 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
KalasDev
Master Cheater
![]() Reputation: 1
Joined: 29 May 2016
Posts: 311
|
 Posted: Mon May 30, 2016 10:16 am Post subject: One Troll Army, Need help with hacking this, AA usage. |
 |
|
this is a Cash script, Alright so there is the script, no changes just the originalcode:
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
mov [eax],ecx
mov eax,[ebx+30]
exit:
jmp returnhere
0611D79F:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
0611D79F:
mov [eax],ecx
mov eax,[ebx+30]
//Alt: db 89 08 8B 43 30 |
Ok so since I have already tried making Hack for this game, This is cash, so I tried changing this to | Code: | | mov [eax],(int)9999999 |
It does work when I activate it, but when I save the CT and re-open the game and the CT and Attaching the game again, trying to activate the Script will show the Tick mark, but the script itself just won't do anything, it will simply read the originalcode and still decrease my money value.
There is the Script after me changing it:
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
//mov [eax],ecx
mov [eax],(int)9999999
mov eax,[ebx+30]
exit:
jmp returnhere
0611D79F:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
0611D79F:
mov [eax],ecx
mov eax,[ebx+30]
//Alt: db 89 08 8B 43 30 |
What could be the issue I'm dealing with, This is a unity game by the way, I discussed this with 3 people already on a different game with a different type of issue but wanted to make a new Thread and getting new info here, please let me know if my script is correct but why is it not working after I re-open the game.
|
|
| Back to top |
|
 |
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Mon May 30, 2016 10:21 am Post subject: |
|
|
| If you can't use reliable, module addressing, then use AOB.
|
|
| Back to top |
|
|
KalasDev
Master Cheater
![]() Reputation: 1
Joined: 29 May 2016
Posts: 311
|
| Posted: Mon May 30, 2016 10:24 am Post subject: |
|
|
Alright so using the AOB this is the new code It generated:
| Code: | [ENABLE]
aobscan(Cash,89 08 8B 43 30 40 89 43 30 8D 65 F4 5E 5F 5B C9 C3 6A) // should be unique
alloc(newmem,$100)
label(code)
label(return)
newmem:
code:
mov [eax],ecx
mov eax,[ebx+30]
jmp return
Cash:
jmp code
return:
registersymbol(Cash)
[DISABLE]
Cash:
db 89 08 8B 43 30
unregistersymbol(Cash)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 060EC6AF
""+60EC68A: 8D 4F 01 - lea ecx,[edi+01]
""+60EC68D: 39 70 0C - cmp [eax+0C],esi
""+60EC690: 0F 86 36 00 00 00 - jbe 060EC6CC
""+60EC696: 8D 44 B0 10 - lea eax,[eax+esi*4+10]
""+60EC69A: 89 08 - mov [eax],ecx
""+60EC69C: 8B 43 14 - mov eax,[ebx+14]
""+60EC69F: 39 78 0C - cmp [eax+0C],edi
""+60EC6A2: 0F 86 18 00 00 00 - jbe 060EC6C0
""+60EC6A8: 8D 44 B8 10 - lea eax,[eax+edi*4+10]
""+60EC6AC: 8B 4D 10 - mov ecx,[ebp+10]
// ---------- INJECTING HERE ----------
""+60EC6AF: 89 08 - mov [eax],ecx
""+60EC6B1: 8B 43 30 - mov eax,[ebx+30]
// ---------- DONE INJECTING ----------
""+60EC6B4: 40 - inc eax
""+60EC6B5: 89 43 30 - mov [ebx+30],eax
""+60EC6B8: 8D 65 F4 - lea esp,[ebp-0C]
""+60EC6BB: 5E - pop esi
""+60EC6BC: 5F - pop edi
""+60EC6BD: 5B - pop ebx
""+60EC6BE: C9 - leave
""+60EC6BF: C3 - ret
""+60EC6C0: 6A 2A - push 2A
""+60EC6C2: 68 78 06 00 00 - push 00000678
} |
Assuming I want to change the ecx to 99999 is possible but the thing is that the script will not work when game is rebooted.
What kind of stuff I should do to fix it, I could find pointer but assuming I want to use only Scripts which is more effective in my opinion.
|
|
| Back to top |
|
|
hhhuut
Grandmaster Cheater
 Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Mon May 30, 2016 10:27 am Post subject: |
|
|
| You should stop your AOB code after the "C3" byte (so don't take the "6A" into the pattern) because between the return and the push 2A there can also be some space (nops or int3s) which means your AOB won't be found after restarting the game.
|
|
| Back to top |
|
|
KalasDev
Master Cheater
![]() Reputation: 1
Joined: 29 May 2016
Posts: 311
|
| Posted: Mon May 30, 2016 10:31 am Post subject: |
|
|
So like that ?
89 08 8B 43 30 40 89 43 30 8D 65 F4 5E 5F 5B C9 C3
|
|
| Back to top |
|
|
Cake-san
Grandmaster Cheater
 Reputation: 8
Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung
|
|
| Back to top |
|
|
hhhuut
Grandmaster Cheater
Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Mon May 30, 2016 10:38 am Post subject: |
|
|
| Yeah, but scan if there's only one single location (your target location) which matches the AOB pattern.
|
|
| Back to top |
|
|
KalasDev
Master Cheater
![]() Reputation: 1
Joined: 29 May 2016
Posts: 311
|
| Posted: Mon May 30, 2016 11:07 am Post subject: |
|
|
There guys, It works for me even after booting the game again.
| Description: |
Infinite Resources
Infinite HP (Troll&Castle) |
|
Download |
| Filename: |
OTA.CT |
| Filesize: |
633.59 KB |
| Downloaded: |
608 Time(s) |
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
