 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
 Posted: Sat Jul 22, 2023 4:49 am Post subject: |
 |
|
Currently, it seems that you are not really doing anything with your script. It will help for us to understand what it is that you are trying to do, as some solutions may not be suitable. As you say, some methods may freeze the process, which is usually not ideal.
You can incorporate a timer. This will allow the target process to continue executing code, without freezing on you.
Unless you want to use Lua, this may require injecting at an instruction that gets accessed constantly. You can simply create a flag that will trigger the timer, then have the timer count down until it reaches 0, at which point, another flag can be set that will instruct the program to jump to the code where you will manipulate something.
Depending on what you are trying to accomplish, and the nature of it, you may use the target's built-in code to trigger the timer (based on a specific value or event that is reached etc.), or, you can set up a manual trigger to initialize the timer yourself. |
|
| Back to top |
|
 |
potentialunexplored
How do I cheat?
![]() Reputation: 0
Joined: 06 Mar 2023
Posts: 8
|
| Posted: Sat Jul 22, 2023 6:14 am Post subject: |
|
|
Hi ++METHOS! Thanks for your reply,
Function I'm editing controls entities' physics behavior. This chunk of code in particular disengages entities from physics engine. The goal is to make certain type of entities stay engaged for longer, while every other type would get handled as usual. Oh yeah and this instruction runs constantly as soon as entity gets engaged.
Thus, by doing compare I isolated the type I needed, for which the value at [ecx+30] equals 1. What's left is to just add delay, and apparently it's a whole thing.
I'm not opposed to lua per se but a) it'll take a while to get accustomed, b) ultimately I plan to modify the .dll permanently and right now I'm not sure how well that's gonna go over using lua.
Mind sharing an example of what this timer would look like? |
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sat Jul 22, 2023 6:38 am Post subject: |
|
|
What is the actual, original code? Is it this, or has this been modified?:
| Code: | popf
mov eax,[ecx]
mov eax,[eax+10]
jmp return |
Also, which line of code resets the behavior? |
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sat Jul 22, 2023 7:20 am Post subject: |
|
|
You may need to select an injection point that will give you control over which entities are reset, or, make use of multiple injection points. If commenting out the original code will do the trick, then maybe this injection point can be used.
You should be able to find the instruction that actually does the resetting. With said instruction, you should be able to filter out any entities that you do not want to be affected. I would look/step inside one of the calls to see if there is anything viable.
Either way, for a delay/timer you could structure it like the following (I have not thoroughly checked or tested this):
| Code: | [ENABLE]
aobscanmodule(Inject,Engine.dll,8B 01 8B 40 10 FF D0 84 C0 75 59) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
label(timer_start)
label(timer_stop)
label(run_timer)
label(modified_code)
label(timer_value)
registersymbol(timer_value)
registersymbol(timer_start)
newmem:
cmp byte ptr [ecx+30], 1
jne code
cmp byte ptr [timer_start],1 //checks to see if timer has been triggered
je run_timer
jmp code
run_timer:
sub [timer_value],1
cmp [timer_value],0
je timer_stop
jmp modified_code
timer_stop:
mov byte ptr [timer_start],0
jmp code
modified_code:
//mov eax,[ecx] //this is where you would normally disable the reset that occurs, but since this injection point may not handle that, then you may need to choose a different location
//mov eax,[eax+10]
jmp return
code:
mov eax,[ecx]
mov eax,[eax+10]
jmp return
timer_value:
dd 0
timer_start:
db 0
Inject:
jmp newmem
return:
registersymbol(Inject)
[DISABLE]
Inject:
db 8B 01 8B 40 10
dealloc(newmem)
unregistersymbol(Inject)
unregistersymbol(timer_value)
unregistersymbol(timer_start) |
Once the script is added to your cheat table, you will want to create an entry for timer_value and timer_start. Just add address manually, and set the address to those names. Change the byte type. Create a hotkey that will set the timer_start to 1. This will activate the timer. If you do not wish to do this manually, then you can set it up to activate automatically, depending on your preference. I am not sure if this would be ideal, though.
Also, create a hotkey that will set the timer_value to whatever you prefer (whatever value you set here, will determine the length of the delay).
Probably, this won't work, based on the information that you have provided. But, it should at least give you something to work with or some idea about how to set a delay. |
|
| Back to top |
|
|
potentialunexplored
How do I cheat?
![]() Reputation: 0
Joined: 06 Mar 2023
Posts: 8
|
| Posted: Sat Jul 22, 2023 9:24 am Post subject: |
|
|
Yeah I don't think that's gonna work, since there are a lot of objects engaging & disengaging with the physics engine simultaneously.
I don't have a lot of experience but I guess I expected Assembly to not be so effing adverse to timers for some reason.
Anyhoo. I'll scour the net & see how lua timer works out & report back |
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sat Jul 22, 2023 9:29 am Post subject: |
|
|
Did you try the script?
Even if there are many objects interacting with the engine, you should still be able to filter them out. Using Lua may not help much unless you can find a way to filter out what you want while also applying a timer to the appropriate function.
There may also be other ways. |
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4702
|
| Posted: Sat Jul 22, 2023 11:25 am Post subject: |
|
|
| potentialunexplored wrote: | | I don't have a lot of experience but I guess I expected Assembly to not be so effing adverse to timers for some reason. |
A lot of people seem to think when you run the AA script the assembly gets executed immediately. That's not what happens.
That assembly is a list of instructions. When you modify it, you change what the game does when it would've originally executed those instructions. Trying to stop the game from executing instructions for a few seconds while allowing it to continue executing instructions for that duration is quite obviously ridiculous.
Look into the lower level details of asynchronous programming (state machines, epoll/kqueue, etc) for the gory details of how to work around such a ridiculous contradiction. Spoiler: it's only a workaround at a higher level than assembly.
| potentialunexplored wrote: | | Function I'm editing controls entities' physics behavior. This chunk of code in particular disengages entities from physics engine. The goal is to make certain type of entities stay engaged for longer, while every other type would get handled as usual. Oh yeah and this instruction runs constantly as soon as entity gets engaged. |
Doesn't that last sentence contradict the second? If that chunk of code disengages entities from the physics engine and is constantly run as soon as entities are engaged, then that would mean entities get disengaged from the physics engine as soon as they get engaged...
Maybe you should spend more time reverse engineering around there. Perhaps there's a jcc you can find that determines when entities are disengaged. Perhaps you can find a timer the game uses from that: could be a time ticking down, or a duration and/or timestamp in milliseconds.
I strongly believe that injection point you're using now won't help you.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
potentialunexplored
How do I cheat?
![]() Reputation: 0
Joined: 06 Mar 2023
Posts: 8
|
| Posted: Sun Jul 23, 2023 12:59 pm Post subject: |
|
|
| ParkourPenguin wrote: | Doesn't that last sentence contradict the second? If that chunk of code disengages entities from the physics engine and is constantly run as soon as entities are engaged, then that would mean entities get disengaged from the physics engine as soon as they get engaged...
|
My bad, not the best phrasing.
The instruction I was injecting at does run constantly when then entity is engaged. The instruction that disengages it is further down, by chunk I meant the whole "area" of code.
Anyhow you were absolutely right! It was worth it to look around a bit more, after some break & tracing I've found a beautiful little function that not only affected only the type of entities I was looking for, it also had a built in timer which was very easy to edit! So that's that.
++METHOS thanks for your help as well! |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
