 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
elsword
Cheater
![]() Reputation: 0
Joined: 05 Apr 2013
Posts: 26
|
 Posted: Wed Apr 24, 2013 7:20 pm Post subject: the art of scanning |
 |
|
hello i have some questions about scanning
i can do most basic scan now i want to learn some advanced scan with hard addresses
- let's say im playing a TPS or FPS game, i want to scan the flying speed of the ammo of my gun ( bazooka , rocket launcher etc...) is this even possible ?
- the client trace , even when i miss my target it still hit them
- attack dmg / attack speed / attack range
|
|
| Back to top |
|
 |
m0us
Newbie cheater
![]() Reputation: 0
Joined: 25 Apr 2013
Posts: 11
|
| Posted: Thu Apr 25, 2013 10:20 am Post subject: Re: the art of scanning |
|
|
| Quote: |
- let's say im playing a TPS or FPS game, i want to scan the flying speed of the ammo of my gun ( bazooka , rocket launcher etc...) is this even possible ? |
usually - this is constant values
| Quote: | - the client trace , even when i miss my target it still hit them
- attack dmg / attack speed / attack range |
of course no, but this is another level, you required to know programming and game sdk. look on source code for cheats.
typically - below is an cs16 cheat function also called "autowall". it makes a trace to allow aimbot keep target locked through walls
| Code: |
int CanPenetrate(const float *start, const float *end, float flDistance, int penetration, int bullettype, int iDamage, float wallpierce)
{
float distfrac, damagemult, distancemax, vecSrc[3], vecEnd[3], vecDir[3], length, tmpVec[3];
float tmplen, length1, length2;
pmtrace_t tr;
//struct cl_entity_s *pent;
//physent_t *pent;
int damage = iDamage, bulletvelocity, tmppen = penetration + 1;
int y = 440;
char texturetype;
vecSrc[0] = start[0];
vecSrc[1] = start[1];
vecSrc[2] = start[2];
vecEnd[0] = end[0];
vecEnd[1] = end[1];
vecEnd[2] = end[2];
// damage gets a randomlong added to it in first switch
switch (bullettype)
{
case BULLETTYPE_1:
bulletvelocity = 21;
distancemax = 800.0f;
break;
case BULLETTYPE_9:
if (cvar.wallsensitivity == 0)
damage -= 2;
else if (cvar.wallsensitivity == 2)
damage += 2;
bulletvelocity = 15;
distancemax = 500.0f;
break;
case BULLETTYPE_13:
bulletvelocity = 30;
distancemax = 1000.0f;
break;
case BULLETTYPE_11:
if (cvar.wallsensitivity == 0)
damage -= 2;
else if (cvar.wallsensitivity == 2)
damage += 2;
bulletvelocity = 39;
distancemax = 5000.0f;
break;
case BULLETTYPE_12:
if (cvar.wallsensitivity == 0)
damage -= 3;
else if (cvar.wallsensitivity == 2)
damage += 3;
bulletvelocity = 35;
distancemax = 4000.0f;
break;
case BULLETTYPE_10:
if (cvar.wallsensitivity == 0)
damage -= 4;
else if (cvar.wallsensitivity == 2)
damage += 4;
bulletvelocity = 45;
distancemax = 8000.0f;
break;
case BULLETTYPE_14:
if (cvar.wallsensitivity == 0)
damage -= 4;
else if (cvar.wallsensitivity == 2)
damage += 6;
else
damage += 1;
bulletvelocity = 30;
distancemax = 2000.0f;
break;
case BULLETTYPE_15:
if (cvar.wallsensitivity == 0)
damage -= 4;
else if (cvar.wallsensitivity == 2)
damage += 6;
else
damage += 1;
bulletvelocity = 25;
distancemax = 800.0f;
break;
default:
bulletvelocity = 0;
distancemax = 0.0f;
break;
}
//DrawHudString(40,460,255,255,255, "distancemax: %f", distancemax);
vecDir[0] = vecEnd[0] - vecSrc[0];
vecDir[1] = vecEnd[1] - vecSrc[1];
vecDir[2] = vecEnd[2] - vecSrc[2];
length = VectorLength(vecDir);
vecDir[0] /= length;
vecDir[1] /= length;
vecDir[2] /= length;
//gEngfuncs.pfnAngleVectors(me.ViewAngles, forward, right, up);
//vecDir[0] = forward[0];
//vecDir[1] = forward[1];
//vecDir[2] = forward[2];
vecEnd[0] = vecDir[0] * flDistance + vecSrc[0];
vecEnd[1] = vecDir[1] * flDistance + vecSrc[1];
vecEnd[2] = vecDir[2] * flDistance + vecSrc[2];
damagemult = 0.5f;
while (tmppen)
{
//gDrawFilledBoxAtLocation(vecSrc, 0x00FF00FF, 2);
MP_TraceLine(vecSrc, vecEnd, vecDir, -1, &tr);
texturetype = GetTextureType(&tr, vecSrc, vecEnd);
switch (texturetype)
{
case CHAR_TEX_CONCRETE:
bulletvelocity *= 0.25;
break;
case CHAR_TEX_GRATE:
bulletvelocity *= 0.5;
damagemult = 0.4f;
break;
case CHAR_TEX_METAL:
bulletvelocity *= 0.15;
damagemult = 0.2f;
break;
case CHAR_TEX_COMPUTER:
bulletvelocity *= 0.4;
break;
case CHAR_TEX_TILE:
bulletvelocity *= 0.65;
damagemult = 0.2f;
break;
case CHAR_TEX_VENT:
bulletvelocity *= 0.5;
damagemult = 0.45f;
break;
case CHAR_TEX_WOOD:
damagemult = 0.6f;
default:
break;
}
//gDrawFilledBoxAtLocation(tr.endpos, 0xFFFFFFFF, 2);
//DrawHudString(40,y+=20,255,255,255, "allsolid: %d, startsolid: %d, inopen: %d, fraction: %f", tr.allsolid, tr.startsolid, tr.inopen, tr.fraction);
if (tr.fraction != 1.0)
{
//DrawHudString(40,y+=20,255,255,255, "damagemult: %f, bulletvelocity: %d", damagemult, bulletvelocity);
tmppen--;
tmpVec[0] = tr.endpos[0] - start[0];
tmpVec[1] = tr.endpos[1] - start[1];
tmpVec[2] = tr.endpos[2] - start[2];
tmplen = VectorLength(tmpVec);
if (tmplen >= length)
{
tmpVec[0] = end[0] - vecSrc[0];
tmpVec[1] = end[1] - vecSrc[1];
tmpVec[2] = end[2] - vecSrc[2];
length1 = VectorLength(tmpVec);
tmpVec[0] = vecEnd[0] - vecSrc[0];
tmpVec[1] = vecEnd[1] - vecSrc[1];
tmpVec[2] = vecEnd[2] - vecSrc[2];
length2 = VectorLength(tmpVec);
tr.fraction = length1 / length2;
distfrac = flDistance * tr.fraction;
damage *= pow(wallpierce, distfrac * 0.002f);
return damage;
}
distfrac = flDistance * tr.fraction;
damage *= pow(wallpierce, distfrac * 0.002f);
if (distfrac > distancemax)
tmppen = 0;
// there is another test on tr.ent here but i don't see that is does anything important
//pent = gEngfuncs.GetEntityByIndex(PM_GetPhysEntInfo(tr.ent));
//pent = gEngfuncs.pEventAPI->EV_GetPhysent(tr.ent);
//DrawHudString(40,y+=20,255,255,255, "tr.ent: %d, pent: %x, damage: %d, flDistance: %f, distfrac: %f, pen: %d, textype: %c", tr.ent, pent, damage, flDistance, distfrac, tmppen, texturetype);
//if (pent)
// DrawHudString(40,y+=20,255,255,255, "solid: %d", pent->solid);
if (/*pent && pent->solid == SOLID_BSP && */tmppen)
{
//DrawHudString(40,y+=20,255,255,255, "one");
vecSrc[0] = bulletvelocity * vecDir[0] + tr.endpos[0];
vecSrc[1] = bulletvelocity * vecDir[1] + tr.endpos[1];
vecSrc[2] = bulletvelocity * vecDir[2] + tr.endpos[2];
flDistance = (flDistance - distfrac) * 0.5;
vecEnd[0] = vecDir[0] * flDistance + vecSrc[0];
vecEnd[1] = vecDir[1] * flDistance + vecSrc[1];
vecEnd[2] = vecDir[2] * flDistance + vecSrc[2];
distfrac = damage;
//if (damage > 0 && pent->info == vPlayers[index].index)
// return damage;
damage = distfrac * damagemult;
}
else
{
//DrawHudString(40,y+=20,255,255,255, "two");
vecSrc[0] = 42.0 * vecDir[0] + tr.endpos[0];
vecSrc[1] = 42.0 * vecDir[1] + tr.endpos[1];
vecSrc[2] = 42.0 * vecDir[2] + tr.endpos[2];
flDistance = (flDistance - distfrac) * 0.75;
vecEnd[0] = vecDir[0] * flDistance + vecSrc[0];
vecEnd[1] = vecDir[1] * flDistance + vecSrc[1];
vecEnd[2] = vecDir[2] * flDistance + vecSrc[2];
//if (damage > 0 && pent && pent->info == vPlayers[index].index)
// return damage;
damage *= 0.75;
}
}
else
tmppen = 0;
//if (damage > 0 && tr.ent > 0 && tr.ent < 33)
// return damage;
}
return 0;
}
|
|
|
| Back to top |
|
|
jucce
Advanced Cheater
![]() Reputation: 1
Joined: 02 Apr 2013
Posts: 99
|
| Posted: Thu Apr 25, 2013 3:00 pm Post subject: |
|
|
| In some games it's possible to change various game constants such as gravity from the console. If that's the case you could keep changing one constant in the console and use CE to scan meanwhile in order to find the memory location. Perhaps it will be possible to use this memory location even when cheats are turned off or when you aren't in control of the server settings. Of course depending on the setup all the movement calculations may be verified and calculated at the game server.
|
|
| Back to top |
|
|
elsword
Cheater
![]() Reputation: 0
Joined: 05 Apr 2013
Posts: 26
|
| Posted: Mon May 06, 2013 10:00 pm Post subject: |
|
|
i have another question
for example im having this correct pointer :
P>0123ABCD , and the correct address ( found by scanning ) 0123ABCD
pointer's offsets : "Game.exe"+0087B488
so , the question is " is there a way to find the correct offsets ( which is "Game.exe"+0087B488 ) from the address 0123ABCD ?
the purpose of this question is to find the correct offsets without scanning the whole multi leve pointer again
thanks 
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Tue May 07, 2013 2:49 am Post subject: |
|
|
1-Open memory viewer
2-press ctrl+G, type "game.exe" and press enter. CE will show a "game.exe" in bold.
3-press ctrl+M, the bold game.exe will change into an hex number (usually 400000) called the exe base.
4-Your pointer offset (0087B488) = 0123ABCD - exe base.
But of course that only works with level 0/static pointers. For multi level pointers you can't avoid the pointerscanner (or manual pointer identification).
|
|
| Back to top |
|
|
elsword
Cheater
![]() Reputation: 0
Joined: 05 Apr 2013
Posts: 26
|
| Posted: Thu May 09, 2013 8:11 am Post subject: |
|
|
more question: how to scan flash games ?
i tried scanning money , obident , health on this game but couldnt find anything valid
| Description: |
|
| Filesize: |
29.49 KB |
| Viewed: |
9501 Time(s) |
|
|
|
| Back to top |
|
|
jucce
Advanced Cheater
![]() Reputation: 1
Joined: 02 Apr 2013
Posts: 99
|
| Posted: Fri May 10, 2013 2:09 pm Post subject: |
|
|
| elsword wrote: | more question: how to scan flash games ?
i tried scanning money , obident , health on this game but couldnt find anything valid |
If you are using Firefox select the process plugin-container.exe. Also often I have more success scanning for increased/decreased value rather than exact values. Frequently the data isn't stored as straight values but 500$ could be a float like 500.00 or even stored with a multiplier like 50 or 50000. Also sometimes the relation between the values displayed and the way it is stored in memory is even more unclear, even requiring arithmetic or byte operations. And of course if the game is multiplayer it usually has protections where the real values are stored on a server.
|
|
| Back to top |
|
|
elsword
Cheater
![]() Reputation: 0
Joined: 05 Apr 2013
Posts: 26
|
|
| Back to top |
|
|
elsword
Cheater
![]() Reputation: 0
Joined: 05 Apr 2013
Posts: 26
|
| Posted: Sun May 12, 2013 9:46 pm Post subject: |
|
|
| nobody knows about this ?......
|
|
| Back to top |
|
|
jucce
Advanced Cheater
![]() Reputation: 1
Joined: 02 Apr 2013
Posts: 99
|
| Posted: Mon May 13, 2013 6:18 pm Post subject: |
|
|
| elsword wrote: | | nobody knows about this ?...... |
Are you finding anything from the game like strings and such if you search for that?
|
|
| Back to top |
|
|
HitIer
How do I cheat?
![]() Reputation: 22
Joined: 09 Feb 2013
Posts: 0
Location: Location Location Location
|
| Posted: Tue May 14, 2013 2:48 am Post subject: Re: the art of scanning |
|
|
| elsword wrote: | hello i have some questions about scanning
i can do most basic scan now i want to learn some advanced scan with hard addresses
- let's say im playing a TPS or FPS game, i want to scan the flying speed of the ammo of my gun ( bazooka , rocket launcher etc...) is this even possible ?
- the client trace , even when i miss my target it still hit them
- attack dmg / attack speed / attack range |
I think with unknown initial value, you can. but why would you
_________________
With self driving cars, CE can work in real life
| t328163 wrote: | | Your username derives from the fact that this site cannot format special characters lol. |
| t328163 wrote: |
lmfao, on reddit i'd get banned |
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
