 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
lamafao
Expert Cheater
 Reputation: 1
Joined: 17 Apr 2013
Posts: 130
|
 Posted: Sun Mar 16, 2014 4:35 pm Post subject: More addresses from pointeraddress |
 |
|
Ok so i've found a pointer to my character, now i want to add more addresses from it, like i know that pointeraddress+F0 is my 1st skill cooldown.
How do i do that?
At the end i want to make other addresses children and just use a hotkey to change values to all of them
|
|
| Back to top |
|
 |
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sun Mar 16, 2014 4:48 pm Post subject: |
|
|
With script or without script?
With script...paste your script.
Without script...simply copy the first pointer and paste it back in to your cheat table. Now, double-click on the newly-added pointer and change the last (upper) offset to be whatever you want. Once you are finished, you can drag the second pointer over the first pointer so that it is listed as a child entry under that pointer. Once that is done, right-click on the parent pointer and 'set/change hotkeys'. Once you have a hotkey set up, right-click on the parent pointer and select config at the bottom. Toggle 'setting a value to this entry sets same value to children'.
|
|
| Back to top |
|
|
lamafao
Expert Cheater
Reputation: 1
Joined: 17 Apr 2013
Posts: 130
|
| Posted: Sun Mar 16, 2014 4:58 pm Post subject: |
|
|
| ++METHOS wrote: | With script or without script?
With script...paste your script.
Without script...simply copy the first pointer and paste it back in to your cheat table. Now, double-click on the newly-added pointer and change the last (upper) offset to be whatever you want. Once you are finished, you can drag the second pointer over the first pointer so that it is listed as a child entry under that pointer. Once that is done, right-click on the parent pointer and 'set/change hotkeys'. Once you have a hotkey set up, right-click on the parent pointer and select config at the bottom. Toggle 'setting a value to this entry sets same value to children'. |
Had some problems at first, but then realized that you have to add the last offset and an offset you want.
Thanks a lot
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sun Mar 16, 2014 5:09 pm Post subject: |
|
|
Adding another offset may or may not be required, but your initial post was not clear.
Also, I recommend using a script. 
|
|
| Back to top |
|
|
lamafao
Expert Cheater
Reputation: 1
Joined: 17 Apr 2013
Posts: 130
|
| Posted: Sun Mar 16, 2014 5:33 pm Post subject: |
|
|
| ++METHOS wrote: | Adding another offset may or may not be required, but your initial post was not clear.
Also, I recommend using a script. |
I already have 1 script in my ct, does it activate slower if i use a script?
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sun Mar 16, 2014 5:43 pm Post subject: |
|
|
It should not activate slower unless you are using AOB, but even that is not always the case. Sometimes, x64 is slower, too, but not always.
Anyways, using a script is better because it is more reliable. A script gives you more control, allowing you to write much better cheats. A script also has advantages over pointers in the event that the target process is different between users (and/or) in the event that the target process is updated or patched due to better AOB scanning. A script also helps in the event that any 'repairs' have to be made when the code breaks due to an update etc.
By the way, you can combine scripts. In fact, you can combine all of your scripts in to one script and set the same hotkey, just as you would with pointers.
|
|
| Back to top |
|
|
lamafao
Expert Cheater
Reputation: 1
Joined: 17 Apr 2013
Posts: 130
|
| Posted: Sun Mar 16, 2014 6:00 pm Post subject: |
|
|
| ++METHOS wrote: | It should not activate slower unless you are using AOB, but even that is not always the case. Sometimes, x64 is slower, too, but not always.
Anyways, using a script is better because it is more reliable. A script gives you more control, allowing you to write much better cheats. A script also has advantages over pointers in the event that the target process is different between users (and/or) in the event that the target process is updated or patched due to better AOB scanning. A script also helps in the event that any 'repairs' have to be made when the code breaks due to an update etc.
By the way, you can combine scripts. In fact, you can combine all of your scripts in to one script and set the same hotkey, just as you would with pointers. |
Well, how do i change it into a script? :d
Right now i have this script but it has nothing to do with my pointers, i dont know if its worth combining them.
| Code: | [ENABLE]
aobscan(aobaddress,66 C7 46 09 01 01 88)
label(addrSymbol)
registersymbol(addrSymbol)
aobaddress:
addrSymbol:
nop
nop
nop
nop
nop
nop
[DISABLE]
addrSymbol:
mov word ptr [esi+09],0101
unregistersymbol(addrSymbol) |
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sun Mar 16, 2014 6:38 pm Post subject: |
|
|
There are different ways to do it. If you know the base of the structure, you can use that. Otherwise, you can use one of your addresses and attach the debugger to see which instructions access your address. From there, you can create a script to inject code at one of the instructions (preferably something that is accessing your address several times per second, and, is ONLY accessing that address and no other addresses). After that, you simply move the register that is handling your targeted address in to a custom address. With this example:
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
mov [esi+04],edx
pop ebx
test edx,edx
exit:
jmp returnhere
"Dishonored.exe"+80F53C:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"Dishonored.exe"+80F53C:
mov [esi+04],edx
pop ebx
test edx,edx
//Alt: db 89 56 04 5B 85 D2 |
You would write it out like this:
| Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(value)
registersymbol(value)
newmem:
mov [value],esi
mov [esi+04],edx
pop ebx
test edx,edx
jmp returnhere
value:
dd 0
"Dishonored.exe"+80F53C:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
"Dishonored.exe"+80F53C:
mov [esi+04],edx
pop ebx
test edx,edx
//Alt: db 89 56 04 5B 85 D2
unregistersymbol(value) |
Then, follow the instructions outlined in this post (see example table for above script).
Obviously, 'value' can be changed to anything. From here, you can copy the 'value' address and simply adjust the offset for all of the values that you want to manipulate. Hotkeys can be used on these, just like pointer addresses.
|
|
| Back to top |
|
|
lamafao
Expert Cheater
Reputation: 1
Joined: 17 Apr 2013
Posts: 130
|
| Posted: Sun Mar 16, 2014 7:37 pm Post subject: |
|
|
Kinda hard to understand but ill try that.
Also mov word ptr [esi+09],0101 tells all the mobs and the player that cooldown is over (00 00 on cooldown, 01 01 off cooldown), maybe its possible to change it so i dont even have to use pointers?
Right now i nop it so that other mobs always have 00 00(always on cooldown) and change it to 01 01 for my skills.
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sun Mar 16, 2014 7:50 pm Post subject: |
|
|
Yes, with a script, you can do most all things.
For cool down example, simply add the address that controls your cool down time to your cheat table, and right-click on it to see which instructions access it. In the debugger window, you should see at least 1 instruction. You can use one of the instructions for your injection point. If you are not sure about how to proceed from this point, start with the CE tutorial and work through the steps. Follow guides on this forum or on youtube to expedite things. Post any questions that you may have.
|
|
| Back to top |
|
|
lamafao
Expert Cheater
Reputation: 1
Joined: 17 Apr 2013
Posts: 130
|
| Posted: Sun Mar 16, 2014 8:22 pm Post subject: |
|
|
Well its kinda the same as 'what writes to this address' only a few more cmp
As you know im already using mov word ptr [esi+09],0101 for injection, but i might change it to cmp just because it works a bit faster, also all those cmp change stuff for all the mobs/player
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Mon Mar 17, 2014 10:25 am Post subject: |
|
|
Yes, 'find out what writes' will only give you instructions that write to your targeted address. By using 'find out what accesses', we can get ALL instructions...not just those that write to your targeted address, but also those that read your targeted address.
We use these instructions for different reasons. One reason (as you say), they are much faster. We can update our health (or whatever) instantly, without having to wait until we pick up more health (i.e. without having to wait until our targeted address gets written to again). It is also good because, as you noticed, we have more instructions to work with. This can come in handy when we need manipulate ALL health values (player and enemy), or, when we need to ONLY manipulate player health value (health is just an example).
Anyway, in this case, you could probably use the first instruction. So, stop the debugger, and with the first instruction highlighted, click on 'show disassembler'. From here (in memory viewer), with the instruction highlighted, select 'tools' from the drop-down menu and click on 'auto assemble'. In the auto assemble window, select 'template' from the drop-down menu, and click on 'cheat table framework code'. Select 'template' again, and click on 'code injection'. Click 'okay'.
Now, you can manipulate your script as you like and add it to your cheat table. Select 'file' from the drop-down menu, and click on 'assign to current cheat table'.
If you need help with your script, just copy it all and paste it here.
|
|
| Back to top |
|
|
lamafao
Expert Cheater
Reputation: 1
Joined: 17 Apr 2013
Posts: 130
|
| Posted: Tue Mar 18, 2014 11:45 am Post subject: |
|
|
Im trying to make a fly hack in Eldritch game by changing coordinates, i've found a pointer to my coordinates.
When i look what accesses it i get a lot of these :
Also if i go to my pointer address all i can see is this :
I've never used these weird 'cli' 'xchg', so i cant really understand what they do, also i dont really understand this dword thing, i know it loads float value or something, but where from,how and why. And how do i add it to my script.
Also i looked at your script, cant understand much, maybe because its a different game. you put esi into [value] to know where edx is going or?
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Mar 18, 2014 12:10 pm Post subject: |
|
|
| lamafao wrote: | Im trying to make a fly hack in Eldritch game by changing coordinates, i've found a pointer to my coordinates.
When i look what accesses it i get a lot of these :
|
1. You do not need to search for pointers if you are using injection.  Just find the targeted address and right-click to see what accesses it.
2. When your debugger window is open, like in the above picture, you can right-click on an open space to see if 'found opcodes access other addresses'. By doing so, you can eliminate the need to filter unwanted addresses. This is important if you want to make a fly cheat, because the only address that you want to be altering is your hero address.
3. If you see an instruction that is only accessing 1 address (and) it is being accessed several times per second, then it is probably a good candidate to use for your injection point. So, stop the debugger and left-click the instruction to highlight it. Once it is highlighted, click the button to the right that says 'show disassembler'. When you do that, you should see the instruction in the memory viewer...you should not see cli db garbage (not sure what you did to get this):
| lamafao wrote: | | Also i looked at your script, cant understand much, maybe because its a different game. you put esi into [value] to know where edx is going or? |
-No. [esi+04] holds our targeted value. So, we know that in this case, esi holds the base address for the structure for our targeted value. So, by moving esi in to [value], we can create our own pointer tree and manipulate values just as we would if we performed a pointer scan on them...except by using injection instead of a potentially unreliable pointer, we see all of the advantages outlined in my previous post.
|
|
| Back to top |
|
|
lamafao
Expert Cheater
Reputation: 1
Joined: 17 Apr 2013
Posts: 130
|
| Posted: Tue Mar 18, 2014 12:40 pm Post subject: |
|
|
Thanks, i think i got it, but the address i added only updates when i move, still works though, so as you said i guess im gonna have to find one that updates it every sec.
Also is there a way to make a hotkey that would increase my coordinates by +1 if i hold a button? right now i have to press it all the time :d
Edit: nvm i think i can hold it and coords still change
Edit2: Is there a way to set hotkey delay only for those addresses? i know you can set delay in settings but i think its for all the hotkeys right?
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,4096)
label(returnhere)
label(value)
registersymbol(value)
newmem:
mov [value],eax
fld dword ptr [eax+08]
fstp dword ptr [esp+10]
jmp returnhere
value:
dd 0
"Eldritch.exe"+31CB5:
jmp newmem
nop
nop
returnhere:
[DISABLE]
dealloc(newmem)
"Eldritch.exe"+31CB5:
fld dword ptr [eax+08]
fstp dword ptr [esp+10]
unregistersymbol(value) |
Last edited by lamafao on Tue Mar 18, 2014 12:59 pm; edited 4 times in total |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
