Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[Tutorial] Dissect data/structures in Cheat Engine
Goto page Previous  1, 2, 3, 4, 5, 6, 7  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials
View previous topic :: View next topic  
Author Message
Geri
Moderator
Reputation: 111

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Wed Jun 22, 2011 7:05 am    Post subject: Reply with quote

Of course it is working in most of the games. I mean the feature itself is working for every program, but some games are different (like flash games, script based games, etc). In most games, you will find structures like this.
_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
gaming04
Expert Cheater
Reputation: 0

Joined: 06 Dec 2010
Posts: 186

PostPosted: Wed Aug 03, 2011 2:49 am    Post subject: Reply with quote

Funny story, I tried this method for unit health in Warcraft 3, Frozen Throne and I failed miserably. There was no playerID within a 4096 unit range.
Back to top
View user's profile Send private message MSN Messenger
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Wed Aug 03, 2011 7:29 am    Post subject: Reply with quote

It could be that the player id is stored in a structure the current structure points to.
So open all pointers or try the structure spider then and find the player id that way

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
gaming04
Expert Cheater
Reputation: 0

Joined: 06 Dec 2010
Posts: 186

PostPosted: Wed Aug 03, 2011 12:43 pm    Post subject: Reply with quote

I took a look at pointers inside the structures, and found something interesting. None of the pointers are different, even though retrieved from different player units.
Back to top
View user's profile Send private message MSN Messenger
podstanar
Advanced Cheater
Reputation: 4

Joined: 02 May 2012
Posts: 82
Location: Flatland

PostPosted: Thu May 10, 2012 5:16 pm    Post subject: Reply with quote

Geri wrote:
Usually you do not need to bother with player ID. I think your game will have shared and non-shared codes for your health too. So make a script which is using both of them.

1. You use the non-shared code to find your health's address.
2. You use the shared code to set the enemy's health to 0 but add a compare to make sure that the health on your address is not set to 0.

If you cannot do this, you need to find the health of some enemies and your health too and compare the structures to see what is similar between enemies and different for you.


Can you post more info on this subject? I'm looking for such a method and still don't know how to do it.
Back to top
View user's profile Send private message
podstanar
Advanced Cheater
Reputation: 4

Joined: 02 May 2012
Posts: 82
Location: Flatland

PostPosted: Fri May 11, 2012 2:24 pm    Post subject: Reply with quote

416c6558 wrote:
Geri wrote:
Usually you do not need to bother with player ID. I think your game will have shared and non-shared codes for your health too. So make a script which is using both of them.

1. You use the non-shared code to find your health's address.
2. You use the shared code to set the enemy's health to 0 but add a compare to make sure that the health on your address is not set to 0.

If you cannot do this, you need to find the health of some enemies and your health too and compare the structures to see what is similar between enemies and different for you.


Can you post more info on this subject? I'm looking for such a method and still don't know how to do it.


Can someone explain this please?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Fri May 11, 2012 2:43 pm    Post subject: Reply with quote

You find what code accesses your health and then make sure it is only used for your health
Then do a code injection there to store the address of your health
In the code that decreases health check if it is your health or that of an enemy and take the appropriate steps

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
podstanar
Advanced Cheater
Reputation: 4

Joined: 02 May 2012
Posts: 82
Location: Flatland

PostPosted: Fri May 11, 2012 2:49 pm    Post subject: Reply with quote

Dark Byte wrote:
You find what code accesses your health and then make sure it is only used for your health
Then do a code injection there to store the address of your health
In the code that decreases health check if it is your health or that of an enemy and take the appropriate steps


So, i can use (for e.g.) code that shows my health on screen? And for the second part(bolded), can you show me an example in asm(AA) if you dont mind?
Back to top
View user's profile Send private message
Igor
Expert Cheater
Reputation: 1

Joined: 04 Apr 2012
Posts: 145

PostPosted: Sat May 12, 2012 6:33 am    Post subject: Reply with quote

416c6558 wrote:
can you show me an example in asm(AA) if you dont mind?

This is example script that you are looking for.
http://forum.cheatengine.org/viewtopic.php?t=551314
Back to top
View user's profile Send private message
podstanar
Advanced Cheater
Reputation: 4

Joined: 02 May 2012
Posts: 82
Location: Flatland

PostPosted: Sat May 12, 2012 7:27 am    Post subject: Reply with quote

SvcHost wrote:
This is example script that you are looking for.
forum.cheatengine.org/viewtopic.php?t=551314


I see what you did there. You compared values in a structure probably analyzing them with data/dissect structures. Actually i'm looking for a way of doing that without using data/dissector, like DarkByte mentioned above. It got something to do with player-only health address(like the one which is only drawing health on screen). In my case, i have two addresses: one that is changing the health of both player and cpu, if i modify it nobody will be able to die. Second is only drawing player's health on screen(gui). What i want to do is somehow patch only player's HP without touching cpu-s.
Back to top
View user's profile Send private message
Igor
Expert Cheater
Reputation: 1

Joined: 04 Apr 2012
Posts: 145

PostPosted: Sat May 12, 2012 8:14 am    Post subject: Reply with quote

416c6558 wrote:
I see what you did there. You compared values in a structure probably analyzing them with data/dissect structures. Actually i'm looking for a way of doing that without using data/dissector, like DarkByte mentioned above. It got something to do with player-only health address(like the one which is only drawing health on screen). In my case, i have two addresses: one that is changing the health of both player and cpu, if i modify it nobody will be able to die. Second is only drawing player's health on screen(gui). What i want to do is somehow patch only player's HP without touching cpu-s.
In the first script i used the data/dissect structures. And the alternate solution (the big one) in that i don't use data/dissect structures. This is actually writing health individually to player and enemy. You should consider the alternate solution in your case(means you don't need to find structure of player and enemy).
Back to top
View user's profile Send private message
podstanar
Advanced Cheater
Reputation: 4

Joined: 02 May 2012
Posts: 82
Location: Flatland

PostPosted: Sat May 12, 2012 10:39 am    Post subject: Reply with quote

Interesting, i wonder how did you collected all that information? How did you know the player's and enemy's offsets? The address tutorial-i386.exe+2504C you used in your script never accessed any address for me, only tutorial-i386.exe+250C6 writed to health when i used "find out what writes to this address. Can you explain your script a bit more?
Back to top
View user's profile Send private message
Igor
Expert Cheater
Reputation: 1

Joined: 04 Apr 2012
Posts: 145

PostPosted: Sat May 12, 2012 12:22 pm    Post subject: Reply with quote

416c6558 wrote:
Interesting, i wonder how did you collected all that information? How did you know the player's and enemy's offsets? The address tutorial-i386.exe+2504C you used in your script never accessed any address for me, only tutorial-i386.exe+250C6 writed to health when i used "find out what writes to this address. Can you explain your script a bit more?


You need to find how the ebx value is calculated at "Tutorial-i386.exe"+250C6 mov [ebx+04],eax.

Set the breakpoint at the top of the function and press F7 to Step In and check the values at the registers for finding how the ebx is calculated.

If you don't find it on current function then find the call of that function(simply press F8 till you find 'ret') and place another breakpoint at the top of that calling function. and check again. (repeat this)

Note:- 1)To find the top of the function right click and select 'select current function'
2)If you found mov ebx,[eax+30](for example) then after that you have to find how eax value is calculated and write down the offset 30.
3)You can also use 'Break and trace instruction'


I found Player1 offset at "tutorial-i386.exe"+258C7 mov eax,[ebx+0000049C] and i stored this to[Player1_Dave]

Quote:
push ecx
mov ecx,[ebx+49C] // Offset->49C Player1
mov [Player1_Dave],ecx
pop ecx


Player2 at "tutorial-i386.exe"+25897 mov eax,[ebx+000004A0]
Player3 at "tutorial-i386.exe"+255F5 mov eax,[ebx+000004A4]
Player4 at "tutorial-i386.exe"+25625 mov eax,[ebx+000004A8]

after you save these then compare these address to the ebx and if this is equal then write amount or if not then jump to original code.
You should compare this at "Tutorial-i386.exe"+250C6 mov [ebx+04],eax (ebx value with stored address.)

Quote:
"Tutorial-i386.exe"+250C6:
jmp WriteHealthAddress
WriteHealthAddressReturn:


WriteHealthAddress:
cmp ebx,[Player1_Dave]
je IsPlayer1_Dave

cmp ebx,[Player2_Eric]
je IsPlayer2_Eric

cmp ebx,[Enemy1_Hal]
je IsEnemy1_Hal

cmp ebx,[Enemy2_Kitt]
je IsEnemy2_Kitt

jmp WriteOrignal
jmp WriteHealthAddressReturn

//----------------------------------

IsPlayer1_Dave:
mov [ebx+04],(float)99999
fldz
jmp WriteHealthAddressReturn

IsPlayer2_Eric:
mov [ebx+04],(float)99999
fldz
jmp WriteHealthAddressReturn

IsEnemy1_Hal:
mov [ebx+04],(float)0
fldz
jmp WriteHealthAddressReturn

IsEnemy2_Kitt:
mov [ebx+04],(float)0
fldz
jmp WriteHealthAddressReturn

//----------------------------------

WriteOrignal:
mov [ebx+04],eax
fldz
jmp WriteHealthAddressReturn
Back to top
View user's profile Send private message
yosimba2000
How do I cheat?
Reputation: 0

Joined: 20 Jun 2012
Posts: 6

PostPosted: Thu Aug 09, 2012 7:07 pm    Post subject: Reply with quote

quick question, in the god mode code provided in the beginning, what does jne+6 mean?
i know jne is Jump If Not Equal, but why does jne +6 mean "skip two lines of following code"? why is it not jne+2?
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 218

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Fri Aug 10, 2012 2:05 am    Post subject: Reply with quote

>>>jne +6 mean "skip two lines of following code"? why is it not jne+2?<<<
It can skip more lines. Maximum 6 lines (NOPs).


"jne +6" opcode is: 75 06
Quote:
00401020 - 75 06                 - jne 00401028
00401022 - 31 C0                 - xor eax,eax
00401024 - 31 DB                 - xor ebx,ebx
00401026 - 31 C9                 - xor ecx,ecx
00401028 - C3                    - ret

+6 skips three lines



"jne +2" opcode is: 75 02
Quote:
00401020 - 75 02                 - jne 00401024
00401022 - 31 C0                 - xor eax,eax
00401024 - 31 DB                 - xor ebx,ebx
00401026 - 31 C9                 - xor ecx,ecx
00401028 - C3                    - ret

+2 skips one line



again,
"jne +6"
Quote:

00401020 - 75 06                 - jne 00401028
00401022 - 8B 46 08              - mov eax,[esi+08]
00401025 - 89 46 04              - mov [esi+04],eax
00401028 - 61                    - popad 
00401029 - 9D                    - popfd

+6 skips two lines




00401022 + 6 gives   00401028
00401022 + 2 gives   00401024

_________________
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials All times are GMT - 6 Hours
Goto page Previous  1, 2, 3, 4, 5, 6, 7  Next
Page 4 of 7

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites