 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
SavageXii
Newbie cheater
![]() Reputation: 1
Joined: 11 Aug 2013
Posts: 16
|
 Posted: Sat Dec 14, 2013 10:32 pm Post subject: Cheat engine finding ammo address problem - Advanced |
  |
|
I'm trying to find the value for ammo in a game.
Scanning for the exact value finds 30/30 of the clip but its just the display value it doesn't freeze the ammo.
I've scanned all type, unknown initial value, scanned decrease increase with no results.
I've scanned all types unknown value, changed, unchanged resulting in about 800 results that is the lowest I can get it.
Any suggestions? I tried a large sample "find what access/writes address, when I fired nothing appeared on either list so I'm REALLY confused now.
Also the whole point of trying to find the ammo is for the "hotspot" into changing an items ID and other stats on it.
|
|
| Back to top |
|
 |
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Sun Dec 15, 2013 7:58 am Post subject: |
|
|
Try unknown initial (type=all), shoot once, filter with decreased by 1, reload gun, filter with unchanged. Rinse and repeat.
Once, and just once, do a simple "decreased" instead of a "decreased by", this will remove the huge float/double values that the decreased by 1 erroneously doesn't remove.
If you have 800 results and can't filter it down, add them all, freeze half, and see if ammo is frozen.
-If ammo is locked, remove the 400 addresses that weren't frozen, and unfreeze half of the remaining ones.
-If ammo is NOT locked, remove the 400 addresses that were frozen, and freeze half of the remaining ones.
Rinse and repeat.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
SavageXii
Newbie cheater
![]() Reputation: 1
Joined: 11 Aug 2013
Posts: 16
|
| Posted: Sun Dec 15, 2013 9:59 am Post subject: |
|
|
| Gniarf wrote: | Try unknown initial (type=all), shoot once, filter with decreased by 1, reload gun, filter with unchanged. Rinse and repeat.
Once, and just once, do a simple "decreased" instead of a "decreased by", this will remove the huge float/double values that the decreased by 1 erroneously doesn't remove.
Rinse and repeat. |
I got it down to 8 results
double 2.08380344193821E21 (Bounces around when not fully loaded)
double 1.7524879747985E21
double 1.74214348573038E21
byte 8
2bye 8
4byte 8
8byte 4294967304
8 is the amount of shells in the gun, represented as 8 bullets on the bottom of the screen, however freezing these values had no effect.
Also tried pointer scan with value of 8 and I get the static address which has no effect either.
also unchanged value, is that unchanged from the initial value you entered, or unchanged since the last scan(to stop the bouncy values?).
I looked at some old .ct trainers for the game the value type was "array of bytes" but nothing in the older trainers even pulls out a valid address usually p->00000000
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Sun Dec 15, 2013 10:18 am Post subject: |
|
|
| SavageXii wrote: | I got it down to 8 results
double 2.08380344193821E21 (Bounces around when not fully loaded)
double 1.7524879747985E21
double 1.74214348573038E21
byte 8
2bye 8
4byte 8
8byte 4294967304 |
The 4 byte one is likely the one the game uses FOR DISPLAY (likeliness: 90+%), but if this game is old-school-coded it may actually use the 1 or 2 byte.
if you freeze them all, or at least all doubles, do you have unlimited ammo?
| SavageXii wrote: | | also unchanged value, is that unchanged from the initial value you entered, or unchanged since the last scan(to stop the bouncy values?). |
unchanged since the last can.
If your game is not online would you post a link to the old .ct? I might be able to pull out some clues from there.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
SavageXii
Newbie cheater
![]() Reputation: 1
Joined: 11 Aug 2013
Posts: 16
|
| Posted: Sun Dec 15, 2013 4:10 pm Post subject: |
|
|
| Gniarf wrote: |
The 4 byte one is likely the one the game uses FOR DISPLAY (likeliness: 90+%), but if this game is old-school-coded it may actually use the 1 or 2 byte.
if you freeze them all, or at least all doubles, do you have unlimited ammo?
unchanged since the last can.
If your game is not online would you post a link to the old .ct? I might be able to pull out some clues from there. |
I do believe all of them are only display, and still do not have unlimited ammo. It's a SP game with co-op features, however I don't think these work on server side (Which I don't care for)
first link is the alpha 3 version for the game
second link is my current table for alpha 5
forum cheatengine org/download php?id=104022
orum cheatengine org/download php?id=104210
_ = .
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Sun Dec 15, 2013 5:12 pm Post subject: |
|
|
Ok found the thread where those tables come from, it's here: http://forum.cheatengine.org/viewtopic.php?t=567403
-Jbeaty found some item codes and said Full-SMG=4141, Full-Sniper=4145, which have to be put in a 4 byte variable in his table.
-masechase figured out that item ID is a 2 byte value immediately followed by condition (also over 2 bytes).
-4145 split over two 2 byte values becomes ID=4145, condition=0.
Thus condition=0 means full clip. So if you want to hack ammo in clip, search for a 2 byte value that starts at 0 and increases when you shoot, and goes back to 0 when you reload.
It is not sure condition increases by 1 on each shot. It may be 100/ClipSize or 255/ClipSize, or even another weird thing.
Also avoid using a multi-projectile weapon (like a shotgun) when hacking ammo. Some games would store ammo as 8(shells)*10(pellets per shot)=80 for a full clip.
For unlimited spare ammo, you're looking for a 4 byte variable, probably exactly the number reported in your inventory over the ammo box (as long as it doesn't take the amount of bullets in clip into account). That variable only changes when you reload.
Thinking again about it, you might be able to take a shortcut for ammo-in-clip: if you use the item IDs that ApocalypticGamer posted, and if you have a fully loaded pistol, you can scan for 4136, type=4 byte, fast scan=off, then filter with increased value when you shoot, and exact value=4136 after reloading.
Just don't forget to break the result into two 2 byte variables when you successfully froze ammo.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
SavageXii
Newbie cheater
![]() Reputation: 1
Joined: 11 Aug 2013
Posts: 16
|
| Posted: Sun Dec 15, 2013 8:34 pm Post subject: |
|
|
| Gniarf wrote: |
Thinking again about it, you might be able to take a shortcut for ammo-in-clip: if you use the item IDs that ApocalypticGamer posted, and if you have a fully loaded pistol, you can scan for 4136, type=4 byte, fast scan=off, then filter with increased value when you shoot, and exact value=4136 after reloading.
Just don't forget to break the result into two 2 byte variables when you successfully froze ammo. |
I scanned for 4141 (SMG-Full)
Fired once, scanned for change. it was like 8458285 single result
Fire again, valued changed to 16912429
Changed the value to 2byte from 4byte it changed back to 4141
now, to find the static address, should I just pointer scan this address multiple times?
I think If I pointerscan for 4141, Ill get the static address for weapons in the first slot and will be able to freeze it at 4141 (as a 4byte) or whatever the weapon is
also if I had no help what would I have done to originally find the item code "4141"
also i40 tinypic com/10sf21j png
4byte is 4141, in hex its 102D but in array its 2D 10?
how can I separate the 2D and the 10? as separate addresses? is that offsets?
in the picture its 2D 10 00 00 00
When I fire it goes like 2D 10 83 00 00
and then it goes like 2D 10 16 23 00
as an example so im not sure now how to let the address refresh(not frozen) 2D 10 to change to 2D 14 but freeze the other 00 00 00 at 00 00 00
UPDATE: 2D 10 is the base item/condition the 00 00 is the FULL ammo and durability of the item, so if the address ended as
544DC108 and the 00 00 is CA CB if I change 544DC1CA 544DC1CB
as an array of byte limit 1 or 2 it will target the 00 00? I noticed when I froze at 00 00 ammo dura wouldnt go down 
update on update: I used 544DC1CA with array of bytes limit 4, to show 00 00 and now thats frozen any item in the game can be set to 00 00 and be fully repaired/restored!
and used 544DC108 to show 2C 10 (which is item ID) so can change items into other items.
it works sometimes, the values still bounce around alot and sometimes dont appear for ages aand flash to quickly to even change
Thanks a ton - still wondering how I would of figured out the 4141 without help
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Mon Dec 16, 2013 5:59 am Post subject: |
|
|
| SavageXii wrote: | | now, to find the static address, should I just pointer scan this address multiple times? |
Pointerscan for this address, then use the value to find mode for rescans. Just make sure your gun is fully loaded before doing rescans.
| SavageXii wrote: | | also if I had no help what would I have done to originally find the item code "4141" |
Changed/unchanged scans, a bit of patience, and what I told you about freezing half the addresses in your table should find that address.
Also sometimes when we cant find ammo in clip we try to find the ammo missing from a full clip because some games just work upside-down, it's rare but it's your case.
| SavageXii wrote: | also i40 tinypic com/10sf21j png
4byte is 4141, in hex its 102D but in array its 2D 10? |
Yes it's normal. It's a matter of "endian"-ness. PCs work in "little endian" so an integer like 0x12345678 is actually stored as 78 56 34 12 in memory.
Some consoles work in "big endian", so 0x12345678 is stored as 12 34 56 78 for those.
| SavageXii wrote: | | how can I separate the 2D and the 10? |
Right click on the 2D->add this address to the list. But what you want to separate is probably the 2D 10 vs the next 00 00. | SavageXii wrote: | | as separate addresses? |
Yes.
| SavageXii wrote: | | is that offsets? |
I don't understand this question.
| SavageXii wrote: | update on update: I used 544DC1CA with array of bytes limit 4, to show 00 00 and now thats frozen any item in the game can be set to 00 00 and be fully repaired/restored!
and used 544DC108 to show 2C 10 (which is item ID) so can change items into other items. |
Why don't you set 544DC1CA's type to "2 bytes" ??
Finally since your game uses mono.dll, have a read through that: http://forum.cheatengine.org/viewtopic.php?t=569866
It's an advanced technique that I haven't personally tried, but it might help you.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
SavageXii
Newbie cheater
![]() Reputation: 1
Joined: 11 Aug 2013
Posts: 16
|
| Posted: Mon Dec 16, 2013 7:42 am Post subject: |
|
|
| Gniarf wrote: |
| SavageXii wrote: | | is that offsets? |
I don't understand this question.
Finally since your game uses mono.dll, have a read through that:
It's an advanced technique that I haven't personally tried, but it might help you. |
I didn't realise at the time memory was like
01 02 03 04
00000000 00 2D 00 00
00000016 00 00 00 00
So Address 00000000 would show 00 2D 00 00
but I could scan for 00000002 and 1 byte to only show 2D
I thought 01 02 03 04 was offsets but nope ;l guess we all learn somehow.
I tried to read the mono thread but it doesn't make much sense.
Also is it worth learning asm or should I learn something like Lua and then I''ll know lua + understand asm better?
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Mon Dec 16, 2013 9:02 am Post subject: |
|
|
| SavageXii wrote: | | So Address 00000000 would show 00 2D 00 00 |
As an array of byte yes, or 0x2D00 as a 2/4 bytes integer.
| SavageXii wrote: | | but I could scan for 00000002 and 1 byte to only show 2D |
In your example, 2D is at address 00000001, not 00000002.
| SavageXii wrote: | | Also is it worth learning asm? |
YES IT IS !
| SavageXii wrote: | | Also is it worth learning asm or should I learn something like Lua and then I''ll know lua + understand asm better? |
Lua is used mostly to make the user interface (menus, buttons, etc...) of trainers (trainers, not tables), and automate tedious tasks like macros.
Asm is used to make hacks and is required for anything that's not basic hacking (probably more that half my hacks are asm scripts).
In a nutshell: asm is used to modify how a game behaves, and lua is used to modify how CE behaves.
Learning asm might look nasty at first, but it's actually not that painful if you don't go an a "I Will Learn Assembly!" crusade. Instead wait for the day you can't do what you want with pointers, and learn only the bare minimum you need to accomplish your goal (CE's tutorial step 5 & 7 are a good starting point). Sure there are lots of obscure acronyms in asm like mov, lea, bsr, fld... don't try to understand them all - I don't know them all and don't need to.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
SavageXii
Newbie cheater
![]() Reputation: 1
Joined: 11 Aug 2013
Posts: 16
|
| Posted: Mon Dec 16, 2013 8:39 pm Post subject: |
|
|
| Gniarf wrote: | | SavageXii wrote: | | So Address 00000000 would show 00 2D 00 00 |
As an array of byte yes, or 0x2D00 as a 2/4 bytes integer.
| SavageXii wrote: | | but I could scan for 00000002 and 1 byte to only show 2D |
In your example, 2D is at address 00000001, not 00000002.
| SavageXii wrote: | | Also is it worth learning asm? |
YES IT IS !
| SavageXii wrote: | | Also is it worth learning asm or should I learn something like Lua and then I''ll know lua + understand asm better? |
Lua is used mostly to make the user interface (menus, buttons, etc...) of trainers (trainers, not tables), and automate tedious tasks like macros.
Asm is used to make hacks and is required for anything that's not basic hacking (probably more that half my hacks are asm scripts).
In a nutshell: asm is used to modify how a game behaves, and lua is used to modify how CE behaves.
Learning asm might look nasty at first, but it's actually not that painful if you don't go an a "I Will Learn Assembly!" crusade. Instead wait for the day you can't do what you want with pointers, and learn only the bare minimum you need to accomplish your goal (CE's tutorial step 5 & 7 are a good starting point). Sure there are lots of obscure acronyms in asm like mov, lea, bsr, fld... don't try to understand them all - I don't know them all and don't need to. |
Thanks for all the help!
|
|
| Back to top |
|
|
Nemexia55
Expert Cheater
![]() Reputation: 0
Joined: 28 Jan 2014
Posts: 160
|
| Posted: Fri Mar 10, 2017 5:12 am Post subject: |
|
|
this is one of the best posts on this site!
the questions are good and well-answered!
i learnt much here!
i wish others respond like this as well
_________________
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Fri Mar 10, 2017 6:54 am Post subject: |
|
|
| Gniarf is still lurking about.
|
|
| Back to top |
|
|
pellik
Advanced Cheater
![]() Reputation: 0
Joined: 14 Jun 2013
Posts: 93
|
| Posted: Fri Mar 10, 2017 8:25 am Post subject: |
|
|
| Damn, I was going to post about how LUA has really come a long way within CE and shouldn't be categorized into UI stuff, then I realized how old this thread is and how it was completely true at the time.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
