Cheat Engine

[Twistedfate]

Warning :
-Bad English .
-very long Question .



I am playing stupid pc game not multiple one or online ...
-The idea ( attacking the nearest monster without moving the cursor on him.
- what did i do to select the monster ?
i changed the monster body size by a cheat i found for this game ,,
so when i get more body size i get more area for selection ....
-what i want to ??
i want to select the monster at larger area and keep his normal body without increasing .
-I did multiple scans with changing the monster size to big and normal

- Finally i found the value of the monster which can let me attacking him without moving the cursor on him .

- when i change this value to 0 i can attack him without moving the cursor and i can attack him with( right and left click) .
-But !! this value for selection of one monster .
____________________________________________________
What did i do ?
right click on the address

1-Find out what Writes to this address
Code:
10001D90 - D9 5E 1C - fstp dword ptr [esi+1C] // this alyways writes to the address

10004791 - D9 56 1C - fst dword ptr [esi+1C] // this writes when the monster appear or disappear
___________________________________________________
2-Find out what address this instruction access :
I pressed right click on this address
code: 10001D90 - D9 5E 1C - fstp dword ptr [esi+1C] .

then Find out what address this instruction access
I seen all the address of the nearest monsters to me and i counted them and the addresses are the same ..
_____________________________________________________
now what ??
If i picked all these addresses and changed them to 0 . now I can select all monsters and i can attack the nearest one to me if i didn't move my cursor on him and clicked right in empty area .
- and i can select him with my cursor and attack him with click right and left .
____________________________________________________________
-AOB injection ( Array of Bytes ) + The problem is here :

thats is the normal code :
code:
fstp dword ptr [esi+1C]
pop esi
pop ebp
jmp return
__________________________________
My code
code:
fstp dword ptr [esi+1C]
mov dword ptr [esi+1C],0
pop esi
pop ebp
jmp return

_______________________________________________________
What happens now ???
I Cannot select the monsters with Left click I walk through them
I cannot attack the monster body with right click !!
I can attack the monster only with pressing right click with out moving the cursor on him and if i moved it to another monster it will not attack him it will attacks the nearest monster to me only
__________________________________________________________
Shortcut for my Question : -
When when i obtain the values from the instruction
by Find out what address this instruction access of this
code: fstp dword ptr [esi+1C]
and changing the values it to 0 works good .
but when i do code injection to the instruction work bad .
And i dont want to attach the debugger every time i want to select them.

[++METHOS]

[Cake-san]

[Twistedfate]

How i can write codes like you in the forum?

The codes didn't work correctly
the first one every thing is go hidden and the game crashed
the 2nd one did not change anything
i selected the function :


/CODE:
RoleView.dll+1D5E - 55 - push ebp
RoleView.dll+1D5F - 8B EC - mov ebp,esp
RoleView.dll+1D61 - D9 45 08 - fld dword ptr [ebp+08]
RoleView.dll+1D64 - 56 - push esi
RoleView.dll+1D65 - 8B F1 - mov esi,ecx
RoleView.dll+1D67 - D9 5E 04 - fstp dword ptr [esi+04]
RoleView.dll+1D6A - D9 45 0C - fld dword ptr [ebp+0C]
RoleView.dll+1D6D - D9 5E 08 - fstp dword ptr [esi+08]
RoleView.dll+1D70 - FF 15 E8F10110 - call dword ptr [RoleView.dll+1F1E8]
RoleView.dll+1D76 - 85 C0 - test eax,eax
RoleView.dll+1D78 - 75 07 - jne RoleView.dll+1D81
RoleView.dll+1D7A - D9 45 10 - fld dword ptr [ebp+10]
RoleView.dll+1D7D - DCC0 - fadd st(0),st(0)
RoleView.dll+1D7F - EB 03 - jmp RoleView.dll+1D84
RoleView.dll+1D81 - D9 45 10 - fld dword ptr [ebp+10]
RoleView.dll+1D84 - 8B 45 14 - mov eax,[ebp+14]
RoleView.dll+1D87 - D9 5E 0C - fstp dword ptr [esi+0C]
RoleView.dll+1D8A - D9 45 18 - fld dword ptr [ebp+18]
RoleView.dll+1D8D - 89 46 18 - mov [esi+18],eax
INJECTasasdd - D9 5E 1C - fstp dword ptr [esi+1C] //this instruction writes to my address
RoleView.dll+1D93 - 5E - pop esi
RoleView.dll+1D94 - 5D - pop ebp
RoleView.dll+1D95 - C2 1400 - ret 0014
_________________________________________________________
and these instructions which access my address (the upper one is the write ) ↑

/CODE:
roleview.dll+2020 - 8D 45 24 - lea eax,[ebp+24]
**roleview.dll+2023 - D8 4E 1C - fmul dword ptr [esi+1C]
roleview.dll+2026 - DC 35 80F30110 - fdiv qword ptr [roleview.dll+1F380]
roleview.dll+202C - 0F84 99000000 - je roleview.dll+20CB
roleview.dll+2032 - D9 5D 64 - fstp dword ptr [ebp+64]
roleview.dll+2035 - D9 45 64 - fld dword ptr [ebp+64]
roleview.dll+2038 - D9 5C 24 08 - fstp dword ptr [esp+08]
roleview.dll+203C - D9 45 64 - fld dword ptr [ebp+64]
roleview.dll+203F - D9 5C 24 04 - fstp dword ptr [esp+04]
roleview.dll+2043 - D9 45 64 - fld dword ptr [ebp+64]
roleview.dll+2046 - D9 1C 24 - fstp dword ptr [esp]
roleview.dll+2049 - 50 - push eax

______________________________________________________
/CODE:
roleview.dll+2165 - 50 - push eax
roleview.dll+2166 - FF D7 - call edi
roleview.dll+2168 - D9 46 0C - fld dword ptr [esi+0C]
****roleview.dll+216B - D8 4E 1C - fmul dword ptr [esi+1C]
roleview.dll+216E - 83 C4 04 - add esp,04
roleview.dll+2171 - 8D 45 E4 - lea eax,[ebp-1C]
roleview.dll+2174 - DA 4E 20 - fimul [esi+20]
____________________________________________________
/CODE:
roleview.dll+3E2F - D9 46 1C - fld dword ptr [esi+1C]
roleview.dll+3E32 - 83 EC 0C - sub esp,0C
roleview.dll+3E35 - D9 5C 24 08 - fstp dword ptr [esp+08]
roleview.dll+3E39 - 85 C0 - test eax,eax
roleview.dll+3E3B - D9 46 1C - fld dword ptr [esi+1C]
roleview.dll+3E3E - 8D 45 1C - lea eax,[ebp+1C]
roleview.dll+3E41 - D9 5C 24 04 - fstp dword ptr [esp+04]
*** - D9 46 1C - fld dword ptr [esi+1C]
roleview.dll+3E48 - D9 1C 24 - fstp dword ptr [esp]
roleview.dll+3E4B - 50 - push eax

____________________________________________
/CODE:
roleview.dll+3E3B - D9 46 1C - fld dword ptr [esi+1C]
roleview.dll+3E3E - 8D 45 1C - lea eax,[ebp+1C]
roleview.dll+3E41 - D9 5C 24 04 - fstp dword ptr [esp+04]
**** - D9 46 1C - fld dword ptr [esi+1C]
roleview.dll+3E48 - D9 1C 24 - fstp dword ptr [esp]
roleview.dll+3E4B - 50 - push eax
_____________________________________________________
/CODE:
roleview.dll+3E3B - D9 46 1C - fld dword ptr [esi+1C]
roleview.dll+3E3E - 8D 45 1C - lea eax,[ebp+1C]
roleview.dll+3E41 - D9 5C 24 04 - fstp dword ptr [esp+04]
****** - D9 46 1C - fld dword ptr [esi+1C]
roleview.dll+3E48 - D9 1C 24 - fstp dword ptr [esp]
roleview.dll+3E4B - 50 - push eax
______________________________________________________

the marked one with star is the code ↑

these are the list which access my address :
126 10002023 - D8 4E 1C - fmul dword ptr [esi+1C]
126 1000216B - D8 4E 1C - fmul dword ptr [esi+1C]
63 10001D90 - D9 5E 1C - fstp dword ptr [esi+1C]
63 10003E2F - D9 46 1C - fld dword ptr [esi+1C]
63 10003E3B - D9 46 1C - fld dword ptr [esi+1C]
63 10003E45 - D9 46 1C - fld dword ptr [esi+1C]



dont hate me for this long questions and codes but am trying to learn from you

[++METHOS]

You need to hook a function that is ONLY accessing the value types that you want. If that's not possible, then you need to set up a filter so that ONLY the addresses that you are targeting will be affected.

Complete the last step of the CE tutorial that covers data structure dissection.

[Zanzer]

The instruction you're hacking likely touches a lot more addresses than you're expecting.
Right-click it and select Find out what addresses this instruction accesses.
If it's a lot, you may be SOL.

[Twistedfate]