View previous topic :: View next topic |
Author |
Message |
JohannesJoestar Advanced Cheater Reputation: 0
Joined: 01 Nov 2015 Posts: 79
|
Posted: Wed Feb 03, 2016 3:24 pm Post subject: |
|
|
Rydian wrote: | I had an infinite HP script that worked with...
mov [esi+00000118],edx
But I haven't played Rogue Legacy in a while (I don't even have it installed here) so that may have been constantly-run code or something.
So you attached to an enemy's HP and found what wrote it when it got damaged and it's just one main opcode but it's different each game run? |
Exactly.
It was
mov [eax+118],ebx
when I restarted and damaged the monster It was something like
mov [ebx+118],esi
since registers are different It wouldn't work anymore
|
|
Back to top |
|
|
Rydian Grandmaster Cheater Supreme Reputation: 31
Joined: 17 Sep 2012 Posts: 1358
|
Posted: Thu Feb 04, 2016 12:33 am Post subject: |
|
|
That's pretty weird, I've never encountered that before without the game or .NET or whatever updating between runs. I'd suggest taking another approach, like finding character strength and increasing it to insane levels.
_________________
|
|
Back to top |
|
|
JohannesJoestar Advanced Cheater Reputation: 0
Joined: 01 Nov 2015 Posts: 79
|
Posted: Thu Feb 04, 2016 2:01 am Post subject: |
|
|
Rydian wrote: | That's pretty weird, I've never encountered that before without the game or .NET or whatever updating between runs. I'd suggest taking another approach, like finding character strength and increasing it to insane levels. |
Yeah I was really confused when this came up.
There are different swords so I may be able to find their structure or just their attack value maybe and go on from there.
Thanks for the help!
|
|
Back to top |
|
|
Gorfblat How do I cheat? Reputation: 0
Joined: 04 Feb 2016 Posts: 3
|
Posted: Fri Feb 05, 2016 1:50 am Post subject: |
|
|
Thanks for writing the excellent tutorial, it's been very useful.
I'm struggling badly trying to do something that I feel ought to be pretty elementary, but my scripts don't work and I can't figure out why. I'm working from a cheat table written by Shiren for Underrail (I can't post URLs as a new user, sorry) - I'm trying to add a script that lets me directly change the character's level.
I'm looking at his script that lets you change the character's experience, and I kind of see how it works, but there's some stuff I don't get. Here's the code:
Code: | define(LEVEL,"underrail.exe")
[ENABLE]
aobscan(aob_exp,8B 86 34 01 00 00 89 45 D8)
registersymbol(aob_exp)
alloc(Experience,$1000,LEVEL)
registersymbol(Experience)
label(myexperience)
label(returnhere)
label(originalcode)
// Variable Definition
label(howmuchxp)
registersymbol(howmuchxp)
Experience:
// Variable Set
howmuchxp:
dd 0
myexperience:
mov [howmuchxp],esi
add [howmuchxp],00000134
originalcode:
mov eax,[esi+00000134]
jmp returnhere
aob_exp:
jmp myexperience
nop
returnhere:
[DISABLE]
aob_exp:
db 8B 86 34 01 00 00
unregistersymbol(howmuchxp)
unregistersymbol(aob_exp)
unregistersymbol(Experience)
dealloc(Experience)
//mov eax,[esi+00000134]
//Alt: db 8B 86 34 01 00 00 - 89 45 D8 |
And here's where I'd post a picture of the relevant area in the disassembler that points to the experience value, but I'm a new user and can't post pictures yet. God damn it.
Suffice it to say that Shiren's code looks at 8B 86 34 01 00 00 89 45 D8. I don't know where 8B comes from, it isn't in this offset. I see 86 34 01 00 00, and then I don't know where 89 45 D8 are either.
I don't know what "dd 0" does, I assume it just lets you substitute a value for whatever value's there? Probably a dangerous assumption.
Again, this is where I'd post an image of the disassembler area for the instruction I found to change level, but I can't. I found this value by searching for my character's level, using Shiren's table to max out my experience for the next level, then levelling up, then scanning for the new value. I guess it's right? But I got three values. I tried creating an AOB injection script that referred to each of them using CE's templates, and they looked like this:
Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscan(aob_levelchange,8B 8E C8 00 00 00 8B 96 38) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
mov ecx,[esi+000000C8]
jmp return
aob_levelchange:
jmp code
nop
return:
registersymbol(aob_levelchange)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
aob_levelchange:
db 8B 8E C8 00 00 00
unregistersymbol(aob_levelchange)
dealloc(newmem) |
Notably missing are the define string, and bytes that don't exist in the actual disassembler (the template used the offset referenced plus the next one), in addition to some extra stuff I'm guessing is to substitute for adding the offset in the address that refers to the script? (again, may well be totally and utterly wrong).
Then I added an address with the value [aob_levelchange]+C8 ...and got nothing but a confused look from CE.
Any help you can offer? Sorry if this is confusing nonsense, it seemed so much clearer with the images.
|
|
Back to top |
|
|
Rydian Grandmaster Cheater Supreme Reputation: 31
Joined: 17 Sep 2012 Posts: 1358
|
Posted: Fri Feb 05, 2016 3:59 pm Post subject: |
|
|
db = define byte (one byte)
dw = define word (two bytes)
dd = define dword (four bytes)
If what you want is to take an address (or structure) that the code touches and expose it in the table for player reading and editing, I wrote a simpler way to do that here.
http://forum.cheatengine.org/viewtopic.php?t=572465
The second method, "injection copies" shows you how to do it in a quick/basic fashion once you know some code that reads/writes it.
Assuming you don't need to do any specific math or checks on it like theirs is doing first.
_________________
|
|
Back to top |
|
|
Bwtt_er How do I cheat? Reputation: 0
Joined: 16 Feb 2016 Posts: 3 Location: Somewhere
|
Posted: Wed Feb 17, 2016 1:43 am Post subject: |
|
|
So I made 2 AOB Scripts with the AA, basic ones, I just made them do nothing so the MP and Boost just freezes but I have a problem whenever I use both when I jump or just being in the air the game "crashes" if I use them on the ground, without jumping, they work without any problem, I dont know what to do, any help? How can I make them work together in air without my game fucking up?
_________________
No signature boiz. |
|
Back to top |
|
|
Rydian Grandmaster Cheater Supreme Reputation: 31
Joined: 17 Sep 2012 Posts: 1358
|
Posted: Wed Feb 17, 2016 4:29 am Post subject: |
|
|
Well, that depends on the game, and the code.
_________________
|
|
Back to top |
|
|
squall0833 Cheater Reputation: 0
Joined: 20 Oct 2012 Posts: 35
|
Posted: Sat Feb 27, 2016 9:48 am Post subject: |
|
|
a quick question , I'm new to AOB, just finished read the very last 2 parts
if I use aobscan method, i don't have to use db to modify, I can just modify instructions right?
and it can restore back to original instructions again with db "original bytes" right?
|
|
Back to top |
|
|
Stregum Advanced Cheater Reputation: 0
Joined: 17 Jun 2014 Posts: 56 Location: We make baguettes there !
|
Posted: Sat Feb 27, 2016 6:39 pm Post subject: |
|
|
Yes.
Basically aobscan's purpose is to find the address/injection point of the instructions (also bytes) that are defined by your given array of bytes.
So instead of having "YourGame.exe"+BABE for instance, you search for bytes signatures.
Once you've got this point, you assign a label to it and you can do whatever you like from it, either read from the memory or modify it, that implies that you can use whatever you want, "nop" "db 90" etc..
So you could write instructions instead of db's
_________________
Rhaa Stregum Vitae |
|
Back to top |
|
|
ghosts Expert Cheater Reputation: 0
Joined: 13 Jan 2012 Posts: 116
|
Posted: Sat Mar 19, 2016 9:32 am Post subject: |
|
|
So this is some great information. So I am still trying to find health value for total war games. If you could help that be great?
Also I learn alot from this. So just wanted to say keep making these great stuff so people can learn how make scripts.
So if you ever get a chance would you make a guide for total war game how to find health value. So I need some help finding it.
thanks
|
|
Back to top |
|
|
erundil How do I cheat? Reputation: 0
Joined: 16 May 2016 Posts: 1
|
Posted: Mon May 16, 2016 4:24 pm Post subject: |
|
|
Noob question. I don't need much, just want to copy a value from 1 variable to the other.
Let's say that I want to take whatever is in [foo.exe+20] and copy it to [foo.exe+30].
I tried:
mov [foo.exe+30],[foo.exe+20]
but CheatEngine insists that it's not injectable.
I've been programming in high-level languages for a while and assembler just astounds me with how many things that seem logical are not working at all. What am I doing wrong?
Ok, I just noticed I necro'ed the 4 years old topic... Great. My first post and I'm already annoying moderators... fml...
So - where do I post this instead?
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4300
|
Posted: Mon May 16, 2016 6:22 pm Post subject: |
|
|
The general gamehacking forum would be appropriate for those kinds of questions.
Regardless, there is no addressing mode of the mov instruction (or of most instructions) that allows you to use two memory locations. You need to use a register:
Code: | mov eax,[foo.exe+20]
mov [foo.exe+30],eax |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
rlurking Newbie cheater Reputation: 0
Joined: 07 Mar 2015 Posts: 21
|
Posted: Sat Jun 25, 2016 10:33 am Post subject: |
|
|
What's the best way to organize a script with multiple injection (and thus return) points? Or is that not advised at all?
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4300
|
Posted: Sat Jun 25, 2016 10:42 am Post subject: |
|
|
You can organize it however you want to. Just make sure to use unique labels.
Personally, I try to keep every aobscan, alloc, label, and registersymbol near the top of the [ENABLE] section. Past that point, it's whatever you want.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
frubam Cheater Reputation: 0
Joined: 13 Jul 2016 Posts: 29
|
Posted: Wed Jul 27, 2016 7:52 pm Post subject: |
|
|
Many many thanks Rydian for your tutorial on scripts. Instructions were great(even though it took me a while to get the hang of things =02) and relatively easy to understand =03.
|
|
Back to top |
|
|
|