 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
16-Bit
Newbie cheater
![]() Reputation: 0
Joined: 17 Jan 2012
Posts: 21
|
 Posted: Wed Dec 11, 2013 10:36 am Post subject: How do i proceed from here? |
 |
|
This is a different question, but it relates to the other topic I started. If you need to understand more of the context go to the "is there a way to filter structures" topic (I can't link URL's yet)
So I am finishing up my trainer for this game and I still have one part left to put in it and that is the addresses I've found for various different things. I have neatly compiled all the offsets (636 of them) and their corresponding base addresses into an excel spreadsheet.
Now I could literally make 636 different codes, but surely there has to be a better way? Methos (which btw thanks) has hinted it is possible to do this with code injection.
Apparently the first step is to find where the code is first injected. I attached a debugger to one of my weapons located at address 166101D4 and got this.
| Code: | 0043A2A8 - 8B 57 04 - mov edx,[edi+04]
0043A2AB - 89 50 04 - mov [eax+04],edx
0043A2AE - 89 48 08 - mov [eax+08],ecx <<
0043A2B1 - 5F - pop edi
0043A2B2 - 8B C3 - mov eax,ebx
EAX=166101CC
EBX=0201ADB4
ECX=00000006
EDX=00000000
ESI=28BC5A40
EDI=0201ADB8
ESP=0201AD88
EBP=0201AD98
EIP=0043A2B1
|
Looking at this, I see that the value 6 (the new value of my weapon) got moved into the address where my weapon was.
So I figured this was a good place to try some code injection. It didn't go so well and just ended up crashing my game. All I did was move the value of 10 into ecx.
So I'm clearly doing something wrong and I need a bit of guidance. I am all ears.
|
|
| Back to top |
|
 |
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Wed Dec 11, 2013 12:50 pm Post subject: Re: How do i proceed from here? |
|
|
| 16-Bit wrote: | | If you need to understand more of the context go to the "is there a way to filter structures" topic (I can't link URL's yet) |
Here.
| 16-Bit wrote: | | Now I could literally make 636 different codes, but surely there has to be a better way? Methos (which btw thanks) has hinted it is possible to do this with code injection. |
I'll let ++METHOS handle this request, but in the meantime, what the problem with adding 636 different pointers to a table? I've a table with 3053 pointers and it works very well.
Aside that did you check ++METHOS's last post in the original thread?
Also posting your script would help diagnosing your problem.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
16-Bit
Newbie cheater
![]() Reputation: 0
Joined: 17 Jan 2012
Posts: 21
|
| Posted: Wed Dec 11, 2013 11:15 pm Post subject: Re: How do i proceed from here? |
|
|
| Gniarf wrote: |
I'll let ++METHOS handle this request, but in the meantime, what the problem with adding 636 different pointers to a table? I've a table with 3053 pointers and it works very well.
Aside that did you check ++METHOS's last post in the original thread?
Also posting your script would help diagnosing your problem. |
3053 addresses? wow...
The easiest way i could see myself doing the same is if I created a macro and replace the code structure (the thing you get when you copy from cheat table and paste into notepad) with each offset. Or is there an easier way than this?
As for what i did with the code injection, all I did was just use "mov ecx, #10" and executed. The injection itself didnt crash the game, but when I went to check the item level it crashed.
I think it's pretty obvious I haven't found the place to properly inject it. All this function does is move the new item level ecx into address eax. This part of memory only gets executed when I purchase an upgrade. I think I have to find the place where it handles purchases and set the injection point there but with my current skillset that isn't possible. I think toggle breakpoint does something like that, but all it does is crash my game for whatever reason.
Update: I did it the long way with excel. Wasn't fun, but its done. I am still interested in the AA way as I still want to try and understand how that works, so please explain it if you can. thanks
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Thu Dec 12, 2013 3:41 am Post subject: Re: How do i proceed from here? |
|
|
| 16-Bit wrote: | | The easiest way i could see myself doing the same is if I created a macro and replace the code structure (the thing you get when you copy from cheat table and paste into notepad) with each offset. Or is there an easier way than this? |
Here's how I do it, not sure it's easier or not since I didn't try using macros.
Paste that into a text file and set extension to .csv, then open with excel.
| Code: | " <CheatEntry>
<Description>""",max hp (unit ,1,2b8,=$A$1&$B$1&C1&$A$2&D1&$A$3
")""</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tactics2.exe+001EFCC4</Address>
<Offsets>
<Offset>",current hp (unit ,1,=DEC2HEX(HEX2DEC(D1)+4),=$A$1&$B$2&C2&$A$2&D2&$A$3
"</Offset>
<Offset>330</Offset>
</Offsets>
</CheatEntry>",mana (unit ,1,=DEC2HEX(HEX2DEC(D2)+4),=$A$1&$B$3&C3&$A$2&D3&$A$3
,,=C1+1,=DEC2HEX(HEX2DEC(D1)+856),=$A$1&$B$1&C4&$A$2&D4&$A$3
,,=C2+1,=DEC2HEX(HEX2DEC(D4)+4),=$A$1&$B$2&C5&$A$2&D5&$A$3
,,=C3+1,=DEC2HEX(HEX2DEC(D5)+4),=$A$1&$B$3&C6&$A$2&D6&$A$3
,,=C4+1,=DEC2HEX(HEX2DEC(D4)+856),=$A$1&$B$1&C7&$A$2&D7&$A$3
,,=C5+1,=DEC2HEX(HEX2DEC(D7)+4),=$A$1&$B$2&C8&$A$2&D8&$A$3
,,=C6+1,=DEC2HEX(HEX2DEC(D8)+4),=$A$1&$B$3&C9&$A$2&D9&$A$3
,,=C7+1,=DEC2HEX(HEX2DEC(D7)+856),=$A$1&$B$1&C10&$A$2&D10&$A$3
,,=C8+1,=DEC2HEX(HEX2DEC(D10)+4),=$A$1&$B$2&C11&$A$2&D11&$A$3
,,=C9+1,=DEC2HEX(HEX2DEC(D11)+4),=$A$1&$B$3&C12&$A$2&D12&$A$3
,,=C10+1,=DEC2HEX(HEX2DEC(D10)+856),=$A$1&$B$1&C13&$A$2&D13&$A$3
,,=C11+1,=DEC2HEX(HEX2DEC(D13)+4),=$A$1&$B$2&C14&$A$2&D14&$A$3
,,=C12+1,=DEC2HEX(HEX2DEC(D14)+4),=$A$1&$B$3&C15&$A$2&D15&$A$3
,,=C13+1,=DEC2HEX(HEX2DEC(D13)+856),=$A$1&$B$1&C16&$A$2&D16&$A$3
,,=C14+1,=DEC2HEX(HEX2DEC(D16)+4),=$A$1&$B$2&C17&$A$2&D17&$A$3
,,=C15+1,=DEC2HEX(HEX2DEC(D17)+4),=$A$1&$B$3&C18&$A$2&D18&$A$3
|
Don't forget you can drag a cell from its lower right corner to roll out the formula.
| 16-Bit wrote: | | As for what i did with the code injection, all I did was just use "mov ecx, #10" and executed. The injection itself didnt crash the game, but when I went to check the item level it crashed. |
| ++METHOS wrote: | | In the Memory Viewer window, with the instruction highlighted, select 'tools' from the drop-down menu, and click on 'auto assemble'. In the auto assemble window, select 'template' from the drop-down menu, and click on 'cheat table framework code'. Select 'template' again, this time, click on 'code injection'. Click okay. Select 'file' from the drop-down menu, and click on 'assign to current cheat table'. |
Really, do what he said*. Then edit the script that was just added to your cheat table and add "mov ecx,#10" immediately above "mov [eax+08],ecx".
If this crashes your game it means that this piece of code also used to write other things so you'll have to find a way to tell when it's writing item level, and when it's handling something else. Easiest way I see it to use the pointer you found to the first item, as in "If I'm going to wire something that is between address pointed by this pointer and this address+636*20 then write 10 else behave normally", but we'll deal with that when/if needed.
*Ahem: actually select the "mov [eax+04],edx" line. I managed to find your piece of code in the game's exe and it seems there is a conditional jump a few lines above that lands on the pop edi. When you do a code injection you overwrite at least 5 bytes with a jmp instruction, so if you do your injection on the "mov [eax+08],ecx" you'll also overwrite the pop and the mov eax,ebx, so the conditional jump will land in the middle on an instruction -> kaboom.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
16-Bit
Newbie cheater
![]() Reputation: 0
Joined: 17 Jan 2012
Posts: 21
|
| Posted: Thu Dec 12, 2013 6:38 am Post subject: |
|
|
Your method seems a lot more elegant than how i did it. I used concatenate to compress the copy lines to one cell and used the substitute function to replace both the description and offset of my code. I used another concatenate and substitute to recombine them and copy them over to CE. It was very messy, but it got the job done I suppose.
As for your instructions on AA, I will try that when I get home tonight.
Also a bit of a random question, but does anyone know why my CE looks weird? I've learned to deal with it, but sometimes I really have to stab a guess at what something is saying (particularly in the trainer window).
| Description: |
|
| Filesize: |
260.87 KB |
| Viewed: |
7788 Time(s) |
|
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Thu Dec 12, 2013 2:38 pm Post subject: |
|
|
| 16-Bit wrote: | | Also a bit of a random question, but does anyone know why my CE looks weird? |
I bet you changed the text size setting in control panel->display.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
16-Bit
Newbie cheater
![]() Reputation: 0
Joined: 17 Jan 2012
Posts: 21
|
| Posted: Fri Dec 13, 2013 12:38 pm Post subject: |
|
|
| Gniarf wrote: | | 16-Bit wrote: | | Also a bit of a random question, but does anyone know why my CE looks weird? |
I bet you changed the text size setting in control panel->display. |
I adjusted every setting in there and it was still like that. This has happened before with other open source programs like Pokesav and even I couldn't resolve that. Does Cheat Engine require the use of other programs like microsoft net framework? I suspect the problem lies there.
As for my attempts at AA, I don't think its doable. The more I look into AA, the more I realize it's just about changing how the memory works. Setting values simply to 10, doesn't mean anything if that part of memory isn't executed. I imagine this world work if I could upgrade one thing at a time, but with how the game works you can receive multiple items and some of them can't be put to 10 which evidently causes the game to crash. AA therefore becomes rather pointless.
Anyway my cheat table is complete. It's so elegant and sorted I am very proud with what I've learned. Should I start another topic about the gfx problem so DarkByte can possibly see my issue?
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Fri Dec 13, 2013 1:44 pm Post subject: |
|
|
I believe Gniarf is referring to your windows display settings; for Windows 7: right-click on your desktop, personalize, then display.
| 16-Bit wrote: | | As for my attempts at AA, I don't think its doable. The more I look into AA, the more I realize it's just about changing how the memory works. Setting values simply to 10, doesn't mean anything if that part of memory isn't executed. I imagine this world work if I could upgrade one thing at a time, but with how the game works you can receive multiple items and some of them can't be put to 10 which evidently causes the game to crash. AA therefore becomes rather pointless. |
-It is doable. It just takes time to learn.
|
|
| Back to top |
|
|
16-Bit
Newbie cheater
![]() Reputation: 0
Joined: 17 Jan 2012
Posts: 21
|
| Posted: Sat Dec 14, 2013 2:41 am Post subject: |
|
|
Those options are exactly what I did and it did absolutely nothing. The text was still too large for its box and things were getting chopped off. Even if I made it smaller, or larger, the amount that gets chopped off is exactly the same.
As for AA, yeah I know it is doable but it would be too much effort for the value you get out of it. The addresses in memory that I have found handles essentially what number of that item you have. So setting its value to say 10 means I have 10 of that item. However there is an issue with this as you get 5 items per pack. This means that if I set the value to 10, every one of those 5 items get set to 10. If I already have more than 10 of an item (which can happen for consumables), the game will crash as a result.
Since you don't know what items you can receive, it becomes near impossible to script. Also even if you change where the value is being written to, you still have no way to manually execute the function.
So while I understand it's possible, it's just not practical.
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sat Dec 14, 2013 3:31 am Post subject: |
|
|
| 16-Bit wrote: | | So while I understand it's possible, it's just not practical. |
-You might change your mind. 
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
