View previous topic :: View next topic |
Author |
Message |
sharpy How do I cheat? Reputation: 0
Joined: 05 Aug 2017 Posts: 4
|
Posted: Sat Aug 05, 2017 5:49 am Post subject: n64 cheat engine assistance? |
|
|
Greetings everyone,
Happy to be posting here. Hopefully my question isnt too foolish.
So I am pretty new to game hacking. I am aware of how to use cheatengine to manipulate hud, or number/point values.
I am confused about how to find something deeper, or more vague?
to be exact, I want to know how grinding works in tony hawk on n64.
I want to find out what code makes the player attach to an object while grinding.
I found the point value for grinds, I traced that, and only got 2 pointers that called on that... then I chose "find what accesses this" while grinding, got various values, but Im not really sure where to go from there...
Any help or advice is greatly appreciated.
& I apologize in advance if this is a stupid question, but I couldnt really find any tutorial covering this.
thanks ! : )
EDIT:
I suppose I should post what ive done, but its not so easy since the computer Im using cheat engine on is offline. so I have to transcribe everything that I wrote down.
so the 2 results from pointer scan was
000486C8 at offset 774, points to 540F6D84
0004863C at offset 784, points to 540F6D84
then on "write access"
7C51AD73 - 88 98 00009253 mov [eax+53920000].bl
7c51a9a4 - 89 96 00009253 mov [esi+53920000] .edx
7c549249 88 8f 00009253 mov [edi+53920000] .cl
7c570da5 89 9a 00009253 mov edx+53920000 . ebx
7c71cfed 89 9e 00009253 mov esi+53920000 .ebx
7c70e3c3 c7 81 00009253 mov ecx+53920000 .00000000
7ca281e3 c7 83 00009253 mov ebx+53920000 .00000000
7c9fda29 89 bb 00009253 mov ebx+53920000 .edi
7c9605f7 89 98 00009253 mov eax+53920000 .ebx
7c96051d 89 98 00009253 mov eax+53920000 .ebx
7c96056c c7 80 00009253 mov eax+53920000 .00000000
then on "access"
7c95e24e 8b bf 00009253 mov edi+53920000
7c9603ac 8b b6 00009253 mov esi+53920000
7ca281b4 8b bf 00009253 mov edi+53920000
7ca281e3 c7 83 00009253 mov ebx+53920000 .00000000
7ca355d5 8b b6 00009253 mov esi+ 53920000
7c9603ac 8b b6 00009253 mov esi+53920000
is this on the right track?
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Sat Aug 05, 2017 5:14 pm Post subject: |
|
|
Use ultimap.
|
|
Back to top |
|
|
sharpy How do I cheat? Reputation: 0
Joined: 05 Aug 2017 Posts: 4
|
Posted: Sun Aug 06, 2017 12:12 am Post subject: |
|
|
++METHOS wrote: | Use ultimap. |
great advice, thank you.
unfortunately it seems my computer does not support dbvm.
are there any alternatives ?
thanks again
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
|
Back to top |
|
|
sharpy How do I cheat? Reputation: 0
Joined: 05 Aug 2017 Posts: 4
|
Posted: Mon Aug 07, 2017 12:01 am Post subject: |
|
|
++METHOS wrote: | for 32bit targets only. |
beautiful, this worked. thanks.
so Im a bit confused. whenever I open the process, it asks what modules to use? but tells me it chose what looked interesting so to say... it also tries to automatically start with "overwrite object vtables". I shut this off?
I tried recording, then doing 1 grind in tony hawk, stopping recording, then filtering 1 call
with more results than I imagined. I recorded again, grinding a 2nd time. etc.
once more I grind again. etc.
upon filtering for 3 call nothing shows up except "getkeyboardlayout"
so am I looking for arg number or?
the list of 2 calls is
localfree / globalfree kernelbase.dll 0x764B at address 758C764B
localfree kernel32.dll +0x4CA64 75ECCA64
ctfimesetactivecontext msctf.dll 0x5209 77295209
ctfimeassociatefocus msctf.dll 0x52D8 772952D8
settimer user32.dll 0x152EF 775552EF
Sendmessagew user32.dll 0x15539 77555539
immgetdefaultimewnd imm32.dll 0x27F2 777627F2
immgetcontext imm32.dll 0x299D 7776299D
but since I did 3 grinds in game but didnt see a difference in filter results I imagine these arent of interest?
I apologize if my question is stupid. but I am trying to learn.
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Mon Aug 07, 2017 12:29 am Post subject: |
|
|
Since ultimap has always worked for me, I have never had to resort to using any alternatives, so I cannot offer any suggestions regarding specific settings for CDA.
That said, ultimap can look for any code that gets executed, jumps and/or calls, as well as options to isolate all monitoring to a specific module. Since you are using an emulator, presumably, it is hard to say what you will be able to accomplish. Since emulators kind of act like a wrapper, you must work within the emulator's code, as well as the possibility that the emulator may have its own, built-in debugger, this could pose some problems for you.
|
|
Back to top |
|
|
sharpy How do I cheat? Reputation: 0
Joined: 05 Aug 2017 Posts: 4
|
Posted: Mon Aug 07, 2017 1:09 am Post subject: |
|
|
++METHOS wrote: | Since ultimap has always worked for me, I have never had to resort to using any alternatives, so I cannot offer any suggestions regarding specific settings for CDA.
That said, ultimap can look for any code that gets executed, jumps and/or calls, as well as options to isolate all monitoring to a specific module. Since you are using an emulator, presumably, it is hard to say what you will be able to accomplish. Since emulators kind of act like a wrapper, you must work within the emulator's code, as well as the possibility that the emulator may have its own, built-in debugger, this could pose some problems for you. |
correct I am using pj64.
well it seems CDA is capable of doing the same thing, it can view all of pj64's modules, but it seems I just lack the understanding.
Its funny, I thought "how hard could it be to get the address for grinding" but it seems easier said than done.
a shame too because ultimap looked very promising but my computer let me down.
I suppose I will abandon this endeavor.
Thanks for the help anyway.
|
|
Back to top |
|
|
Prehistoricman Advanced Cheater Reputation: 0
Joined: 02 Aug 2016 Posts: 80
|
Posted: Mon Aug 07, 2017 7:00 am Post subject: |
|
|
I'd say you're unlikely to find anything with CDA. I tried it for an hour or so and got crashes on both the target process and CDA itself, and it offers no way of narrowing down how many calls you get presented with.
If you have a friend with an Intel PC, drop by them and ask to use it for a while.
_________________
Er, hi |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25288 Location: The netherlands
|
Posted: Mon Aug 07, 2017 8:00 am Post subject: |
|
|
what most of the people answering seem to miss is that you're trying to find out how a game works that is running inside an emulator
All their suggestions will just return information about the emulator, not the game
As for finding what you need, you need an emulator with debug options and go from there
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Mon Aug 07, 2017 8:50 am Post subject: |
|
|
++METHOS wrote: | Since you are using an emulator, presumably, it is hard to say what you will be able to accomplish. Since emulators kind of act like a wrapper, you must work within the emulator's code, as well as the possibility that the emulator may have its own, built-in debugger, this could pose some problems for you. |
|
|
Back to top |
|
|
|