|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Corazon Newbie cheater Reputation: 0
Joined: 20 Jun 2018 Posts: 18
|
Posted: Mon Aug 06, 2018 8:38 am Post subject: CMP no Working in a given game :( |
|
|
Hi everyone, I'm having a problem, but this is only in a game and it's very strange, I'll make it clear before that, I learned the method of dissecting structures, and this allowed me to do things that I never imagined doing before in various games , I used the CMP command to compare the offset and differentiate my value from the opponents, and I succeeded in all the games where I did it, but it seems like I'm having trouble in one, it just does not work, its name is Sewerrun, it It is .EXE, I have simply tried several Registors with offsets and try to differentiate values in dissecting structures, but this simply does not work, it activates the Script but it does not work, it only works only if I delete the CMP command, but this ends up affecting the other opponents, please help me, I do not know what else to do, I'll leave Images to make it clearer :// Obs: follow the orders of the images by letters in alphabetical order
Another important point is that I was facing the same thing in another game, the speed instruction was Fmul Dword ptr (RocketRacer.exe + A4FH52), and when I clicked on it to know which addresses accessed that instruction, only one appeared, changes that I made were affecting everyone, so I did exactly what I'm doing in that game Sewerrun, I found in the other game, the instruction of rocket positions
(first, second) the address of my opponents were accessing this instruction too, and then I told the structures of this instruction, which has nothing to do with the speed instruction, I could differentiate the values with that same CMP script, and worked perfectly, the speed only affected me, but in this game I am facing this problem ....
Description: |
and here is the image of dissecting structures of (edi+58), as you can see exactly like this in Script edi+05, 44, My value is the only one different from the others, and this value does not change even restarting the game, but it just does not work |
|
Filesize: |
82.03 KB |
Viewed: |
5267 Time(s) |
|
Description: |
the speed function with (Module.exe + Offset) when I tried to find out which addresses it accessed, only one appeared, so in the image below, I found another instruction in which the speed of each skate including that of the enemy |
|
Filesize: |
65.08 KB |
Viewed: |
5267 Time(s) |
|
Description: |
the selected Instruction is exactly the Instruction of the Speed of my Skate, when I add Fadd in my script not only my Skate gets insanely fast, but all the others too |
|
Filesize: |
23.18 KB |
Viewed: |
5267 Time(s) |
|
Description: |
this is the script template I always use in all games, it activates but it simply does not effect the game, it only works when I remove the CMP command, but this ends up affecting all the players, and I want it to only affect me :( |
|
Filesize: |
39.46 KB |
Viewed: |
5267 Time(s) |
|
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Mon Aug 06, 2018 9:27 am Post subject: |
|
|
In the dissect data form it shows as a byte value, but in your script your compairing a 4 byte value.
Try
Code: | cmp byte ptr [edi+5],44 |
_________________
|
|
Back to top |
|
|
Corazon Newbie cheater Reputation: 0
Joined: 20 Jun 2018 Posts: 18
|
Posted: Mon Aug 06, 2018 9:38 am Post subject: |
|
|
Thank you for the answer, I've tried this and Dword too, but it still does not work
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1587
|
Posted: Mon Aug 06, 2018 9:57 am Post subject: |
|
|
first, im a lil bit confused, is it float or int?
second, for your information dissect data isnt always accurate which means it may show 4byte value as float. (or anything)
third, it seems what i said above is true see offset 4 is byte offset 5 is byte as well and offset 6 is 2byte.
total is 4 byte, and it worth noting float is 4byte long too.
i can say its not byte 44 (i mean cmp byte ... 44), also i would say if the value is float and you are pretty much sure its in st0 - st7 fpu registers then you can compare these registers using fpu instructions.
one more thing, you can compare the stack too .. or even the contents of registers.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
Corazon Newbie cheater Reputation: 0
Joined: 20 Jun 2018 Posts: 18
|
Posted: Mon Aug 06, 2018 10:25 am Post subject: |
|
|
I'm sorry, but ask if Float or Int is the Fmul instruction of the speed value that all Opponents access, or the Fdiv Instruction that is the instruction that changes the Speed? I did not quite understand what I meant by byte 2 byte or 4 byte ://
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Mon Aug 06, 2018 11:29 am Post subject: |
|
|
Ha! I missed it too. But I bet the dissect data form is showing it as decimal (it's default), but the Auto Assembler sees it as hex (it's default).
And, 44 == 0x2C, So try this.
Code: | cmp byte ptr [edi+5],2C |
EDIT:
The dissect data form doesn't show double zeros (00) for the other two structures, so it's definitely showing in decimal format.
_________________
|
|
Back to top |
|
|
Corazon Newbie cheater Reputation: 0
Joined: 20 Jun 2018 Posts: 18
|
Posted: Mon Aug 06, 2018 11:41 am Post subject: |
|
|
Thanks for the answer mate (, but lol, that also did not work, Script active but in the game has no effect, this is very strange because in the other Games I did not go through all this problem, and exactly what I did in others I'm doing this, this is strange ...
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Mon Aug 06, 2018 3:06 pm Post subject: |
|
|
Set a breakpoint I bet the value isn't what you think it is, it may be changing faster than you can see; or just try to find another way to id the player, I also start with registers then look to the stack then if I still have nothing that works that's when I look at the data structures.
_________________
|
|
Back to top |
|
|
Corazon Newbie cheater Reputation: 0
Joined: 20 Jun 2018 Posts: 18
|
Posted: Mon Aug 06, 2018 5:35 pm Post subject: |
|
|
Thanks for replying, it's really weird, I've tried several and several Instructions that other players access besides me, already tried several addresses and offsets that do not change, and still does not work, but could explain me better about the point of breakers registers and stack? :// I do not understand much of this part
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Mon Aug 06, 2018 8:33 pm Post subject: |
|
|
So let's start with a breakpoint, Basically a breakpoint is just way to halt execution. This allows you to "step" through the instruction one at a time. So When you activate the script, if you view the instruction in the memory view form, then you will see the jump to your injected code.
Follow this (right click and select "follow" or press the spacebar) then when you see the instructions from your script, look for the "cmp" then select that instruction line and set a breakpoint (right click and select "set breakpoint" or press F5).
Then you can select the "view" menu on the memory view form and select "breakpoint list" or press Ctrl+B then select the breakpoint you set and right click and select "set/change condition" then select the "easy" radio button and input "EDI == 0x??" and input the value of EDI for the player after "0x" where the "??" is.
Then just do whatever makes the code execute. Then when the game hits the breakpoint, it will stop execution; then you can go back to CE and see what the value of that address is at that exact moment of execution. You can add an memory record or just right click in the bottom section of the memory view form and select "Go to address" and input the address that EDI holds; you will see the value of all registers on the upper right of the memory view form.
Then you should be able to see the value of that address that is "EDI+5" as a byte value. When you are ready to step select the "debug" menu then "step" or press F7; this will also allow you to see if it jumps or not.
Then to run the game again you can select "run" in the debug menu, or press F9. It will run until it hits the breakpoint, when you are ready to remove the breakpoint you can select "remove all breakpoints" in the debug menu, or select the instruction that the breakpoint was set and select "remove breakpoint" or press F5 again.
----
And for checking the registers you can do the same but don't set a condition for the breakpoint and check to see if you see a register is always the same value for the player and different value for the other actors.
So if EAX is alway equal to 1 for the player you can use that instead of the "[EDI+5]" so "cmp eax,1"; just try not to use addresses that will change unless you have a way to get that address reliably.
Or you can check the registers in the debugger from "see what accesses this address" or "see what writes to this address".
https://wiki.cheatengine.org/index.php?title=Assembler#Registers
https://www.youtube.com/watch?v=afCoTLBq6dI&list=PLszEh0IDMrCmPK-0wpe-cyu08Kj7MGYyo&index=55
----
As for the stack, that one is relatively simple but you will need to understand what the stack is a bit better. there are YT videos and lots of posts. But in the end it works a lot like the first compare you tried but with the stack so you would compare say "cmp [esp+8],1" or "cmp [ebp+8],1".
https://wiki.cheatengine.org/index.php?title=Tutorial:Stack
https://www.youtube.com/watch?v=AaYgSEQvAww&list=PLszEh0IDMrCmPK-0wpe-cyu08Kj7MGYyo&index=64
----
Here are 2 great YT channels.
https://www.youtube.com/user/seowhistleblower
https://www.youtube.com/channel/UCxuUEVD4bQqT3twlaeW9usQ
_________________
|
|
Back to top |
|
|
Corazon Newbie cheater Reputation: 0
Joined: 20 Jun 2018 Posts: 18
|
Posted: Tue Aug 07, 2018 8:25 am Post subject: |
|
|
LOL WTF, I activated the Script as it said, and opened the Memory view, it was written Jump 034D0800, I clicked on "go to this address" when clicking I was flung to this region, but LOL I have never seen this before, instead of add was supposed to be CMP ******, is this normal?
Description: |
|
Filesize: |
109.92 KB |
Viewed: |
5149 Time(s) |
|
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1587
|
Posted: Tue Aug 07, 2018 8:40 am Post subject: |
|
|
yes its normal with disassemblers, its incorrect disassembly.
Code: | 83 7 F0 5 44 -> cmp [edi+05],44 // 68 decimal
0F 85 11000000 -> jne originalcode
d8 05 00084d03 -> fadd dword ptr [xxx] |
incorrect disassembly does not mean you code is incorrect, in fact its correct but shown as different instructions.
you should do what Tim13 said:
TheyCallMeTim13 wrote: | Code: | cmp byte ptr [edi+5],2C |
|
where 2C is 44 decimal.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
Last edited by OldCheatEngineUser on Tue Aug 07, 2018 8:51 am; edited 1 time in total |
|
Back to top |
|
|
Corazon Newbie cheater Reputation: 0
Joined: 20 Jun 2018 Posts: 18
|
Posted: Tue Aug 07, 2018 8:50 am Post subject: |
|
|
ahh, Thanks a lot, it was my mistake, now that's right, I'm going to do what fellow TheyCallMeTim13 told me to do now and post here the results
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4300
|
Posted: Tue Aug 07, 2018 8:52 am Post subject: |
|
|
The start of the disassembly was misaligned. Press the left/right arrow keys until it's correct.
The real code looks like this:
Code: | 83 7F 05 44 - cmp dword ptr [edi+05],44 { 68 }
0F85 11000000 - jne rip+11
D8 05 00084D03 - fadd dword ptr [034D0800]
D8 3D 4C8E205A - fdivr dword ptr [5A208E4C]
E9 06000000 - jmp rip+6
D8 3D 4C8E205A - fdivr dword ptr [5A208E4C]
E9 C548CC56 - jmp 56EB48EB |
You still haven't changed 44 to 2C.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Corazon Newbie cheater Reputation: 0
Joined: 20 Jun 2018 Posts: 18
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|