View previous topic :: View next topic |
Author |
Message |
Rydian Grandmaster Cheater Supreme Reputation: 31
Joined: 17 Sep 2012 Posts: 1358
|
Posted: Sun Aug 30, 2015 12:56 am Post subject: |
|
|
I don't know if it's going to work like that, I've never tried it because it seems like a hassle. Finding the ID of what's in your slots and changing it directly is quicker, easier, and lets you change anything into anything else without swapping around ID pairs and having to go pick up specific things in-game.
_________________
|
|
Back to top |
|
|
Zares How do I cheat? Reputation: 0
Joined: 29 Aug 2015 Posts: 2
|
Posted: Sun Aug 30, 2015 1:37 am Post subject: |
|
|
Rydian wrote: | I don't know if it's going to work like that, I've never tried it because it seems like a hassle. Finding the ID of what's in your slots and changing it directly is quicker, easier, and lets you change anything into anything else without swapping around ID pairs and having to go pick up specific things in-game. |
How to even find the address of thing that in our inventory slot? There's no value to search.
_________________
I'm here just to learn everything about hacking, let me know if there's a tutorial about something I haven't learn yet. |
|
Back to top |
|
|
Rydian Grandmaster Cheater Supreme Reputation: 31
Joined: 17 Sep 2012 Posts: 1358
|
Posted: Sun Aug 30, 2015 2:08 am Post subject: |
|
|
Zares wrote: | Rydian wrote: | I don't know if it's going to work like that, I've never tried it because it seems like a hassle. Finding the ID of what's in your slots and changing it directly is quicker, easier, and lets you change anything into anything else without swapping around ID pairs and having to go pick up specific things in-game. |
How to even find the address of thing that in our inventory slot? There's no value to search. | Find the current amount of an item in your inventory that you know the ID for. Search for the ID close to the current item count, find how many bytes away it is, etc.
http://forum.cheatengine.org/viewtopic.php?t=572465
Option 2 here can potentially be used to get the base address of your inventory, and then you can do some pointer stuff to figure out where item slot 1 is.
Like, in Terraria I used that method to hook into some function that finds the player base address.
[_playerbase]
In Terraria the player structure has a pointer to the inventory structure.
[[_playerbase]+ac]
And item slot 1 is +c from that.
[[[_playerbase]+ac]+c]
And for item slot 1, the ID is +6C...
[[[_playerbase]+ac]+c]+6c
And the count is +80...
[[[_playerbase]+ac]+c]+80
I found out what lead to what by using the Dissect Data/Structures option and putting in the base address of the player.
_________________
|
|
Back to top |
|
|
CJAmper How do I cheat? Reputation: 0
Joined: 17 Dec 2015 Posts: 8 Location: Cuyapo
|
Posted: Thu Dec 17, 2015 5:20 am Post subject: Please Don't Snob me i just want to ask |
|
|
Sir do you have a Social media like facebook
that i can pm you sir ?
I can't pm you in this site theres a rules sir
_________________
True Gamers Never Die ..
We Respawn .. |
|
Back to top |
|
|
Rydian Grandmaster Cheater Supreme Reputation: 31
Joined: 17 Sep 2012 Posts: 1358
|
Posted: Thu Dec 17, 2015 11:43 am Post subject: |
|
|
I do not help with MMOs or things of that nature, and I don't care about keeping cheats secret because anything you do with CE can be found out.
_________________
|
|
Back to top |
|
|
danrevella Master Cheater Reputation: 2
Joined: 11 Jun 2008 Posts: 290
|
Posted: Fri Dec 18, 2015 4:58 pm Post subject: |
|
|
I have experimented severe difficult in founding a parameter.
In my case it is the value of the shield of my ship.
It assume only 3 value: green, yellow, red, then my ship is destroyed.
I have search for unknow initial value, then changed/unchanged value, the problem is that I dead so soon that my research still give me f.e. 2 million of possible location.
If I re-start the mission the value is no longer in the same location, so every time I have to start from ZERO....... I understand that this is a pointer of pointer problem, but if I'm unable in founding the hidden parameter at least one time I may not start in searching for pointer or trying for injection code.
Speedhack in this case seems to me be unuseful.
maybe some other trick is possible?
Thanks for all your excellent tutorials.
|
|
Back to top |
|
|
Rydian Grandmaster Cheater Supreme Reputation: 31
Joined: 17 Sep 2012 Posts: 1358
|
Posted: Fri Dec 18, 2015 7:47 pm Post subject: |
|
|
In cases like this you could try to make guesses on the types and values.
If each shield color is a single hit, try searching for a byte value and then decreased as the ship is hit (and unchanged when not).
If each color is a stage/percentage you could try the same but 4-byte, or even float if the game has highly-variable damage.
_________________
|
|
Back to top |
|
|
danrevella Master Cheater Reputation: 2
Joined: 11 Jun 2008 Posts: 290
|
Posted: Sat Dec 19, 2015 5:49 am Post subject: |
|
|
Rydian wrote: | In cases like this you could try to make guesses on the types and values.
If each shield color is a single hit, try searching for a byte value and then decreased as the ship is hit (and unchanged when not).
|
This is the case, but my problem is that after two hit i'm dead, the mission restart, the location vary, and I still have more than 2 million possible value... too much for trial and error......
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4289
|
Posted: Mon Dec 28, 2015 4:02 pm Post subject: |
|
|
Unless you're absolutely certain the address of your shields changes when you restart the level, it's good to make certain of that. Select "All value types", then do an unknown initial value scan. After that, do changed/unchanged value scans (make sure you do a changed one first to help cut down on the initial results more). If something comes up, great. If nothing comes up, then it's going to get much more complicated than just searching and changing values. If you don't know any ASM, you should practice by making some scripts for something (tutorial).
If nothing comes up, then the easiest method I can think of is to use ultimap. Use it to find the function that's called when you take damage, then NOP that function call and make sure any arguments on the stack are taken care of. Here's a YouTube video showing off ultimap:
https://www.youtube.com/watch?v=T5sXoEEPFBQ
If you can't load DBVM to use ultimap, then there are a few other solutions I can think of, but they aren't very good solutions. The first one is to do unchanged value scans over and over again (hundreds of times), then get damaged once, and scan for a changed value. Then, repeat. If you die, then try again, but this time, do more unchanged value scans. You'll need to be lucky and patient if you try to do this.
If you know what the values are, then you can do a pointer scan for that value. I tried this using step 6 of the CE tutorial and it worked out well. You can also try this if you don't know what the values are, but you'll have to guess and be very lucky.
Recommended settings for the pointer scan:
- Obviously, make sure you have "Value to find:" selected at the top
- Max level = 2 or 3
- Turn off "Only find paths with a static address"
- Turn on "Stop traversing a path when a static has been found"
- Turn on "No looping pointers"
- Turn off "Allow stack addresses of the first thread(s) to be handled as static"
The last (and hardest) method would be to find some value that's somewhat related to your shields (can use some addresses found from the changed/unchanged value scan method). Then, look at the ASM around instructions that access that address which are only run when you take damage. If you can find a call somewhere nearby that's only run when you take damage, then you can try to NOP that call and see if it makes you invincible. You'll need to know the basics of backtracing (tutorial), understand a decent amount of ASM, and have enough patience to sift through possibly thousands of instructions.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
danrevella Master Cheater Reputation: 2
Joined: 11 Jun 2008 Posts: 290
|
Posted: Mon Dec 28, 2015 5:22 pm Post subject: |
|
|
@ParkourPenguin
Many thanks!!!
You gave me a new hope........ in this star wars game......
For first i'll try to learn ultimap, even if it's hard to master, will be really usefull in future situations.
Then I'll try to look at the asm call nearby to when I'll take damage.
Does exist (as was in the old Softice x winnt) a code break key in CE?
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4289
|
Posted: Mon Dec 28, 2015 5:31 pm Post subject: |
|
|
If you're talking about a breakpoint, then yes, it's under the Debug menu in the memory viewer. There are also several other things you can do if you right click on an instruction in the disassembler (top half of the memory viewer).
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
danrevella Master Cheater Reputation: 2
Joined: 11 Jun 2008 Posts: 290
|
Posted: Mon Dec 28, 2015 6:06 pm Post subject: |
|
|
no, I refer to an hotkey who break in the code that is executed in that moment, and let me land in debugger with no need I first have set a breakpoint....
(ollydbg does NOT have this, I remember this opportunity only in Softice for dos os in Sersoft debugger-driver version)
But i understand that may not be possible: I speak about old debuggers running on ring0.........
BTW Now I have a good opportunity to start, many thanks.
|
|
Back to top |
|
|
GiGiGiGi How do I cheat? Reputation: 0
Joined: 05 Feb 2016 Posts: 3
|
Posted: Fri Feb 05, 2016 6:29 pm Post subject: |
|
|
I Already opened a tread on this, but i saw that you all seems to be very prepared, so i'll try here:
I'm playing a basketball game called SBM, Sportando Basket Manager. Now, i'd like to change my money amount, that should be "512.363 €". I don't know what Type of value should i use, but i tried them all and no one work. I also tried to scan unwritable values, and it's like the first time that i cannot even find a value that seems to be basilar. Maybe it not "512.363" but something like x*y=512.363.
I also tried to use the classical Decreased/unchanged process, but it seems useless. It's like if the number... isn't a number! I Mean, if i start from a unknown number, and i always decrease it(and search for decreased), something should come out, but no! i just find a lot of numbers like "2.67803342671789E-319", That decrease everytime i decrease money in the game. However, if i just wait some time, and do it again, EVERY value disappear. But it's senseless, i mean, it MUST be a value. I Tried it all, D:
|
|
Back to top |
|
|
danrevella Master Cheater Reputation: 2
Joined: 11 Jun 2008 Posts: 290
|
Posted: Fri Feb 05, 2016 8:07 pm Post subject: |
|
|
GiGiGiGi wrote: | I also tried to use the classical Decreased/unchanged process, but it seems useless. |
IMO you have to select "ALL" type then scan for changed/unchanged, NOT Decreased/unchanged.
I hope this help.
|
|
Back to top |
|
|
GiGiGiGi How do I cheat? Reputation: 0
Joined: 05 Feb 2016 Posts: 3
|
Posted: Fri Feb 05, 2016 11:45 pm Post subject: |
|
|
I did, but nothing changed. At the end, i have like 15 results, three 4 bytes like "38294928" and a lot of floats like before. It's like if the result of the money is some strange operation between these values. But i'm not sure, i tried to change them but nothing happened in the game.
|
|
Back to top |
|
|
|