View previous topic :: View next topic |
Author |
Message |
Tanerseto How do I cheat? Reputation: 0
Joined: 19 Nov 2017 Posts: 1
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1587
|
Posted: Sun Nov 19, 2017 11:36 pm Post subject: |
|
|
code injection is useless for games with non-static addresses or as many users say non-module addressing.
use ArrayOfByte for this purpose, and keep in mind aob scan can take time especially for fully dynamic games / programs.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
Tanerseto How do I cheat? Reputation: 0
Joined: 19 Nov 2017 Posts: 1
|
Posted: Tue Nov 21, 2017 1:06 pm Post subject: |
|
|
OldCheatEngineUser wrote: | code injection is useless for games with non-static addresses or as many users say non-module addressing.
use ArrayOfByte for this purpose, and keep in mind aob scan can take time especially for fully dynamic games / programs. |
I've tried but I still can not get it this is very difficult, can you please send me a video tutorial because the game is really different i need tutorial with video please
with best regards yours Tanerseto
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1587
|
Posted: Tue Nov 21, 2017 1:43 pm Post subject: |
|
|
i have no video tutorial, its not as difficult as you say it just need time:
- AutoAssemble the instruction you want
- add extra bytes for the next instructions (at least a string of 30 aob)
- close the game
- re-find the instruction you want
- replace the changed bytes with wild cards * ? ** ?? *? ?*
- repeat until you get a valid aob
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Tue Nov 21, 2017 6:51 pm Post subject: |
|
|
You can probably skip some restarting by knowing that the bytes most likely to change are the ones from instructions with constant values eg.
89 86 88000000 - mov [esi+00000088],eax
The 88 offset is encoded into the instruction in the 4 bytes after 89 86 as 88000000, if the game updates that structure then that offset may change. It's a pain to deal with trying to make scripts handle changing offsets so most don't try and just recreate the script in these cases
E8 CB0F0000 call 32224378 (at 322233A8)
In this case it's calling a constant value but instead of being encoded directly it's the offset from the instructions address to the new address that's encoded, CB0F0000 = FCB (big endian) and 32224378 - 322233A8 = FD0, now FD0-FCB = 5 which is the length of the call instruction itself
83 C4 10 add esp, 10
83 EC 0C sub esp, C
these value are also encoded into the instructions, however if these change that means the number (or size) of local variables on the stack have changed (since esp is the stack pointer, ebp also often points into the stack if the game uses a frame pointer) so the rest of the function has probably changed as well.
In this case I'd initially just replace the offsets for the calls with *s and leave the rest, leaving you with an AOB like this: 89 86 88 00 00 00 83 EC 0C 56 E8 * * * * 83 C4 10 83 EC 0C 56 E8 * * * * 83 C4 10 83 EC 0C 56 E8
Now depending on whether there are any other places in memory with that same byte pattern that may or may not be unique as it is, if it's not you'll need to add more bytes (adding more to the end won't affect the script but adding to the start will require you to use label+some_offset since then the bytes you intend to change are several bytes past the start of the aob).
edit: to be clear that's enough to get an AOB to find it, but to keep it simple you need to make sure that you don't overwrite any of the instructions that you had to use wildcards for (calls in this case); At least not if you want to keep that instruction, since you can't simply rewrite it in newly allocated memory when you don't know the new location. In this case you have 10 bytes before any instructions that included a wildcard which should be enough for a jmp to allocated memory.
It's possible without too much difficulty if you wanted to nop a call since then you could copy the original bytes somewhere and then restore them on disable but you can't just copy the original bytes to new memory and then execute them since it's using an offset from the address (which is now different and thus it'd call a different address).
|
|
Back to top |
|
|
Tanerseto How do I cheat? Reputation: 0
Joined: 19 Nov 2017 Posts: 1
|
Posted: Thu Nov 23, 2017 11:03 am Post subject: Its me Again i have good and bad Messages |
|
|
1 Good message super tutorials thanks i have scripted the game Umbrella corps after restart work fine is ok
that works the scripts are loading is ok
2. But the bad message is
I can not create a Trainer.exe in Umbrella corps
that does not accept
I enter set hotkeys numeric 1 in script and activate sound and deactivate sound add, in cheat engine works fine but in Trainer.exe
hear only the deactivated sound and not working the trainer i tried with 32 bit with 64 bit and fastest none default max and with features used,
but the trainer not working I've done something wrong or something I have to note something I overlooked ? please help
|
|
Back to top |
|
|
Tanerseto How do I cheat? Reputation: 0
Joined: 19 Nov 2017 Posts: 1
|
Posted: Mon Nov 27, 2017 12:30 pm Post subject: |
|
|
Hello please help me this problem i waiting for answer i can't create Trainer.exe with this script i found and create script with array of byte but my Created Trainer.exe not working
what did I do wrong ? please help
|
|
Back to top |
|
|
|