View previous topic :: View next topic |
Author |
Message |
salumor Advanced Cheater Reputation: 0
Joined: 14 Jan 2019 Posts: 87
|
Posted: Wed Jan 23, 2019 1:29 pm Post subject: |
|
|
AntumDeluge wrote: | The "1" being dropped doesn't cause address conflict issues? | It should not. I mean that part is what the compiler (or sometimes programmer) does, creating routines to allocate unique addresses.
AntumDeluge wrote: | I think I found another tutorial that may be helpful for me: youtube dot com/watch?v=06t_hoWGa5c
Using the structure dissect, the offset "10" appears to be where "lives" value is stored (attached screenshot). | Nope! It's at +8 we already know. You used "086B9430-8" but you either need to set "086B9438-8" or "086B9430", don't subtract 8 twice (8+8=10 in hex).
The part you still need to do: Mark a view of the "changed addresses list" addresses, add them to the dissect structure. Then remove the first "1" from the address and add the -8 Offset. Then compare that to each other if you find something, that is unique for 086B9430.
There is also Cheat Engine Tutorial Step 9 you know. Or that too:
youtube com/watch?v=kpSRUJfaT1o
|
|
Back to top |
|
|
AntumDeluge Cheater Reputation: 0
Joined: 20 Dec 2018 Posts: 48
|
Posted: Wed Jan 23, 2019 2:26 pm Post subject: |
|
|
Ugh! That is going to be a pain because there are so many addresses in the changed addresses list.
|
|
Back to top |
|
|
salumor Advanced Cheater Reputation: 0
Joined: 14 Jan 2019 Posts: 87
|
Posted: Wed Jan 23, 2019 4:03 pm Post subject: |
|
|
Usually just a few are needed, sort them for address, select like idk 6 others, 2-3 quite close, others at start/end, choose Right mouse "open dissect data .." and it should prob. be enough. At least you don't need to add all of them.
But you may want to (at Structure Dissect) File\Save values, restart the game, attach, change Value Type, aob scan for the instruction to find it fast, and create the structure again. It helps you sort some things out that change at restart.
EDIT: What i forgott: since the main instruction is fst - it might be you can't find s.t. browsing these memory addresses but you rather need to take look at the stack (or if you see instructions including xmm also the FPU). Take a look at: https://reverseengineering.stackexchange.com/questions/16714/dealing-with-instructions-that-are-accessed-by-multiple-pieces-of-data
Last edited by salumor on Wed Jan 30, 2019 3:47 pm; edited 1 time in total |
|
Back to top |
|
|
AntumDeluge Cheater Reputation: 0
Joined: 20 Dec 2018 Posts: 48
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4299
|
Posted: Thu Jan 24, 2019 10:46 am Post subject: |
|
|
I took a brief look at it and that game looks like a statically compiled / linked virtual machine (more or less same effect as an emulator). Whoever came up with such a stupid idea should have their hands cut off.
If you're lucky, the pointer scanner is probably the easiest solution. You might be able to do something similar to step 9 of the tutorial. If these don't pan out, give up- you're probably wasting your time.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
AntumDeluge Cheater Reputation: 0
Joined: 20 Dec 2018 Posts: 48
|
Posted: Thu Jan 24, 2019 12:53 pm Post subject: |
|
|
Ya, been trying to do the pointer scanner for a while without success. I'll probably be giving up on it soon since I just wanted some changes for a single project.
ParkourPenguin wrote: | ... looks like a statically compiled / linked virtual machine ... Whoever came up with such a stupid idea should have their hands cut off. |
But perhaps a good anti-cheating method?
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1587
|
Posted: Thu Jan 24, 2019 4:21 pm Post subject: |
|
|
AntumDeluge wrote: | But perhaps a good anti-cheating method? |
nope.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
AntumDeluge Cheater Reputation: 0
Joined: 20 Dec 2018 Posts: 48
|
Posted: Thu Jan 24, 2019 6:40 pm Post subject: |
|
|
OldCheatEngineUser wrote: | nope. |
I'll opt to go along with the more experienced users.
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4299
|
Posted: Thu Jan 24, 2019 9:59 pm Post subject: |
|
|
AntumDeluge wrote: | But perhaps a good anti-cheating method? |
You figured out how to change lives, so evidently not. There are far better ways of deterring the reverse engineering of software. I'd guess it's something like the devs already had a code base and wanted to take the lazy way of doing things. Cheap to make but a shit product in the end. I guess it doesn't really matter since the only people who will notice it are the ones that dig into it.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
salumor Advanced Cheater Reputation: 0
Joined: 14 Jan 2019 Posts: 87
|
Posted: Fri Jan 25, 2019 2:17 pm Post subject: |
|
|
True and yet ..... Best example imo last 2,3? Assassin's Creed games (as being the only ones:) using Denuvo + VM Protect, so a Anti Tamper+VM in a VM. Yet, a quite neat table was possible (creating it wasn't an easy task too, still learning from it)- There are also many reports concerning the drain on cpu from tempering the code. If it's for anti-cracking methods, it at least would be nice to remove anything putting unnecessary load onto our systems once it's not needed anymore (like when when sales go way down or a crack comes out or whatever). Some examples do exist, but many - lazzy or just for the sake of it - wont. While it would make creating cheats, as well as understanding the process way easier.
I mean I do remember ... damn (what name was it?) it was some game promised to allow mods but their lack of own support + obfuscation methods turned to nearly no (like 1,5) mods (0,5 meaning something unfinished/buggy) at all (despite low sales). But that's OT.
Btt: On the screenshot, I at least do see one value for your player and 0 for others (just 2 other examples, but anyway). Some idea: it might be that instruction has on that offset just (I believe starting value is:) 3 in it. Esp 3 might break the game, but worth a try. (else would be just some static pointer on game restart, see edited post, search "What i forgott". If it works, it prob. breaks on game updates but till then ...)
Code: | globalalloc(lives,4)
lives:
dd: 0
mem:
pushf //preserve flags
cmp [lives],0
jne short code //a short check to just save the address once - if that does not lead to desired address may remove first cmp+jne, but be prepared for addr. changes
cmp [eax+edx+08],(double)3
jne short code
mov [lives],edx
add [lives],eax
code:
popf // restore flags
//all the rest of your code beginning with:
fst qword ptr [eax+edx+08] |
|
|
Back to top |
|
|
|