|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
kik4444 Expert Cheater Reputation: 0
Joined: 07 Sep 2013 Posts: 120 Location: Bulgaria
|
Posted: Sun Nov 24, 2013 9:22 am Post subject: Teleport script |
|
|
Just asking if anyone knows a good short teleport script which can be assigned so that (for example), F1 saves player coords, F2 changes player coords to the saved ones, F3 returns player to previous coords.
Does anyone know how to make a script like that? If for example:
x = 12238
y = 80
z = 4957454
EDIT: also, does anyone know a good method to find the exact address of a coordinate when you've got 1000+ addresses left, which you can't decrease any further, but you're 100% sure one of the player coordinates is in there?
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Sun Nov 24, 2013 10:07 am Post subject: Re: Teleport script |
|
|
kik4444 wrote: | EDIT: also, does anyone know a good method to find the exact address of a coordinate when you've got 1000+ addresses left, which you can't decrease any further, but you're 100% sure one of the player coordinates is in there? |
It depends on game.
For example, in "Dead Space" series, coordinates are close to health address:
ECE646C - health address
ECE6B88 - x coord
ECE6B8C - y coord
ECE6B90 - z coord
Of course after game restart, those addresses will be different, but, coord address will be always close to health address, because health and coords are kept inside "player structure".
(left top list is called found list, bottom list is called addresslist)
Some games have "player structure", "current equipped weapon structure", "player physics structure" (where positions is kept). In that case, you have to do as many next scans as possible. Then, for example you have 500 found addresses, click on any address (foundlist), press ctrl+a. Click red arrow button.
On addresslist:
1) set scollbar at about 50%, highlight any address, press SHIFT+Home, press ENTER, change value (for example 637.34 change to 639.34), go back to game
2) if our hero
- changes position, congrats, you found "half" which contains our address. Press ctrl+x, ctrl+a, delete key (confirm), ctrl+v (click OK), go to step 1
- doesn't change position, press delete key (confirm), go to step 1
3) repeat above about few times. After first iteration you will have about 2 hundred addresses, then 1 hundred, then sixty-something, then thirty-something. You see the pattern. After 8th iteration (more or less) you will get only one address.
It's called Bisection Method.
_________________
|
|
Back to top |
|
|
kik4444 Expert Cheater Reputation: 0
Joined: 07 Sep 2013 Posts: 120 Location: Bulgaria
|
Posted: Sun Nov 24, 2013 10:33 am Post subject: |
|
|
THX, and do you know a good script which can do the things I mentioned in my upper post if we found the addresses?
Oh and btw, I also tried a similar method like that that I came up with, but instead of changing the values, I froze them to see if the correct value was there, I went back to the game and there were glitches in the movement animation and my character couldn't move, (the correct address was definately there) so I froze half, still couldn't move, deleted the other half and froze the remaining half (you see the pattern) and after about 3-4 iterations, the game crashed. So I assume the game won't crash if you just change them? But either way, how are you supposed to find the address using this method if the values aren't writable? Oh and about the script ^^^^
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Sun Nov 24, 2013 11:54 am Post subject: |
|
|
"how are you supposed to find the address using this method if the values aren't writable"
You meant, that your attempt of overwriting original value is failing? Problem solved. Addresses/Values that immediately return to previous value in 99.999% cases aren't your player coords. It is just a copy. Or, you're trying to hack multiplayer game (in that case, you can give up already).
About "things I mentioned in my upper post",
It depends on game. You must find a spot where current position is accessed, check if this procedure only access your hero position.
If it access other objects positions then you have to filter those (compare structures with "dissect data/structure" CE feature.
Step 9 of Tutorial
http://forum.cheatengine.org/viewtopic.php?t=530548
The other way could be: pointers + Lua script. It works great too.
(For teleportation, there's no different between proper "AutoAssemble script" and "pointer+Lua script")
Edit:
examples
Far Cry 3 teleport script
Code: | "FC3_d3d11.dll"+108612A - mov edx,[eax+30] // <---- this access player X coord |
Full AA script is (old l0wb1t script I had on my disk):
Code: | alloc(newmem_Teleport,2048)
label(returnhere_Teleport)
label(originalcode_Teleport)
label(exit_Teleport)
label(z_coord)
label(x_coord)
label(y_coord)
label(save_coord)
label(load_coord)
label(s_enable)
label(l_enable)
registersymbol(s_enable)
registersymbol(l_enable)
"FC3_d3d11.dll"+108612A:
jmp newmem_Teleport
nop
returnhere_Teleport:
newmem_Teleport:
cmp dword ptr [eax+4C],(int)0 // <===== player position structure ??
jne originalcode_Teleport
cmp [s_enable],1
je save_coord
cmp [l_enable],1
je load_coord
jmp originalcode_Teleport
save_coord:
mov [s_enable],0
push edx
mov edx,[eax+30]
mov [x_coord],edx
mov edx,[eax+34]
mov [z_coord],edx
mov edx,[eax+38]
mov [y_coord],edx
pop edx
jmp originalcode_Teleport
load_coord:
mov [l_enable],0
cmp [z_coord],0
je originalcode_Teleport
push edx
mov edx,[x_coord]
mov [eax+30],edx
mov edx,[z_coord]
mov [eax+34],edx
mov edx,[y_coord]
mov [eax+38],edx
pop edx
originalcode_Teleport:
mov edx,[eax+30]
mov [ebp-30],edx
exit_Teleport:
jmp returnhere_Teleport
x_coord:
dd 0
z_coord:
dd 0
y_coord:
dd 0
s_enable:
dd 0
l_enable:
dd 0 |
_________________
|
|
Back to top |
|
|
kik4444 Expert Cheater Reputation: 0
Joined: 07 Sep 2013 Posts: 120 Location: Bulgaria
|
Posted: Sun Nov 24, 2013 4:09 pm Post subject: |
|
|
Thanks. Also I managed to find xyz in ACIV and the code that writes to it, after which I died. Is there a better way to find the addresses again, cause if I select which addresses are accessed by the code, it shows me over 50-60 addresses.
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Sun Nov 24, 2013 4:29 pm Post subject: |
|
|
It's perfectly normal. This is how things works.
(some procedures check collisions, some check boundaries, some are for area triggers, etc.)
There is nice CE feature: "check if found opcodes also access other addresses".
1) find position
2) do "find out what accesses this address" and immediately right click on the white area and choose "check if found opcodes also access other addresses".
3) go to game, play for one minute (lags are expected)
4) post screenshot here (resize window so we can see what is there)
TIP:
you can try searching mulilevel pointer first, max level 5, maximum offset value 2048.
_________________
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Sun Nov 24, 2013 4:57 pm Post subject: |
|
|
kik4444 wrote: | Thanks. Also I managed to find xyz in ACIV and the code that writes to it, after which I died. Is there a better way to find the addresses again, cause if I select which addresses are accessed by the code, it shows me over 50-60 addresses. | -If ACIV is anything like ACI, many of the instructions that access player coordinates also access coordinates for all other characters. That being said, 50-60 addresses is not too many. If you change the data type of the addresses to float (in the window that pops up when you check to see which addresses the instruction accesses), you can quickly see which one's apply to coordinates (most of them, probably), and which ones don't. Simply add them to your address list and freeze them, one by one (or in small groups). Try to move your character each time. If you are stuck in east/west or north/south direction, you know you have it. If you are working with Y coordinate, then you should experience problems with jumping/falling etc., although it may not be as noticeable.
Once you have found the address, do as mgr.inz.Player suggests, and run a pointer scan on it. Once you are finished, add the pointer to your table. Copy it and paste it to your table twice (so you have 3 pointer addresses). Change the last offset (+4 or -4) of the other two addresses until you have your XYZ coordinates. They are typically 4 bytes apart.
|
|
Back to top |
|
|
kik4444 Expert Cheater Reputation: 0
Joined: 07 Sep 2013 Posts: 120 Location: Bulgaria
|
Posted: Sun Nov 24, 2013 5:04 pm Post subject: |
|
|
There's an abundance of opcodes accessing Y:
EDIT: sorry, didn't notice another post was made before mine
Description: |
|
Filesize: |
246.79 KB |
Viewed: |
38181 Time(s) |
|
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Sun Nov 24, 2013 5:09 pm Post subject: |
|
|
By "resize window so we can see what is there" I meant:
So, it will look like this
http://i.imgur.com/GHaFXRo.png
Anyway, I see there are opcodes with (1) inside, that means you can use them as hack points without problems.
_________________
Last edited by mgr.inz.Player on Sun Nov 24, 2013 5:24 pm; edited 2 times in total |
|
Back to top |
|
|
kik4444 Expert Cheater Reputation: 0
Joined: 07 Sep 2013 Posts: 120 Location: Bulgaria
|
Posted: Sun Nov 24, 2013 5:11 pm Post subject: |
|
|
mgr.inz.Player wrote: | I see there are opcodes with (1) inside, that means you can use them as hack points without problems. |
How exactly? Cause this isn't like your typical ammo value or health, so what do I do with the ones with (1)?
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Sun Nov 24, 2013 5:16 pm Post subject: |
|
|
"Count" tell us how often opcode accessed our "position address"
Value "(1)" tell us that opcode didn't accessed other addresses, which is good, we don't have to filter it. Other value inside () tell us that procedure is used for other things too, (value 8 - it access 8 or more addresses)
Summary:
You can use any opcode (instruction/hackpoint/codeaddress), but you must be sure that you change only player coords.
Opcodes with (2) or something bigger need filtration (register check, stack check, structure check)
Opcodes with (1) can be used without filtration.
_________________
|
|
Back to top |
|
|
kik4444 Expert Cheater Reputation: 0
Joined: 07 Sep 2013 Posts: 120 Location: Bulgaria
|
Posted: Sun Nov 24, 2013 5:49 pm Post subject: |
|
|
Is there a step by step tutorial somewhere? Cause I got seriously confused at what and how I was supposed to do after finding the codes that didn't call other codes
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Sun Nov 24, 2013 5:55 pm Post subject: |
|
|
Now you have to inject your code. Check AA script in my previous post (my second post in this thread), this script injects code here FC3_d3d11.dll+108612A.
"Is there a step by step tutorial somewhere"
Did you do Cheat Engine tutorial? (in CE click menu Help and choose "Cheat Engine Tutorial").
PS:
remove your previous attachment and send another screenshot (this time resize that window properly, so we will see all informations)
http://i.imgur.com/03Qxxrd.png
http://i.imgur.com/GHaFXRo.png
_________________
|
|
Back to top |
|
|
kik4444 Expert Cheater Reputation: 0
Joined: 07 Sep 2013 Posts: 120 Location: Bulgaria
|
Posted: Sun Nov 24, 2013 6:07 pm Post subject: |
|
|
Okay, hold on, gotta find it again, cause the game keeps crashing!
EDIT: I gotta say, I'm not as lucky this time round - 3 crashes so far...
EDIT: 4 crash just happened RIGHT after I changed the values on the first iteration. Oh and the code I found earlier that was writing to the values - pressing CTRL + B on it sends me to a ?? part of the game's memory, so there's no way I can find the addresses from it again.
EDIT: I think I might give up for now, game crashed for the 5th time just now
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Sun Nov 24, 2013 6:30 pm Post subject: |
|
|
Try "VEH" debugger.
Go to settings
then restart CE.
To find Y position address much faster, do this:
1) bring CE window, attach to game, press ctrl+M
2) press ctrl+g, type 125A437
3) right click highlighted opcode, choose "find out what ..."
4) go to game and go back to CE, in that new window, change type to float, double click found address
Now you have your Y address, righclick it and do: "find out what accesses this address" + "check if found opcodes also access other addresses".
Go to game, play for one minute, go to CE, resize window properly, post here.
_________________
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|