 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
 Posted: Mon May 12, 2014 8:24 pm Post subject: |
 |
|
Without looking myself, I cannot say with certainty. However, assuming anti-cheat is not the issue, and assuming that he has the correct address/instruction, then the issue may be attributed to the fact that the instruction is shared. Since NOP'ing the instruction can work, but forcing the value to 10 does not work, then this theory seems likely...but it takes a lot of assuming to get there.
I recommend doing as STN suggests, and letting CE compile a basic script for you using cheat table framework code and auto-assembly. Leave the script as-is so that is does not do anything different. Enable the script and play the game for a while to see if it crashes. If it crashes, then anti-cheat is probably being used.
|
|
| Back to top |
|
 |
Niko
Cheater
![]() Reputation: 0
Joined: 28 Mar 2014
Posts: 33
|
| Posted: Tue May 13, 2014 7:29 am Post subject: |
|
|
| ++METHOS wrote: | Without looking myself, I cannot say with certainty. However, assuming anti-cheat is not the issue, and assuming that he has the correct address/instruction, then the issue may be attributed to the fact that the instruction is shared. Since NOP'ing the instruction can work, but forcing the value to 10 does not work, then this theory seems likely...but it takes a lot of assuming to get there.
I recommend doing as STN suggests, and letting CE compile a basic script for you using cheat table framework code and auto-assembly. Leave the script as-is so that is does not do anything different. Enable the script and play the game for a while to see if it crashes. If it crashes, then anti-cheat is probably being used. |
I took 3 screenshots. Take a look at them. Alright so, the game DID infact crash after the code injection thing with cheat engine. However I have a godmode code
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
0054738C:
jmp newmem
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
pushfd
cmp [esi+58],1
je +5
movss [esi+34],xmm0
popfd
//place your code here
originalcode:
//movss [esi+34],xmm0
exit:
jmp returnhere
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
0054738C:
movss [esi+34],xmm0
//Alt: db F3 0F 11 46 34 |
and an instantkill, and godmode+instantkill
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
0054738C:
jmp newmem
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
pushfd
cmp [esi+08],0
je +0C
movss [esi+34],xmm0
mov [esi+34],0
popfd
//place your code here
originalcode:
//movss [esi+34],xmm0
exit:
jmp returnhere
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
0054738C:
movss [esi+34],xmm0
//Alt: db F3 0F 11 46 34 |
If you are indeed right, why does it only mess with the ammo? I mean like shouldnt it detect any code injection/change? Also like I said previously I did try seeing what that code was writing to, it only wrote to the ammo address, however 2 other addresses appeared as the game crashed, each haad a value of 1 float. So those 2 addresses got accessed 1 time, nothing happend, then a 2nd time and the game crashed. Also 1 more instruction accesed the code, 04C90000 (it had the same instruction (movss [ecx+10],xmm0)) , it had been accessed 184 times while the value we have has changed the address value 500 times. I have screenshots of all of this. I also took a screen of the memory view around the code. And like I said earlier for the anticheat, this game officialy has none. And if there is indeed something that checks if codes are changed, why do the godmode and instantkill ones work? Also I havent mentioned that every ammo value is float, and every in-game weapon has its own address. This so far and the screenshots I cant yet post are all the info I have thus far. Oh and
thats 500 for like 5 - 7 minutes of gameplay. IT actually increases only when I fire the weapon. And it was the only address there until it crashed. And It crashed when I killed an enemy. I still havent taken a screenshot of what addresses this instruction accesses, ill do it later today.
| Description: |
|
| Filesize: |
911.46 KB |
| Viewed: |
5203 Time(s) |
|
| Description: |
|
| Filesize: |
1.29 MB |
| Viewed: |
5204 Time(s) |
|
| Description: |
|
| Filesize: |
1.26 MB |
| Viewed: |
5207 Time(s) |
|
| Description: |
|
| Filesize: |
1.65 MB |
| Viewed: |
5210 Time(s) |
|
|
|
| Back to top |
|
|
NanoByte
Expert Cheater
![]() Reputation: 1
Joined: 13 Sep 2013
Posts: 222
|
| Posted: Tue May 13, 2014 7:51 am Post subject: |
|
|
| Code: | [ENABLE]
alloc(newmem,2048)
alloc(newvalue,4)
label(newvalue)
label(returnhere)
label(originalcode)
label(exit)
label(ua)
registersymbol(ua)
aobscan(aobua,F3 0F 11 41 10)
newvalue:
dd (float),100.00 //<----- if it works look it might -100 ammo in that case just change 100 to -1
newmem:
//place your code here
cmp [ecx+10],(float)3// if dosent work try comment this line out
jg originalcode // and this
movss xmm0,[newvalue]
originalcode:
movss [ecx+10],xmm0
exit:
jmp returnhere
aobua:
ua:
jmp newmem
returnhere:
[DISABLE]
dealloc(newmem)
ua:
movss [ecx+10],xmm0
unregistersymbol(ua)
//Alt: db F3 0F 11 41 10 |
|
|
| Back to top |
|
|
Geri
Moderator
![]() Reputation: 112
Joined: 05 Feb 2010
Posts: 5627
|
| Posted: Tue May 13, 2014 8:14 am Post subject: |
|
|
These are my old codes that I have made for the cracked version, so I guess the game didn't change that much after all.
The code that is writing to the ammo is used for all guns for all characters, enemies too. So it's not surprising if you have more than one addresses, but it still shouldn't crash.
As for the anti-cheats, they are usually made out of several functions that check a specific area with different intensity. Eg it can happen that god mode cheat is checked only once in 30 minutes but ammo cheat is checked in every minute. And the developers can implement simple CRC checks without mentioning it. It's perfectly normal to check the content of their own game to verify the integrity of the code. Many single player games have these checks. I have even seen small indie games that had CRC checks. This is not some fancy big rare stuff that is used for megapopular online games only, just a regular protection that is added to many games.
_________________
|
|
| Back to top |
|
|
Niko
Cheater
![]() Reputation: 0
Joined: 28 Mar 2014
Posts: 33
|
| Posted: Tue May 13, 2014 9:09 am Post subject: |
|
|
| Geri wrote: | These are my old codes that I have made for the cracked version, so I guess the game didn't change that much after all.
The code that is writing to the ammo is used for all guns for all characters, enemies too. So it's not surprising if you have more than one addresses, but it still shouldn't crash.
As for the anti-cheats, they are usually made out of several functions that check a specific area with different intensity. Eg it can happen that god mode cheat is checked only once in 30 minutes but ammo cheat is checked in every minute. And the developers can implement simple CRC checks without mentioning it. It's perfectly normal to check the content of their own game to verify the integrity of the code. Many single player games have these checks. I have even seen small indie games that had CRC checks. This is not some fancy big rare stuff that is used for megapopular online games only, just a regular protection that is added to many games. |
Yeah, Its exactly as you said, but I've played with the godmode code for hours and hours multiplayer host, survival, singeplayer, all in a roll without dissabling it. As for the values, every ammo value is over 1 float, and the thing is, I didnt even switch to another weapon. If I did only then it should access it. But lets assume it does indeed have some sort of minor anti-cheat. Well, then the question in mind gets, how to deal with it. Also another sort of a problem is that the game still ONLY crashes when I kill an enemy. So I can technically enable godmode, nop the ammo, shoot at the wall while the alien is hitting me, and it can go on forever, without the ammo decreasing. I can also shoot protable stuff. But I still can't hit players regardless, I can kill them, but then the game crashes, or if I do too much damage, so thats probably when the check occurs? I tried it multiplayer, dedicated server. code worked fine will I was alive, I could shoot all I want, but once I kill a dude game crashes. So its not only players, its anything that has health I think. Maybe thats how the game gets checked? But if that is how it gets checked why does it do the ammo only? Even if I directly go to the health instruction and nop it, and then kill a xeno with damage over its max hp, game is still running. Also if you have the game legit on steam, could you re-install it and see what you could do? Thanks.
| NanoByte wrote: | [ENABLE]
alloc(newmem,2048)
alloc(newvalue,4)
label(newvalue)
label(returnhere)
label(originalcode)
label(exit)
label(ua)
registersymbol(ua)
aobscan(aobua,F3 0F 11 41 10)
newvalue:
dd (float),100.00 //<----- if it works look it might -100 ammo in that case just change 100 to -1
newmem:
//place your code here
cmp [ecx+10],(float)3// if dosent work try comment this line out
jg originalcode // and this
movss xmm0,[newvalue]
originalcode:
movss [ecx+10],xmm0
exit:
jmp returnhere
aobua:
ua:
jmp newmem
returnhere:
[DISABLE]
dealloc(newmem)
ua:
movss [ecx+10],xmm0
unregistersymbol(ua)
//Alt: db F3 0F 11 41 10
|
Thanks for the table but error in like 11, the code that darkbyte suggested (dd (float),100.00). Also keep in mind the weapon I'm testing this on has 99 max ammo. So maybe it can't physically set it to a higher value and thats why it goes to 0? Also maybe if you could somehow make the ammo increase or smth? Also I think every time when I change this code the game crashes after I kill an enemy, exept that one code that wasn't working and got fixed. I think it was
| Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem:
//place your code here
cmp [ecx+10],2
jg originalcode
mov [ecx+10],1E
originalcode:
movss [ecx+10],xmm0
exit:
jmp returnhere
007A4D52:
jmp newmem
returnhere:
[DISABLE]
dealloc(newmem)
007A4D52:
movss [ecx+10],xmm0
//Alt: db F3 0F 11 41 10
|
It was made by NanoByte.
I should also repeat that this game is not protected by something big like VAC, VAC is long gone from this game. The developers abandoned it about 3 years ago. It hasn't had updates since then. So it shouldn't be all that difficult to make a script bypassing some anti-cheat it might have left, right? Even tho I thought that it doesn't have any anti-cheat because vac isnt there, geri somehow convinced me that there can be some code-checking process or something, even tho Im not exactly sure how that works.
|
|
| Back to top |
|
|
Geri
Moderator
![]() Reputation: 112
Joined: 05 Feb 2010
Posts: 5627
|
| Posted: Tue May 13, 2014 10:02 am Post subject: |
|
|
It's forbidden to talk about online cheats, so let's stick to single player only. (It wouldn't hurt if you would delete the multiplayer related part of your post as it is already violating the rules.)
As far as I remember, this code should affect humans only. Predator energy is handled by another code and aliens don't have weapons at all.
Try the stealthedit plugin, it has a feature to detect CRC checks and it can avoid them too:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles/419-stealthedit
Or simply check what is accessing to the address of your code (not your ammo value) that you want to change.
Open the memory browser, go to 007A4D52 (not in the disassembler, but in the window below it), right-click on the value and use Data breakpoint -> Find out what accesses this address.
Or just add 007A4D52 address to your cheat table like as if it would be a value and use the debugger on it as you did with the ammo value.
If nothing is accessing to 007A4D52, then there is no CRC check. But if you find something that is accessing to it, then yeah, use the plugin that I have linked.
_________________
|
|
| Back to top |
|
|
Niko
Cheater
![]() Reputation: 0
Joined: 28 Mar 2014
Posts: 33
|
| Posted: Tue May 13, 2014 10:35 am Post subject: |
|
|
| Geri wrote: | It's forbidden to talk about online cheats, so let's stick to single player only. (It wouldn't hurt if you would delete the multiplayer related part of your post as it is already violating the rules.)
As far as I remember, this code should affect humans only. Predator energy is handled by another code and aliens don't have weapons at all.
Try the stealthedit plugin, it has a feature to detect CRC checks and it can avoid them too:
w|w|w.szemelyesintegracio(dot)hu/cheats/41-game-hacking-articles/419-stealthedit
Or simply check what is accessing to the address of your code (not your ammo value) that you want to change.
Open the memory browser, go to 007A4D52 (not in the disassembler, but in the window below it), right-click on the value and use Data breakpoint -> Find out what accesses this address.
Or just add 007A4D52 address to your cheat table like as if it would be a value and use the debugger on it as you did with the ammo value.
If nothing is accessing to 007A4D52, then there is no CRC check. But if you find something that is accessing to it, then yeah, use the plugin that I have linked. |
Thanks for the help Geri, It works now. I had some problems because I had dep dissabled, had to enable it and re-boot. But afterwards everything went smooth. Thanks alot for the help everyone. Also sorry for mentioning multiplayer, won't happen again.  Oh wait, is there a way to add this to a script? So I don't have to stealthedit the code all the time? Could you post a table where the stealthedit is done auto?
|
|
| Back to top |
|
|
Geri
Moderator
![]() Reputation: 112
Joined: 05 Feb 2010
Posts: 5627
|
| Posted: Tue May 13, 2014 11:07 am Post subject: |
|
|
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
stealthedit(whatever1,007A4D52,5)
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
registersymbol(whatever2)
label(whatever2)
whatever1:
whatever2:
jmp newmem
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
originalcode:
//movss [ecx+10],xmm0
exit:
jmp returnhere
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
whatever2:
movss [ecx+10],xmm0
//Alt: db F3 0F 11 41 10 |
Try this (you can find instructions on how to make your own script on the page that I have linked).
_________________
|
|
| Back to top |
|
|
STN
I post too much
 Reputation: 43
Joined: 09 Nov 2005
Posts: 2676
|
| Posted: Tue May 13, 2014 11:38 am Post subject: |
|
|
Huh so the crashes were because of checks after all. Yeah seemed odd otherwise.
Nikko is this on cracked version ? I have become interested in these checks lately and need all the test games i can get
_________________
|
|
| Back to top |
|
|
Niko
Cheater
![]() Reputation: 0
Joined: 28 Mar 2014
Posts: 33
|
| Posted: Tue May 13, 2014 11:46 am Post subject: |
|
|
| Geri wrote: | | Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
stealthedit(whatever1,007A4D52,5)
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
registersymbol(whatever2)
label(whatever2)
whatever1:
whatever2:
jmp newmem
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
originalcode:
//movss [ecx+10],xmm0
exit:
jmp returnhere
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
whatever2:
movss [ecx+10],xmm0
//Alt: db F3 0F 11 41 10 |
Try this (you can find instructions on how to make your own script on the page that I have linked). |
Thanks for the help geri. I think I actually got the hang of it. But I'm wondering, how to find ammo related things? Like weapon range, rate of fire, ammo type. Do I just disect the data/structures and search for them manually? I also have this other ammo script, which changes range and bullets per shot as well. It was also coded by you I think. Here it is:
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
stealthedit(whatever1,007A4D52,5)
registersymbol(whatever2)
label(returnhere)
label(whatever2)
label(originalcode)
label(exit)
whatever1:
whatever2:
jmp newmem
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
mov [ecx+44],447A0000 //range to 1000
mov [ecx+5C],64 //bullets in one shot to 100
originalcode:
//movss [ecx+10],xmm0
exit:
jmp returnhere
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
whatever2:
movss [ecx+10],xmm0
//Alt: db F3 0F 11 41 10
|
As you can see I edited it a lil. Unlimited ammo works but the other options don't. I was thinking of posting a new topic about this, but I guess I'll just ask here. Also thanks to the help to everyone who posted here. It's all appreciated.
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue May 13, 2014 12:02 pm Post subject: |
|
|
| Sleeping Dogs has custom anti-cheat.
|
|
| Back to top |
|
|
Geri
Moderator
![]() Reputation: 112
Joined: 05 Feb 2010
Posts: 5627
|
| Posted: Tue May 13, 2014 12:17 pm Post subject: |
|
|
Yes, I have fooled around a little bit with the weapons and I have posted this somewhere a long time ago. These stats were in the same structure as the ammo and I have found them just by trying out what is what. But as the code is affecting all weapons, this is giving epic weapons to enemies too. It was more like a fun option to fool around and not a proper cheat.
The offsets however may have been changed since then and it's possible that these cheats are not working anymore. Actually I am surprised that my god mode and ammo cheat is still working at all. You can try to look around in the same structure and find the correct offsets. Probably they have been moved by a few bytes only.
_________________
|
|
| Back to top |
|
|
Niko
Cheater
![]() Reputation: 0
Joined: 28 Mar 2014
Posts: 33
|
| Posted: Tue May 13, 2014 12:51 pm Post subject: |
|
|
| Geri wrote: | Yes, I have fooled around a little bit with the weapons and I have posted this somewhere a long time ago. These stats were in the same structure as the ammo and I have found them just by trying out what is what. But as the code is affecting all weapons, this is giving epic weapons to enemies too. It was more like a fun option to fool around and not a proper cheat.
The offsets however may have been changed since then and it's possible that these cheats are not working anymore. Actually I am surprised that my god mode and ammo cheat is still working at all. You can try to look around in the same structure and find the correct offsets. Probably they have been moved by a few bytes only. |
Well actually, they weren't working. I just found the instruction and I replaced it with the old one. It used to be something else for hp and ammo. I found the hp and ammo address for marines and I just saw that the instruction address is different. So I changed that and the scripts started working again. Atleast the ones related to hp. The ammo and pred energy I have to use this plugin you gave me, but I recently updated those aswell. If you want I can post the whole table I updated recently and say you created it. But I don't think anyone would use it concidering how little players this game has left.
Also
| ++METHOS" wrote: |
Sleeping Dogs has custom anti-cheat.
|
What did you mean?
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue May 13, 2014 1:05 pm Post subject: |
|
|
| Niko wrote: |
| ++METHOS" wrote: |
Sleeping Dogs has custom anti-cheat.
|
What did you mean? |
| STN wrote: | | I have become interested in these checks lately and need all the test games i can get |
|
|
| Back to top |
|
|
Niko
Cheater
![]() Reputation: 0
Joined: 28 Mar 2014
Posts: 33
|
| Posted: Tue May 13, 2014 1:12 pm Post subject: |
|
|
| STN wrote: | Huh so the crashes were because of checks after all. Yeah seemed odd otherwise.
Nikko is this on cracked version ? I have become interested in these checks lately and need all the test games i can get |
Ah I haven't seen your post. Sorry mate  . Well this is on the legit steam version of the game. But the solution was quite simple after all. I don't really know many hacking games, Im a beginner at cheat engine.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
