Cheat Engine

[mouser]

A small question, I'm maybe not providing enough information here but I try to understand some things more conceptually.

Down below in the screenshot there is the highlighted jump if equal, when I change that into jne then that disables all collision in the game, sort of an element for a noclip cheat. I can move around by changing the player pos values.

The problem is that when I set it back to normal, I die instantly. It doesn't really matter if I activate and deactivate the script that changes that jump as fast as I can, the result is death, so I doubt it's timer related.

Now there is another jump 3 lines below that jump, if I change that to jne then I will die immediately.

Just by looking at the screenshot, is this enough information to see how to avoid death when reactivating collisions?

How important are flags in a situation like this, are the "test" and "xor" instruction setting flags that are maybe important here?

[Cake-san]

What happened when you activated/deactivated this script ?

[mouser]

I still get killed when deactivating that script... but I just seen something that makes me question if this is actually only collision that is deactivated here. I tried moving normally (wasd) with activated script and expected to fall through the floor but instead I shot up against the ceiling and couldn't move around anymore. Maybe I need to find another region or more related to that region.

[ParkourPenguin]

The int 3 instructions above it combined with it getting a couple arguments off the top of the stack is indicative of that being the start of a subroutine. Those two test and je instructions are probably checking to see if those pointers are null (0). If they are, then it'll do some sort of error management (the stuff past the ret). If they're both valid, then it seems to copy the 12 bytes of memory at ecx+24 into eax. I'm guessing this might be your x/y/z coordinates?

Try backtracing it to the calling procedure(s) and see what you can find there. A basic utility function like this might be called by a lot of other subroutines.


Also, that xor eax,eax just makes this subroutine return 0, which is usually indicative of success.

[mouser]

You are right ParkourPenguin, I found this spot by looking at the player coordinates.

I've ner used the "Break and trace instruction" function of Cheat Engine, is it a commonly used practise to get past all the instructions that are accessing this spot in memory? Is this what you guys mean when you say "filter out instructions"?

[++METHOS]

Typically (not always), instructions that handle collision, handle multiple addresses (collision for other characters etc.). That said, the other addresses are usually associated with coordinates, not health. However, some games have a check for fall deaths that may cause you to die, even though you weren't actually falling from high in the sky, but a timer or something determined that you should die anyway. Usually, if you NOP an instruction that handles collision, it applies to everything...even the floor. That said, if you're not falling through the map, but are able to move around and pass through walls, then perhaps something else is changing or being checked (or not checked, in this case) that you're not seeing.

Anyway, there are a few things that you can try. I would check to see if a different instruction can be used. I would also check to see if any filtering of unwanted addresses can fix the problem. I would also investigate that second jump to see if manipulating the test will fix your death problem. Beyond that, it will get more advanced, but as already suggested, analyze the code to see if you can find anything useful.

[mouser]

Hi ++Methos, I will definitely look further into it. I found another (shoddy) way of walking through walls by nop'ing two other instructions that accessed play player Z coordinate. I don't really like it much though as it isn't a smooth passing through geometry and objects like stuff on tables are flying wildly through the room when I pass through the table etc. It also kills friction somehow, when I lose contact to the ground then it feels like I'm walking in space/on ice. That's why I like the other instruction more because nothing reacts to me passing trough any longer, not even event-triggers in the game.

Say, I've read "filtering out"-addresses/instructions many times. I feel like I'm missing a special concept with this. I assume this just means finding what does something an changing or killing it, by script.
Or is there some special functionality of CE I'm not aware of? (there is tons of stuff I have no idea about)

[++METHOS]

Filter out addresses is what is sounds. If you complete the CE tutorial, the last step covers data structure dissection. It essentially involves creating a conditional jump that performs a check, and based on that check, you can filter out addresses or direct specific addresses to follow a certain segment of code that will only affect what you want.

Say, for example, you want to create a one-hit kill code. Most games will have an instruction that handles ALL health values, even hero health, so, you wouldn't want to create a script that causes all health values to be 0 or 1, because then your hero would also be affected. To circumvent this, you figure out a way to filter the hero health out so that it isn't affected, but everything else is. You may have something like this:

[mouser]

Thanks for the detailed answer Methos, I need to give the CE tutorials another go it seems

Regarding the different addresses, I assumed them to be collision related, I'm not really sure they're changing collision at all anymore. Because I can pass through walls by changing the value of the player position alone, when I press against the wall, the character model will change it's position relative to the camera and the wall. A very noticeable effect since it's an fps game. But I can increase the position in small increments and eventually the player modell will follow the camera to the other side of the wall.

The shoddy way I have now is done by disabling two different instructions, both are position related.
The first one disabled will let me walk around normally until I've come up to an obstacle/geometry, then my character will walk up that geometry. If I walk against a wall I will walk up that wall to the roof like spiderman (kinda).

The second instruction nop'ed kills hight, the Z value doesn't get updated anymore and I don't fall anymore, which has a strange effect on the walking physics/friction when I walk to a staircase and start walking on air.

Either of them alone will not let me pass through geometry (using wasd/controller), but both disabled at the same time will (except for wooden plates, don't know why that is) I can walk around through nearly anything and also leave the level and not fall down. I enable the instructions again and everything is reset, fine and dandy.


The other "smooth" option (the one that kills me after re-enabling the instructions) will also not let me fall through the floor, instead I go up into the air and cling to the ceiling, unable to move.

I probably only have found something that is related to/with collisions but only partially I guess, somewhere in the chain of things.
I will try to find out some more tomorrow.

[++METHOS]