Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Pointer in Code Injection
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Noobrzor
Advanced Cheater
Reputation: 0

Joined: 19 May 2014
Posts: 74

PostPosted: Wed Jan 13, 2016 6:15 pm    Post subject: Pointer in Code Injection Reply with quote

Greetings

Here's what I'm trying to do. I have a multi-level pointer that leads to a value of maxHP. And I have a access-based game code that get's called about 500 times a second. I'm utilizing it to create a health-regeneration trick that increases HP by (float)0.002 until...yeah, maxHP. But I don't want to manually change the script and disable and reenable the injection just to rework it.

I don't want the code to manually call up the entire multi-level pointer every time it get's realized the way I know how to do it. I'm trying to have a cheat table present multi-level pointer being accessed as if via registersymbol. Or have it be called once like label(pointer) pointer:dd something that happen before the newmem itself.

The way I know is only:
Code:
mov eax,[game.exe+offset]
mov eax,[eax+offset]
mov eax,[eax+offset]
//and so on


Or maybe should I find some once-in-a-while called code, and incorporate a registersymbol into it to update this not-related manual address once in a while, but not hundreds of times every second.

EDIT2:
I had succeeded in setting up a once-in-a-while called code to also provide me with a saved max health value to be used in the initial code. Still would like to know any possible other approaches to it.


Last edited by Noobrzor on Wed Jan 13, 2016 6:59 pm; edited 1 time in total
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Wed Jan 13, 2016 6:59 pm    Post subject: Reply with quote

I dunno if it'll make that significant of a difference, but here's something I made using CE's tutorial that only traverses a pointer's path once:
Code:
[ENABLE]
{$lua}
errorOnLookupFailure(false)
if getAddress("myAddress") == 0 then
  registerSymbol("myAddress", getAddress('["Tutorial-i386.exe"+2345D0]+480'))
end
errorOnLookupFailure(true)
{$asm}

// ASM Enable script here

[DISABLE]

// ASM Disable script here

//optionally:
unregistersymbol(myAddress)
Obviously, you can change myAddress to anything you want, and add in other offsets to the pointer path the same way that one offset was added.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Noobrzor
Advanced Cheater
Reputation: 0

Joined: 19 May 2014
Posts: 74

PostPosted: Wed Jan 13, 2016 7:02 pm    Post subject: Reply with quote

Oh, like that? I had no idea you could use both lua and asm interchangeably in aa script.

Still, with the possible maxHP rises like from levelling or perks, one maxHP value pull could become outdated in hour or two.

Thank you for replying.
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Wed Jan 13, 2016 8:12 pm    Post subject: Reply with quote

I don't understand the problem that you are having. Is reading the max health causing the target to lag?

You can create an injection point for max health and save it off using a custom symbol. In the health script, you can read from that max health value for your conditional jump. If the health values are part of the same structure, it's even easier.

If reading from the max health value too often is causing problems, you can create a timer, or use a different instruction to read from it.
Back to top
View user's profile Send private message
sjl002
Master Cheater
Reputation: 0

Joined: 31 Aug 2013
Posts: 305

PostPosted: Wed Jan 13, 2016 8:22 pm    Post subject: Reply with quote

I'm very amazing. Twisted Evil
I want one question from you.
How to put timer in auto assembly script for that uncheck checkbox(script after 0.1 second disabled himself)
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Thu Jan 14, 2016 12:02 am    Post subject: Reply with quote

sjl002:
Use createTimer() to make a timer.
Set its interval to 100.
Set its OnTimer property to a function that sets the script's MemoryRecord object to false and destroy the timer after that.
Set the Enabled property to true (if you didn't specify that in the constructor of the timer).

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
hhhuut
Grandmaster Cheater
Reputation: 6

Joined: 08 Feb 2015
Posts: 607

PostPosted: Thu Jan 14, 2016 3:16 am    Post subject: Reply with quote

Well, if you just want to read the maxHP value once in an assembler script, then you could try one of the following:

Code:
[ENABLE]
//...
label(maxHP)
//...

newmem:
cmp dword ptr [maxHP],00   //if the value hasn't been stored yet.
jg originalcode   //jump if greater (so if there's a positive maxHP value already stored
//read the pointer path and store the final value in [maxHP]

originalcode
// ...

exit:
jmp returnhere

maxHP:
dd 00

// ...

registersymbol(maxHP)

[DISABLE]

unregistersymbol(maxHP)

// ...


Alternatively you can store the address where the maxHP value lies into "[maxHP]" so to read from it you'd have a Level-1-Pointer with a zero for the first offset ...
Back to top
View user's profile Send private message
sjl002
Master Cheater
Reputation: 0

Joined: 31 Aug 2013
Posts: 305

PostPosted: Thu Jan 14, 2016 3:37 am    Post subject: Reply with quote

Thanks.
sorry from I posting to this topic.
Other question:
How to go stored value?
for store first max health value?(I think such as teleport save location).
and then into this script making that max value to 99999.
I mean is first: store max value, second:max value to 99999,and when press key No longer does not save(store)
and making other script for reset unit. mean:back to first stored value.
I want to make script such as cheat happens Unit health(heal,weak,super and reset unit) for stronghold crusader 2.
Back to top
View user's profile Send private message
hhhuut
Grandmaster Cheater
Reputation: 6

Joined: 08 Feb 2015
Posts: 607

PostPosted: Thu Jan 14, 2016 4:00 am    Post subject: Reply with quote

I can't say for sure how they're doing it, but regarding the hints, it looks like they use a preapre script and do the value setting manually.

So they use a routine that only works on selected units.
The preapre script now saves three values, which would be "currentHP", "maxHP" and "originalMaxHP" (you can use symbols for them) and does the actual changes to those prepared addresses.

Now the four functions:
- Weak unit: Sets the "currentHP" to 1
- Heal unit: Copy the value from "maxHP" to "currentHP"
- Super unit: Set the "maxHP" to 999999 (or whatever)
- Reset unit: Set the "maxHP" back to normal (so copy the value from "originalMaxHP" to "maxHP")

So your script would look something like that (assuming that your current life is stored at the offset "10" and the maximum life is stored at the offset "14"):

Code:
[ENABLE]
alloc(newmem, 2048)
// ...
label(currentHP)
label(maxHP)
label(originalMaxHP)

newmem:
push eax
//instead of just using a register, you can of course also follow a pointer path
mov eax,[<register>+10]
mov [currentHP],eax
mov eax,[<register>+14]
mov [maxHP],eax
mov [originalMaxHP],eax
pop eax

orignalcode:
// ...

exit:
jmp returnhere

currentHP:
dd 00

maxHP:
dd 00

originalMaxHP:
dd 00

Spiel.exe+1234:
jmp newmem

returnhere:

registersymbol(currentHP)
registersymbol(maxHP)
registersymbol(originalMaxHP)

[DISABLE]
dealloc(newmem)
unregistersymbol(currentHP)
unregistersymbol(maxHP)
unregistersymbol(originalMaxHP)

// ...


That script can of course just work, if you've only a SINGLE UNIT selected (as it also says in the Cheathappens hints) ...
Back to top
View user's profile Send private message
Noobrzor
Advanced Cheater
Reputation: 0

Joined: 19 May 2014
Posts: 74

PostPosted: Thu Jan 14, 2016 6:47 am    Post subject: Reply with quote

++METHOS wrote:
I don't understand the problem that you are having. Is reading the max health causing the target to lag?

You can create an injection point for max health and save it off using a custom symbol. In the health script, you can read from that max health value for your conditional jump. If the health values are part of the same structure, it's even easier.

If reading from the max health value too often is causing problems, you can create a timer, or use a different instruction to read from it.


MaxHP isn't part of the same structure, nor is it accessed by the same code. The other code, the one that accesses maxHP, was being called hundreds of times per second, and I didn't want another code injection to enlarge computations that high of a frequence.

That's why I asked about pointer. A pointer in the cheat table that points to maxHP through Cheat Engine, and then if and how I could make my AA script pull that value from the pointer. I'm still curious if one can do that.

Right now I solved it by finding another code that accesses maxHP but much less frequently, therefore it's less heavy and does the job perfectly.
Though that creating timer idea is interesting as well, gotta try it sometime.
Back to top
View user's profile Send private message
hhhuut
Grandmaster Cheater
Reputation: 6

Joined: 08 Feb 2015
Posts: 607

PostPosted: Thu Jan 14, 2016 7:09 am    Post subject: Reply with quote

Instead of
Code:
mov eax,[<register>+10]
mov [currentHP],eax
mov eax,[<register>+14]
mov [maxHP],eax
mov [originalMaxHP],eax


you could of course also write

Code:
mov eax,[<register>+10]
mov [currentHP],eax
mov eax,[BaseAddress+BaseOffset]
mov eax,[eax+Offset0]
mov eax,[eax+Offset1]
mov eax,[eax+Offset2]
//and so on
mov [maxHP],eax
mov [originalMaxHP],eax
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Thu Jan 14, 2016 10:29 am    Post subject: Reply with quote

Noobrzor wrote:
MaxHP isn't part of the same structure, nor is it accessed by the same code. The other code, the one that accesses maxHP, was being called hundreds of times per second, and I didn't want another code injection to enlarge computations that high of a frequence.
-The only time I ever experienced any problems with using an injection point that was being accessed too often, was when I was using stealthedit for a highly-protected target. In most cases, you shouldn't even notice any difference, as the code is already being executed, naturally.

That said, you can read from a pointer inside of your script, but storing the value is better because you don't have to worry about the pointer breaking. If the values are not part of the same structure, you can simply create two injection points and store what you need using custom symbols.

If you ever have a value that is being accessed by unusable instructions, you can always try to work from a different value in that structure and inject your code there...for example:

Max health is [eax+40], but all instructions are no good for injection purposes, but some random value at [eax+70] (inside the same structure) is only being accessed once every second, making a better injection point to read [eax+40].
Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278

PostPosted: Thu Jan 14, 2016 11:56 am    Post subject: Reply with quote

If you have code elsewhere that updates less frequently to grab your base pointer, you can have that same code calculate the exact address of whatever value you're after.
Save that exact address into another custom variable and your first script can use that address directly...
Back to top
View user's profile Send private message
sjl002
Master Cheater
Reputation: 0

Joined: 31 Aug 2013
Posts: 305

PostPosted: Sat Jan 16, 2016 5:49 am    Post subject: Reply with quote

Oh very thanks from you my friends,Great help you make me very happy.
Only other question:
What is the difference between the Original max HP and Max HP?
Is Max HP the same Original max HP?What is Original max HP?
////////////////////////////////////////////////////////////////////////////////
You write this,but i not undrstand , maxHP is 0 , OriginalMaxHP is 0
How to make pointer for go currentHP to maxHP,......
You can put ct for this.
Quote:
Now the four functions:
- Weak unit: Sets the "currentHP" to 1
- Heal unit: Copy the value from "maxHP" to "currentHP"
- Super unit: Set the "maxHP" to 999999 (or whatever)
- Reset unit: Set the "maxHP" back to normal (so copy the value from "originalMaxHP" to "maxHP")
Back to top
View user's profile Send private message
hhhuut
Grandmaster Cheater
Reputation: 6

Joined: 08 Feb 2015
Posts: 607

PostPosted: Sat Jan 16, 2016 6:56 am    Post subject: Reply with quote

It's pretty simple:

Assign the script I posted above (of course with the necessary modifications in registers/offsets so that you get the correct values) to your cheat table.
Now assign three addresses to the cheat table. One address is "currentHP", one is "maxHP" and one is "originalMaxHP".
Btw, you should enable the script before assigning the address, since if the symbols don't exist, CE can't correctly add the addresses.

Now you can use the functions I already explained:
If you want to weaken the selected unit, set the value of the "currentHP" address to 1.
If you want to heal the selected unit, copy the value from the "maxHP" address to the "currentHP" address.
If you want the selected unit to have massive health, set the value of "maxHP" (which i.e. may be 100) to a very high value and use the heal function afterwards so that the high value gets applied to the unit's current life.
If you want to reset the selected unit's life back to normal, copy the value from the "originalMaxHP" address (which should still be i.e. 100 even if the value of "maxHP" is 100000) to the "maxHP" address.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites