Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[REQUEST] Redout v.104
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
merlin555
Newbie cheater
Reputation: 0

Joined: 18 Apr 2017
Posts: 15

PostPosted: Tue Apr 18, 2017 4:04 am    Post subject: [REQUEST] Redout v.104 Reply with quote

Hello,

I have problems found a possible address for the game Redout v1.04.
First Scan i found 100-140 addresses.
But by NEXT scan is everytime 0.

I search the money, health & energy.

The game is 64bit.
Process name = redout-Win64-shipping

Thanks!

Best regards..

Merlin
Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252

PostPosted: Tue Apr 18, 2017 1:12 pm    Post subject: Reply with quote

I tested on the demo version because I don't have the game but it should be fairly similar. I verified the stats by testing vehicle structure. At a very low setting the car blew up quickly and at a high setting I crashed into the walls the whole time without blowing up.

Here is the block of code that loads the 5 car stats into xmm registers.

Code:
"redout-Win64-Shipping.exe"+19FC15: 48 8B F0                    -  mov rsi,rax
"redout-Win64-Shipping.exe"+19FC18: 48 85 C0                    -  test rax,rax
"redout-Win64-Shipping.exe"+19FC1B: 0F 84 96 02 00 00           -  je redout-Win64-Shipping.exe+19FEB7
"redout-Win64-Shipping.exe"+19FC21: 0F 29 B4 24 80 00 00 00     -  movaps [rsp+00000080],xmm6
"redout-Win64-Shipping.exe"+19FC29: 45 0F B6 C4                 -  movzx r8d,r12l
"redout-Win64-Shipping.exe"+19FC2D: 0F 29 7C 24 70              -  movaps [rsp+70],xmm7
"redout-Win64-Shipping.exe"+19FC32: 41 0F B6 D7                 -  movzx edx,r15l
"redout-Win64-Shipping.exe"+19FC36: F3 0F 10 B8 78 0C 00 00     -  movss xmm7,[rax+00000C78]
"redout-Win64-Shipping.exe"+19FC3E: 48 8B CD                    -  mov rcx,rbp
"redout-Win64-Shipping.exe"+19FC41: 44 0F 29 44 24 60           -  movaps [rsp+60],xmm8
"redout-Win64-Shipping.exe"+19FC47: F3 44 0F 10 80 B4 0C 00 00  -  movss xmm8,[rax+00000CB4]
"redout-Win64-Shipping.exe"+19FC50: 44 0F 29 4C 24 50           -  movaps [rsp+50],xmm9
"redout-Win64-Shipping.exe"+19FC56: F3 44 0F 10 88 D0 06 00 00  -  movss xmm9,[rax+000006D0]
"redout-Win64-Shipping.exe"+19FC5F: 44 0F 29 54 24 40           -  movaps [rsp+40],xmm10
"redout-Win64-Shipping.exe"+19FC65: F3 44 0F 10 90 90 07 00 00  -  movss xmm10,[rax+00000790]
"redout-Win64-Shipping.exe"+19FC6E: 44 0F 29 5C 24 30           -  movaps [rsp+30],xmm11
"redout-Win64-Shipping.exe"+19FC74: F3 44 0F 10 98 18 08 00 00  -  movss xmm11,[rax+00000818]
"redout-Win64-Shipping.exe"+19FC7D: 44 0F 29 64 24 20           -  movaps [rsp+20],xmm12
"redout-Win64-Shipping.exe"+19FC83: F3 44 0F 10 A0 80 0C 00 00  -  movss xmm12,[rax+00000C80]
"redout-Win64-Shipping.exe"+19FC8C: E8 4F 02 00 00              -  call redout-Win64-Shipping.exe+19FEE0
"redout-Win64-Shipping.exe"+19FC91: 4C 8B B8 50 08 00 00        -  mov r15,[rax+00000850]


There are other references for the same address by submodule.
acceleration:
Code:
redout-Win64-Shipping.URedoutGameInstance::GetShipNormalizedStats+66 - F3 0F10 B8 780C0000   - movss xmm7,[rax+00000C78]

grip:
Code:
redout-Win64-Shipping.URedoutGameInstance::GetShipNormalizedStats+77 - F3 44 0F10 80 B40C0000  - movss xmm8,[rax+00000CB4]

structure:
Code:
redout-Win64-Shipping.URedoutGameInstance::GetShipNormalizedStats+86 - F3 44 0F10 88 D0060000  - movss xmm9,[rax+000006D0]

energy:
Code:
redout-Win64-Shipping.URedoutGameInstance::GetShipNormalizedStats+95 - F3 44 0F10 90 90070000  - movss xmm10,[rax+00000790]

recharge:
Code:
redout-Win64-Shipping.URedoutGameInstance::GetShipNormalizedStats+A4 - F3 44 0F10 98 18080000  - movss xmm11,[rax+00000818]

Speed:
Code:
redout-Win64-Shipping.URedoutGameInstance::GetShipNormalizedStats+B3 - F3 44 0F10 A0 800C0000  - movss xmm12,[rax+00000C80]


Last edited by sbryzl on Tue Apr 18, 2017 2:58 pm; edited 1 time in total
Back to top
View user's profile Send private message
merlin555
Newbie cheater
Reputation: 0

Joined: 18 Apr 2017
Posts: 15

PostPosted: Tue Apr 18, 2017 1:48 pm    Post subject: Reply with quote

@sbryzl

Thanks for you help!

But i dont understand the programming lines.

Can you build a script for me?
I am not a programmer.

I have the normal steam version and cant download the demo.

Sorry, for my bad english.
Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252

PostPosted: Tue Apr 18, 2017 3:08 pm    Post subject: Reply with quote

I can understand your English fine.

I can tell you how to use the disassembled code.

Energy is the value that is moved to xmm10 so if you look at this:
Code:
"redout-Win64-Shipping.exe"+19FC65: F3 44 0F 10 90 90 07 00 00  -  movss xmm10,[rax+00000790]

You can copy the bytes "F3 44 0F 10 90 90 07 00 00" and start a new search in cheat engine for "array of bytes", paste the copied bytes in the search field and select executable not writable because these are bytes in the executable part of memory.

After searching an address comes up, right click and select "disassemble this memory". Then the disassembly window comes up right click on the code that writes to xmm10 and select "find out what addresses this accesses". The address comes up and double click it to place it in the table. Now you will have the address for energy of the current vehicle.

There is also a table at FearlessRevolution which I haven't tried.
Back to top
View user's profile Send private message
merlin555
Newbie cheater
Reputation: 0

Joined: 18 Apr 2017
Posts: 15

PostPosted: Tue Apr 18, 2017 4:16 pm    Post subject: Reply with quote

Thanks!!

But Cheat Engine found 0 addresses.

First, im going into a level.
Wait for the energy is 100% UP and then
i make a search with ""F3 44 0F 10 90 90 07 00 00""
not "Health".

Comes a address by the first scans ?
Whats the energy status first in the game ?
100% UP or 0% down ?

Her a picture from CT.



REDOUT.gif
 Description:
Energy search
 Filesize:  32.3 KB
 Viewed:  22145 Time(s)

REDOUT.gif


Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252

PostPosted: Tue Apr 18, 2017 4:44 pm    Post subject: Reply with quote

You need to enable "executable" rather than "writable". Then it should work.

The values when you find them will be float anywhere from .1 to 1000. I don't remember energy format, maybe a decimal or maybe in hundreds.

Also the values are all loaded before the race starts so although you can edit them anytime you will want to go into the menu and start a new race for the changes to take effect.
Back to top
View user's profile Send private message
merlin555
Newbie cheater
Reputation: 0

Joined: 18 Apr 2017
Posts: 15

PostPosted: Tue Apr 18, 2017 6:17 pm    Post subject: Reply with quote

I download now the DEMO from a test Steam account.
The bytes "F3 44 0F 10 90 90 07 00 00" found now a address. (only DEMO)

See PIC (1)

Then Select the first line and press ""find out what addresses this accesses" PIC (2)
and a new windows appears that is empty.. and now ? PIC (3)



PIC3.gif
 Description:
PIC (3)
 Filesize:  101.63 KB
 Viewed:  22123 Time(s)

PIC3.gif



PIC2.gif
 Description:
PIC (2)
 Filesize:  42.5 KB
 Viewed:  22123 Time(s)

PIC2.gif



PIC1.gif
 Description:
PIC (1)
 Filesize:  54.16 KB
 Viewed:  22123 Time(s)

PIC1.gif


Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252

PostPosted: Tue Apr 18, 2017 7:13 pm    Post subject: Reply with quote

So it doesn't work in the regular game? That kinda sucks.

You need to be in the configuration screen where you choose a car to get the addresses.

As for finding it in the regular game, maybe it has similar code you could find by looking for that submodule.
When you go back to the regular game try right clicking in the disassembler "go to address" and enter:
"redout-Win64-Shipping.URedoutGameInstance::GetShipNormalizedStats". Maybe you can find something similar loading up the xmm registers even if it's not exactly the same.
Back to top
View user's profile Send private message
merlin555
Newbie cheater
Reputation: 0

Joined: 18 Apr 2017
Posts: 15

PostPosted: Tue Apr 18, 2017 8:13 pm    Post subject: Reply with quote

You thinks the codes for the ships parameters ?
Or in the level game, unlimited health, Energy.. etc.

Submodule ??
How find it ?

I have no clue.. sorry!

The code script from the "FearLess Cheat Engine" cannot select the,
"Health, "Health MAX" etc.
See PIC 4



PIC4.gif
 Description:
No clue ?
 Filesize:  35.93 KB
 Viewed:  22097 Time(s)

PIC4.gif


Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252

PostPosted: Tue Apr 18, 2017 8:50 pm    Post subject: Reply with quote

In the regular game you can right click in the disassembler and select 'go to address'.


Enter this into the address field and click ok:
redout-Win64-Shipping.URedoutGameInstance::GetShipNormalizedStats


If there is an error then the regular game is probably too dissimilar from the demo.

I could look at the table at Fearless but if the 2 versions are so different then it wouldn't matter much.
Back to top
View user's profile Send private message
merlin555
Newbie cheater
Reputation: 0

Joined: 18 Apr 2017
Posts: 15

PostPosted: Tue Apr 18, 2017 9:02 pm    Post subject: Reply with quote

Yes.. thats clear.
But i dont understand as i search which value,
to find the submodule.

I must have a address for going to disassembler.
I have no clue..
Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252

PostPosted: Tue Apr 18, 2017 9:22 pm    Post subject: Reply with quote

In the regular version you have to look in the module called:
redout-Win64-Shipping.URedoutGameInstance::GetShipNormalizedStats

Look for entries that load the xmm registers like these :
movss xmm7,[rax+00000C78]
movss xmm8,[rax+00000CB4]
movss xmm9,[rax+000006D0]
movss xmm10,[rax+00000790]
movss xmm11,[rax+00000818]
movss xmm12,[rax+00000C80]

Right click on those and select "find out what addresses these access" while you are looking at the car's stats in the configuration screen. You need to look for operatoins that have xmm registers on the left and brackets on the right because that tells you the bracketed relative address is being loaded into the xmm register.
Back to top
View user's profile Send private message
merlin555
Newbie cheater
Reputation: 0

Joined: 18 Apr 2017
Posts: 15

PostPosted: Tue Apr 18, 2017 10:44 pm    Post subject: Reply with quote

I found this.. see PIC 5.
But no lines with:

movss xmm7,[rax+00000C78]
movss xmm8,[rax+00000CB4]
movss xmm9,[rax+000006D0]
movss xmm10,[rax+00000790]
movss xmm11,[rax+00000818]
movss xmm12,[rax+00000C80]

Thats not easy for me.



PIC5.gif
 Description:
PIC 5
 Filesize:  46.31 KB
 Viewed:  21947 Time(s)

PIC5.gif


Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252

PostPosted: Tue Apr 18, 2017 10:56 pm    Post subject: Reply with quote

It looks like the same variables are covered there so that is probably it. What does it say below the list of variables?
Further down you should see redout-Win64-Shipping.URedoutGameInstance::GetShipNormalizedStats
+number
Look around a +number between +40 and +100.
Back to top
View user's profile Send private message
merlin555
Newbie cheater
Reputation: 0

Joined: 18 Apr 2017
Posts: 15

PostPosted: Wed Apr 19, 2017 6:07 am    Post subject: Reply with quote

First i cheating in the DEMO version,

I found the line, but in the down windows has only ??
Whats the reason ?



PIC7.gif
 Description:
PIC 7
 Filesize:  51.34 KB
 Viewed:  21886 Time(s)

PIC7.gif



PIC6.gif
 Description:
PIC 6
 Filesize:  82.08 KB
 Viewed:  21886 Time(s)

PIC6.gif


Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites