Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Alpha Autoassembler: Publishing a Cheat

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions
View previous topic :: View next topic  
Author Message
Menoetius
Cheater
Reputation: 0

Joined: 01 Jul 2018
Posts: 29

PostPosted: Wed Aug 08, 2018 2:22 pm    Post subject: Alpha Autoassembler: Publishing a Cheat Reply with quote

I've learned and relearned a lot in the past month or so about cheat engine and I've managed to cobble together a couple scripts that work on a little game called Risk of Rain, but I have a couple issues cleaning it up and making it more accessible.

Code:
{ Game   : Risk of Rain.exe
  Version:
  Date   : 2018-08-05
  Author : Mexon

  This script does blah blah blah
}

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

 
 
aobscanmodule(INJCRT,Risk of Rain.exe,DD 1F 5F 5E 5D 5B 59) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

label(myCrx)
globalalloc(crx,$8)
crx:
dq (double)25 //out of 100

label(myAtx)
globalalloc(atx,$8)
atx:
dq (double)2.00//1.00

label(myRegen)
globalalloc(rgn,$8)
rgn:
dq (double)0.25//.02or.01

label(myGold)
globalalloc(gld,$8)
gld:
dq (double)1000//15

label(mySpeed)
globalalloc(spd,$8)
spd:
dq (double)1.75//1.3

label(myJetpack)
globalalloc(pck,$8)
pck:
dq (double)3.50//3.00

globalalloc(vv,$8)
vv:
dq (double)0.00

newmem:
  cmp [ESP+14],40C92A
  jne code
  cmp [ESP+0C],18769
  je myCrx
  cmp [ESP+0C],1876B
  je myAtx
  cmp [ESP+0C],187CC
  je myRegen
  cmp [ESP+2C],1870F
  je myGold
  cmp [ESP+2C],18756
  je mySpeed
  cmp [ESP+0C],1875D
  je myJetpack

code:
  fstp qword ptr [edi]
  pop edi
  pop esi
  pop ebp
  jmp return

myCrx:
  fstp st(0)
  fld qword ptr [crx]
  jmp code

myAtx:
  fstp st(0)
  fld qword ptr [atx]
  jmp code

myRegen:
  fstp st(0)
  fld qword ptr [rgn]
  jmp code

myGold:
  fstp st(0)
  fld qword ptr [gld]
  jmp code

mySpeed:
fstp st(0)
fld qword ptr [spd]
jmp code

myJetpack:
fstp st(0)
fld qword ptr [pck]
jmp code

INJCRT:
  jmp newmem
return:
registersymbol(INJCRT)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJCRT:
  db DD 1F 5F 5E 5D

unregistersymbol(INJCRT)

//dealloc(newmem)
//dealloc(crx)
//dealloc(atx)
//dealloc(rgn)
//dealloc(gld)
//dealloc(spd)
//dealloc(pck)

{
// ORIGINAL CODE - INJECTION POINT: "Risk of Rain.exe"+109F03

"Risk of Rain.exe"+109EEF: 39 58 08              -  cmp [eax+08],ebx
"Risk of Rain.exe"+109EF2: 0F 85 95 02 00 00     -  jne "Risk of Rain.exe"+10A18D
"Risk of Rain.exe"+109EF8: 89 78 08              -  mov [eax+08],edi
"Risk of Rain.exe"+109EFB: 5F                    -  pop edi
"Risk of Rain.exe"+109EFC: 5E                    -  pop esi
"Risk of Rain.exe"+109EFD: 5D                    -  pop ebp
"Risk of Rain.exe"+109EFE: 5B                    -  pop ebx
"Risk of Rain.exe"+109EFF: 59                    -  pop ecx
"Risk of Rain.exe"+109F00: C3                    -  ret
"Risk of Rain.exe"+109F01: DD 00                 -  fld qword ptr [eax]
// ---------- INJECTING HERE ----------
"Risk of Rain.exe"+109F03: DD 1F                 -  fstp qword ptr [edi]
"Risk of Rain.exe"+109F05: 5F                    -  pop edi
"Risk of Rain.exe"+109F06: 5E                    -  pop esi
"Risk of Rain.exe"+109F07: 5D                    -  pop ebp
// ---------- DONE INJECTING  ----------
"Risk of Rain.exe"+109F08: 5B                    -  pop ebx
"Risk of Rain.exe"+109F09: 59                    -  pop ecx
"Risk of Rain.exe"+109F0A: C3                    -  ret
"Risk of Rain.exe"+109F0B: 8B 00                 -  mov eax,[eax]
"Risk of Rain.exe"+109F0D: 89 07                 -  mov [edi],eax
"Risk of Rain.exe"+109F0F: 5F                    -  pop edi
"Risk of Rain.exe"+109F10: 5E                    -  pop esi
"Risk of Rain.exe"+109F11: 5D                    -  pop ebp
"Risk of Rain.exe"+109F12: 5B                    -  pop ebx
"Risk of Rain.exe"+109F13: 59                    -  pop ecx
}


Alright so the above code works as intended, but I do have a couple things I would like to change about them I yet to know how.

1a. How can I have the values I define also display the value the game gives it, but also be able to the change the value on the run. I know obviously I can make two values, one for reading from the game, and one for writing from me, but how can I combine the two concepts or is that a silly thing to do?

2a. How can I make it only enable certain parts of the script, ex just gold instead of all of them? Would I make a boolean statement at the top of each call checking if its 1 or no and putting a value that CE would read as a custom address?

3a. Is it possible for me to force the game to call a function? All of them load upon character select, but say I want to change a value mid game, some of them like attack speed and crit chance do not update constantly unless upon things like item pickup or level up.

4a. This game discerns values that run through the common function by values in the stack. I compare them with one another of like values (Cooldown stack to another cooldown stack, stat change to another stat change), but often I dont get the stack at the right "time" of operation - ex: it doesn't have the only value that's consistently in the right place at the time I view the stack. How can I walk through all values of the stack for that particular value/address?

5a. How do I get the address of the current value to point to an address I allocate so I can consistently change the value?

6a. How can I make it automatically run only once upon character selection instead of having to disable it, or would that be impossible because there is nothing to discern it from being called while not in a game (like playing mode, not menu mode).

7a. How can I simply add a value instead of substituting it for something else?

The following is my Cooldown Nullifier script.

Code:

{ Game   : Risk of Rain.exe
  Version:
  Date   : 2018-07-28
  Author : Mexon

  This script does blah blah blah
}

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

 
 
  aobscanmodule(INJCD0,Risk of Rain.exe,89 94 81 C0 00 00 00) // should be unique
alloc(newmem,$1000)

label(code)
label(return)
label(myCool)

newmem:
  //use item
  cmp [ESP+97C],90
  je myCool
  //enforcer
  cmp [ESP+97C],26C
  je myCool
  cmp [ESP+97C],360
  je myCool
  cmp [ESP+97C],4AC
  je myCool
  cmp [ESP+97C],5D4
  je myCool
  cmp [ESP+97C],6D0
  je myCool
  //commando
  cmp [ESP+97C],3F0
  je myCool
  cmp [ESP+97C],2FC
  je myCool
  //huntress
  cmp [ESP+97C],208
  je myCool
  cmp [ESP+97C],698
  je myCool
  cmp [ESP+97C],814
  je myCool
  cmp [ESP+97C],414
  je myCool
  cmp [ESP+97C],280
  //bandit
  cmp [ESP+97C],7D8
  je myCool
  cmp [ESP+97C],6E4
  je myCool
  cmp [ESP+97C],5F0
  je myCool
  cmp [ESP+97C],3D8
  je myCool
  //engineer
  cmp [ESP+97C],3D0
  je myCool
  //cmp [ESP+97C],4A0
  //je myCool
  cmp [ESP+97C],5C4
  je myCool
  //cmp [ESP+97C],718
  //je myCool
  //mercenary
  cmp [ESP+97C],268
  je myCool
  cmp [ESP+97C],700
  je myCool
  cmp [ESP+97C],8E0
  je myCool
  //chef
  cmp [ESP+97C],144
  je myCool
  cmp [ESP+97C],284
  je myCool
  cmp [ESP+97C],3C4
  je myCool
  cmp [ESP+97C],82C
  je myCool
  //sniper
  //cmp [ESP+97C],8C4
  //je myCool

  jmp code

code:
  mov [ecx+eax*4+000000C0],edx
  jmp return

myCool:
xor edx,edx
jmp code

INJCD0:
  jmp newmem
  nop
  nop
return:
registersymbol(INJCD0)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJCD0:
  db 89 94 81 C0 00 00 00

unregistersymbol(INJCD0)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "Risk of Rain.exe"+355AD

"Risk of Rain.exe"+3559A: CC                       -  int 3
"Risk of Rain.exe"+3559B: CC                       -  int 3
"Risk of Rain.exe"+3559C: CC                       -  int 3
"Risk of Rain.exe"+3559D: CC                       -  int 3
"Risk of Rain.exe"+3559E: CC                       -  int 3
"Risk of Rain.exe"+3559F: CC                       -  int 3
"Risk of Rain.exe"+355A0: 8B 44 24 04              -  mov eax,[esp+04]
"Risk of Rain.exe"+355A4: 83 F8 0B                 -  cmp eax,0B
"Risk of Rain.exe"+355A7: 77 0B                    -  ja "Risk of Rain.exe"+355B4
"Risk of Rain.exe"+355A9: 8B 54 24 08              -  mov edx,[esp+08]
// ---------- INJECTING HERE ----------
"Risk of Rain.exe"+355AD: 89 94 81 C0 00 00 00     -  mov [ecx+eax*4+000000C0],edx
// ---------- DONE INJECTING  ----------
"Risk of Rain.exe"+355B4: C2 08 00                 -  ret 0008
"Risk of Rain.exe"+355B7: CC                       -  int 3
"Risk of Rain.exe"+355B8: CC                       -  int 3
"Risk of Rain.exe"+355B9: CC                       -  int 3
"Risk of Rain.exe"+355BA: CC                       -  int 3
"Risk of Rain.exe"+355BB: CC                       -  int 3
"Risk of Rain.exe"+355BC: CC                       -  int 3
"Risk of Rain.exe"+355BD: CC                       -  int 3
"Risk of Rain.exe"+355BE: CC                       -  int 3
"Risk of Rain.exe"+355BF: CC                       -  int 3
}


The above cooldown zeroing code works also effectively, but how may I improve it?

1b. Do I need a
Code:
je
after every compare or only the last one?

2b. Some cooldowns(at the time of viewing the stack) have the same value in their respective stack offset as one of the compares, yet do not function. Is it because I'm not looking at the stack at the correct time? Usually its obvious that its the wrong time because at the offset instead of a dword it will be a pointer or a function, yet the cooldowns I'm unable to 0 have a dword that is consistent with the above labeling.

3b. Anyway I can separate cooldowns other than enabling a script for seperate ones?

4b. Same as 7a, how can I just increase the value at which it increments(or decrements( instead of nullifying it?

That's all I can think of for now about the scripts I've written. If there's any obvious coding errors or mistakes please let me know.

As for the game in general, I would like some suggestions on future ideas as well as some answers to a few more questions.

1c. How would you go about changing the game's RNG for things such as:
next map
item drop
enemy spawn
I can't really think how to search for specific values to change or that can be consistently found.

2c. How would I go about spawning an item direction in a game like this if you have any general ideas?

3c. Would I be able to look in memory for something like an item ID that the game calls upon to change its value? Kind of vague I know, but I've tried aobscan and nothing is consistent even arrays of bytes over 512 bytes long. What I'm attempting to do is find a pattern that all items have so I can /guess/ what and where other similar items would be, but I can't even discover how I would keep track of their attributes, because the only character effect they have is the increment of a double somewhere in memory.

Thank you all so much for reading this post, I do have a lot of spreadsheets of data for it if you're interested in modding Risk of Rain as well.

_________________
Big Gun
#1
Shoot the Hell Outta You
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites