 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
helloworld911
How do I cheat?
![]() Reputation: 0
Joined: 22 Feb 2015
Posts: 5
|
 Posted: Sun Feb 22, 2015 11:14 pm Post subject: Monster Vaccuum Singleplayer (Dust Tail Elysian) AA Script. |
 |
|
Hi all,
So far I have found coordinates for my character. Offset for x is [esi +198] and for y is [esi + 19C]. I also found addresses for couple of monsters on the map. They shared the same offset as my character for (x, y). I was able to make my character and the monsters teleport by changing the values of (x, y). How would I code it in AA Script so that all the monsters will teleport to a specific (x, y)?
Other Info I have:
characterID = 0.
My Logic:
Compare characterID to 0. If not equal, then vac all monster to specific location. (Not sure if this is correct)
My Question:
Where would I do code injection. Is it at the (x, y) addresses? Or is it somewhere else? Please guide me or give me some tips on how to proceed with this. I'm a newbie at hacking afterall. Thanks! 
|
|
| Back to top |
|
 |
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Sun Feb 22, 2015 11:45 pm Post subject: |
|
|
Right-click one of the monster's variables and select Find out what accesses this address
Chances are the count on one of the instructions will be shooting up as it is accessed repeatedly
That is a good place to inject your code. Click it and select Show disassembler
In memory viewer, select Tools > Auto Assemble
In Auto assemble, select Template > Cheat Table framework code
Now select Template > AOB Injection
It should default with the address you found, click OK
Now name the injection point something like vacuum
Do your compare logic there to make sure it isn't the player
Then, update the X and Y coordinates using whatever register the existing code used at that point
|
|
| Back to top |
|
|
helloworld911
How do I cheat?
![]() Reputation: 0
Joined: 22 Feb 2015
Posts: 5
|
| Posted: Thu Feb 26, 2015 3:08 am Post subject: |
|
|
Hey,
I finally did it! Thank you for the advice. A couple questions I wanted to ask. Please take a look at my code below:
| Code: |
newmem:
cmp [ebx+00000048],0
je code //jump if above ID is player
mov [ebx+00000198],(float)1735 //monster vac to x-coordinate
jmp code
code: //original code
lea eax,[ebx+00000198]
jmp return
Vac+01:
jmp newmem
nop
return:
|
1) This is for X-coordinate. Can I write a script to Y-coordinate in this injection? Or do I have to go to the Y-coordinate address and inject there?
2) My process of finding this was:
X-coordinate address --> Find what access this address --> Look for the highest opcode counts --> Save them to a notepad and start NOPing them one by one. This is time consuming because sometimes the game screw up so I have to launch it again. I was wondering if there is a better way to find it?
3) This is far fetch right now but can I make it vac to mouse-click or in front of character with CE?
Credits to all the tutorials and the people on here for helping me learn. Feeling so good 
Last edited by helloworld911 on Thu Feb 26, 2015 3:11 am; edited 1 time in total |
|
| Back to top |
|
|
SteveAndrew
Master Cheater
 Reputation: 30
Joined: 02 Sep 2012
Posts: 323
|
| Posted: Thu Feb 26, 2015 3:10 am Post subject: |
|
|
Okay! So with this game it turns out, it's pretty simple to vac hack the enemies! As you described, there is an 'ID' variable contained in the Character structures. There's also a 'Team' variable as well. Cheat Engine did something for me that I didn't even know it could do! It somehow knew all the items within the structure and the size of it and filled everything in automatically! Provided you gave the structure dissect the correct base address of course...
So +48(ID), and +44(Team) are of interest. We'll use player ID 0 to select the vac position being the players coordinates, then vac anything not on Team 0. So for example friends like Fidget perhaps won't also be caught in the vac along with the enemies. [[+18]+8]=='dust' string could also be used instead of ID.
I've created the script so that it works as follows:
1. Be in game and walk at least once, or if enemies are on the screen and they move at least once.
2. Enable the 'Monster Vac' entry on the cheat list, 'Vac Toggler' will also enable with it!
The vac will now be enabled and going back to the game will show any enemies on the screen are now stuck at your position! As you move around they will stay locked in that set position.
3. Use the hotkey assigned to 'Vac Toggler' (SHIFT+V) to soft-disable the vaccuum. This is done so you don't have to fully disable and re-enable it whenever you want to use it again, just press the hotkey to disable it, then press it again to re-enable and re-position the vac coordinates.
If the address the script hooks is not correct you can use the 'Monster Vac Hook Address Locator' script to find the address automatically for you. It is a certain offset after: 'Dust.CharClasses.Character::UpdateLocation' which happens to be 'Dust.CharClasses.Character::UpdateLocation+1DA' for me.
Just replace all instances of that+1DA in the script with the address it finds for you and it will work (provided the ID and Team offsets are also correct, which the 198 offset to the beginning of the structure was correct so they should be)
Monster Vac:
| Code: |
[enable]
alloc(MonsterVac,$1000)
label(MonsterVacReturn)
label(CaptureCoords)
label(OriginalCode)
label(VacDisabled)
label(VacEnabled)
label(VacCoords)
registersymbol(VacEnabled)
registersymbol(OriginalCode)
STRUCT Coords
X: dd ?
Y: dd ?
ENDSTRUCT
MonsterVac: //EBX,ECX,ESI == Start Of Current Character Object
cmp [VacEnabled],1 //So you can enable/disable the vac without disabling
jne VacDisabled //the entire script...
cmp [ebx+48],0 //Dust.CharClasses.Character->ID (+48)
je CaptureCoords //Capture Coordinates If It's Dust As Starting Vac Position
cmp [ebx+44],0 //Dust.CharClasses.Character->Team (+44)
je OriginalCode //Skip Vac For Anyone On Player's 'Team'
cmp [VacCoords+X],0 //Skip vac temporarily if starting point not captured yet
je OriginalCode
push ecx //Vaccuum Code Right Here :P
mov ecx,[VacCoords+X]
mov [eax+X],ecx
mov ecx,[VacCoords+Y]
mov [eax+Y],ecx
pop ecx
fstp st(0)
jmp OriginalCode+2
CaptureCoords:
cmp [VacCoords+X],0
jne OriginalCode
push ecx
mov ecx,[eax+X]
mov [VacCoords+X],ecx
mov ecx,[eax+Y]
mov [VacCoords+Y],ecx
pop ecx
OriginalCode:
readmem(Dust.CharClasses.Character::UpdateLocation+1DA,9)
jmp MonsterVacReturn
VacDisabled:
mov [VacCoords+X],0
jmp OriginalCode
VacEnabled:
dd 1
VacCoords:
dq 0
Dust.CharClasses.Character::UpdateLocation+1DA:
jmp MonsterVac
db 90 90 90 90
MonsterVacReturn:
[disable]
Dust.CharClasses.Character::UpdateLocation+1DA:
readmem(OriginalCode,9)
dealloc(MonsterVac)
unregistersymbol(VacEnabled)
unregistersymbol(OriginalCode)
|
Monster Vac Hook Address Locator:
| Code: |
//Credit To: panraven (AOBScanEx function)
[enable]
{$lua}
local function AOBScanEx(aob,p,a,n,s,e,pb)
local p,a,n,s,e = p or '*X*W',a or fsmNotAligned,n or '0',s or 0x0,e or 0xffffffffffffffff
local ms = pb and createMemScan(pb) or createMemScan()
local fl = createFoundList(ms)
ms.firstScan(soExactValue,vtByteArray,nil,aob,nil,s,e,p,a,n,true,false,false,false)
ms.waitTillDone()
fl.initialize()
local result = nil
if fl ~= nil and fl.getCount() > 0 then
result = createStringlist()
for i=1,fl.getCount() do result.add(fl.getAddress(i-1)) end
end
fl.destroy()
ms.destroy()
return result
end
addr=getAddress("Dust.CharClasses.Character::UpdateLocation")
DustVacHookAddress=AOBScanEx("d9 18 83 bb",nil,nil,nil,addr,addr+500)
if DustVacHookAddress~=nil then
print(string.format("Vac Hook Address-> %s",getNameFromAddress(DustVacHookAddress[0])))
else
print("Failed finding vac hook address! Are you actually in game?")
end
{$asm}
[disable]
|
Finally, credit to Cielos for his Health script which I fixed the AOB to work with my version of the game, and then used it to help me not die as I was building this cheat!!
Here we see the end result 
| Description: |
|
Download |
| Filename: |
DustAET-SteveAndrewMonsterVac.CT |
| Filesize: |
35.84 KB |
| Downloaded: |
743 Time(s) |
_________________
|
|
| Back to top |
|
|
helloworld911
How do I cheat?
![]() Reputation: 0
Joined: 22 Feb 2015
Posts: 5
|
| Posted: Thu Feb 26, 2015 3:16 am Post subject: |
|
|
| That was an extremely fast reply lol. I picked this game because it let a newbie like me learn about dissecting structure and other things. It'll take a while for me to read. Thanks for the reply!
|
|
| Back to top |
|
|
SteveAndrew
Master Cheater
Reputation: 30
Joined: 02 Sep 2012
Posts: 323
|
| Posted: Thu Feb 26, 2015 3:31 am Post subject: |
|
|
| helloworld911 wrote: | | That was an extremely fast reply lol. I picked this game because it let a newbie like me learn about dissecting structure and other things. It'll take a while for me to read. Thanks for the reply! |
Lol nope not a quick reply! ha, I actually saw your post the other day but I didn't decide to try and go for building the cheat until tonight! I just happened to be typing up my post when you apparently posted again, no worries
Your code looks good for the most part, we just hooked a different place that's all but still modifying the same coordinate addresses of the enemies!
There is a CT attached you know  So it's not only about reading but also trying my version out for yourself Maybe adapt it to hook your address and do it a similar way that I did it, but using your hook address instead?
I'll definitely look into using the mouse coordinates instead of player coordinates as the vaccuum position! That would be cooler, but with the address I hooked not as cool as it could be. See I figured out that the address I am using only executes when walking on a surface/the ground. I discovered this by jumping and enabling the vac in mid air. When I do that, they slowly drift down from the locked position until they hit the ground and then shoot back to the locked position again. You'll see what I mean... It can be fixed easily though, just using a different hooking address that constantly writes/accesses the enemies coordinate addresses instead of just at a certain time. I guess I just liked this address because it's easy to get to via symbol name!
_________________
|
|
| Back to top |
|
|
helloworld911
How do I cheat?
![]() Reputation: 0
Joined: 22 Feb 2015
Posts: 5
|
| Posted: Thu Feb 26, 2015 3:41 am Post subject: |
|
|
| For sure I will study your CT hard. As for LUA, I don't understand any of it right now. AA Scripting is already a handful for me
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 198
Joined: 25 Jan 2006
Posts: 8517
Location: 127.0.0.1
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
