|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Wombleinc How do I cheat? Reputation: 0
Joined: 03 Dec 2019 Posts: 8
|
Posted: Thu May 21, 2020 3:07 pm Post subject: Trying to find anything I can in don't starve or DST. |
|
|
Hello,
I am trying to find literally anything that I can use to get an address on don't starve. I've been told that pretty much every value is run through one or two addresses which I've found to be true. I have however found small details that I could use if I knew everything there was to know about assembly language.
I found that health is stored in a string as currenthealth but I don't know how to use this to create a script. I tried to disassemble this address and there is nothing that appears to be health around that string.
I've attached a lot of the stuff I've found below and would appreciate any help that I might could get. Let me know if you have any questions. I know this is prob the hardest game to find addresses for but it's honestly one of my favorite games.
Description: |
|
Filesize: |
36.31 KB |
Viewed: |
6212 Time(s) |
|
Description: |
|
Filesize: |
120.96 KB |
Viewed: |
6212 Time(s) |
|
Description: |
|
Filesize: |
114.25 KB |
Viewed: |
6212 Time(s) |
|
Description: |
|
Filesize: |
62.53 KB |
Viewed: |
6212 Time(s) |
|
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4300
|
Posted: Thu May 21, 2020 7:08 pm Post subject: |
|
|
I'm guessing you're trying to make some sort of an injection copy.
If you inject at 0036A31B, it could go something like this:
Code: | alloc(newmem,1024)
alloc(buf,4096)
label(code)
label(checkStrings)
label(strncmpLoop)
label(copyAddress)
label(reachedNullTerm)
label(getNextString)
label(cleanupInjection)
label(originalCode)
label(return)
label(healthAddr)
label(firefxAddr)
label(logAddr)
registersymbol(healthAddr)
registersymbol(firefxAddr)
registersymbol(logAddr)
// define address/string combinations here in buf
buf:
// align 20 - align sections to 32 (0x20) bytes
// foo: - registered symbol to use in table
// dd 0 - space for address (4 bytes)
// db 'bar',0 - string as it appears in the game (must be <28 chars)
align 20
healthAddr:
dd 0
db 'currenthealth',0
align 20
firefxAddr:
dd 0
db 'firefx',0
align 20
logAddr:
dd 0
db 'log',0
// etc...
dq 0 0 0 0 // necessary if you remove a section and reenable the script
newmem:
code:
push ebp
push edi
push esi
push edx
push ecx
push ebx
push eax
sub esp,8
mov [esp+4],ebp // [esp+4] = address of value
mov eax,[ebp+10]
mov esi,[eax+C] // size of string
cmp esi,F // game string should be <=15 chars to fit there
ja cleanupInjection // I don't presume what happens for >15; just exit
test esi,esi // if game's string is empty, exit
jz cleanupInjection
cmp byte ptr[buf+4],0 // if buf doesn't have any strings defined, exit
je cleanupInjection
lea edi,[eax+10] // game's string of characters
xor ebp,ebp
lea esi,[eax+esi+10] // esi = address of final byte in game string
mov [esp],edi // [esp] = address of game's string of chars
mov edi,buf+4 // edi = address of my strings to find
checkStrings:
mov edx,edi
mov eax,[esp] // address of game's string
strncmpLoop:
// eax = game's string, edx = my string
movzx ecx,byte ptr[eax]
movzx ebx,byte ptr[edx]
test cl,cl // if game's string ends, stop checking
jz reachedNullTerm
cmp cl,bl // if they differ, check my next string
jne getNextString
add eax,1
add edx,1
cmp eax,esi // if strings are the same so far and it hasn't reached
jne strncmpLoop // the end of the game's string, continue checking
copyAddress:
// if we made it here, the strings are the same
mov eax,[esp+4] // address of the value
sal ebp,5
mov [ebp+buf],eax // write to registered symbol
jmp cleanupInjection
reachedNullTerm:
// we reached a 0 byte in the game's string
// this should never happen (limited by game's specified size), but hey, just in case
cmp cl,bl
je copyAddress
getNextString:
// prepare next string to check
add edi,20
add ebp,1
cmp byte ptr[edi],0
jne checkStrings // if we have more strings to check, then check them
cleanupInjection:
// gracefully exit
add esp,8
pop eax
pop ebx
pop ecx
pop edx
pop esi
pop edi
pop ebp
originalcode:
mov ecx,[ebp+00]
//...
jmp return
| I didn't test this.
It's missing the disable section, aobscan, injection point code, and some of the original code, but it's mostly there.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Wombleinc How do I cheat? Reputation: 0
Joined: 03 Dec 2019 Posts: 8
|
Posted: Fri May 22, 2020 12:15 pm Post subject: |
|
|
I know this is a dumb question but could you possibly help me understand what this is doing? What is the sudo code behind this? Were basically comparing based on the currenthealth string and the fox string?
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4300
|
Posted: Fri May 22, 2020 1:12 pm Post subject: |
|
|
The comments are there to help people understand the code.
At a high level, it compares the game's string associated with a value against a list of provided strings. If one matches, it saves the address of the value like any other injection copy.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Wombleinc How do I cheat? Reputation: 0
Joined: 03 Dec 2019 Posts: 8
|
Posted: Fri May 22, 2020 1:21 pm Post subject: |
|
|
Here's another question for you if you don't mind. For something like this game and really other games but this one in particular what is the best path to learning what I need to know to find other things to use?
An example of what I mean:
- Should I start all the way at the beginning and learn x86 and x64 assembly? Is there things I can look into that go over video game structures? It seems everything I've looked into is tailored to a specific thing that has no relation when I am looking at a call structure in cheat engine.
-Would learning lua or another programming language help me better understand the structure of video game assembly? I'd love to be able to make my own tables when games that I have interest in come out or to re-do some older tables for games where the tables are outdated. An example being Stardew Valley (I know how to fix some things here and there if the addresses are semi the same or still near the original Array of bytes)
I'm slowly grasping concepts but I still get stuck on the way assembly works and what call structures are doing. I watch cheat the game, steven chatman and guided hacking but I still don't understand outside of the games they're using.
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4300
|
Posted: Fri May 22, 2020 3:13 pm Post subject: |
|
|
You should learn how to do something before seriously trying to do it. That's especially true for any programming language, not just x86/x64.
There's a lot of stuff in gamehacking that can't be discussed generally because games are different from one another. e.g. the way values are organized in structures will be completely different from one game to the next.
Scripting languages like Lua won't help you much with learning assembly. I guess it would be better than no prior programming experience, but you could draw better connections with a system programming language or at least something that's directly compiled to assembly.
I don't know what you mean by "call structure," but maybe you're looking for the term "calling conventions"? Or do you mean something more general, i.e. reading and understanding assembly? The former you can search for, the latter comes with continuous practice/experience over a long period of time.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|