 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
zm0d
Master Cheater
 Reputation: 7
Joined: 06 Nov 2013
Posts: 423
|
 Posted: Tue Nov 12, 2013 5:37 am Post subject: 2D-Game Coords (X,Y) |
 |
|
Hi all,
i want to go on with something more difficult, than just set some Health, Ammo, etc. A friend of me showed me a game named Intake a few days ago... Its simple... some pills fall down from the top window border and you have to shoot'em. A game you find like sand on the beach.
Well, i want to make an aimbot for this mini game.
In my opinion i have to find out the location of the objects, that fall from above (objects=different kind of pills) and my crosshair position. Then look for the closest target to my crosshair position and move it right on the pill.
So far, so "simple"... but how to begin with it?
BTW: I looked up some Tutorials with Coord-Finding in CE. But they all were with some kind of radar, that provided some value (x,y,(z) position).
In this case I don't have a thing like a radar.
|
|
| Back to top |
|
 |
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Tue Nov 12, 2013 11:49 am Post subject: Re: 2D-Game Coords (X,Y) |
|
|
| zm0d wrote: | | In my opinion i have to find out the location of the objects, that fall from above (objects=different kind of pills) and my crosshair position. Then look for the closest target to my crosshair position and move it right on the pill. |
I think it'd be better (and simpler to code) to look for the pill that is closest to the bottom of the screen.
| zm0d wrote: | | So far, so "simple"... but how to begin with it? |
1-Start by giving a hotkey to the pause game function (cheat engine->settings->hotkeys->pause the selected process).
2.0-Hack you crosshair's position, ie: put the cross in the middle of the screen, pause process, scan with unknown initial value, unpause game, move cursor to the right, pause, search for increased value, unpause, move cursor to the left, decreased value...
2.1-If that doesn't work, swap "increased value" and "decreased value" scans.
2.2-Once you've got the horizontal position, see if the 4 bytes immediately before or after it represent the vertical position. If it's not the case, apply 2.0+2.1 when moving cursor up/down instead of left/right.
2.3-Find out what access CrosshairX and CrosshairY, right click on the result windows->"check if found opcodes also...", play a bit, and note the content of the result windows. Now can now deactivate "check if found opcodes also...".
3.0-Same thing as the 2.x except that you're applying it to a pill. If horizontal position was just before/after vertical position for the crosshair, it'll be the same for the pills.
3.1-You don't need to "check if found opcodes also..." for pill position.
4-The rest is a bit of asm coding... If you want me to do it for you, I'll need the 5-10 lines of code (address+bytes+opcodes) around the:
-opcode that accesses CrosshairX and has the highest hitcount but only accesses 1 address (it ends with "(1)").
-opcode that accesses CrosshairY and has the highest hitcount but only accesses 1 address (it ends with "(1)").
-opcode that accesses PillX and has the highest hitcount.
-opcode that accesses PillY and has the highest hitcount.
Also does CrosshairY=0 mean bottom or top of the screen?
| zm0d wrote: | | In this case I don't have a thing like a radar. |
In this case your "radar" is the main game screen.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
zm0d
Master Cheater
Reputation: 7
Joined: 06 Nov 2013
Posts: 423
|
| Posted: Tue Nov 12, 2013 4:57 pm Post subject: |
|
|
| Gniarf wrote: | | I think it'd be better (and simpler to code) to look for the pill that is closest to the bottom of the screen. |
of course! this makes more sense! 
| Gniarf wrote: | | If you want me to do it for you |
That's a very friendly offer, but first i go on my own
If i dont get it, i'll come back to you, thanks!
| Gniarf wrote: | | Also does CrosshairY=0 mean bottom or top of the screen? |
I dont know for now i will find it out during scanning 
| Gniarf wrote: | | In this case your "radar" is the main game screen. |
That's what I thought
Overall: Thank you very much for this "longer", good understanding tutorial Now i can start with it and hopefully get up the cliff
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
|
| Back to top |
|
|
daspamer
Grandmaster Cheater Supreme
 Reputation: 54
Joined: 13 Sep 2011
Posts: 1588
|
| Posted: Wed Nov 13, 2013 7:37 am Post subject: |
|
|
^ Yup, it's easier to write an example or a working script with comment about each step and step, rather than telling you what you need to create.
If I knew assembly well, I'd help.. but I'm pretty much pointless in this thread..
Anyway good luck.
_________________
I'm rusty and getting older, help me re-learn lua. |
|
| Back to top |
|
|
zm0d
Master Cheater
Reputation: 7
Joined: 06 Nov 2013
Posts: 423
|
| Posted: Wed Nov 13, 2013 7:45 am Post subject: |
|
|
| DaSpamer wrote: | | Yup, it's easier to write an example or a working script with comment about each step and step, rather than telling you what you need to create. |
Yeah, I know that
Well, I'll post my results in a few days Hopefully I got everything to work 
| DaSpamer wrote: | Anyway good luck.
|
Thanks, man!
I can always need some luck 
|
|
| Back to top |
|
|
zm0d
Master Cheater
Reputation: 7
Joined: 06 Nov 2013
Posts: 423
|
| Posted: Thu Nov 14, 2013 4:42 am Post subject: |
|
|
So, I easily could find out the base address of my crosshair position, but it's not stored in 2 addresses. It's only stored in 1 address, that points to a double.
Well, I recognized that the first numbers of the double change, when i move my crosshair on the Y-axis and the last numbers, including all numbers behind the dot, change when I move my mouse on the X-axis.
When I checked out what "Write to this address", I saw something like this:
| Code: |
mov [edi+2C],ecx
;something affected ecx here, i cant remember now.
mov [edi+30],ecx
|
If I use this information correctly, then the first instruction moves the first 4 bytes from my double (containing the Y-axis value) and the last instruction moves the other 4 bytes from my double (containing the X-axis value)?
| Gniarf wrote: | | Also does CrosshairY=0 mean bottom or top of the screen? |
The y-axis zeroing is in the middle of the screen, but the crosshair has to be placed more to the right and the bottom, so that the upper left corner, of the ?container?, where the crosshair is drawed in, hits the middle of the screen. => At least the double contained lots of 0s, when i placed it there
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25833
Location: The netherlands
|
| Posted: Thu Nov 14, 2013 5:58 am Post subject: |
|
|
Check again. I really doubt it's a double. More likely 2 4 byte values, or 2 floats, tht have a specific range.
E.g. the UT engine uses a 4 byte value between 0 and 65535 to define the x rotation and another one for the y rotation(with the added annoyance that if you turn around 3 times, the x axis may contain a value 3 times 65536)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
zm0d
Master Cheater
Reputation: 7
Joined: 06 Nov 2013
Posts: 423
|
| Posted: Thu Nov 14, 2013 7:40 am Post subject: |
|
|
| Dark Byte wrote: | | Check again. I really doubt it's a double. More likely 2 4 byte values, or 2 floats, tht have a specific range. |
I think you're right. But what do you mean excatly with "Check again."? I should start a new scanning for possible other values that are not a double?
I already found some addresses, that contain a signed 2 byte value.
But changing the value of these addresses didnt affect my crosshair position in anyway... only this double address I found changed my crosshair position
Would it be possible, that they can store the Y-axis position in [edi+2C] and the X-axis position in [edi+30] to finally create a double?
| Dark Byte wrote: | E.g. the UT engine uses a 4 byte value between 0 and 65535 to define the x rotation and another one for the y rotation(with the added annoyance that if you turn around 3 times, the x axis may contain a value 3 times 65536)
|
Just for my understanding: If you want to make an aimbot for an UT engine game and you dont take care of this multiplication, you would also have a kind of a spinbot?
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Thu Nov 14, 2013 8:05 am Post subject: |
|
|
| zm0d wrote: | | But what do you mean excatly with "Check again."? I should start a new scanning for possible other values that are not a double? |
No need for more scanning, just right click on your double->change record->type, set it to 4 byte, and see if it looks more like a position. If it doesn't, try float instead of 4 bytes.
As Dark Byte said it's very unlikely that position is stored as a single double, a signed 4 byte value is more likely. Besides trying to put myself into the developper's shoes, I don't see why he would store position as a double.
If you still think it's a double, what value represent midheight rightmost position? And horizontaly centered bottom position?
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
zm0d
Master Cheater
Reputation: 7
Joined: 06 Nov 2013
Posts: 423
|
| Posted: Thu Nov 14, 2013 8:20 am Post subject: |
|
|
| Gniarf wrote: | | No need for more scanning, just right click on your double->change record->type, set it to 4 byte, and see if it looks more like a position. If it doesn't, try float instead of 4 bytes. |
Okay, definitely going to check this out as soon as I'm home
I'm just wondering that the cheat engine scanner gives me this value as a double then?
| Gniarf wrote: | | Besides trying to put myself into the developper's shoes, I don't see why he would store position as a double. |
That's what makes me doubt about the double, too 
| Gniarf wrote: | If you still think it's a double, what value represent midheight rightmost position? And horizontaly centered bottom position?
|
Gonna check it out, when it's really a double.
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Thu Nov 14, 2013 9:13 am Post subject: |
|
|
| zm0d wrote: | | I'm just wondering that the cheat engine scanner gives me this value as a double then? |
Because the scanner thinks all integers are UNsigned, so when your integer goes from 1 to -1, you filter with "decreased value" but the scanner sees an integer that went from 1 to 4294967295 (=0xFFFFFFFF). The "show values as if the are signed" has no effect on this.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
zm0d
Master Cheater
Reputation: 7
Joined: 06 Nov 2013
Posts: 423
|
| Posted: Thu Nov 14, 2013 9:54 am Post subject: |
|
|
Okay, that didnt really fit into my brain. 
So, if CE don't show negative integers, but I know that I need to find a negative integer, than I subtract 0x80000000 from my possible value?
| Gniarf wrote: | | 1 to 4294967295 (=0xFFFFFFFF) |
I understand why -1 will be 4294967295. But this still fits into an integer. 4294967296 wouldnt fit and I'd use a long, but not a double?
Sorry, but I can't get it :/
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Thu Nov 14, 2013 1:12 pm Post subject: |
|
|
in signed 32 bit integer convention:
-1 = 0xFFFFFFFF
-2 = 0xFFFFFFFE
-3 = 0xFFFFFFFD
...
-2147483647 = 0x80000001
-2147483648 = 0x80000000 (largest 32bit negative integer)
+2147483647 = 0x7FFFFFFF (largest 32bit positive integer)
Go play with windows calculator in programmer mode, set datatype to dword and observe the hex/dec representations of some numbers.
When scanning you only need to pay attention (filter with "changed" or "increased") when going from positive to negative or vice-versa. However as you can see above, as long as you stay in the negatives, the more negative the signed integer, the smaller the unsigned one.
That being said you can also K.I.S.S and do your scans when the cursor is only at positives coordinates.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
zm0d
Master Cheater
Reputation: 7
Joined: 06 Nov 2013
Posts: 423
|
| Posted: Thu Nov 14, 2013 3:46 pm Post subject: |
|
|
Well, this is nothing new for me
I think we talk about different themes
But nevermind...
I found my 2 values (X and Y axis). They were stored as a float (I just splitted up my double to 2 floats as Dark Byte mentioned) Now they are very easy readable and of course setable
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
