Cheat Engine

Rydian · Last edited by Rydian on Fri Jul 10, 2015 10:17 am; edited 1 time in total

So I started changing over to .NET addresses instead of AOB scans for Terraria. However it seems unstable. Sometimes an address like Terraria.Player::ItemCheck+1D5 will work, sometimes it won't. People using the table/trainer are having the same issue.

BanCheese · Cheater Reputation: 0 Joined: 22 Oct 2014 Posts: 49

The core problem here is that Cheat Engine doesn't update it's symbol database after you attach. You see, the .NET runtime will interpret the CIL (Common Intermediate Language) several times before it JIT (Just-in-time) compiles it. This is most likely the cause of your problems -- You are attaching CE before the process has used that routine enough to justify JITing it.

Rudo · Posted: Thu Jul 09, 2015 9:33 pm Post subject:

Probably OS 32 bits problems. Same problem goes to justa_dude's CT. (I use 32 bits machine and I have this problem too)

Rydian · Posted: Thu Jul 09, 2015 10:13 pm Post subject:

Gniarf · Posted: Thu Jul 09, 2015 11:59 pm Post subject:

Dark Byte · Posted: Fri Jul 10, 2015 1:15 am Post subject:

6.4+ means 6.4 and later.
And yes, if the symbol lookup fails, try calling that function(e.g if you attach ce when in the start screen you either have to reattach or reload the symbols later on)

you could learn IL bytecode and make the adjustment in Terraria.Player::ItemCheck_IL (but keep in mind that only works before it gets jitted)

Also, aobscan will fail as well when you do it to soon

Rydian · Posted: Fri Jul 10, 2015 1:40 am Post subject:

I know about the code not even existing until it's needed the first time, it's just without any sort of workaround to this, referencing code via labels like that is unreliable and I wasn't sure if this was a CE thing or what.

If I have to check for failure and run a separate function and such, I might as well just stick with AOBs for now. ^^;

Dark Byte · Posted: Fri Jul 10, 2015 1:50 am Post subject:

Or you can call that in your aa scripts when they run for the first time
Just use a {$lua} section

Rydian · Posted: Fri Jul 10, 2015 3:59 am Post subject:

Ohhh, I see, so once it's been compiled but CE doesn't know about the symbols for it, calling that will make the embedded CE find the symbols?

Could some menu function to run that be inserted to CE itself as well for when that needs to be done while finding/testing?

Dark Byte · Posted: Fri Jul 10, 2015 4:36 am Post subject:

I'm not 100% sure if the .net symbol handler is linked to it, but in the addresslist you can rightclick and choose to reload all symbols

Rydian · Posted: Fri Jul 10, 2015 10:34 am Post subject:

"Force recheck symbols" doesn't do that unfortunately.

Rydian · Posted: Wed Jul 15, 2015 1:04 am Post subject:

Okay so executing that function does work while CE's running too which is nice, but could a faster way of doing it be added?

Adding it to the table's lua script and then executing it isn't always an option, and going to the memory browser in order to open up the Lua Engine window is a little cumbersome (it won't open unless you do it from the browser window, won't work from the main CE window here).

Dark Byte · Posted: Wed Jul 15, 2015 4:05 am Post subject:

If it's about cheat tables you share with other people, then you can add it to the table's AA scripts:

e.g:

Rydian · Posted: Wed Jul 15, 2015 5:22 am Post subject:

Ahhh, didn't know about that shortcut for the engine, and thanks for the scripts.

I really like this feature for games it can dig up info on, but there's still a problem with using the symbols across different machines. Different CPU models can result in different assembly (due to different instruction set support), and the offset is a byte count from the start of the function. I've already seen a number of cases (generally +0x80 or more into a function) where the offsets differed because some instructions before the target differed and so the code was shifted, so to speak. As far as research and quick tests however, it's great to be able to do this stuff from within CE and have it integrated so well.

Also, reloading the stuff in trainers seems kinda' counter-productive since it seems to take around the same amount of time as an AOB scan anyways and can be less precise (in terms of the code to be targeted).

EDIT: When I mention it as being a problem, it's not a bug report or anything like that, I recognize that it's not something caused or influenced by CE and is just a result of how .NET (and supposedly other JIT-using things) work.

Dark Byte · Posted: Wed Jul 15, 2015 5:32 am Post subject:

I recommend entry point hooking of a function and just change the parameters in those cases

or else do an custom lua memory scan after getting the function start and scan for all known aob's in a small region