|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
omermiz How do I cheat? Reputation: 0
Joined: 28 Feb 2010 Posts: 1
|
Posted: Sun Feb 28, 2010 11:42 am Post subject: Alien vs Predator 2010 |
|
|
Hey guys, I'm new here and I'm also pretty new in the world of cheat engine.
I'm currently trying to find the static addresses for ammo in AvP 2010 (Razor cracked version) with no luck. The problem is that I can't find the static pointers! I don't know what I'm doing wrong. I found the ammo address, then I searched what was writing to that address, searched for the address that cheat engine told me, and added pointer and I continued doing that until I get into a loop that always points to the same address.
plz help!
|
|
Back to top |
|
|
Geri Moderator Reputation: 111
Joined: 05 Feb 2010 Posts: 5636
|
Posted: Tue Mar 02, 2010 6:38 pm Post subject: |
|
|
You don't really need a pointer. Just find the code which is decreasing the ammo and replace it with a code that does nothing. The code which is decreasing the ammo does not change any other value, at least I did not see anything else. I have made a table for it and it was working perfectly.
So if You have done it correctly, You have found this code:
AvP.exe+3A8752 movss [ecx+10],xmm0
You need to click on it with right click and choose "replace with code that does nothing". This way Your ammo will not decrease at all.
|
|
Back to top |
|
|
ZFE H4XX0R How do I cheat? Reputation: 0
Joined: 03 Mar 2010 Posts: 7
|
Posted: Wed Mar 03, 2010 8:39 am Post subject: |
|
|
Hey Geri, thanks for this but i want to create it by myself .
can u make me a tutorial how to find this code
AvP.exe+3A8752 movss [ecx+10],xmm0
I found 21 adresess after 3 scans with the same value
When I click on "Find out what writes to this address" address 009860B8 says the debugger 006CEFFA - a3 b8 60 98 00 - mov [009860b8], eax and all other addresses shows
00615B82 - 89 7e 48 - mov [esi +48] , edi
after a shoot :/
I can make a Trainer with your .CT but i will make by myself
Thank you in advance
|
|
Back to top |
|
|
Geri Moderator Reputation: 111
Joined: 05 Feb 2010 Posts: 5636
|
Posted: Wed Mar 03, 2010 10:41 am Post subject: |
|
|
I have searched for the value which shows how much ammo You have in the clip. It is a float value and if You search for it a few times, You will have a few addresses only (about 4 but I don't really remember). You need to check them one by one by freezing them and check if You have unlimited ammo. If not, the address You have found is not the correct.
Well this is easy enough, anyone with basic knowledge should do that.
If You have the correct address, now find out what writes to it when You dercease the ammo. You will have a few codes and the one that I have mentioned should be one of them. So You turn it off and that is all.
By the way if You use an older version than CE 5.6, the code's address will be displayed in another way not like AvP.exe+3A8752 , but the code will be the same.
|
|
Back to top |
|
|
ZFE H4XX0R How do I cheat? Reputation: 0
Joined: 03 Mar 2010 Posts: 7
|
Posted: Wed Mar 03, 2010 3:53 pm Post subject: |
|
|
Thaaanks Geri I understand it now You are the Man^^
But most of my trainers does not work after the game restart (Crysis & Sandbox 2)
|
|
Back to top |
|
|
Geri Moderator Reputation: 111
Joined: 05 Feb 2010 Posts: 5636
|
Posted: Wed Mar 03, 2010 11:22 pm Post subject: |
|
|
I did not try to make cheats for Crysis or Sandbox 2 (I did not even play the last one) so I am not sure what could be the problem in these exact cases. If You are using pointers etc, it might happen that they will not work later. That is why I always write small assembly scripts instead of pointers. Sometimes like in this case, it is even enough to turn off the mentioned code, but sometimes it is a bit more challenging. However it works much better for me as the pointers, since in most of the games, the code will never change.
For example if You want to make a god mode for AVP, You may try to find pointers for health etc, but I have made a script for it instead. Unfortunately pointers are not reliable at all.
If You know a bit about assembly, it is easy to understand but it will be difficult for first if You are new in this.
Since You have seen some codes already, You have surely noticed the registers, eax, ecx...
These registers are needed to store values for the program but there is only a few of them so they do not work as addresses which is storing some specific value but as temporary storages for values only.
Lets see this code:
AvP.exe+3A8752 movss [ecx+10],xmm0
In this case, the instruction is the following:
Copy the value of the ammo (which is stored on xmm0) to [ecx+10] address. [ecx+10] is the address where Your ammo is stored. So when You disable this code, the result will be that the value of the ammo will not be updated with the new value and You will have unlimited ammo.
I am not sure if this makes any sense for You right now.
|
|
Back to top |
|
|
ZFE H4XX0R How do I cheat? Reputation: 0
Joined: 03 Mar 2010 Posts: 7
|
Posted: Thu Mar 04, 2010 2:39 am Post subject: |
|
|
God talks to me
i will try it out, you are great Geri
Ok when my Trainer dont work after game restart i need to find the static pointer right?
|
|
Back to top |
|
|
Geri Moderator Reputation: 111
Joined: 05 Feb 2010 Posts: 5636
|
Posted: Thu Mar 04, 2010 10:38 am Post subject: |
|
|
I dont really believe in God but if You say that He is talking to You, than I am sure He does!
Well to the point. Most of the games are using dynamic addresses which means that the addresses are changing if You restart the game, or load another level in the game etc.
You may try to find a pointer for the value, but You also need to know that pointers are not really static. It may work on Your computer but guess what, when You reinstall the game or You try it on another computer, most likely it will not work, since the pointers will be on another address. This way Your trainer will not really work for others or even for Yourself later.
What You need to do in most cases is to find a code that is writing or accessing to the address that You wish to manipulate. For example lets see a very basic code. Assume that this code's purpose is to decrease some value. What You need for a basic assembly code in this case is some basic instructions, registers, and at least an address. As I have said think about registers a few box, which can store any value. The program will use these registers to work with values. Why is that needed?
In assembly, You are not able to use 2 address in one instruction to do it.
For example lets assume that the address of health is 001E and You wish to decrease it with a number which is the damage. You cant just store the value of the damage in another address, since You are NOT able to use it like this:
sub [001E],[0020] //this is absolutely invalid and it will NOT work
To do it right, here is the god mode script for the AVP:
pushfd
cmp [esi+08],0
je +5
movss [esi+34],xmm0
popfd
Now lets check out what this does exactly and why it does it.
The code which is decreasing the health of everyone, inlcuding You and the enemy is this:
movss [esi+34],xmm0
The parts of this code:
movss is copying a value from the second operand to the first, in this case, it will copy xmm0 to [esi+34]
xmm0 is a register which stores the value of Your new health. It is counted by checking Your health, decreasing with the damage You have taken thus counting how much health You would have after that and finally: updating the new value which is stored on xmm0 with the new.
[esi+34] is the address of the health of the character and this is very important to see how it works. As You know, esi is a register, it can store any value that it needs for the code at the moment when this code is running. This code is changing all charachters health including You and the enemy, so of course it is not a static address, since esi is always another value. If it is decreasing Your enemy's health, it is the enemy's address and if it is decreasing Your health, then esi is related to Your character. Of course one character has many information and they have to start and end somewhere. The starting point where Your characters information will start is the value which is stored in esi and amongst the many information about Your character, on the 34 byte, it is the health of the character. That is why the address of the character's health is [esi+34]
So lets assume that is looking like this:
00004000 here is starting Your characters data
00004004 some unimportant stuff about Your character blabla
...
00004034 the health of Your character
... other stuffs behind that
In this case, the program would give 00004000 value to esi and [esi+34] is 00004034 address which is the address where Your charaters health is stored.
Do we want to know the exact address where Your health is stored? No. We dont give a shit, it will be calculated by the program all the time anyway, all we know is that in this part of the code, we can refer to the health's address as [esi+34] and we can do anything with it.
Like You want to make the program to kill anything that is taking some damage? Then You need only one more line in the code:
movss [esi+34],xmm0 //it will store the new health after the damage on the address of the health as it should be
mov [esi+34],0 //it will copy 0 value to the address of health
So what this does exactly? Updating the health of the characters as it would do originally but as a next step, by the way, it will write the value of the health to 0 thus killing the character.
This one extra line would be an instant kill script which would kill every character as soon as it takes any damage (including You). Did we know the addresses of the characters? All we know that wherever it is, it is [esi+34], the program know where it is and do its job with it.
So if You understood this part You know that using assembly, You dont use the addresses and pointers. When this code is running, the address is simply calculated by the program all the time and Your code can use this to Your advantage.
Well back to the original script, we know that esi is an address where the characters information are stored and I tell You one more thing, while [esi+34] is the address of Your health, [esi+08] shows if the character is Yours or not. If the value on [esi+08] address is 0, then the character is Yours, if it is not zero, than it is another character.
pushfd //this code will save the flags
cmp [esi+08],0 //this instruction is checking if [esi+08] is equal to 0
je +5 //if it is equal, then jump over the next line
movss [esi+34],xmm0 //update the health as usual
popfd //load the flags
I would not go in details with the flags at this point, it is another long story.
I suspect "cmp [esi+08],0" instruction is clear, it is checking if [esi+08] is equal to 0 or not.
je +5 means jump if the previous comparison shows Equal and do not jump if it is not equal. If [esi+08] is 0 it means that the character is You and of course You dont want to update Your health with the decreased value, however if it is not 0, it means it is another character and of course You want the program to work normally and do not jump over the code which is updating the health.
So what will happen if it is You:
cmp [esi+08],0 //checking [esi+08], it is equal to 0, it is Your character
je +5 //Yes the comparison shows equal, then jump over the next line
movss [esi+34],xmm0 //this code is skipped like it would not exist, thus You are invulnerable
What happens if the character is not You:
cmp [esi+08],0 //checking [esi+08], it is NOT equal to 0, it is NOT You
je +5 //NO the comparison shows NOT equal, so do not jump over the next line
movss [esi+34],xmm0 //update the health as it should originally
So in short: This small script is disabling the code which is decreasing the health for You, but not for the enemy.
That is all, without any single static address or pointer, we have managed to control all of the characters healths without even knowing them where they are exactly.
Want to do more like God mode + Instant kill? Only one more line is needed in the script:
pushfd //save flags
cmp [esi+08],0 //compare if it is You
je +0C //if it is You, jump the following 2 lines
movss [esi+34],xmm0 //decrease health
mov [esi+34],0 //write health to 0 thus killing the bastard
popfd //load flags
So as You can see, with a few basic instructions, You can do much more than using pointers it is not just better, it has much more possibilities since You can work with any characters health by simply referring to it as the program does, [esi+34] .
That is all I think, if You have managed to understand it which may not be easy at first but useful to know, most likely You will not use pointers again but You will learn to write these simple or in some cases not so simple scripts.
|
|
Back to top |
|
|
ZFE H4XX0R How do I cheat? Reputation: 0
Joined: 03 Mar 2010 Posts: 7
|
Posted: Thu Mar 04, 2010 3:08 pm Post subject: |
|
|
Thanks for the help Geri my Sandbox & Crysis trainer works yet
|
|
Back to top |
|
|
Geri Moderator Reputation: 111
Joined: 05 Feb 2010 Posts: 5636
|
Posted: Thu Mar 04, 2010 3:44 pm Post subject: |
|
|
yw
Its really fun to mess up things, damn aliens will learn to fear.
|
|
Back to top |
|
|
ZFE H4XX0R How do I cheat? Reputation: 0
Joined: 03 Mar 2010 Posts: 7
|
Posted: Fri Mar 05, 2010 2:50 am Post subject: |
|
|
xD ohhh yeahhhh
|
|
Back to top |
|
|
ZFE H4XX0R How do I cheat? Reputation: 0
Joined: 03 Mar 2010 Posts: 7
|
Posted: Thu Mar 18, 2010 2:34 am Post subject: |
|
|
Hey Geri new Update was out. I can find only Infinite Ammo Code
I use now SKIDROW.CRACKFIX for Update 1 & 2
I hate this updates, can you help me?
NOTE: The infinite Ammo works Online xD
|
|
Back to top |
|
|
Geri Moderator Reputation: 111
Joined: 05 Feb 2010 Posts: 5636
|
Posted: Sun Apr 18, 2010 4:07 pm Post subject: |
|
|
Sorry, but I do not use patches usually so I am still playing with the basic version. But if You find the address of the codes in the new version, You only need to change it in my script and most likely it will work.
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|