Cheat Engine

shadesdude · Newbie cheater Reputation: 0 Joined: 09 Dec 2006 Posts: 18

I know that this function reads a struct from a DMA section but my eyes are starting to blur so if someone is up for it I'd appreciate some help in figuring out how it does it. Thanks

memread:

Labyrnth · Moderator Reputation: 10 Joined: 28 Nov 2006 Posts: 6301

Need more info, Whats it doing in game possibly opcodes too for the instructions.

shadesdude · Newbie cheater Reputation: 0 Joined: 09 Dec 2006 Posts: 18

Heh that's what I'm trying to backwards engineer. I think what it does is you pass an offset to it then it reconstructs the data by square brackets. But I'm trying to figure out where it grabs the offsets from.

Example of a graphical struct floating out in DMA:

[1, 212, 15, 8, 0, 0, -1056964609, 0, 0, None, 0, 12, [24, 97, 266], 0, 0, 1, 1, [(1, -1, -1090519040)], 0, False, False, None, None, None, 0, None, False, u'<t>8,264m<t>Asteroid (Dense Veldspar)']

So this should create an object on screen with the text "8,264m Asteroid" (Dense Veldspar) and I'm looking for a way to collect these values.

If this gives you any help this is stuck at the beginning of the allocated space. I checked it out briefly but couldn't really find any specs.

XSLT, XSL Transformations

XSLT (16-Nov-1999) is a W3C Recommendation. It is specified in
http://www.w3.org/TR/xslt/
BASE -- the basic namespace defined by this specification

Edit : Ahhh so it's constructing the screen with XML cool
http://www.w3.org/TR/xslt

Labyrnth · Moderator Reputation: 10 Joined: 28 Nov 2006 Posts: 6301

Backwards engineer Smile

Um no-one is going to steal your work.

By saying asteroids i take it is some kind of space shooter or something,
That might be really hard to get if they are randomly generated you think ?

That could be anywheres between screen resolution pixels with the handle of the object. Unless your meaning the number showing by the asteroid, of the distance or something.

shadesdude · Newbie cheater Reputation: 0 Joined: 09 Dec 2006 Posts: 18

It's Eve-Online so it shoud be fun to take apart. I'm not looking to write to it just read the items. Heh I have no idea what any of the constructors are. I think all the data is saved locally and is updated when the server says your character goes into a new "room." I'm making a bot because all the macro bots really suck and loose functionality everytime someone moves something on the screen. The next step is to find where they keep arbitrary values like health, shields, cargo space, and enemies. The DMA is making it pretty hard >.< I also found the memcpy routine which writes the data to the memory but it's pretty long so I may post it later. It sucks typing out asm from hex.

Just a heads up I basically jumped straight into memory editing with this project so I may not pick up on the obvious right away.

Labyrnth · Moderator Reputation: 10 Joined: 28 Nov 2006 Posts: 6301

Well that could prove to be a nice project with some "read byte" coding.

FajarSec · Posted: Tue Jan 09, 2007 10:01 am Post subject:

O.o is that script half of it or the full part because i dont see a Enable and Disable

dezuzi · Posted: Tue Jan 09, 2007 10:46 am Post subject:

let me tell you in advance, eve-online is a real challenge and it will take effort Smile

and im glad there are people on this forum who dare/bother to try this sort of stuff, props to you shadesdude

Labyrnth · Moderator Reputation: 10 Joined: 28 Nov 2006 Posts: 6301

OMg,,,,,,, Im going in STFU mode now cause i was way off lol.

shadesdude · Newbie cheater Reputation: 0 Joined: 09 Dec 2006 Posts: 18

@ FajarSec - I think it's a DMA addressed DMA section on a closer look. A pool of offsets that lead to a pool of offset values >.<. That code takes an offset or a pointer (not sure which) and reads the data for the display functions. Anyway I found the code that creates the structs as well I'll dump that below.

@dezuzi - Thanks for the encourgement nice work on the packets as well Wink

I've found it's really python and XML heavy which could either be really good or bad.

@Labyrnth - no worries I appreciate any feed back (Am I attention starved?) and yes as soon as I figure out what' going on it'll all be thrown up here Very Happy

copys incomming packets into local DMA memory... I think

dezuzi · Posted: Wed Jan 10, 2007 3:28 pm Post subject:

thats the correct place to be looking, however you're going to have to use pointers, i havnt messed with received packets myself, but i assume writing down the ESP or EBP pointers you get from recv should do fine, then set some breakpoints at
78145310 - mov [edi+ecx*4+08],eax
78145318

or

78145174 - mov [edi+ecx*4-08],eax
7814517c - mov [edi+ecx*4-04],eax

not sure which ones were used

781451cc - mov al,[esi]
781451ce - mov [edi],al
781451d0 - mov al,[esi+01]
781451d3 - mov [edi+01],al
781451d6 - mov al,[esi+02]
781451d9 - mov [edi+02],al

will help too, either make a jump and write a compare for esp or ebp that matches the receive esp or ebp, that should work since it works for send Wink

and remember, theyr encrypted, let it decrypt first

eve-online is truely a masterpiece of coding