Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Alien vs Predator 2010

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
omermiz
How do I cheat?
Reputation: 0

Joined: 28 Feb 2010
Posts: 1

PostPosted: Sun Feb 28, 2010 11:42 am    Post subject: Alien vs Predator 2010 Reply with quote

Hey guys, I'm new here and I'm also pretty new in the world of cheat engine.
I'm currently trying to find the static addresses for ammo in AvP 2010 (Razor cracked version) with no luck. The problem is that I can't find the static pointers! I don't know what I'm doing wrong. I found the ammo address, then I searched what was writing to that address, searched for the address that cheat engine told me, and added pointer and I continued doing that until I get into a loop that always points to the same address.
plz help!
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 110

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Tue Mar 02, 2010 6:38 pm    Post subject: Reply with quote

You don't really need a pointer. Just find the code which is decreasing the ammo and replace it with a code that does nothing. The code which is decreasing the ammo does not change any other value, at least I did not see anything else. I have made a table for it and it was working perfectly.

So if You have done it correctly, You have found this code:

AvP.exe+3A8752 movss [ecx+10],xmm0

You need to click on it with right click and choose "replace with code that does nothing". This way Your ammo will not decrease at all.
Back to top
View user's profile Send private message
ZFE H4XX0R
How do I cheat?
Reputation: 0

Joined: 03 Mar 2010
Posts: 7

PostPosted: Wed Mar 03, 2010 8:39 am    Post subject: Reply with quote

Hey Geri, thanks for this but i want to create it by myself Smile.
can u make me a tutorial how to find this code

AvP.exe+3A8752 movss [ecx+10],xmm0

I found 21 adresess after 3 scans with the same value

When I click on "Find out what writes to this address" address 009860B8 says the debugger 006CEFFA - a3 b8 60 98 00 - mov [009860b8], eax and all other addresses shows
00615B82 - 89 7e 48 - mov [esi +48] , edi
after a shoot :/

I can make a Trainer with your .CT but i will make by myself Smile

Thank you in advance
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 110

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Wed Mar 03, 2010 10:41 am    Post subject: Reply with quote

I have searched for the value which shows how much ammo You have in the clip. It is a float value and if You search for it a few times, You will have a few addresses only (about 4 but I don't really remember). You need to check them one by one by freezing them and check if You have unlimited ammo. If not, the address You have found is not the correct.
Well this is easy enough, anyone with basic knowledge should do that.

If You have the correct address, now find out what writes to it when You dercease the ammo. You will have a few codes and the one that I have mentioned should be one of them. So You turn it off and that is all.

By the way if You use an older version than CE 5.6, the code's address will be displayed in another way not like AvP.exe+3A8752 , but the code will be the same.
Back to top
View user's profile Send private message
ZFE H4XX0R
How do I cheat?
Reputation: 0

Joined: 03 Mar 2010
Posts: 7

PostPosted: Wed Mar 03, 2010 3:53 pm    Post subject: Reply with quote

Thaaanks Geri Mr. Green I understand it now You are the Man^^

But most of my trainers does not work after the game restart (Crysis & Sandbox 2) Sad
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 110

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Wed Mar 03, 2010 11:22 pm    Post subject: Reply with quote

I did not try to make cheats for Crysis or Sandbox 2 (I did not even play the last one) so I am not sure what could be the problem in these exact cases. If You are using pointers etc, it might happen that they will not work later. That is why I always write small assembly scripts instead of pointers. Sometimes like in this case, it is even enough to turn off the mentioned code, but sometimes it is a bit more challenging. However it works much better for me as the pointers, since in most of the games, the code will never change.

For example if You want to make a god mode for AVP, You may try to find pointers for health etc, but I have made a script for it instead. Unfortunately pointers are not reliable at all.
If You know a bit about assembly, it is easy to understand but it will be difficult for first if You are new in this.

Since You have seen some codes already, You have surely noticed the registers, eax, ecx...
These registers are needed to store values for the program but there is only a few of them so they do not work as addresses which is storing some specific value but as temporary storages for values only.
Lets see this code:

AvP.exe+3A8752 movss [ecx+10],xmm0

In this case, the instruction is the following:
Copy the value of the ammo (which is stored on xmm0) to [ecx+10] address. [ecx+10] is the address where Your ammo is stored. So when You disable this code, the result will be that the value of the ammo will not be updated with the new value and You will have unlimited ammo.

I am not sure if this makes any sense for You right now.
Back to top
View user's profile Send private message
ZFE H4XX0R
How do I cheat?
Reputation: 0

Joined: 03 Mar 2010
Posts: 7

PostPosted: Thu Mar 04, 2010 2:39 am    Post subject: Reply with quote

God talks to me Mr. Green

i will try it out, you are great Geri Smile

Ok when my Trainer dont work after game restart i need to find the static pointer right? Rolling Eyes
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 110

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Thu Mar 04, 2010 10:38 am    Post subject: This post has 1 review(s) Reply with quote

I dont really believe in God but if You say that He is talking to You, than I am sure He does! Smile Smile

Well to the point. Most of the games are using dynamic addresses which means that the addresses are changing if You restart the game, or load another level in the game etc.
You may try to find a pointer for the value, but You also need to know that pointers are not really static. It may work on Your computer but guess what, when You reinstall the game or You try it on another computer, most likely it will not work, since the pointers will be on another address. This way Your trainer will not really work for others or even for Yourself later.

What You need to do in most cases is to find a code that is writing or accessing to the address that You wish to manipulate. For example lets see a very basic code. Assume that this code's purpose is to decrease some value. What You need for a basic assembly code in this case is some basic instructions, registers, and at least an address. As I have said think about registers a few box, which can store any value. The program will use these registers to work with values. Why is that needed?

In assembly, You are not able to use 2 address in one instruction to do it.
For example lets assume that the address of health is 001E and You wish to decrease it with a number which is the damage. You cant just store the value of the damage in another address, since You are NOT able to use it like this:

sub [001E],[0020] //this is absolutely invalid and it will NOT work

To do it right, here is the god mode script for the AVP:

pushfd
cmp [esi+08],0
je +5
movss [esi+34],xmm0
popfd

Now lets check out what this does exactly and why it does it.
The code which is decreasing the health of everyone, inlcuding You and the enemy is this:

movss [esi+34],xmm0

The parts of this code:

movss is copying a value from the second operand to the first, in this case, it will copy xmm0 to [esi+34]

xmm0 is a register which stores the value of Your new health. It is counted by checking Your health, decreasing with the damage You have taken thus counting how much health You would have after that and finally: updating the new value which is stored on xmm0 with the new.

[esi+34] is the address of the health of the character and this is very important to see how it works. As You know, esi is a register, it can store any value that it needs for the code at the moment when this code is running. This code is changing all charachters health including You and the enemy, so of course it is not a static address, since esi is always another value. If it is decreasing Your enemy's health, it is the enemy's address and if it is decreasing Your health, then esi is related to Your character. Of course one character has many information and they have to start and end somewhere. The starting point where Your characters information will start is the value which is stored in esi and amongst the many information about Your character, on the 34 byte, it is the health of the character. That is why the address of the character's health is [esi+34]

So lets assume that is looking like this:

00004000 here is starting Your characters data
00004004 some unimportant stuff about Your character blabla
...
00004034 the health of Your character
... other stuffs behind that

In this case, the program would give 00004000 value to esi and [esi+34] is 00004034 address which is the address where Your charaters health is stored.

Do we want to know the exact address where Your health is stored? No. We dont give a shit, it will be calculated by the program all the time anyway, all we know is that in this part of the code, we can refer to the health's address as [esi+34] and we can do anything with it.
Like You want to make the program to kill anything that is taking some damage? Then You need only one more line in the code:

movss [esi+34],xmm0 //it will store the new health after the damage on the address of the health as it should be

mov [esi+34],0 //it will copy 0 value to the address of health

So what this does exactly? Updating the health of the characters as it would do originally but as a next step, by the way, it will write the value of the health to 0 thus killing the character.
This one extra line would be an instant kill script which would kill every character as soon as it takes any damage (including You). Did we know the addresses of the characters? All we know that wherever it is, it is [esi+34], the program know where it is and do its job with it.

So if You understood this part You know that using assembly, You dont use the addresses and pointers. When this code is running, the address is simply calculated by the program all the time and Your code can use this to Your advantage.

Well back to the original script, we know that esi is an address where the characters information are stored and I tell You one more thing, while [esi+34] is the address of Your health, [esi+08] shows if the character is Yours or not. If the value on [esi+08] address is 0, then the character is Yours, if it is not zero, than it is another character.

pushfd //this code will save the flags
cmp [esi+08],0 //this instruction is checking if [esi+08] is equal to 0
je +5 //if it is equal, then jump over the next line
movss [esi+34],xmm0 //update the health as usual
popfd //load the flags

I would not go in details with the flags at this point, it is another long story.

I suspect "cmp [esi+08],0" instruction is clear, it is checking if [esi+08] is equal to 0 or not.

je +5 means jump if the previous comparison shows Equal and do not jump if it is not equal. If [esi+08] is 0 it means that the character is You and of course You dont want to update Your health with the decreased value, however if it is not 0, it means it is another character and of course You want the program to work normally and do not jump over the code which is updating the health.

So what will happen if it is You:

cmp [esi+08],0 //checking [esi+08], it is equal to 0, it is Your character
je +5 //Yes the comparison shows equal, then jump over the next line
movss [esi+34],xmm0 //this code is skipped like it would not exist, thus You are invulnerable

What happens if the character is not You:

cmp [esi+08],0 //checking [esi+08], it is NOT equal to 0, it is NOT You
je +5 //NO the comparison shows NOT equal, so do not jump over the next line
movss [esi+34],xmm0 //update the health as it should originally

So in short: This small script is disabling the code which is decreasing the health for You, but not for the enemy.

That is all, without any single static address or pointer, we have managed to control all of the characters healths without even knowing them where they are exactly.

Want to do more like God mode + Instant kill? Only one more line is needed in the script:

pushfd //save flags
cmp [esi+08],0 //compare if it is You
je +0C //if it is You, jump the following 2 lines
movss [esi+34],xmm0 //decrease health
mov [esi+34],0 //write health to 0 thus killing the bastard
popfd //load flags


So as You can see, with a few basic instructions, You can do much more than using pointers it is not just better, it has much more possibilities since You can work with any characters health by simply referring to it as the program does, [esi+34] .

That is all I think, if You have managed to understand it which may not be easy at first but useful to know, most likely You will not use pointers again but You will learn to write these simple or in some cases not so simple scripts.
Back to top
View user's profile Send private message
ZFE H4XX0R
How do I cheat?
Reputation: 0

Joined: 03 Mar 2010
Posts: 7

PostPosted: Thu Mar 04, 2010 3:08 pm    Post subject: Reply with quote

Thanks for the help Geri my Sandbox & Crysis trainer works yet Smile
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 110

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Thu Mar 04, 2010 3:44 pm    Post subject: Reply with quote

yw

Its really fun to mess up things, damn aliens will learn to fear. Cool
Back to top
View user's profile Send private message
ZFE H4XX0R
How do I cheat?
Reputation: 0

Joined: 03 Mar 2010
Posts: 7

PostPosted: Fri Mar 05, 2010 2:50 am    Post subject: Reply with quote

xD ohhh yeahhhh Cool
Back to top
View user's profile Send private message
ZFE H4XX0R
How do I cheat?
Reputation: 0

Joined: 03 Mar 2010
Posts: 7

PostPosted: Thu Mar 18, 2010 2:34 am    Post subject: Reply with quote

Hey Geri new Update was out. I can find only Infinite Ammo Code Sad

I use now SKIDROW.CRACKFIX for Update 1 & 2

I hate this updates, can you help me?

NOTE: The infinite Ammo works Online xD Cool
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 110

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Sun Apr 18, 2010 4:07 pm    Post subject: Reply with quote

Sorry, but I do not use patches usually so I am still playing with the basic version. But if You find the address of the codes in the new version, You only need to change it in my script and most likely it will work.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites