Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Teleport script
Goto page 1, 2, 3  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
kik4444
Expert Cheater
Reputation: 0

Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria

PostPosted: Sun Nov 24, 2013 9:22 am    Post subject: Teleport script Reply with quote

Just asking if anyone knows a good short teleport script which can be assigned so that (for example), F1 saves player coords, F2 changes player coords to the saved ones, F3 returns player to previous coords.
Does anyone know how to make a script like that? If for example:
x = 12238
y = 80
z = 4957454
EDIT: also, does anyone know a good method to find the exact address of a coordinate when you've got 1000+ addresses left, which you can't decrease any further, but you're 100% sure one of the player coordinates is in there?
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 218

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Sun Nov 24, 2013 10:07 am    Post subject: Re: Teleport script This post has 1 review(s) Reply with quote

kik4444 wrote:
EDIT: also, does anyone know a good method to find the exact address of a coordinate when you've got 1000+ addresses left, which you can't decrease any further, but you're 100% sure one of the player coordinates is in there?

It depends on game.

For example, in "Dead Space" series, coordinates are close to health address:
ECE646C - health address
ECE6B88 - x coord
ECE6B8C - y coord
ECE6B90 - z coord
Of course after game restart, those addresses will be different, but, coord address will be always close to health address, because health and coords are kept inside "player structure".




(left top list is called found list, bottom list is called addresslist)
Some games have "player structure", "current equipped weapon structure", "player physics structure" (where positions is kept). In that case, you have to do as many next scans as possible. Then, for example you have 500 found addresses, click on any address (foundlist), press ctrl+a. Click red arrow button.

On addresslist:

1) set scollbar at about 50%, highlight any address, press SHIFT+Home, press ENTER, change value (for example 637.34 change to 639.34), go back to game

2) if our hero
- changes position, congrats, you found "half" which contains our address. Press ctrl+x, ctrl+a, delete key (confirm), ctrl+v (click OK), go to step 1

- doesn't change position, press delete key (confirm), go to step 1

3) repeat above about few times. After first iteration you will have about 2 hundred addresses, then 1 hundred, then sixty-something, then thirty-something. You see the pattern. After 8th iteration (more or less) you will get only one address.


It's called Bisection Method.

_________________
Back to top
View user's profile Send private message MSN Messenger
kik4444
Expert Cheater
Reputation: 0

Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria

PostPosted: Sun Nov 24, 2013 10:33 am    Post subject: Reply with quote

THX, and do you know a good script which can do the things I mentioned in my upper post if we found the addresses?
Oh and btw, I also tried a similar method like that that I came up with, but instead of changing the values, I froze them to see if the correct value was there, I went back to the game and there were glitches in the movement animation and my character couldn't move, (the correct address was definately there) so I froze half, still couldn't move, deleted the other half and froze the remaining half (you see the pattern) and after about 3-4 iterations, the game crashed. So I assume the game won't crash if you just change them? But either way, how are you supposed to find the address using this method if the values aren't writable? Oh and about the script ^^^^
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 218

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Sun Nov 24, 2013 11:54 am    Post subject: Reply with quote

"how are you supposed to find the address using this method if the values aren't writable"
You meant, that your attempt of overwriting original value is failing? Problem solved. Addresses/Values that immediately return to previous value in 99.999% cases aren't your player coords. It is just a copy. Or, you're trying to hack multiplayer game (in that case, you can give up already).




About "things I mentioned in my upper post",
It depends on game. You must find a spot where current position is accessed, check if this procedure only access your hero position.

If it access other objects positions then you have to filter those (compare structures with "dissect data/structure" CE feature.
Step 9 of Tutorial
http://forum.cheatengine.org/viewtopic.php?t=530548


The other way could be: pointers + Lua script. It works great too.
(For teleportation, there's no different between proper "AutoAssemble script" and "pointer+Lua script")






Edit:
examples

Far Cry 3 teleport script

Code:
"FC3_d3d11.dll"+108612A  -  mov edx,[eax+30]        //   <---- this access player X coord


Full AA script is (old l0wb1t script I had on my disk):
Code:
alloc(newmem_Teleport,2048)
label(returnhere_Teleport)
label(originalcode_Teleport)
label(exit_Teleport)
label(z_coord)
label(x_coord)
label(y_coord)
label(save_coord)
label(load_coord)
label(s_enable)
label(l_enable)
registersymbol(s_enable)
registersymbol(l_enable)


"FC3_d3d11.dll"+108612A:
jmp newmem_Teleport
nop
returnhere_Teleport:



newmem_Teleport:
cmp dword ptr [eax+4C],(int)0         // <===== player position structure    ??
jne originalcode_Teleport
cmp [s_enable],1
je save_coord
cmp [l_enable],1
je load_coord
jmp originalcode_Teleport


save_coord:
mov [s_enable],0
push edx
mov edx,[eax+30]
mov [x_coord],edx
mov edx,[eax+34]
mov [z_coord],edx
mov edx,[eax+38]
mov [y_coord],edx
pop edx
jmp originalcode_Teleport

load_coord:
mov [l_enable],0
cmp [z_coord],0
je originalcode_Teleport
push edx
mov edx,[x_coord]
mov [eax+30],edx
mov edx,[z_coord]
mov [eax+34],edx
mov edx,[y_coord]
mov [eax+38],edx
pop edx

originalcode_Teleport:
mov edx,[eax+30]
mov [ebp-30],edx

exit_Teleport:
jmp returnhere_Teleport

x_coord:
dd 0
z_coord:
dd 0
y_coord:
dd 0
s_enable:
dd 0
l_enable:
dd 0

_________________
Back to top
View user's profile Send private message MSN Messenger
kik4444
Expert Cheater
Reputation: 0

Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria

PostPosted: Sun Nov 24, 2013 4:09 pm    Post subject: Reply with quote

Thanks. Also I managed to find xyz in ACIV and the code that writes to it, after which I died. Is there a better way to find the addresses again, cause if I select which addresses are accessed by the code, it shows me over 50-60 addresses.
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 218

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Sun Nov 24, 2013 4:29 pm    Post subject: Reply with quote

It's perfectly normal. This is how things works.
(some procedures check collisions, some check boundaries, some are for area triggers, etc.)


There is nice CE feature: "check if found opcodes also access other addresses".


1) find position
2) do "find out what accesses this address" and immediately right click on the white area and choose "check if found opcodes also access other addresses".
3) go to game, play for one minute (lags are expected)
4) post screenshot here (resize window so we can see what is there)



TIP:
you can try searching mulilevel pointer first, max level 5, maximum offset value 2048.

_________________
Back to top
View user's profile Send private message MSN Messenger
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Sun Nov 24, 2013 4:57 pm    Post subject: Reply with quote

kik4444 wrote:
Thanks. Also I managed to find xyz in ACIV and the code that writes to it, after which I died. Is there a better way to find the addresses again, cause if I select which addresses are accessed by the code, it shows me over 50-60 addresses.
-If ACIV is anything like ACI, many of the instructions that access player coordinates also access coordinates for all other characters. That being said, 50-60 addresses is not too many. If you change the data type of the addresses to float (in the window that pops up when you check to see which addresses the instruction accesses), you can quickly see which one's apply to coordinates (most of them, probably), and which ones don't. Simply add them to your address list and freeze them, one by one (or in small groups). Try to move your character each time. If you are stuck in east/west or north/south direction, you know you have it. If you are working with Y coordinate, then you should experience problems with jumping/falling etc., although it may not be as noticeable.

Once you have found the address, do as mgr.inz.Player suggests, and run a pointer scan on it. Once you are finished, add the pointer to your table. Copy it and paste it to your table twice (so you have 3 pointer addresses). Change the last offset (+4 or -4) of the other two addresses until you have your XYZ coordinates. They are typically 4 bytes apart. Cool
Back to top
View user's profile Send private message
kik4444
Expert Cheater
Reputation: 0

Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria

PostPosted: Sun Nov 24, 2013 5:04 pm    Post subject: Reply with quote

There's an abundance of opcodes accessing Y:
EDIT: sorry, didn't notice another post was made before mine



opcodes.png
 Description:
 Filesize:  246.79 KB
 Viewed:  38058 Time(s)

opcodes.png


Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 218

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Sun Nov 24, 2013 5:09 pm    Post subject: Reply with quote

By "resize window so we can see what is there" I meant:


So, it will look like this
http://i.imgur.com/GHaFXRo.png


Anyway, I see there are opcodes with (1) inside, that means you can use them as hack points without problems.

_________________


Last edited by mgr.inz.Player on Sun Nov 24, 2013 5:24 pm; edited 2 times in total
Back to top
View user's profile Send private message MSN Messenger
kik4444
Expert Cheater
Reputation: 0

Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria

PostPosted: Sun Nov 24, 2013 5:11 pm    Post subject: Reply with quote

mgr.inz.Player wrote:
I see there are opcodes with (1) inside, that means you can use them as hack points without problems.

How exactly? Cause this isn't like your typical ammo value or health, so what do I do with the ones with (1)?
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 218

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Sun Nov 24, 2013 5:16 pm    Post subject: Reply with quote

"Count" tell us how often opcode accessed our "position address"
Value "(1)" tell us that opcode didn't accessed other addresses, which is good, we don't have to filter it. Other value inside () tell us that procedure is used for other things too, (value 8 - it access 8 or more addresses)



Summary:
You can use any opcode (instruction/hackpoint/codeaddress), but you must be sure that you change only player coords.

Opcodes with (2) or something bigger need filtration (register check, stack check, structure check)

Opcodes with (1) can be used without filtration.

_________________
Back to top
View user's profile Send private message MSN Messenger
kik4444
Expert Cheater
Reputation: 0

Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria

PostPosted: Sun Nov 24, 2013 5:49 pm    Post subject: Reply with quote

Is there a step by step tutorial somewhere? Cause I got seriously confused at what and how I was supposed to do after finding the codes that didn't call other codes Confused
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 218

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Sun Nov 24, 2013 5:55 pm    Post subject: Reply with quote

Now you have to inject your code. Check AA script in my previous post (my second post in this thread), this script injects code here FC3_d3d11.dll+108612A.


"Is there a step by step tutorial somewhere"
Did you do Cheat Engine tutorial? (in CE click menu Help and choose "Cheat Engine Tutorial").

PS:
remove your previous attachment and send another screenshot (this time resize that window properly, so we will see all informations)
http://i.imgur.com/03Qxxrd.png
http://i.imgur.com/GHaFXRo.png

 

_________________
Back to top
View user's profile Send private message MSN Messenger
kik4444
Expert Cheater
Reputation: 0

Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria

PostPosted: Sun Nov 24, 2013 6:07 pm    Post subject: Reply with quote

Okay, hold on, gotta find it again, cause the game keeps crashing!
EDIT: I gotta say, I'm not as lucky this time round - 3 crashes so far...
EDIT: 4 crash just happened RIGHT after I changed the values on the first iteration. Oh and the code I found earlier that was writing to the values - pressing CTRL + B on it sends me to a ?? part of the game's memory, so there's no way I can find the addresses from it again.
EDIT: I think I might give up for now, game crashed for the 5th time just now
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 218

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Sun Nov 24, 2013 6:30 pm    Post subject: Reply with quote

Try "VEH" debugger.
Go to settings

then restart CE.




To find Y position address much faster, do this:
1) bring CE window, attach to game, press ctrl+M
2) press ctrl+g, type 125A437
3) right click highlighted opcode, choose "find out what ..."
4) go to game and go back to CE, in that new window, change type to float, double click found address


Now you have your Y address, righclick it and do: "find out what accesses this address" + "check if found opcodes also access other addresses".
Go to game, play for one minute, go to CE, resize window properly, post here.

_________________
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Goto page 1, 2, 3  Next
Page 1 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites