 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Freiza
Grandmaster Cheater
 Reputation: 22
Joined: 28 Jun 2010
Posts: 662
|
 Posted: Mon Sep 20, 2010 6:44 pm Post subject: clue for instant units using health player-id? |
 |
|
hello I wish to create instant unit trainer (player side only).
I have found player-id for unit health and player-id for instant building.
can i use that info to make player side instant unit. if yes then please give some clue.
|
|
| Back to top |
|
 |
noko_112
Grandmaster Cheater
![]() Reputation: 0
Joined: 09 Jun 2009
Posts: 585
|
| Posted: Tue Sep 21, 2010 12:25 am Post subject: |
|
|
| Is the building completion bar (The value that controls building) a part of the same structure (Code wise) as the building that builds it?
|
|
| Back to top |
|
|
Geri
Moderator
![]() Reputation: 111
Joined: 05 Feb 2010
Posts: 5636
|
| Posted: Tue Sep 21, 2010 2:08 am Post subject: |
|
|
And if You don't find a player ID, You can still find the code which is displaying the building bar. Probably it is working for the human player only. Then You can make a player sided instant build.
_________________
|
|
| Back to top |
|
|
XaLeX
Expert Cheater
![]() Reputation: 0
Joined: 19 Aug 2008
Posts: 226
|
| Posted: Tue Sep 21, 2010 2:16 am Post subject: Re: clue for instant units using health player-id? |
|
|
| freiza wrote: | | I have found player-id for unit health and player-id for instant building. |
erm.. there's something I don't get about this. do you know what the player-id is for?
anyway, just make an instant build and then modify it so that it works only for the player.
if the code is:
| Code: | while(completion < max) {
//increase
}
//completed |
make something like:
| Code: | if(isPlayer)
completion = max;
while(completion < max) {
//same as before
}
//completed |
You may want to make the entire cycle run at least once, but it depends on how the game is implemented and what the cycle exactly does.
|
|
| Back to top |
|
|
Freiza
Grandmaster Cheater
Reputation: 22
Joined: 28 Jun 2010
Posts: 662
|
| Posted: Tue Sep 21, 2010 3:49 am Post subject: |
|
|
it is an rts game.(rise of nation).
| Code: | | erm.. there's something I don't get about this. do you know what the player-id is for? |
The player-id is unit health and instant building at offset esi+3c and esi+58 respectively.
And unit health is only activated under attack.
| Code: | And if You don't find a player ID, You can still find the code which is displaying the building bar. Probably it is working for the human player only. Then You can make a player sided instant build.
|
I tried using your instruction.
http://hacked.forum.cheatengine.org/viewtopic.php?t=510067
but did not worked even after only 1 result obtained code is working for both computer ai and player.
|
|
| Back to top |
|
|
Geri
Moderator
![]() Reputation: 111
Joined: 05 Feb 2010
Posts: 5636
|
| Posted: Tue Sep 21, 2010 5:29 am Post subject: |
|
|
It worked for me.
Instant production for selected building (version 1.03)
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem2,2048) //2kb should be enough
label(returnhere2)
label(originalcode2)
label(exit2)
alloc(pbar,4)
401C5A38:
jmp newmem2
nop
returnhere2:
newmem2: //this is allocated memory, you have read,write,execute access
pushad
lea edi,[ecx+eax*4]
mov [pbar],edi
popad
originalcode2:
mov eax,[ecx+eax*4] //display progress bar of production
add esp,08
exit2:
jmp returnhere2
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
400FE675:
jmp newmem
nop
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
mov [ecx+eax*4],edx
pushad
lea edi,[ecx+eax*4]
cmp [pbar],edi //check if current progress = displayed progress
jne +7
mov [ecx+eax*4],FFFF
popad
originalcode:
//mov [ecx+eax*4],edx
add esp,0c
exit:
jmp returnhere
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem2)
401C5A38:
mov eax,[ecx+eax*4]
add esp,08
//Alt: db 8B 04 81 83 C4 08
dealloc(newmem)
400FE675:
mov [ecx+eax*4],edx
add esp,0c
//Alt: db 89 14 81 83 C4 0C |
This code is working only for those buildings, where You see the production bar. If You select 2 buildings and start a production, You will not see the production bar and You will not have instant build.
Select a building, start training -> Instant unit
_________________
|
|
| Back to top |
|
|
Freiza
Grandmaster Cheater
Reputation: 22
Joined: 28 Jun 2010
Posts: 662
|
| Posted: Tue Sep 21, 2010 5:55 am Post subject: |
|
|
already made that one. a week earlier
but i was trying to remove that restriction
my codes were:
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
//**************unit variable******************
alloc(unitvar,4)
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
unitvar:
dd 0
401C3540:
jmp newmem
nop
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
push ebx
pushfd
mov ebx,[ecx+eax*4]
mov [unitvar],ebx
popfd
pop ebx
originalcode:
mov eax,[ecx+eax*4]
add esp,08
exit:
jmp returnhere
//****************************************************
alloc(newmem2,2048) //2kb should be enough
label(returnhere2)
label(originalcode2)
label(exit2)
4004CF8F:
jmp newmem2
nop
returnhere2:
newmem2: //this is allocated memory, you have read,write,execute access
//place your code here
pushad
pushfd
mov ebx,[unitvar]
cmp [ecx+eax*4],ebx
jne originalcode2
mov [ecx+eax*4],20000
popfd
popad
add esp,0c
jmp returnhere2
originalcode2:
popfd
popad
mov [ecx+eax*4],edx
add esp,0c
exit2:
jmp returnhere2
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem2)
4004CF8F:
mov [ecx+eax*4],edx
add esp,0c
dealloc(newmem)
401C3540:
mov eax,[ecx+eax*4]
add esp,08 |
|
|
| Back to top |
|
|
Geri
Moderator
![]() Reputation: 111
Joined: 05 Feb 2010
Posts: 5636
|
| Posted: Tue Sep 21, 2010 6:57 am Post subject: |
|
|
Oh, I didn't know You have made Your script already. Well at least I have made my code for my game version so it works for me. 
_________________
|
|
| Back to top |
|
|
Freiza
Grandmaster Cheater
Reputation: 22
Joined: 28 Jun 2010
Posts: 662
|
| Posted: Tue Sep 21, 2010 7:34 am Post subject: |
|
|
But there should be a way like in megatrainers from cheathappens.
staple intersection an easy way out but not always effective.
Please tell me that , is there any way making instant build using player-id of unit health.
|
|
| Back to top |
|
|
Geri
Moderator
![]() Reputation: 111
Joined: 05 Feb 2010
Posts: 5636
|
| Posted: Tue Sep 21, 2010 8:32 am Post subject: |
|
|
Sometimes the address of the building progress is part of the building structure, but not in this game. You may find something if You look around in the memory region, but it seems to be rather empty.
Maybe You will find a pointer which is pointing to the building structure.
_________________
|
|
| Back to top |
|
|
Freiza
Grandmaster Cheater
Reputation: 22
Joined: 28 Jun 2010
Posts: 662
|
| Posted: Tue Sep 21, 2010 8:47 am Post subject: |
|
|
as you know using "what access this address" on player unit do not pops the code for enemy unit.
correct me if i am wrong..
your this method fails as we have nothing to compare with:
http://forum.cheatengine.org/viewtopic.php?t=514607&sid=64cc71c96ccccee0ee3cf37c55d3e73a
Then how do master cheater manages to hack the game. any clue.
You wrote:
| Code: |
Maybe You will find a pointer which is pointing to the building structure.
|
do you really mean it? fishing this way requires luck not skill..
if you disagree. please tell me.
|
|
| Back to top |
|
|
Geri
Moderator
![]() Reputation: 111
Joined: 05 Feb 2010
Posts: 5636
|
| Posted: Tue Sep 21, 2010 9:11 am Post subject: |
|
|
| Quote: | | your this method fails as we have nothing to compare with |
Every game is different. If they would be the same, there would be an automatic game hacking program for them. That's the fun part. Discovering how it works.
| Quote: | | do you really mean it? fishing this way requires luck not skill |
I think there is a building and there is a production process in the building. So I would think about where is the connection between them?
EDIT:
And after realizing that there is connection between them, I start searching for pointers.
I find the building structure and the production progress for the building and search for a pointer for the progress bar's address. I do this by running a scan in hex mode, searching for the address of the progress bar.
I instantly realize that on offset 80 of the building structure, there is a pointer to the address which holds the value for the progress bar in the building.
Like this:
0B251670 production progress
0B047ABC building structure
0B047AE0 building health
0B047B3C pointer to progress bar ->0B251670
Conclusion:
building structure + 80 = progress bar pointer
Obviously there has be a way to point from the progress bar to the building, so we can search again...
EDIT 2:
And I fire up Cheat Engine's debugger using the "brake and trace instruction" on the code which is changing the progress bar:
| Code: | | mov [ecx+eax*4],edx |
From the records, I can instantly see that when this code is running,
ESI = 0B047ABC
This address also happens to be the building structure's base address and as we know, esi+3c = player ID for the building.
Solution:
When this code is running,
| Code: | | mov [ecx+eax*4],edx |
check esi+3c which is the player ID and if it is the player's building, set the progress bar to full.
And again:
| Quote: | | do you really mean it? fishing this way requires luck not skill |
I have fished out the solution for Your problem in approximately 5 minutes. Or even less... Of course I mean it, I followed my advice and I have solved the issue.
Instant production for red player script (v1.03)
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
400FE675:
jmp newmem
nop
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
mov [ecx+eax*4],edx
cmp byte [esi+3c],0
jne +7
mov [ecx+eax*4],FFFF
//place your code here
originalcode:
//mov [ecx+eax*4],edx
add esp,0c
exit:
jmp returnhere
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
400FE675:
mov [ecx+eax*4],edx
add esp,0c
//Alt: db 89 14 81 83 C4 0C
_________________
Last edited by Geri on Tue Sep 21, 2010 9:53 am; edited 1 time in total |
|
| Back to top |
|
|
Freiza
Grandmaster Cheater
Reputation: 22
Joined: 28 Jun 2010
Posts: 662
|
| Posted: Tue Sep 21, 2010 9:53 am Post subject: |
|
|
| That's why you are a master cheater and i a novice.
|
|
| Back to top |
|
|
Geri
Moderator
![]() Reputation: 111
Joined: 05 Feb 2010
Posts: 5636
|
| Posted: Tue Sep 21, 2010 9:59 am Post subject: |
|
|
I am a "master cheater" because I have x post in the forum. Nothing else.
I think the same method would work with the research in the Library if You care to make some instant research cheat.
_________________
|
|
| Back to top |
|
|
Freiza
Grandmaster Cheater
Reputation: 22
Joined: 28 Jun 2010
Posts: 662
|
| Posted: Tue Sep 21, 2010 4:03 pm Post subject: |
|
|
Q1)to find unit creation value while creating it.
what steps do you follow. (ie as in rise of nation citizen creation value is 17400)
Q2) suppose i have found a value. and now at another day i want to open that address in data dissector window. is there any other way without repeating the process of searching the game again.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
