 |
Cheat Engine The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
mgr.inz.Player I post too much
Reputation: 222
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Mon Jul 15, 2013 6:15 am Post subject: |
|
|
CE crashes? Weird....
I used aobscan. CE should freeze only for few seconds if it didn't find that array of byte.
Try 32bit cheat engine.
_________________
|
|
| Back to top |
|
 |
shadowpt Advanced Cheater
Reputation: 0
Joined: 04 Jun 2011 Posts: 82
|
Posted: Mon Jul 15, 2013 6:22 am Post subject: |
|
|
| mgr.inz.Player wrote: | CE crashes? Weird....
I used aobscan. CE should freeze only for few seconds if it didn't find that array of byte.
Try 32bit cheat engine. |
I tried both x64 and x86, the result is the same, CE stalls and then crashes.
Can't I use the address instead? (Phys_32.dll+XXXXXXXX) So far they don't change, not even after restarting the game.
|
|
| Back to top |
|
 |
Dark Byte Site Admin
Reputation: 474
Joined: 09 May 2003 Posts: 25957 Location: The netherlands
|
Posted: Mon Jul 15, 2013 6:25 am Post subject: |
|
|
ce can freeze for 10 minutes or longer depending on your cpu and memory (especially if the aob can't be found)
So if the message shows ce is frozen, just ignore it
and do an aobscanmodule for a faster scan
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping
Last edited by Dark Byte on Mon Jul 15, 2013 6:27 am; edited 1 time in total |
|
| Back to top |
|
 |
mgr.inz.Player I post too much
Reputation: 222
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Mon Jul 15, 2013 6:26 am Post subject: |
|
|
Yes, you can use Phys_32.dll+XXXXXXXX.
I used aobscan, because I don't know exact location (address).
Use movss xmm0,[eax+30] as your hack point.
@DB
Is it possible that aobscan with 113 bytes can crash CE ?
_________________
|
|
| Back to top |
|
 |
shadowpt Advanced Cheater
Reputation: 0
Joined: 04 Jun 2011 Posts: 82
|
Posted: Mon Jul 15, 2013 6:30 am Post subject: |
|
|
| mgr.inz.Player wrote: | Yes, you can use Phys_32.dll+XXXXXXXX.
I used aobscan, because I don't know exact location (address).
Use movss xmm0,[eax+30] as your hack point. |
I did, I mentioned the 3 opcodes that I tried. That one specifically sent me flying against the wall, even with 1.5 float.
---------------------------
Edit:
Ok so this is what I figure out so far.
The value that I'm changing is the X axis value (or Y, one of them as I mentioned before) which is the result of some calculations.
The vehicle has a specific incremental value that adds up or down to the total vehicle velocity.
The vehicle has X and Y axis so the game splits the incremental value according to those (where I am pointing at/where I am driving towards at)
It then takes the current speed, adds or decreases and then it ends up as the final Axis velocity.
Now what is going on here is that I am always changing the operation/value at the last part, it is always taking the current speed value, adding the increment and in the end resulting in a way bigger value than before, constantly increasing.
A simple explanation:
What the game is doing all the time (these functions are constantly running)
Speed increment + current X value = new X value
What I am doing
Speed increment + current X value *2 = new X value
So even when I am standing still it will always ramp up, ex:
0.03 + 25 * 2 = 50.03 (instead of just 25.03)
Then the function runs yet again and again and again
0.03 + 50.03 * 2 = 100.09 (this is just the 2nd time the operation is running ant it is already at the hundreds)
So what I am trying is really to find that increment value and double it up so this works as it should
0.03 * 2 + 25 = 25.06
0.03 * 2 + 25.06 = 25.12
0.03 * 2 + 25.12 = 25.18
This is how it should be.
Hope I was clear about it for a better understanding.
Last edited by shadowpt on Mon Jul 15, 2013 6:46 am; edited 2 times in total |
|
| Back to top |
|
 |
Dark Byte Site Admin
Reputation: 474
Joined: 09 May 2003 Posts: 25957 Location: The netherlands
|
Posted: Mon Jul 15, 2013 6:36 am Post subject: |
|
|
| Quote: |
@DB
Is it possible that aobscan with 113 bytes can crash CE ? |
I really doubt it. At most a very long freeze causing ce's gui to go unresponsive and stops rendering(blank parts) with the text "this program is not responding" in the caption (some people think that's the same as a crash)
If the system's cpu is being eaten up by the game, it can take a while
And try different values, e.g: 0.5 instead of 1.5
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
 |
mgr.inz.Player I post too much
Reputation: 222
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Mon Jul 15, 2013 6:46 am Post subject: |
|
|
Sorry, off topic
@DB, hmm something weird
This works:
aobscan(aob,8B 46 40 F3 0F 10 40 30 F3 0F 58 86 94 00 00 00 F3 0F)
But this doesn't
aobscanmodule(aob,'calc.exe',8B 46 40 F3 0F 10 40 30 F3 0F 58 86 94 00 00 00 F3 0F)
(on calc.exe process)
@shadowpt
Just give me exact address of movss xmm0,[eax+30]
My script (the one which doesn't work for you, because CE freezes)
Works like this:
new speed X = SpeedXDetla *1.5 + current Speed X
new speed Y = SpeedYDetla *1.5 + current Speed Y
new speed Z = SpeedZDetla *1.5 + current Speed Z
_________________
Last edited by mgr.inz.Player on Mon Jul 15, 2013 6:50 am; edited 1 time in total |
|
| Back to top |
|
 |
shadowpt Advanced Cheater
Reputation: 0
Joined: 04 Jun 2011 Posts: 82
|
Posted: Mon Jul 15, 2013 6:49 am Post subject: |
|
|
| Dark Byte wrote: | | Quote: |
@DB
Is it possible that aobscan with 113 bytes can crash CE ? |
I really doubt it. At most a very long freeze causing ce's gui to go unresponsive and stops rendering(blank parts) with the text "this program is not responding" in the caption (some people think that's the same as a crash)
If the system's cpu is being eaten up by the game, it can take a while
And try different values, e.g: 0.5 instead of 1.5 |
Please read my last edit, it explains why no matter what float value I use it will not work as we expect.
In case of your suggestion it would be like this
0.03+25*0.5=12.8
Effectively slowing it down to a halt and it is indeed what really happens when I use that value in the game.
PS: I already said it but this is never said enough times, I really appreciate all your help you have been giving.
@mgr.inz.Player
The correct address for that OPcode is Phys_x86.dll+1D7C55
Last edited by shadowpt on Mon Jul 15, 2013 6:56 am; edited 2 times in total |
|
| Back to top |
|
 |
Dark Byte Site Admin
Reputation: 474
Joined: 09 May 2003 Posts: 25957 Location: The netherlands
|
Posted: Mon Jul 15, 2013 6:53 am Post subject: |
|
|
mgr.inz.player:
this works:
| Code: |
aobscanmodule(aob,calc.exe,8B 46 40 F3 0F 10 40 30 F3 0F 58 86 94 00 00 00 F3 0F)
|
(Note that modules that have a , in their name will cause problems... )
shadowpt but what about very precise values?
I assume 1.0 works as expected ? (normal speed?)
then what about 1.0000000001 ?
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
 |
mgr.inz.Player I post too much
Reputation: 222
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Mon Jul 15, 2013 7:06 am Post subject: |
|
|
try this (without aobscan)
Then, try changing 1.5 to something smaller: 1.001, 1.0001, and finally 1.0
(after editing AA script you have to disable and then enable it again)
| Description: |
|
 Download |
| Filename: |
alterspeeddelta.CT |
| Filesize: |
1.13 KB |
| Downloaded: |
1599 Time(s) |
_________________
Last edited by mgr.inz.Player on Mon Jul 15, 2013 7:07 am; edited 1 time in total |
|
| Back to top |
|
 |
shadowpt Advanced Cheater
Reputation: 0
Joined: 04 Jun 2011 Posts: 82
|
Posted: Mon Jul 15, 2013 7:07 am Post subject: |
|
|
| Dark Byte wrote: | mgr.inz.player:
this works:
| Code: |
aobscanmodule(aob,calc.exe,8B 46 40 F3 0F 10 40 30 F3 0F 58 86 94 00 00 00 F3 0F)
|
(Note that modules that have a , in their name will cause problems... )
shadowpt but what about very precise values?
I assume 1.0 works as expected ? (normal speed?)
then what about 1.0000000001 ? |
Yes 1.0 works for normal speed, it is the same as if it wasn't there.
If I use precise values the same happens, just slower at start. Instead of just flying against the wall I drive normally for a bit and eventually wooosh, I am a smudge on the wall again.
Edit: Wait, no, I will report exactly that back.
Edit2: Well that worked perfectly! I was using 1.5 before and it was too fast, using smaller 1.0001 did the trick! now I only need to put a limiter and I tried this suggestion
| mgr.inz.Player wrote: | So, you have to add upper limit.
| Code: | sub esp,04
mov [esp],(float)2.0
mulss xmm0,[esp]
add esp,04
movss [eax+30],xmm0
cmp dword ptr [eax+30],(float)400
jb donotadjust
mov dword ptr [eax+30],(float)400
donotadjust: |
|
But it gives me an error "jb donotadjust This instruction can't be compiled", any thoughts?
|
|
| Back to top |
|
 |
mgr.inz.Player I post too much
Reputation: 222
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Mon Jul 15, 2013 7:48 am Post subject: |
|
|
This instruction can't be compiled - because you must initialize it with label(donotadjust) at the beginning.
"Well that worked perfectly"
Could you be more specific? Which script worked perfectly? Latest alterspeeddelta.CT ?
And, this isn't that easy. Vehicle (hero, projectiles, etc) speed is a vector.
Vector consists of three scalars (3D games) or two scalars (2D games).
So, in our case we have to limit "vector length", that is:
SQRT(SpeedX*SpeedX + SpeedY*SpeedY + SpeedZ*SpeedZ) must be smaller than "upper limit".
_________________
|
|
| Back to top |
|
 |
shadowpt Advanced Cheater
Reputation: 0
Joined: 04 Jun 2011 Posts: 82
|
Posted: Mon Jul 15, 2013 7:59 am Post subject: |
|
|
| mgr.inz.Player wrote: | This instruction can't be compiled - because you must initialize it with label(donotadjust) at the beginning.
"Well that worked perfectly"
Could you be more specific? Which script worked perfectly? Latest alterspeeddelta.CT ?
And, this isn't that easy. Vehicle (hero, projectiles, etc) speed is a vector.
Vector consists of three scalars (3D games) or two scalars (2D games).
So, in our case we have to limit "vector length", that is:
SQRT(SpeedX*SpeedX + SpeedY*SpeedY + SpeedZ*SpeedZ) must be smaller than "upper limit". |
Your first suggestion worked perfectly with the float set at 1.0001
This one
| Code: | sub esp,04
mov [esp],(float)2.0
mulss xmm0,[esp]
add esp,04
movss [eax+30],xmm0 |
So how can I do the vector length limit in your code?
BTW this is what currently is working for me, the script that I am using:
| Code: | [ENABLE]
//Speedhack
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem6,2048) //2kb should be enough
label(returnhere6)
label(originalcode6)
label(exit6)
newmem6: //this is allocated memory, you have read,write,execute access
//place your code here
sub esp,04
mov [esp],(float)1.015
mulss xmm0,[esp]
add esp,04
movss [eax+48],xmm0
originalcode6:
movss [eax+48],xmm0
exit6:
jmp returnhere6
"Phys_x86.dll"+1D7Caf:
jmp newmem6
returnhere6:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem6)
"Phys_x86.dll"+1D7Caf:
movss [eax+48],xmm0
//Alt: db F3 0F 11 86 C8 00 00 00
|
the "6" is just a script differentiator, it has to be applied to the 6 xmm codes there so I just made 6 different scripts for each opcode that is responsible for the movements. (maybe they are X+ X- Y+ Y- Z+ Z- I have no idea)
|
|
| Back to top |
|
 |
mgr.inz.Player I post too much
Reputation: 222
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Mon Jul 15, 2013 8:41 am Post subject: |
|
|
So, when I asked for address for
movss xmm0,[eax+30]
you gave me address for movss [eax+30],xmm0
This is why my latest alterspeeddelta.CT doesn't work
_________________
|
|
| Back to top |
|
 |
shadowpt Advanced Cheater
Reputation: 0
Joined: 04 Jun 2011 Posts: 82
|
Posted: Mon Jul 15, 2013 8:55 am Post subject: |
|
|
| mgr.inz.Player wrote: | So, when I asked for address for
movss xmm0,[eax+30]
you gave me address for movss [eax+30],xmm0
This is why my latest alterspeeddelta.CT doesn't work |
Oh I'm so sorry! Dislexic moment :/
|
|
| Back to top |
|
 |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|