 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
MyNameIssIemaNyM
How do I cheat?
![]() Reputation: 0
Joined: 24 Jan 2024
Posts: 2
|
 Posted: Wed Jan 24, 2024 6:10 pm Post subject: trying to understand how cheat tables function |
 |
|
hey there, ive been trying to understand cheat engine and its tables, specially ive read about aob and table upgrade tutorials along with cheat engine tutorials itself. but i havent been able to understand much of it since im a slow learner. i have this old table that i wanted to upgrade for a new version. i know that this kind of question have been asked alot and ive read most of them if not all. but the difference is, im also am trying to understand tables and my errors of thinking. the old code looks like this:
| Code: |
"mb_warband.exe"+1D9545: FF D2 - call edx
"mb_warband.exe"+1D9547: A1 A0 72 8B 00 - mov eax,[mb_warband.exe+4B72A0]
"mb_warband.exe"+1D954C: 83 B8 38 95 01 00 00 - cmp dword ptr [eax+00019538],00
"mb_warband.exe"+1D9553: 8B 8E A0 01 00 00 - mov ecx,[esi+000001A0]
"mb_warband.exe"+1D9559: 8B 11 - mov edx,[ecx]
"mb_warband.exe"+1D955B: 74 08 - je mb_warband.exe+1D9565
"mb_warband.exe"+1D955D: 8B 82 D8 00 00 00 - mov eax,[edx+000000D8]
"mb_warband.exe"+1D9563: EB 06 - jmp mb_warband.exe+1D956B
"mb_warband.exe"+1D9565: 8B 82 DC 00 00 00 - mov eax,[edx+000000DC]
"mb_warband.exe"+1D956B: FF D0 - call eax
// ---------- INJECTING HERE ----------
"mb_warband.exe"+1D956D: D9 85 00 60 00 00 - fld dword ptr [ebp+00006000]
// ---------- DONE INJECTING ----------
"mb_warband.exe"+1D9573: D9 86 18 02 00 00 - fld dword ptr [esi+00000218]
"mb_warband.exe"+1D9579: DA E9 - fucompp
"mb_warband.exe"+1D957B: DF E0 - fnstsw ax
"mb_warband.exe"+1D957D: F6 C4 44 - test ah,44
"mb_warband.exe"+1D9580: 0F 8B 89 00 00 00 - jnp mb_warband.exe+1D960F
"mb_warband.exe"+1D9586: D9 85 00 60 00 00 - fld dword ptr [ebp+00006000]
"mb_warband.exe"+1D958C: 8B 8E E8 01 00 00 - mov ecx,[esi+000001E8]
"mb_warband.exe"+1D9592: D9 9E 18 02 00 00 - fstp dword ptr [esi+00000218]
"mb_warband.exe"+1D9598: E8 C3 0B E3 FF - call mb_warband.exe+A160
"mb_warband.exe"+1D959D: 8D 4C 24 60 - lea ecx,[esp+60]
|
and by digging through memory view and in-game tests, ive figured that the above adresses have turned into this:
| Code: |
"mb_warband.exe"+1D54F5: FF D2 - call edx
"mb_warband.exe"+1D54F7: A1 A0 72 8B 00 - mov eax,[mb_warband.exe+4B72A0]
"mb_warband.exe"+1D54FC: 83 B8 38 95 01 00 00 - cmp dword ptr [eax+00019538],00
"mb_warband.exe"+1D5503: 8B 8E A0 01 00 00 - mov ecx,[esi+000001A0]
"mb_warband.exe"+1D5509: 8B 11 - mov edx,[ecx]
"mb_warband.exe"+1D550B: 74 08 - je mb_warband.exe+1D9565
"mb_warband.exe"+1D550D: 8B 82 D8 00 00 00 - mov eax,[edx+000000D8]
"mb_warband.exe"+1D5513: EB 06 - jmp mb_warband.exe+1D956B
"mb_warband.exe"+1D5515: 8B 82 DC 00 00 00 - mov eax,[edx+000000DC]
"mb_warband.exe"+1D551B: FF D0 - call eax
// ---------- INJECTING HERE ----------
"mb_warband.exe"+1D551D: D9 85 00 60 00 00 - fld dword ptr [ebp+00006000]
// ---------- DONE INJECTING ----------
"mb_warband.exe"+1D5523: D9 86 18 02 00 00 - fld dword ptr [esi+00000218]
"mb_warband.exe"+1D5529: DA E9 - fucompp
"mb_warband.exe"+1D552B: DF E0 - fnstsw ax
"mb_warband.exe"+1D552D: F6 C4 44 - test ah,44
"mb_warband.exe"+1D5530: 0F 8B 89 00 00 00 - jnp mb_warband.exe+1D960F
"mb_warband.exe"+1D5536: D9 85 00 60 00 00 - fld dword ptr [ebp+00006000]
"mb_warband.exe"+1D553C: 8B 8E E8 01 00 00 - mov ecx,[esi+000001E8]
"mb_warband.exe"+1D5542: D9 9E 18 02 00 00 - fstp dword ptr [esi+00000218]
"mb_warband.exe"+1D5548: E8 C3 0B E3 FF - call mb_warband.exe+A160
"mb_warband.exe"+1D554D: 8D 4C 24 60 - lea ecx,[esp+60]
|
but, by just overwriting the new address the table didnt work (the checkbox didnt become clickable), so im curious where is the error here. this is the full code:
| Code: |
<CheatEntry>
<ID>8430</ID>
<Description>"God Mode"</Description>
<LastState Activated="1"/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>{
Game : mb_warband.exe
Version:
Date :
Author : Sbryzl
}
[ENABLE]
aobscanmodule(GodMode,mb_warband.exe,83 EC 08 D9 96 00 60 00 00)
registersymbol(GodMode)
aobscanmodule(PbHP,mb_warband.exe,D9 85 00 60 00 00 D9)
registersymbol(PbHP)
aobscanmodule(GMespC,mb_warband.exe,80 BF ? ? 00 00 00 0F 84 ? ? 00 00 8D 44 24 20 )
registersymbol(GMespC)
label(HorseGM)
registersymbol(HorseGM)
alloc(PbHPMem,1000,mb_warband.exe)
PbHPMem:
fld dword ptr [ebp+00006000]
mov [PBHealth],ebp
jmp ret_PbHP
GMmem:
cmp [esp+c],GMespC
jne GMexit
cmp esi,[PBHealth]
jne short HorseGM
fstp st(0)
fld [esi+00005ffc]
HorseGM:
cmp dword ptr [ecx+5ff0],-1
je GMreturn
GMexit:
fst dword ptr [esi+00006000]
@@:
jmp GMreturn
PBHealth:
dd 0
GodMode+3:
jmp GMmem
nop
GMreturn:
PbHP:
jmp PbHPMem
nop
ret_PbHP:
[DISABLE]
GodMode+3:
db D9 96 00 60 00 00
PbHP:
db D9 85 00 60 00 00
unregistersymbol(GodMode)
unregistersymbol(PbHP)
unregistersymbol(GMespC)
unregistersymbol(HorseGM)
dealloc(PbHPMem)
{
// ORIGINAL CODE - INJECTION POINT: "mb_warband.exe"+1D956D
"mb_warband.exe"+1D9545: FF D2 - call edx
"mb_warband.exe"+1D9547: A1 A0 72 8B 00 - mov eax,[mb_warband.exe+4B72A0]
"mb_warband.exe"+1D954C: 83 B8 38 95 01 00 00 - cmp dword ptr [eax+00019538],00
"mb_warband.exe"+1D9553: 8B 8E A0 01 00 00 - mov ecx,[esi+000001A0]
"mb_warband.exe"+1D9559: 8B 11 - mov edx,[ecx]
"mb_warband.exe"+1D955B: 74 08 - je mb_warband.exe+1D9565
"mb_warband.exe"+1D955D: 8B 82 D8 00 00 00 - mov eax,[edx+000000D8]
"mb_warband.exe"+1D9563: EB 06 - jmp mb_warband.exe+1D956B
"mb_warband.exe"+1D9565: 8B 82 DC 00 00 00 - mov eax,[edx+000000DC]
"mb_warband.exe"+1D956B: FF D0 - call eax
// ---------- INJECTING HERE ----------
"mb_warband.exe"+1D956D: D9 85 00 60 00 00 - fld dword ptr [ebp+00006000]
// ---------- DONE INJECTING ----------
"mb_warband.exe"+1D9573: D9 86 18 02 00 00 - fld dword ptr [esi+00000218]
"mb_warband.exe"+1D9579: DA E9 - fucompp
"mb_warband.exe"+1D957B: DF E0 - fnstsw ax
"mb_warband.exe"+1D957D: F6 C4 44 - test ah,44
"mb_warband.exe"+1D9580: 0F 8B 89 00 00 00 - jnp mb_warband.exe+1D960F
"mb_warband.exe"+1D9586: D9 85 00 60 00 00 - fld dword ptr [ebp+00006000]
"mb_warband.exe"+1D958C: 8B 8E E8 01 00 00 - mov ecx,[esi+000001E8]
"mb_warband.exe"+1D9592: D9 9E 18 02 00 00 - fstp dword ptr [esi+00000218]
"mb_warband.exe"+1D9598: E8 C3 0B E3 FF - call mb_warband.exe+A160
"mb_warband.exe"+1D959D: 8D 4C 24 60 - lea ecx,[esp+60]
}
</AssemblerScript>
<CheatEntries>
<CheatEntry>
<ID>8431</ID>
<Description>"Kill Horses"</Description>
<LastState Activated="1"/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
HorseGM:
jmp short +b
[DISABLE]
HorseGM:
cmp dword ptr [ecx+5ff0],-1
</AssemblerScript>
</CheatEntry>
</CheatEntries>
</CheatEntry>
|
thanks in advance <3
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4718
|
| Posted: Wed Jan 24, 2024 6:51 pm Post subject: |
|
|
There's 3 different aobscans happening in that one script. Check all of them.
In the "Memory Scan Options" panel in the main window, set "All" to the main exe, right click the area with Writable / Executable / CoW checkboxes, and select "Preset: Scan all memory"
| MyNameIssIemaNyM wrote: | | but, by just overwriting the new address the table didnt work |
The script is using aobscans, there is no "new address" to overwrite...
If you're just changing the comment at the end, that's not going to do anything.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
MyNameIssIemaNyM
How do I cheat?
![]() Reputation: 0
Joined: 24 Jan 2024
Posts: 2
|
| Posted: Wed Jan 24, 2024 7:14 pm Post subject: |
|
|
thank you very much for taking the time to reply to me, i feel less stupid than before i posted my message lol
just to understand it better, are these:
| Code: |
aobscanmodule(GodMode,mb_warband.exe,83 EC 08 D9 96 00 60 00 00)
registersymbol(GodMode)
aobscanmodule(PbHP,mb_warband.exe,D9 85 00 60 00 00 D9)
registersymbol(PbHP)
aobscanmodule(GMespC,mb_warband.exe,80 BF ? ? 00 00 00 0F 84 ? ? 00 00 8D 44 24 20 )
registersymbol(GMespC)
label(HorseGM)
registersymbol(HorseGM)
|
the only piece that i have to edit or am i doomed to evaluate everything?
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4718
|
| Posted: Wed Jan 24, 2024 7:42 pm Post subject: |
|
|
Well you should find out why it isn't working in the first place. Try to activate the memory record, and after it fails, right click on it and the error message should be at the top.
My bet is not all the AOB patterns could be found.
If the original code changed, then you might have to change the injected code. e.g. maybe the offset 6000 in the GodMode injection point changed to something else.
You might have to change the injected code anyway. e.g. maybe [esp+C] is the wrong value now. No idea.
That's a future problem if the script doesn't work or crashes the game after it's activated. For now, just figure out which aob can't be found and fix it (find the new pattern).
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
