View previous topic :: View next topic |
Author |
Message |
coconutty How do I cheat? Reputation: 0
Joined: 18 Sep 2015 Posts: 2
|
Posted: Fri Sep 18, 2015 8:39 pm Post subject: |
|
|
Thank you, Rydian, for the extremely helpful tutorial. If I may ask a dumb question, how do you tell if an address is a "static address"? The pointer scanner mentions only finding "paths with a static address" but I don't know what characteristics identify an address as static. Is it denoted somewhere in the address list if you edit the address or something? In essence, I wouldn't recognize a static address if I stubbed my toe on it at this point.
Thank you!
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25287 Location: The netherlands
|
Posted: Sat Sep 19, 2015 3:16 am Post subject: |
|
|
if an address can be found using modulename+offset it's deemed static
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
XaneXXXX Expert Cheater Reputation: 0
Joined: 29 Nov 2012 Posts: 212
|
Posted: Mon Sep 21, 2015 5:37 pm Post subject: |
|
|
Rydian! You are awesome, the thing with injection copy has saved me a lot of time! Thank you
|
|
Back to top |
|
|
root426 Newbie cheater Reputation: 0
Joined: 09 Feb 2010 Posts: 22
|
Posted: Sat Oct 03, 2015 4:23 pm Post subject: |
|
|
lol thx man now i got my static addresses via script
|
|
Back to top |
|
|
danrevella Master Cheater Reputation: 2
Joined: 11 Jun 2008 Posts: 290
|
Posted: Tue Dec 15, 2015 4:27 pm Post subject: |
|
|
Hi!
Just now i've understand this great work, after re-reading it for the 4^ time...
(I know i'm a lot slow....)
BTW
I would like you extend this excellent job with these funcionality:
- automatically set the just find adress to a pre-determinate value
- automatically freeze the above table
I have try to realize this mixing lua and asm code, but for what I may understand also if it is putted at the end of the script the lua code is always execute before the asm code.
even worse, coz the table referred need sometimes a lot of seconds to execute, the code we wanna use for upgrade the value of the table then freezing it is never executed, coz this piece of the script is called before CE have the time to upgrade the symbol variable.
Maybe you wanna take care of this add?
BTW many thanks for your excellent work!!!
|
|
Back to top |
|
|
suetake How do I cheat? Reputation: 0
Joined: 05 Jan 2016 Posts: 3
|
Posted: Tue Jan 05, 2016 11:40 am Post subject: XYZ Coordonate |
|
|
Do the - Injection Copies method work to search the XYZ coordonate?
|
|
Back to top |
|
|
Rydian Grandmaster Cheater Supreme Reputation: 31
Joined: 17 Sep 2012 Posts: 1358
|
Posted: Tue Jan 05, 2016 7:47 pm Post subject: Re: XYZ Coordonate |
|
|
suetake wrote: | Do the - Injection Copies method work to search the XYZ coordonate? | Yeah, but depending on the game the same code might work on all entities instead of just the player one, in which case you'd want another method.
_________________
|
|
Back to top |
|
|
Jiehfeng Expert Cheater Reputation: 0
Joined: 03 Jan 2014 Posts: 107
|
Posted: Sun May 22, 2016 11:47 am Post subject: |
|
|
Hi again Rydian, lovely tutorial.
Works fine for me except in the process I use, let's say [rax], all sorts of things are stored in it. So for example when the script is activated and I have the address I added manually beneath it, getting money changes the address to money, then getting say experience changes the address to experience and so on. Basically [rax+28]; rax and the same offset 28 is used to store different things, what can I do here?
_________________
I know you're reading this, Hitler. |
|
Back to top |
|
|
PinPoint Expert Cheater Reputation: 10
Joined: 07 Apr 2016 Posts: 223 Location: Scotland
|
Posted: Wed May 25, 2016 4:12 am Post subject: |
|
|
Jiehfeng wrote: | Hi again Rydian, lovely tutorial.
Works fine for me except in the process I use, let's say [rax], all sorts of things are stored in it. So for example when the script is activated and I have the address I added manually beneath it, getting money changes the address to money, then getting say experience changes the address to experience and so on. Basically [rax+28]; rax and the same offset 28 is used to store different things, what can I do here? |
when you are in the memory viewer, right click on the instruction you are using and find out what addresses it accesses. do some things in game to populate the list. highlight a few or all of them if not that many and open them in dissect data and structures. here you can find a filter to use to only copy rax if it is for what you want. like the last step in CE tutorial.
|
|
Back to top |
|
|
Jiehfeng Expert Cheater Reputation: 0
Joined: 03 Jan 2014 Posts: 107
|
Posted: Wed May 25, 2016 12:11 pm Post subject: |
|
|
PinPoint wrote: | Jiehfeng wrote: | Hi again Rydian, lovely tutorial.
Works fine for me except in the process I use, let's say [rax], all sorts of things are stored in it. So for example when the script is activated and I have the address I added manually beneath it, getting money changes the address to money, then getting say experience changes the address to experience and so on. Basically [rax+28]; rax and the same offset 28 is used to store different things, what can I do here? |
when you are in the memory viewer, right click on the instruction you are using and find out what addresses it accesses. do some things in game to populate the list. highlight a few or all of them if not that many and open them in dissect data and structures. here you can find a filter to use to only copy rax if it is for what you want. like the last step in CE tutorial. |
Ohhh...!
So how would the code look like? Can I do it without an injection at an address like the aob tutorial in the OP? I already have the aobscan bytes necessary, so would it be something like this?
Code: |
[ENABLE]
//Let's assume I found a filter which is [rax+69]=8
aobscan(test,56 89 ?? ??) //etc...
label(start)
registersymbol(testum)
label(returnhere)
cmp [rax+69],8
je start
jmp returnhere
start:
test:
testum
returnhere:
[DISABLE]
//w/e
|
_________________
I know you're reading this, Hitler. |
|
Back to top |
|
|
Cake-san Grandmaster Cheater Reputation: 8
Joined: 18 Dec 2014 Posts: 541 Location: Semenanjung
|
|
Back to top |
|
|
Jiehfeng Expert Cheater Reputation: 0
Joined: 03 Jan 2014 Posts: 107
|
|
Back to top |
|
|
Cake-san Grandmaster Cheater Reputation: 8
Joined: 18 Dec 2014 Posts: 541 Location: Semenanjung
|
Posted: Thu May 26, 2016 4:40 am Post subject: |
|
|
Jiehfeng wrote: |
It has multiple solutions, the one I tried wasn't using aob. |
You can use aob,though. -_-
Code: |
[ENABLE]
aobscanmodule(_subhealth,Tutorial-i386.exe,D8 6B 04 D9 5D D0)
registersymbol(_subhealth)
alloc(newmem,48)
label(returnhere)
label(originalcode)
newmem:
cmp esi,01
jne originalcode
fsubr dword ptr [ebx+04]
originalcode:
fstp dword ptr [ebp-30]
jmp returnhere
_subhealth:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
_subhealth:
db D8 6B 04 D9 5D D0
//fsubr dword ptr [ebx+04]
//fstp dword ptr [ebp-30]
unregistersymbol(_subhealth)
|
_________________
... |
|
Back to top |
|
|
Jiehfeng Expert Cheater Reputation: 0
Joined: 03 Jan 2014 Posts: 107
|
Posted: Thu May 26, 2016 5:07 am Post subject: |
|
|
Cake-san wrote: | Jiehfeng wrote: |
It has multiple solutions, the one I tried wasn't using aob. |
You can use aob,though. -_-
Code: |
[ENABLE]
aobscanmodule(_subhealth,Tutorial-i386.exe,D8 6B 04 D9 5D D0)
registersymbol(_subhealth)
alloc(newmem,48)
label(returnhere)
label(originalcode)
newmem:
cmp esi,01
jne originalcode
fsubr dword ptr [ebx+04]
originalcode:
fstp dword ptr [ebp-30]
jmp returnhere
_subhealth:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
_subhealth:
db D8 6B 04 D9 5D D0
//fsubr dword ptr [ebx+04]
//fstp dword ptr [ebp-30]
unregistersymbol(_subhealth)
|
|
Thanks! Will try this out on the other game too.
_________________
I know you're reading this, Hitler. |
|
Back to top |
|
|
satanrules666 Advanced Cheater Reputation: 0
Joined: 31 Oct 2010 Posts: 70 Location: New Zealand
|
Posted: Wed Aug 31, 2016 9:16 pm Post subject: |
|
|
@Rydian
Awesome Tutorial
You helped me find two static pointers for health that always equal the same address and work everytime after game restarts and even a restart of my OS.
The game in question Farcry 3 V1.05 Uplay
One thing I did different Is instead of using the offset value of 1024 which eventually didn't find me enough I did what you suggested I ramped it up.
Instead of 1024 I used 3000 as the max offset and a level of 6 at the highest.
Took about 4 to 5 minutes sometimes a bit longer on an i7 3820K a wonderful intel CPU. Then went out of the game and rescaned which took sometimes 15 minutes well I have over 1 billion pointers. So after which it got me down to a smaller and smaller ammount eventually all the way down to two pointers which are the ones I use.
One thing I want to ask though is if I use the auto assembler method to find playerbase for me I add that and it always has a value of 0.
Odd seeing as it only accesses my health though the code that changes my health is
moss [esi+10],xmm0
Just wondering why this is it doesnt really matter I have a working autoscript that gives me godmode with no fall damage don't need a compare either.
"FC3_d3d11.dll"+3F2AFC
use code
mov [ecx+10],(float)300 and quote out the originalcode and then your all set.
_________________
|
|
Back to top |
|
|
|