 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
omegacenti
How do I cheat?
![]() Reputation: 0
Joined: 15 Dec 2016
Posts: 2
|
 Posted: Thu Dec 15, 2016 3:56 pm Post subject: A Mix Between Introduction, Greetings and Perplexion! |
 |
|
This was originally formatted as a private message, but the forum software told me I can not PM users yet, which I acknowledge is for spam purposes. If anything reads a little funny it is probably because I missed something in my proofreads!
Apparently URL's are out of the question too I will leave the thread number in place of the URL's then! (I will edit them back to URL's once I am cleared for it)
Before I get into the nitty gritty, I just wanted to say after having tried my hand at building a cheat table that sticks I am amazed at Pangolin's cheat table for risk of rain! I spent about 8 hours yesterday trying to understand exactly how to get the appropriate information out of Risk of Rain so that variables would persist after level change / restarting the application!
I found the first thread for risk of rain didn't contain very much information or the information was severely outdated 569424
I did glean from the previous thread that when I did try for myself to get a working table up and running I would apparently (according to the thread comments) run into some peculiar happenings with pointers and a bit of code that
appears to be used by every single variable of note!
This is what I got when trying to locate the variable time (which apparently is a double)
| Code: |
00509F01 - DD 00 - fld qword ptr [eax]
00509F03 - DD 1F - fstp qword ptr [edi] <<
00509F05 - 5F - pop edi
00509F06 - 5E - pop esi
|
replacing that string with 90/NOP is a very bad thing. It crashes the game as soon as you unpause it.
An interesting set of events however is if you restore the code before you unpause it, the game runs fine as if nothing ever happened. However, replacing the value of time at the address found works flawlessly right up until you die/change level/restart the application (which Chapter 6 Part 2 of CheatEngineTutorial explained happens often)
So! I started trying to dig around for the addresses that accessed/wrote to that variable, tried more information > easy pointer copy and then searching for 4 bytes in hex for the easy pointer bytes. Nothing shows up. At this point I was thoroughly confused but determined! Roughly 6 hours later, red-eyed and essentially brain-dead, I managed to get to sleep and work on trying to find out where I was going wrong.
The code that deals with manipulating a lot of variables is a strange one to me being straight out of the tutorial. I felt pretty good after I tackled the strawman that was the tutorial, only to realize just how formidable
actual games were going to be! Lesson learned in that regard! Here's the "manipulate ALL the things" code (I think).
Apparently I can't even find it anymore
It was something alond the lines of
It almost feels like this game randomly switches out what type of functions it even uses to process variables!
However, I tried another google query and finally came upon a post where Pangolin left us an amazing cheat table! 5699082#5699082
A gigantic 1.7MB! (As an occasional lurker this was a very big table to what I had seen usually) So I opened it up in notepad++ to see if I could divine the way Pangolin came about finding the time variable and make it actually stick!
I tried everything I garnished from the cheatengine tutorialx64 but it appeared that risk of rain was impervious to it 
This led to a very long google query chain trying to find out what the heck is actually going on with something that looks like a label but has an operator applied to it
| Code: |
aobscan(time, 6D 52 52 41 00 00 00 00 00 00 00 00 00 00 00 00)
label(_time)
registersymbol(_time)
time-7d0:
_time:
|
I saw Pangolin had an aobscan with format (time, bytes), and I tried searching google for aobscan syntax, but I came up short. I am going to try searching through the autoassembler tutorial subforum a few times more.
I think _time: is a symbol right?
but... what the heck is "time-7d0":
I think 7d0 is 2000
so time-7d0 might be something that aobscan finds with interacting with the word time and then whatever that result is, subtract like 2000 from the address? maybe time-7d0 is some kind of pointer offset or something?
How did Pangolin come up with the math required to get "3.2109375 = 59 sec" ?
What is the purpose of the giant structures listed at the end of the cheat table?
I am a bit of an older gamer and I really enjoy learning! Well, I finally stopped lurking and passively using others' cheat tables on occasion and signed up to cheatengine forums.
The forums tutorials have been somewhat helpful, but the tutorials aren't in any particular order and sometimes instructions in the tutorials assume previous knowledge. If I could find like a book or even a mentor I would be ecstatic!  I would like to think I am in this for the longhaul as I would like to be able to contribute to the community with both first-order stuff like tables and what not, but further on down the line I also would love to be able to pass off this information in a clear and concise manner.
Again, just wanted to say as a gamer who finally tried to put together a table I am beginning to appreciate just how much work was put into that table Pangolin created!
Just a little side note, I put quite a bit of effort into searching,studying,googling, and proofreading for this post. I notice people on cheatengine forums are pretty respectful and what not, but I am still anxious about things from other forums, such as RTFM, lmgtfy etc. I hope people here enjoy learning and teaching as much as I do. Ask me anything about Kerbal Space Program and you will find out!
|
|
| Back to top |
|
 |
Kavvman
Master Cheater
![]() Reputation: 2
Joined: 17 Apr 2004
Posts: 316
|
| Posted: Thu Dec 15, 2016 6:13 pm Post subject: |
|
|
You are right, time-7d0: means after aobscan finds these bytes at an address ( aobscan(time, 6D 52 52 41 00 00 00 00 00 00 00 00 00 00 00 00) ) and assigns the address to time, 7d0 is subtracted from time and then that address accessed.
7d0 is hex for 2000. So for example, aobscan finds the time at 92ace, time-7d0 would mean we're accessing the address at 92ace-7d0 which is 922FE. The author did this to have a stable aob i would assume (scan 7d0 bytes ahead instead of at -7d0), can't really tell unless i study the game.
The structures you speak of are for data dissect window. Open Memory viewer then ctrl+D. That is how the author was able to differentiate and separate his cheats from the rest of game's data.
_________________
... |
|
| Back to top |
|
|
omegacenti
How do I cheat?
![]() Reputation: 0
Joined: 15 Dec 2016
Posts: 2
|
| Posted: Sun Dec 18, 2016 2:18 pm Post subject: |
|
|
I appreciate the response Vizzion  Sorry about the appreciation being so late. Wish I could actually pick Pangolin's brain though.
I did look at the data dissect structure while trying to create a table but it was really just a shot in the dark for me with no experience. I am still trying to find book suggestions. Tried the IRC but it was dead quite in there for 12 hours.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
