 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
rockfest
How do I cheat?
![]() Reputation: 0
Joined: 17 Jan 2010
Posts: 4
|
 Posted: Sun Jan 17, 2010 2:20 pm Post subject: A few questions |
 |
|
I'm trying for several days now to find the x,y,z position of a game. First searches found a static address, however i can not write to it (freeze doesn't work too if someone will ask that). After some other basic searches i found a pointer that can be written to. I say it is a pointer because it is listed as a gray address and its address changes at every runtime but always after that 70000... address.
Trying to check what writes at that pointer i got another address as the same as the first(after 7000...) with an offset.
After 5 levels or so where the same thing was repeating, at the point where i could select from the left any gray address, some were pointing differently, etc, i'm almost sure im doing something wrong.
Here are exact steps:
1. Found at 74C53864 the value i'm looking for
2. Find out what writes at this location and found several lines like:
| Code: | | 0e0716ae - f3 0f 7e 43 64 - movq xmm0,[ebx+64] |
and found the address 74C53800, offset 64
The lines that point to some bogus stuff are like: | Code: | | 805b40d0 - 00 00 - add [eax],al |
3. Searching for that address i found a list of grey addresses. Most of them were in the range: 73000000 - 74B00000 except 1B1B468C wich attempting to watch it results in ->???? in the list.
4.I chose 748C7C58, applied the offset 64 and got a pointer wich i watch.
5.Got the line | Code: | | 0e0997a2 - 8b 42 08 - mov eax,[edx+08] |
with the pointer to look: 748C7C50, offset 08.
6.After this the same thing doing, but got the line | Code: | | 0e096ece - 8b 32 - mov esi,[edx] |
, 748D390, offset 0 but searching for it i get no results.
What exactly am i doing wrong? I know the game has protection Themida 2.0.6.5, i tried some unpacked binaries to be able to attach a debugger but that didn't work so i can't attach a debugger to it.
PS: The game is Aion 1.5.1.4. And no, i'm not trying to alter something that is handled server-side. Coordinates of the player can be altered on client since freezing works.
|
|
| Back to top |
|
 |
Psy
Grandmaster Cheater Supreme
![]() Reputation: 1
Joined: 27 Mar 2008
Posts: 1366
|
| Posted: Sun Jan 17, 2010 2:38 pm Post subject: |
|
|
Themida. That limits it somewhat. I only know of one decent SP-game using a commercial software protector, and that is mount & blade, and that is indeed Themida/Winlicense.
The alternative is that it's an MP game client. They tend to be bug on protectors (typically ASProtect, Themida etc). If it's the latter, you'll get no help from me, and probably no-one else. Ever wonder why the MP sections no longer exist in this forum?
In addition to this 'moral stand', there's another issue with an MP game. You probably found the right value, but as the variable is (most likely) handled serverside you will NOT be able to manipulate it. Sorry.
If it's none of that ^, and it's SP, then try a couple of other things. If you searched increase/north, then search decreased/north (IE. reverse the search process). Or try and get the Z/height coord, as this tends to be easier. Try searching 2-byte rather than 4-byte or FLOAT as well, as some games (Burnout Paradise comes to mind) store the position in a non-standard way.
Also, go easy on the unchanged filter searches, as sometimes the coords can slightly alter even when stood still in-game, and this can filter out your real addresses. Good luck anyways if it's SP. If not, bye 
~Psy
*EDIT*
Just read your short note. AION, so MP. No more replies from me then on this. Suffice-to-say that just because freezing appears to work, doesn't mean it actually does. Sure there'll be a flicker/slight-delay in the update but this isn't a freeze. Try actually inputting new locations. You'll see you don't go anywhere worth a damn. Also, as AION is created by NCSoft just as Guild Wars is, I doubt you'll be able to do anything at all work while. Look into a making a bot instead bud.
|
|
| Back to top |
|
|
rockfest
How do I cheat?
![]() Reputation: 0
Joined: 17 Jan 2010
Posts: 4
|
| Posted: Sun Jan 17, 2010 3:09 pm Post subject: |
|
|
| Quote: | | Suffice-to-say that just because freezing appears to work, doesn't mean it actually does. Sure there'll be a flicker/slight-delay in the update but this isn't a freeze. Try actually inputting new locations. You'll see you don't go anywhere worth a damn. Also, as AION is created by NCSoft just as Guild Wars is, I doubt you'll be able to do anything at all work while. Look into a making a bot instead bud. |
Well actually it works to input a new value. I teleport with the first address found during a single runtime.
Teleporting between different maps surely won't work as it will probably require a trigger wich is server-side but that's not really important.
Anywhow, about the moral aspect ... at the end, it's what the person that uses the software does not the person that makes the software. Something like the saying, "Guns don't kill people...people kill people"  Just if anyone is curios i do intend something more sophisticated as a simple teleporter and i do intend to release the source free to anyone who wants it. This is just an obstacle i want to pass.
| Quote: | | If you searched increase/north, then search decreased/north (IE. reverse the search process) |
This i don't really understand. I have an idea of what you're saying but i'm not sure if i understand correctly.
| Quote: | | Or try and get the Z/height coord, as this tends to be easier. Try searching 2-byte rather than 4-byte or FLOAT as well, as some games (Burnout Paradise comes to mind) store the position in a non-standard way. |
The Y and Z coordinates are just 4 bytes and 8 bytes after the X. When i find them in a memory dump i can see the next 2 right after the X. Knowing this could searching the Z position for example be easier?
Thanks for your answer
|
|
| Back to top |
|
|
Psy
Grandmaster Cheater Supreme
![]() Reputation: 1
Joined: 27 Mar 2008
Posts: 1366
|
| Posted: Sun Jan 17, 2010 4:41 pm Post subject: |
|
|
| I would search for the Z one to start with. 99% of times as you gain height the memory address increases, so find that, find the others next to it.
|
|
| Back to top |
|
|
rockfest
How do I cheat?
![]() Reputation: 0
Joined: 17 Jan 2010
Posts: 4
|
| Posted: Mon Jan 18, 2010 4:55 am Post subject: |
|
|
Ok, i'm lost now.
So i'm searching for a value. I found it, there's no doubt about it.
I found a static address of where the value is stored in the module i guessed was but it was read-only.
I also found a pointer wich probably is addressed by a few other pointers to that value (or themida just masks the path of pointers through it) wich i can modify.
So what i'm looking now is pointers, not the values.
| Quote: | | 99% of times as you gain height the memory address increases, so find that, find the others next to it. |
As the values modify are you saying that they change location in memory too?
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Mon Jan 18, 2010 5:48 am Post subject: |
|
|
| rockfest wrote: | Ok, i'm lost now.
So i'm searching for a value. I found it, there's no doubt about it.
I found a static address of where the value is stored in the module i guessed was but it was read-only.
I also found a pointer wich probably is addressed by a few other pointers to that value (or themida just masks the path of pointers through it) wich i can modify.
So what i'm looking now is pointers, not the values.
| Quote: | | 99% of times as you gain height the memory address increases, so find that, find the others next to it. |
As the values modify are you saying that they change location in memory too? |
He's saying X/Y/Z addresses tend to be adjacent to each other in memory.
|
|
| Back to top |
|
|
rockfest
How do I cheat?
![]() Reputation: 0
Joined: 17 Jan 2010
Posts: 4
|
| Posted: Mon Jan 18, 2010 5:56 am Post subject: |
|
|
| Slugsnack wrote: | | He's saying X/Y/Z addresses tend to be adjacent to each other in memory. |
That i know. I said the same thing in an earlier post.
This i don't understand: "99% of times as you gain height the memory address increases"
Anywhow, i started to work on an alternative solution until i manage to find a solution to this one. I'm writing a scanner class too and since i have the static addresses already, i'll read the value from that at start-up and after that scan the entire memory and when i find a match, i write a slight modified value and recheck to see if it was written with the first static address. Once i find it the other y,z values for example will just be after 4,8 bytes.
This is not really a good solution but i will just traverse the memory once bottom-up (0x7FFFFFFF) and i will surely find it pretty fast.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
