Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[Tutorial] Dissect data/structures in Cheat Engine
Goto page 1, 2, 3, 4, 5, 6, 7  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials
View previous topic :: View next topic  
Author Message
Geri
Moderator
Reputation: 109

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Fri Jan 21, 2011 8:13 pm    Post subject: [Tutorial] Dissect data/structures in Cheat Engine This post has 1 review(s) Reply with quote

Again, this post is just a copy of the original article and it is missing the pictures and the video. You can see the original article here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles/230-dissect-data-structures



This tutorial will show You how to use the data dissector to find interesting values and analyze data.

I will use Cheat Engine 6.0 in the tutorial. You can download it from here:
http://www.cheatengine.org

Our target process will be Armies of Exigo's DEMO version. It is small, freely available, very easy to find values and a fairly good game (one of my old favorites), so it is an excellent choice for demonstration. Use Google to find dozens of links for the demo but here are some links to keep up the pace:
http://www.gamershell.com/download_6761.shtml
http://www.fileplanet.com/144582/140000/fileinfo/Armies-of-Exigo-Demo

Our task will be to find a few unit's structure, analyze them and find a "player ID" to create a god mode cheat.

Start the game and play it a bit. If You have played Warcraft and similar games, this game will be familiar to You.


1st task: Finding the unit's health and the code which is changing the health

This should be very easy, the health of a unit it displayed when it is selected. It is stored as a Float type value. Find some enemies, search for Your health and if You have found it (You should have only 1 result in Your list), add it to the table.

Now right-click on it and choose "Find out what writes to this address". Go back in the game, loose some health and You will find this code:

005DA8DC - D9 5E 04 - fstp dword ptr [esi+04]



2nd task: Finding some more unit's health

Now You have the code which is changing the health for all units when they are taking damage. Your task is to find a few unit's health, including enemy and friendly units. Get 2 units and find some enemies. Right-click on the code that You have found and choose "Find out what addresses this code reads from". Make sure that Your test subjects will not die in the process. It would be optimal if You could find at least 2 friendly and 2 enemy unit's health. Like this:




3rd task: Checking the structures

Now You should have enough addresses to start analyzing a unit's structure. So what are structures? To keep it short, let's just say that some values are stored together in one place instead of scattered around in the memory (You can find many more info about structures on the Cheat Engine Forum).
In our case, the most important data about a unit is stored together in a structure as You will see it in a minute. The start of the structure is usually the register between the [], which is in our case ESI. ESI+04 is the address of the health, so we can clearly see that the health is stored almost at the start of the structure. Ok, what kind of information can we find here?

1. Open the memory browser and use Tools->Dissect data/structures.
2. As we have 4 units to compare, use File->Add extra address to add 3 more address slots.
3. Now in the address slots, type in the address of ESI, which is in our case the health address-4 for all 4 units.
4. If it is done, use Structures->Define new structure.
5. You can give a name for the structure, but it is not important, click Ok.
6. Click Yes and allow Cheat Engine to guess the type of the values automatically. It will do a very good job.
7. It is enough to analyze 4096 bytes now, so click on OK again.

Now You see 4 coloumns with a bunch of data using red and green colors. Red means that the values in the structures are different, green means the values are perfectly matching in the structures for all 4 units.

To make things even easier for us, we can even create groups. As we will try to analyze the differencies between friendly and enemy soldiers, let us put enemies in a different group. Right-click on the enemy unit's address and choose Change group. Set all enemy unit's group to 1.

You can immediately see that some colors has changed and some values are shown with blue color. Blue color means that the value is the same inside that group, but it is different compared to other groups.

Here is a picture of what should You see:



Now we can go on with the analyzis. I told You this will be an easy game so You will immediately see the important values.


offset 0000 [ESI]: As You can see, the first value is 0 for friendly units and 1 for enemy units. Yes, You are right. This value is storing the owner of the unit. 0 is the human player so if this value is not 0, the unit is an enemy unit.

offset 0004 [ESI+04]: We know that already, this is the health of the unit. Smile

offset 0008 [ESI+08]: If You have a sharp eye, You can probably see that this value is the maximum amount of health for the unit.

offset 000C [ESI+0C]: Mana of the unit.

offset 0010 [ESI+10]: Max mana of the unit.

This info is already enough for us to make a god mode script and if You find the code which is changing the mana, You can easily create an infinite mana script too, which will work for Your units only.

Now my test units don't have mana so 0C and 10 has 0 value.

Just a short video to keep up the pace if You are confused about something:



All we have to do now is write a script which is checking the value of ESI when the health would be changed and if it is 0, change the unit's health to maximum.

God Mode script (this is an old script that I have made ages ago):

fstp dword ptr [esi+04] //original code which is changing the health
pushfd //save flags
pushad //save registers
cmp [esi],0 //check if ESI=0
jne +6 //if ESI is not 0, the code will jump over the next 2 lines, jumping to the "popad" instruction
mov eax,[esi+08] //copy the max health on eax
mov [esi+04],eax //copy eax to the health, so max health = health
popad //load registers
popfd //load flags


Feel free to use code injection and try out the script, it will make Your units invincible.
If You want, go for it and create an unlimited mana script too. It should be piece of cake now.


Conclusion:
Now You have seen a real example of how values are stored in structures. We have searched for the health only, but with the help of the data dissector, we have easily found the player ID, max health, mana and max mana too. And we could find even more, like attack speed, attack range, attack power, unit speed, unit rank, vision range, co-ordinates and many more.

In FPS games, You can use the same method to compare Your player's structure to the enemies' structure. Find the health, armor, co-ordinates, gravity modifier, speed modifier and many more values that are related to Your charachter.
Or find the ammo for Your weapons and compare Your weapons' structure. Find the ammo, max ammo, rate of fire, weapon range, and many more weapon related values.

The same goes for racing games and other simulators, RPG's and so on...

There is one last important information that You need to know. Structures are sometimes connected to other structures. Like tables in a database. It may happen that a unit's information is stored in 2 or more structures, not just in one. Usually structures are connected to each other with pointers, so in a structure, sometimes You may find pointers that are pointing to another structure which also holds further information that You may need. It is always useful to check out the pointers to see where are they pointing. They are the connection to some useful information.

Examples:
In RTS games, a pointer in the unit structure may point to the "player structure" which holds the amount of resources and other information about the player. Sometimes You can use this pointer as a player ID for the unit if You have found a way to connect both structures.

In FPS games, a pointer may point to the name of the charachter, usually to "Player" or similar string, and You can use this string to compare and create a god mode. If You check a weapon structure, usually You find a pointer which is pointing to the charachter's structure, this way You can create unlimited ammo for weapons that are pointing to Your charachter's structure only.

In summary, You need to realize that data and structures are connected to each other by pointers. Be creative, patient, vigilant and You can figure out where are these connections and how to use them to Your advantage.



Just a small "extra":

I have already written about the Data dissector's options and You can find it in the CE helpfile too, but here it is anyway:

This option is a fine tool to examine or compare data in similar memory regions or structures. It can be used if you wish to compare your charachter's structure with the enemy's structure in an FPS or strategy game, but of course it can be used for other purposes too.


File->New window: This option will open a new dissect window.
File->Import: Import a structure.
File->Export: Export a structure.
File->Save values: Save the content of the window in a file.
File->Add extra address: Add a slot for an extra address for comparing.


View->Change colors: Customize the colors of this tool.
View->Update interval: Customize the value update interval.


Structures: Create a new structure with Define new structure, then give a name and a size for the structure. If you have more than one structure, you can choose the one that you need from here.


Commands: Rename and Delete structure will rename and delete the currently used structure.
Automatically guess offset types will allow CE to guess the type of values in the structure.


If you have added one or more addresses to the window, you can right-click on an address and sort them into groups. This is very useful because you can compare the values in every structure and also see if the values are the same in the same group, or they are different inside the group too (e.g. you can add 2 enemy unit and 2 friendly unit in an RTS game and place the enemies in a different group, thus you will see what is common between friendly units and what is common between enemy units)


If you right-click on an entry in the window, some additional options will be available, such as Memory browse this address, Memory browse this pointer and Add to address list.




That's the end of it, I hope You will find interesting values whatever You are searching for in whatever game.
For now, I think I will play a bit with Armies of Exigo, keep experimenting with any game that You like. Smile

Peace!
Geri

_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
Fantasy
I post too much
Reputation: 13

Joined: 29 Jul 2007
Posts: 3113

PostPosted: Sat Jan 22, 2011 9:17 am    Post subject: Reply with quote

Quality as always. Well done Geri :]

Unfortunately I can't +rep you again xD
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 109

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Sat Jan 22, 2011 9:57 am    Post subject: This post has 1 review(s) Reply with quote

Who cares about reps. Smile

If someone has suggestions/requests about generic tutorials, post here. Now I have covered searching, using the data dissector, using the debugger, backtracing. This should be enough to make the usual cheats like finding co-ordinates and other stuff, create super jump, instant build, god mode and these kind of cheats.

I don't plan to make game specific tutorials as those are mostly useless for other games so basically a waste of time and commercial targets are not freely available. I will use freely available games or demo versions only (Chicken Invaders 4 also has a demo version for testing).

And about ASM, it can be learned from books and Recifense has many many excellent scripts which are also commented so it is a good source to learn.

So I am out of ideas at the moment as it seems that the most important features of Cheat Engine and the demonstration of those tools has been described already.

_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
mafiozer
Newbie cheater
Reputation: 0

Joined: 02 Sep 2010
Posts: 13

PostPosted: Sat Jan 22, 2011 7:19 pm    Post subject: help Reply with quote

hy can you help me, i completed your tutorial but i have another question , i want to hack cod 4 rate of fire ,so first i find ammo then what writes to address,and it shows me mov [edi+ecx*4+00000334],eax , now i go to dissect data and in window i type "00E0DD40*4-334" have i typed it wrong can you help me pls!
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 109

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Sat Jan 22, 2011 8:18 pm    Post subject: Reply with quote

This code seems to be operating with a list. The list is probably starting with the address stored on EDI+0334. And ECX is the number of the item in the list. Maybe all of Your weapon's data is stored in one structure? Are the ammo values for all weapons stored very closed to each other?
I didn't make cheats for Cod4 so I don't know how is it working.

Check out the ammo to see if they are in the same list. Check that EDI is the same for both values when they are changed, or not. This can help in understanding how is the ammo stored in the game.

_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
mafiozer
Newbie cheater
Reputation: 0

Joined: 02 Sep 2010
Posts: 13

PostPosted: Sun Jan 23, 2011 8:43 am    Post subject: help 2 Reply with quote

yes they are same and using same i instrucion like you said edi.........334
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 109

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Sun Jan 23, 2011 9:11 am    Post subject: Reply with quote

If they are stacked up close together, check out what info You can find in that structure.
_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
mafiozer
Newbie cheater
Reputation: 0

Joined: 02 Sep 2010
Posts: 13

PostPosted: Sun Jan 23, 2011 9:46 am    Post subject: help 3 Reply with quote

look i dont know what you need, i dont know english very well xD, but can you make some dissect data video tutorial for FPS game , try to find some game that is similiair like my code in cod 4 pls geri help,i cant learn cheat engine from text ,i watch your videos and i learn almost all ,i didnt learn only bactrack and breakpoint ,so pls make some vide tutorial for dissect ,but FPS game pls dude pls , idk how i can thank you
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 109

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Sun Jan 23, 2011 10:34 am    Post subject: Reply with quote

Well every game is different so You always have to be a bit creative. I will check it later.
_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
mafiozer
Newbie cheater
Reputation: 0

Joined: 02 Sep 2010
Posts: 13

PostPosted: Sun Jan 23, 2011 5:16 pm    Post subject: help 4 Reply with quote

geri i maked a video for you


******.***/watch?v=I2vperuYEKE&feature=feedu
youtube
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 109

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Sun Jan 23, 2011 5:27 pm    Post subject: Reply with quote

They are definitely in the same structure. As You can see, the address for the ammo is very close for both weapons. Look for values in that structure which may be the rate of fire or the range of the weapon.

If You would know ASM, it would help to check what other addresses are accessed by the function when You fire the gun.
Check out "suspicious" addresses. Probably You will crash Your game many times but sooner or later You will find something interesting. This is the beginner way of finding things and it is based on luck, but if You have the patience for it, it will have results.

_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
mafiozer
Newbie cheater
Reputation: 0

Joined: 02 Sep 2010
Posts: 13

PostPosted: Mon Jan 24, 2011 12:33 pm    Post subject: Reply with quote

geri can you make some dissect data for fps games ,you choose any game just record and show how you find recoil,fire rate and range of weapon.
pls dude
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 109

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Mon Jan 24, 2011 1:44 pm    Post subject: Reply with quote

I rarely play FPS games so it will take some time to find one which is suitable to try making a tutorial.

The last game where I have made simple weapon modifications is AVP2010.

You can see some info about that here:
http://forum.cheatengine.org/viewtopic.php?t=529021

Besides of that, I usually don't bother modding the weapons as I don't even play such games and if I do, I prefer to make a simple "instant kill" cheat instead of modding the weapons. I will have to check out a few games and see which one would be good for a tutorial. I have Serious Sam 2 but I didn't even make an ammo cheat for it because I can choose to have unlimited ammo in the game and it has some protections which may cause problems for beginners, so it is surely not the best choice for a simple tutorial.

So I need some time to find an FPS demo which does not require Steam and good for a tutorial.

_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 109

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Mon Jan 24, 2011 11:15 pm    Post subject: Reply with quote

Ok I have downloaded the COD4 demo and made some cheats for the weapons.

Unlimited Ammo-> It is easy, You have done it already.

Rapid fire-> The reload time is stored on offset 3C. Just make sure that it is 0 and You can unleash hell on anything.

Accuracy-> The accuracy modifier of the weapon is stored on offset 624. If it is 0, the weapon has the default accuracy. Just change the codes which are writing to this value and You will always have the default accuracy even when You are moving or firing.


Basically this game is different from AVP2010 because all weapon info is stored in the same structure, not individually for each weapons. But You can still use the dissector to watch for values which are changing when You are firing the weapon, or just search for changed/unchanged values inside the structure.

It doesn't really makes sense to create a tutorial about this because I have just used the data dissector and simple scans to find these values.
And the speedhack feature is also working on this game very well so if You have a machine gun, just slow down the game speed to 0.01 and You can easily find the reload time. This will work in any game where You can use the speedhack.

I have attached a table but it will work with the demo only. And You need CE 6 to use it.

It should work like this:
http://www.youtube.com/watch?v=vCjUJtdhoPI



iw3sp.CT
 Description:

Download
 Filename:  iw3sp.CT
 Filesize:  200.85 KB
 Downloaded:  4025 Time(s)


_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
mafiozer
Newbie cheater
Reputation: 0

Joined: 02 Sep 2010
Posts: 13

PostPosted: Tue Jan 25, 2011 12:12 pm    Post subject: Reply with quote

hy geri...
your cheat table working,maybe not all xD
accuracy dont work...
I have one question for you, look
the adres is something esi+eax*4+00000334 now i have one question
what you type when you searcing for dissecta data ,what you type in window?
1.i type ammo address then-334 and i cant find The reload time is stored on offset 3C
2.i type ammo address then*4-334
pls can you tell me what you writed in that window pls!!!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials All times are GMT - 6 Hours
Goto page 1, 2, 3, 4, 5, 6, 7  Next
Page 1 of 7

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites