 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Sobeit
How do I cheat?
![]() Reputation: 0
Joined: 21 Dec 2019
Posts: 2
|
 Posted: Sat Dec 21, 2019 12:36 am Post subject: Need help with access/writes |
 |
|
New to all this, please forgiveth me.
I am trying to make terraforming instant in Stellaris, I have found pointers for research which allowed me to change the time and make it instant complete, I am not able to with the timer when it comes to terraforming a planet, I can find the timer address every time and change the value no problem, but obviously it will change per new game.
Please take a look at this and tell me what I can do to achieve my goal. (obvious learn wtf I am doing first, but that's why I am here lol)
The following writes to 28B80A2E7B7
| Code: |
7FF7C9A69DAD - 45 01 77 0C - add [r15+0C],r14d
7FF7C9A69DA6 - 48 C1 E8 3F - shr rax,3F
7FF7C9A69DAA - 4C 03 F0 - add r14,rax
7FF7C9A69DAD - 45 01 77 0C - add [r15+0C],r14d <<
7FF7C9A69DB1 - 41 8B 47 10 - mov eax,[r15+10]
7FF7C9A69DB5 - 41 39 47 0C - cmp [r15+0C],eax
RAX=0000000000000000
RBX=0000000000000000
RCX=00000000000003E8
RDX=000000000001F400
RSI=0000028B63947040
RDI=0000028B65601530
RSP=00000096E43FD0F0
RBP=00000096E43FD159
RIP=00007FF7C9A69DB1
R8=000000000000008A
R9=000000000000008A
R10=0000028B65601530
R11=0000028B63947040
R12=0000000000000000
R13=00007FF7CAC62A50
R14=00000000000003E8
R15=0000028B80A2E7B0
|
Assuming because idk, [r15+0C],r14d, is "r14d the value" input into "[r15+0C]" and to find the value of r14d, I need to figure out the equation inbetween the below code or further up.
| Code: |
stellaris.exe+1A9D4F - 48 8B 05 1ACF7A01 - mov rax,[stellaris.exe+1956C70] { (2851A04E060) }
stellaris.exe+1A9D56 - 8B 88 E4440000 - mov ecx,[rax+000044E4]
stellaris.exe+1A9D5C - C1 E9 05 - shr ecx,05 { 5 }
stellaris.exe+1A9D5F - 48 8B 82 50160000 - mov rax,[rdx+00001650]
stellaris.exe+1A9D66 - F6 C1 01 - test cl,01 { 1 }
stellaris.exe+1A9D69 - 49 63 C8 - movsxd rcx,r8d
stellaris.exe+1A9D6C - 8B 44 C8 04 - mov eax,[rax+rcx*8+04]
stellaris.exe+1A9D70 - 74 10 - je stellaris.exe+1A9D82
stellaris.exe+1A9D72 - 85 C0 - test eax,eax
stellaris.exe+1A9D74 - 78 09 - js stellaris.exe+1A9D7F
stellaris.exe+1A9D76 - 41 3B C6 - cmp eax,r14d
stellaris.exe+1A9D79 - 41 0F4F C6 - cmovg eax,r14d
stellaris.exe+1A9D7D - EB 03 - jmp stellaris.exe+1A9D82
stellaris.exe+1A9D7F - 41 8B C4 - mov eax,r12d
stellaris.exe+1A9D82 - 41 03 C6 - add eax,r14d
stellaris.exe+1A9D85 - 48 63 C8 - movsxd rcx,eax
stellaris.exe+1A9D88 - 48 69 D1 E8030000 - imul rdx,rcx,000003E8 { 1000
}
stellaris.exe+1A9D8F - 48 B8 CFF753E3A59BC420 - mov rax,20C49BA5E353F7CF { -481036337 }
stellaris.exe+1A9D99 - 48 F7 EA - imul rdx
stellaris.exe+1A9D9C - 4C 8B F2 - mov r14,rdx
stellaris.exe+1A9D9F - 49 C1 FE 07 - sar r14,07 { 7 }
stellaris.exe+1A9DA3 - 49 8B C6 - mov rax,r14
stellaris.exe+1A9DA6 - 48 C1 E8 3F - shr rax,3F { 63 }
stellaris.exe+1A9DAA - 4C 03 F0 - add r14,rax
stellaris.exe+1A9DAD - 45 01 77 0C - add [r15+0C],r14d
|
I guess my question is, how can I alter/code "add [r15+0C],r14d"?, as all my addresses are accessed by this instruction. Lost at this point, for now I manually see what addresses are accessing it and double tap the address every time I start a new terraform operation so I can adjust to the value that will complete it.
|
|
| Back to top |
|
 |
Csimbi
I post too much
 Reputation: 94
Joined: 14 Jul 2007
Posts: 3110
|
| Posted: Sat Dec 21, 2019 3:42 am Post subject: |
|
|
Let's see.
| Code: |
7FF7C9A69DA6 - 48 C1 E8 3F - shr rax,3F -> shift RAX right 63 times -> RAX will be either 0 or 1. (Could be a flag for paused or running or some bonus?)
7FF7C9A69DAA - 4C 03 F0 - add r14,rax -> add 0 or 1 to R14. (No progress when paused?)
7FF7C9A69DAD - 45 01 77 0C - add [r15+0C],r14d << you know this
7FF7C9A69DB1 - 41 8B 47 10 - mov eax,[r15+10] -> get required value?
7FF7C9A69DB5 - 41 39 47 0C - cmp [r15+0C],eax -> see if we have reached required value
|
So, if I were to make it instant build, I would insert one or two instructions before cmp, like this:
| Code: | mov eax,[r15+10] -> get required value
mov [r15+0C],eax -> replace current value with required value
mov r14d,eax -> replace current value with max in R14 as well, see if the remainder of code uses it, if not, this is not required
cmp [r15+0C],eax -> see if we have reached
|
|
|
| Back to top |
|
|
Sobeit
How do I cheat?
![]() Reputation: 0
Joined: 21 Dec 2019
Posts: 2
|
| Posted: Sat Dec 21, 2019 11:54 am Post subject: |
|
|
Thank you, I will see what I can do.
update;
| Csimbi wrote: | Let's see.
| Code: |
7FF7C9A69DA6 - 48 C1 E8 3F - shr rax,3F -> shift RAX right 63 times -> RAX will be either 0 or 1. (Could be a flag for paused or running or some bonus?)
7FF7C9A69DAA - 4C 03 F0 - add r14,rax -> add 0 or 1 to R14. (No progress when paused?)
7FF7C9A69DAD - 45 01 77 0C - add [r15+0C],r14d << you know this
7FF7C9A69DB1 - 41 8B 47 10 - mov eax,[r15+10] -> get required value?
7FF7C9A69DB5 - 41 39 47 0C - cmp [r15+0C],eax -> see if we have reached required value
|
So, if I were to make it instant build, I would insert one or two instructions before cmp, like this:
| Code: | mov eax,[r15+10] -> get required value
mov [r15+0C],eax -> replace current value with required value
mov r14d,eax -> replace current value with max in R14 as well, see if the remainder of code uses it, if not, this is not required
cmp [r15+0C],eax -> see if we have reached
|
|
Worked as intended, thank you! I think I need to get more familiar with Opcodes and their functions.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
