Posted: Sat Mar 23, 2024 4:56 pm Post subject: Dword code ty darkbyte |
|
|
I used your code and was able to finally create an unlimited barn in my game. Thank you so much!
_________________
Screaming into the void |
|
Back to top |
|
|
ZadkielSan Advanced Cheater Reputation: 0
Joined: 09 Sep 2012 Posts: 75
|
Posted: Wed Mar 27, 2024 11:20 am Post subject: Re: Dword code ty darkbyte |
|
|
Guccina5678 wrote: | I used your code and was able to finally create an unlimited barn in my game. Thank you so much! |
good for you, still can't use this, it says "divided by zero" or find nothing, I want to be able to do xor search x4 and x8 like game guardian but it's not possible
|
|
Back to top |
|
|
|