 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
I_Dont_Bot
How do I cheat?
![]() Reputation: 0
Joined: 19 Dec 2018
Posts: 6
|
 Posted: Wed Dec 19, 2018 8:32 am Post subject: Is CE the right tool for in memory based third party bots? |
 |
|
Hi All,
I've recently started a project to get some hands on practice with python. I decided to write a bot, that plays a game, similar to candy crush, where you have to combine gems. At first I went with reading screenshots approach, and already have a somewhat working thing, but I feel like going a little further, and adapt it to read from process memory. When it comes to memory reading, you can consider me a total n00b.
I did play around with CE (All the tutorials completed, most of YT videos watched), but all that was not exactly for my use case. It's a great tool for finding values in memory, and do modifications to those via direct modification or insertion of new logic, however it's not what I actually need. Now the problem is I can't seem to find information for my case.
My use case:
Since there are a few screens in game, with clickable options, I'd like my bot to determine which screen the game is on, and most important, to be able to read all the layout of the gems from memory.
So my questions are:
1. Most important - is CE the right tool for this? I am pretty sure, that the layout is doable, only finding the values for gem type, and how the game fills the board/layout entity is tricky. But if there's no way to figure out the game state, then that's only half the thing I need.
1.a) If something similar was already done - please share any insights/material you have/know. I would really like to know where to start here, other than the obvious ones like git gut with assembler/scans/memory stuffz etc.
2. I would like to keep the game untouched, so it would be best, if only scans are used, and no injections. Question is - Can I see with CE when a certain call is made (Let me remind you, I don't exactly know, how in memory things work)? If so, what is the general approach for that? If there's no other way, than doing some kind of trigger instructions/api's, i'm ok with that - but would prefer not to.
2.a) Now that I think about, if a waiting for a call logic is implemented, that might be heavy on processor, since I assume that scans should be looped until some value is found in certain address (however now I'm doing same thing with reading screen pixels, so maybe it's ok) - Are there any other ways I could do this?
I hope It makes sense, and hope someone will be able to explain this topic. Also, sorry if this was asked before - I've tried a few keywords and didn't find anything neither here, or anywhere else in the webz.
Cheers!
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4719
|
| Posted: Wed Dec 19, 2018 10:13 am Post subject: |
|
|
Basic question, but have you tried searching for relevant values? i.e. focus on a tile and do changed/unchanged scans
| I_Dont_Bot wrote: | | is CE the right tool for this? |
CE would be useful for finding the relevant data structures and paths to them. You could also program the bot itself in Lua from CE, but you could do that just the same from Python with the right packages.
| I_Dont_Bot wrote: | | I would like to keep the game untouched, so it would be best, if only scans are used, and no injections. Question is - Can I see with CE when a certain call is made... |
Why do you want to keep it untouched? Opening a process touches it- you don't even have to read or write any memory. You could enable the kernel options in edit -> settings -> extra, but it's unnecessary in the vast majority of cases. If you're worried about being banned, having CE installed is a good enough reason for some games, so just use a different account.
Use ultimap to search for calls. You'll need to have basic knowledge of assembly and reverse engineering to do anything with that information, however.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
I_Dont_Bot
How do I cheat?
![]() Reputation: 0
Joined: 19 Dec 2018
Posts: 6
|
| Posted: Wed Dec 19, 2018 3:40 pm Post subject: |
|
|
Hi,
| ParkourPenguin wrote: | | Basic question, but have you tried searching for relevant values? i.e. focus on a tile and do changed/unchanged scans |
Yes, I was playing around with CE quite a bit. In fact, that was the first thing I've tried. Problem is, that there are limited amount of moves, that can be made, and then the match is considered over, and so it's hard to find those bastards before that. But that's not even the issue here - As I said, I'm almost sure that this can be done one way or another with CE. What really bothers me is how to get game states from the memory - how do I see, that an instruction was executed, if lets say a function doesn't return anything, so I assume, that nothing is going to be written in memory as well. I don't want to invest a lot of time in familiarizing myself with CE if there are other ways to achieve same thing. As I mentioned before, the main goal here for me is to learn python, while doing a project of some kind - not that boring 'hello world' stuff on YT. Im already pass that stage  .
| ParkourPenguin wrote: | | Why do you want to keep it untouched? Opening a process touches it- you don't even have to read or write any memory. You could enable the kernel options in edit -> settings -> extra, but it's unnecessary in the vast majority of cases. If you're worried about being banned, having CE installed is a good enough reason for some games, so just use a different account. |
It just feels more 'clean' this way, and then there's a little bit of fear to break something up  . As I said, I don't mind messing up with inner code of the target app, but I'd rather not - All I want is to scrape the values I need, and then do my logic outside - in python.
| ParkourPenguin wrote: | | Use ultimap to search for calls. You'll need to have basic knowledge of assembly and reverse engineering to do anything with that information, however. |
I gave it a try, but no luck - when filtering out calls, that came not from the app.exe, it leaves me with 0 results. Again, I'm almost sure that it's me doing something wrong, but as I said - I don't want to invest a lot of time figuring all that CE stuff out, before I know that this is the way to do it.
I would really like if someone would give me like general direction, coz I'm not sure am I even thinking right - how is this kind of thing usually done.
What to look for in memory for state changes? For functions, that don't return anything? How do other bots know, that the game is in menu, or the map is being loaded, or that there's object A on the screen and object B is just offscreen - things like that..
Thanks for the answers btw!
Cheers!
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4719
|
| Posted: Wed Dec 19, 2018 8:29 pm Post subject: |
|
|
| I_Dont_Bot wrote: | | What really bothers me is how to get game states from the memory - how do I see, that an instruction was executed, if lets say a function doesn't return anything, so I assume, that nothing is going to be written in memory as well. |
That doesn't make sense. There's no way for the game to store everything in registers, so it stores stuff (including the state of the board) in memory. Find where those values are in memory, and find a consistent way to reference that in the future (e.g. pointers / code injection).
Have you tried completing the CE tutorial yet? It might clear some things up.
| I_Dont_Bot wrote: | | As I mentioned before, the main goal here for me is to learn python, while doing a project of some kind - not that boring 'hello world' stuff on YT. |
Learning the basics of software modification / reverse engineering isn't going to help you learn Python. If anything, it'll just make it harder. Focus on one at a time.
Try searching for "python challenge" and I'm sure tons of results will pop up. There's literally hundreds of challenges on the dailyprogrammer subreddit.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
I_Dont_Bot
How do I cheat?
![]() Reputation: 0
Joined: 19 Dec 2018
Posts: 6
|
| Posted: Thu Dec 20, 2018 12:10 am Post subject: |
|
|
Hi,
I feel like you missed a little of the original post (Maybe I made it a little TL;DR - my bad )
| I_Dont_Bot wrote: | | I did play around with CE (All the tutorials completed, most of YT videos watched), but all that was not exactly for my use case. |
...I did complete all the tutorials, even the new "Game" one, but you see - those were not only pretty basic, but also not exactly my use case (At least at first glance, since those teach you things like becoming invincible, having unlimited ammo etc. Most of youtube videos, related to CE are also teaching similar stuff). I guess finding the value part will still be relevant, but I'm just curious if perhaps there are better tools for that for my case.
I've seen people also using ollydbg for tracking program calls, so maybe that would help me better.
I think the actual problem here is that I don't exactly know, how an executed instruction might register in memory (I'm talking about going from menu to actual game, reaching the end of match, continue buttons appearing and so on...), how to track them.
I assume it's not that different from reading pixels on screen every X milliseconds an looking for unique bits for that particular screen, but I might be miles off here, hence I'm looking for help here.
| Quote: | Learning the basics of software modification / reverse engineering isn't going to help you learn Python. If anything, it'll just make it harder. Focus on one at a time.
Try searching for "python challenge" and I'm sure tons of results will pop up. There's literally hundreds of challenges on the dailyprogrammer subreddit. |
Well at this point I'm also motivated to complete the work I started. I've put a lot of time into this already, so I don't want to leave it. As mentioned in the OP, I do have a somewhat working prototype, and just want to make it more efficient. Reading pixels is not only slow, but also occasionally inaccurate.
And one new question - Is it possible, that static address also change during same game session, but for different matches? I'm asking since I'm getting to 'green' addresses, but those seem to not work for the next match.
|
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Thu Dec 20, 2018 2:11 am Post subject: |
|
|
| I_Dont_Bot wrote: | | those were not only pretty basic, but also not exactly my use case |
CE's tutorial is not even BASIC, its you treating it as a BASIC/silly/childish program.
in-fact CE's tutorial is right place for most of your needs, there are some hidden stuff as well.
try to get the concept, a different perspective is needed.
| I_Dont_Bot wrote: | | I've seen people also using ollydbg for tracking program calls, so maybe that would help me better. |
CE can do that as well.
| I_Dont_Bot wrote: | | I think the actual problem here is that I don't exactly know, how an executed instruction might register in memory (I'm talking about going from menu to actual game, reaching the end of match, continue buttons appearing and so on...), how to track them. |
similar to Win32 GUI programming, were things are not linear.
"how an executed instruction might register in memory"
stop using improper terms, and explain what do you mean.
| I_Dont_Bot wrote: | | I assume it's not that different from reading pixels on screen every X milliseconds an looking for unique bits for that particular screen, but I might be miles off here, hence I'm looking for help here. |
reading on screen pixels to manage the bot is harder than finding shape ID and/or color ID, a bot based on on-screen pixels needs a lot of coding as well as defining different pixel colors and its not accurate. (finding ID's and writing simple logic and math is easier)
| I_Dont_Bot wrote: | | And one new question - Is it possible, that static address also change during same game session, but for different matches? I'm asking since I'm getting to 'green' addresses, but those seem to not work for the next match. |
static address:
- an address that always in fixed distance from MODULE_BASE, regardless of relocation exist or stripped.
but value of the static address can be changed to anything, programmer can assign different values to that memory location whenever he want/need.
so yes, static address can be used to reference anything at any time.
| I_Dont_Bot wrote: | | I would like to keep the game untouched, so it would be best |
such things requires you to touch and feel it as well, and im not joking about "feel it"
you have to understand software, software modification, and related countless subjects.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
I_Dont_Bot
How do I cheat?
![]() Reputation: 0
Joined: 19 Dec 2018
Posts: 6
|
| Posted: Thu Dec 20, 2018 2:59 am Post subject: |
|
|
Hi,
| OldCheatEngineUser wrote: | CE's tutorial is not even BASIC, its you treating it as a BASIC/silly/childish program.
in-fact CE's tutorial is right place for most of your needs, there are some hidden stuff as well.
try to get the concept, a different perspective is needed. |
Let's just say, that I've completed the tutorial, and can go through it whole again with no problems. I still have trouble with the concept of stage changes in game like going from map to battle match.
I am not trying to undervalue CE tutorial by any means - It's great! It was actually hard at first.
| OldCheatEngineUser wrote: | | CE can do that as well. |
Thank You!! That's the stuff I came here for
| OldCheatEngineUser wrote: | similar to Win32 GUI programming, were things are not linear.
"how an executed instruction might register in memory"
stop using improper terms, and explain what do you mean. |
Sorry about that - Hard to ask about things I know close to nothing about. Also, not in native language.
| OldCheatEngineUser wrote: | | reading on screen pixels to manage the bot is harder than finding shape ID and/or color ID, a bot based on on-screen pixels needs a lot of coding as well as defining different pixel colors and its not accurate. (finding ID's and writing simple logic and math is easier) |
I guess it depends on the set goals for a bot. In my case it wasn't hard at all. I'm just taking a few areas in the screen, which are unique to that stage in the game, and just compare those to hardcoded pictures.
For board layout, since there's slightly different rendering for same gems in different board coordinates, and also background is slightly different - I use scikit lib with pre-teached profiler, which does an excellent job at image recognition.
| OldCheatEngineUser wrote: | such things requires you to touch and feel it as well, and im not joking about "feel it"
you have to understand software, software modification, and related countless subjects. |
By touching I meant code injection/modification.
Now I've noticed, that this is a unity game, so I have a mono option available. This is starting to look promising, and researching mono will keep me busy for a while.
I think I even saw a sub-forum here dedicated just for mono, so I will see what's in there.
If you have any good material on that close-by - please share
Thanks for the answers and your patience as well. I am trying my best to make sense, but I can feel that there's knowledge/language barrier - sorry about that
Cheers!
|
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Thu Dec 20, 2018 3:09 am Post subject: |
|
|
the best results can be achieved by injecting some code into the process memory.
yeah, you can do more stuff easily with mono. (browsing symbols .. etc.)
there is a tool that can decompile assembly-CSharp.dll into 99% accurate C# code.
its .NET reflector, you might need an extra plug-in called Reflexil.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4719
|
| Posted: Thu Dec 20, 2018 10:29 am Post subject: |
|
|
| I_Dont_Bot wrote: | I've seen people also using ollydbg for tracking program calls, so maybe that would help me better.
I think the actual problem here is that I don't exactly know, how an executed instruction might register in memory (I'm talking about going from menu to actual game, reaching the end of match, continue buttons appearing and so on...), how to track them.
I assume it's not that different from reading pixels on screen every X milliseconds an looking for unique bits for that particular screen, but I might be miles off here, hence I'm looking for help here. |
You're needlessly complicating everything. I don't know why you're so focused on code execution if you haven't even found the data structure yet. Most people would go about finding it by searching for values inside it.
Try changed/unchanged value scans. Don't make this more complicated than it is- it's pretty much like step 3 ("Unknown initial value") of the CE tutorial. Search for unknown initial value, then changed/unchanged scans. Using "compare to first scan" correctly can help. If you're running out of time and/or moves, try searching for that first and change the values(s) to give yourself 999 moves or something.
Yes, it can take quite a while this way. There probably isn't a magic tool out there that already knows exactly where and how the game stores data. It's your job to make that magic tool or hire someone else that will. If you want to make it yourself, you can start by finding the data structure that holds the state of the board.
For example, it could be implemented as a multidimensional array of integers, a linked list of columns / rows that are arrays, or maybe even a hash table if the programmer was an idiot. Regardless, find it by searching for values. Randomly looking through code will take forever.
If for whatever reason you really want to look at assembly without even knowing what/where the data structure is, use ultimap as a starting point. I would strongly recommend against this if you aren't competent at reverse engineering.
| I_Dont_Bot wrote: | | Is it possible, that static address also change during same game session, but for different matches? |
Sure. Games can use different static storage for different levels. There's often a more efficient implementation, but it happens.
Also, I see later you mention this is a Unity game. You're probably looking in the wrong place if you're in static memory.
| I_Dont_Bot wrote: | | I still have trouble with the concept of stage changes in game like going from map to battle match. |
If the location of the data structure changes from match to match, you can quite often find a pointer to it that will point to the new location when you change levels/maps. It's pretty much like step 6 ("pointers") of the CE tutorial, except your goal isn't to find a static base address- it's to find a base address where the path persists between level/map transitions. If the first pointer level still doesn't work, go up a pointer level (step 8, "Multilevel pointers").
Once you find it, you'll need some way to refer to that pointer. Unfortunately, since you said this is a Unity game, you probably won't ever find a good static pointer to use. I'd rather not get into the specifics of why this is the case, but it's because the game is distributed in an intermediate bytecode format rather than machine code.
Code injection is the next easiest method. You can hook an instruction and copy the address to some location in memory you control, then read that memory from the python script and use that as your pointer. You can use this to find the address of the structure itself or any pointer to that structure- whichever is easier. I'd recommend staying away from any instruction that can access multiple addresses.
Mono features are another option. It could help you reverse engineer the game (i.e. figure out how everything is stored). You could also try porting CE's code to Python if you want to use it yourself.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
I_Dont_Bot
How do I cheat?
![]() Reputation: 0
Joined: 19 Dec 2018
Posts: 6
|
| Posted: Fri Dec 21, 2018 5:15 am Post subject: |
|
|
Well, with mono disector and ILSpy I've got a pretty good look into all the ingame data structures, that I needed.
Say I found a method, from which the whole sequence of the stage shift happens - this would be a good place to implement some kind of trigger, that my python could pick up, and register this shift. I can think of a few options for this as well:
a) Inject assembler instructions, that would register some kind of flag, which I would search for on python.
b) Use something in this function as a flag, what can be picked up by python scans.
Maybe there are other, more simple ways to register that call?
...Damn, the more I try to figure this memory reading thing out - the less I understand
I also noticed, that even from disector, when I jump to disassembler, the base address (the one with no offset) sometimes dissapears after a few seconds. Could it be, that it is dynamic, and I won't be able to hardcode it's address for lookups?
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4719
|
| Posted: Fri Dec 21, 2018 10:31 am Post subject: |
|
|
Again, I'd recommend code injection. Search for a suitable injection point that only accesses the relevant address and runs often enough. Find that injection point in Python (some type of aobscan; hope there's a module for that), allocate memory in the target process, use a code injection to copy that address to the allocated memory, and use that pointer in the allocated memory to access the board state.
There are plenty of tutorials for this out there. I think it goes by the name "injection copy," but it could go by other names. A part of this topic mentions it.
| I_Dont_Bot wrote: | | Could it be, that it is dynamic, and I won't be able to hardcode it's address for lookups? |
I don't think you're going to find anything relevant in static memory.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
I_Dont_Bot
How do I cheat?
![]() Reputation: 0
Joined: 19 Dec 2018
Posts: 6
|
| Posted: Sat Dec 22, 2018 1:26 pm Post subject: |
|
|
Yes - at this point I'm considering every possible solution. I am willing to start injecting codes at this point, but every tutorial out there is for adjusting values - not storing them in other places for later reading.
For now it's uncharted territory for me - It looks easy, when I watch people break code, but when I'm about to read something out, it's like I'm first time looking at the code.
Here's an example - below C# code - as simple as it gets:
| Code: | // PuzzleGem
public void SetGrid(Point grid)
{
Grid = grid;
base.name = $"{Grid.X}{Grid.Y} - {GemColor}";
} |
Has all the values I need in a single place. Can't ask for better place to read out the values I need... But then I go to assembler, and see this monstrosity:
| Code: | PuzzleGem:SetGrid - 55 - push ebp
PuzzleGem:SetGrid+1- 8B EC - mov ebp,esp
PuzzleGem:SetGrid+3- 56 - push esi
PuzzleGem:SetGrid+4- 83 EC 14 - sub esp,14 { 20 }
PuzzleGem:SetGrid+7- 8B 75 08 - mov esi,[ebp+08]
PuzzleGem:SetGrid+a- 8B 45 0C - mov eax,[ebp+0C]
PuzzleGem:SetGrid+d- 89 46 14 - mov [esi+14],eax
PuzzleGem:SetGrid+10- 8B 40 08 - mov eax,[eax+08]
PuzzleGem:SetGrid+13- 89 45 E8 - mov [ebp-18],eax
PuzzleGem:SetGrid+16- 83 EC 0C - sub esp,0C { 12 }
PuzzleGem:SetGrid+19- 68 449EDC03 - push 03DC9E44 { [0571BC80] }
PuzzleGem:SetGrid+1e- E8 D5250AEE - call System:Object:__icall_wrapper_mono_object_new_ptrfree_box
PuzzleGem:SetGrid+23- 83 C4 10 - add esp,10 { 16 }
PuzzleGem:SetGrid+26- 8B 4D E8 - mov ecx,[ebp-18]
PuzzleGem:SetGrid+29- 89 48 08 - mov [eax+08],ecx
PuzzleGem:SetGrid+2c- 89 45 F8 - mov [ebp-08],eax
PuzzleGem:SetGrid+2f- 8B 46 14 - mov eax,[esi+14]
PuzzleGem:SetGrid+32- 8B 40 0C - mov eax,[eax+0C]
PuzzleGem:SetGrid+35- 89 45 EC - mov [ebp-14],eax
PuzzleGem:SetGrid+38- 83 EC 0C - sub esp,0C { 12 }
PuzzleGem:SetGrid+3b- 68 449EDC03 - push 03DC9E44 { [0571BC80] }
PuzzleGem:SetGrid+40- E8 B3250AEE - call System:Object:__icall_wrapper_mono_object_new_ptrfree_box
PuzzleGem:SetGrid+45- 83 C4 10 - add esp,10 { 16 }
PuzzleGem:SetGrid+48- 8B 4D EC - mov ecx,[ebp-14]
PuzzleGem:SetGrid+4b- 89 48 08 - mov [eax+08],ecx
PuzzleGem:SetGrid+4e- 89 45 F0 - mov [ebp-10],eax
PuzzleGem:SetGrid+51- 8B 46 30 - mov eax,[esi+30]
PuzzleGem:SetGrid+54- 89 45 F4 - mov [ebp-0C],eax
PuzzleGem:SetGrid+57- 83 EC 0C - sub esp,0C { 12 }
PuzzleGem:SetGrid+5a- 68 ACC38F10 - push 108FC3AC { [0F25D7B8] }
PuzzleGem:SetGrid+5f- E8 94250AEE - call System:Object:__icall_wrapper_mono_object_new_ptrfree_box
PuzzleGem:SetGrid+64- 83 C4 10 - add esp,10 { 16 }
PuzzleGem:SetGrid+67- 8B D0 - mov edx,eax
PuzzleGem:SetGrid+69- 8B 45 F4 - mov eax,[ebp-0C]
PuzzleGem:SetGrid+6c- 8B 4D F0 - mov ecx,[ebp-10]
PuzzleGem:SetGrid+6f- 89 42 08 - mov [edx+08],eax
PuzzleGem:SetGrid+72- 8B 45 F8 - mov eax,[ebp-08]
PuzzleGem:SetGrid+75- 52 - push edx
PuzzleGem:SetGrid+76- 51 - push ecx
PuzzleGem:SetGrid+77- 50 - push eax
PuzzleGem:SetGrid+78- 68 F0190D22 - push 220D19F0 { [03DC8B34] }
PuzzleGem:SetGrid+7d- E8 BA9F0CEE - call 05B889F4
PuzzleGem:SetGrid+82- 83 C4 10 - add esp,10 { 16 }
PuzzleGem:SetGrid+85- 83 EC 08 - sub esp,08 { 8 }
PuzzleGem:SetGrid+88- 50 - push eax
PuzzleGem:SetGrid+89- 56 - push esi
PuzzleGem:SetGrid+8a- E8 99A90DEE - call 05B993E0
PuzzleGem:SetGrid+8f- 83 C4 10 - add esp,10 { 16 }
PuzzleGem:SetGrid+92- 8D 65 FC - lea esp,[ebp-04]
PuzzleGem:SetGrid+95- 5E - pop esi
PuzzleGem:SetGrid+96- C9 - leave
PuzzleGem:SetGrid+97- C3 - ret
|
...Base address is different on every launch, but I assume I can use bytes here for AOB... But how to identify, at which point an X, Y and GemColor is being saved in memory? Is that MOV instruction? What to pay attention to here?
Also, let's say I want to inject my code, to maybe store whole grid somewhere in memory, that I would have address to. How do I achieve that? Not asking for exact steps, but just a general direction - Do I do it via Lua or C#. Ideally I would like that this wouldn't be a repeatable process, or something, that could be later reproduced from Python (I assume this won't be hard, one I have the right bytes)
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4719
|
| Posted: Sat Dec 22, 2018 10:12 pm Post subject: |
|
|
| I_Dont_Bot wrote: | | I am willing to start injecting codes at this point, but every tutorial out there is for adjusting values - not storing them in other places for later reading. |
I gave you a tutorial that covers it and told you what to search for. This YouTube video is one of the first results.
| I_Dont_Bot wrote: | But then I go to assembler, and see this monstrosity:
... |
That's actually not bad- it could get much worse.
I annotated that code a little to help.
| Code: | PuzzleGem:SetGrid - 55 - push ebp
PuzzleGem:SetGrid+1- 8B EC - mov ebp,esp
PuzzleGem:SetGrid+3- 56 - push esi
PuzzleGem:SetGrid+4- 83 EC 14 - sub esp,14 { 20 }
PuzzleGem:SetGrid+7- 8B 75 08 - mov esi,[ebp+08] ; esi = this
PuzzleGem:SetGrid+a- 8B 45 0C - mov eax,[ebp+0C] ; eax = grid
PuzzleGem:SetGrid+d- 89 46 14 - mov [esi+14],eax ; this->Grid = grid
PuzzleGem:SetGrid+10- 8B 40 08 - mov eax,[eax+08] ; eax = this->Grid[8] ; probably X coordinate
PuzzleGem:SetGrid+13- 89 45 E8 - mov [ebp-18],eax ; local0 = this->Grid[8]
PuzzleGem:SetGrid+16- 83 EC 0C - sub esp,0C { 12 }
PuzzleGem:SetGrid+19- 68 449EDC03 - push 03DC9E44 { [0571BC80] }
PuzzleGem:SetGrid+1e- E8 D5250AEE - call System:Object:__icall_wrapper_mono_object_new_ptrfree_box
PuzzleGem:SetGrid+23- 83 C4 10 - add esp,10 { 16 }
PuzzleGem:SetGrid+26- 8B 4D E8 - mov ecx,[ebp-18] ; ecx = local0
PuzzleGem:SetGrid+29- 89 48 08 - mov [eax+08],ecx ; obj0[8] = local0
PuzzleGem:SetGrid+2c- 89 45 F8 - mov [ebp-08],eax ; local1 = obj0 ; some sort of temporary involving {} braces
PuzzleGem:SetGrid+2f- 8B 46 14 - mov eax,[esi+14] ; eax = this->Grid
PuzzleGem:SetGrid+32- 8B 40 0C - mov eax,[eax+0C] ; eax = this->Grid[C] ; probably Y coordinate
PuzzleGem:SetGrid+35- 89 45 EC - mov [ebp-14],eax ; local2 = this->Grid[C]
PuzzleGem:SetGrid+38- 83 EC 0C - sub esp,0C { 12 }
PuzzleGem:SetGrid+3b- 68 449EDC03 - push 03DC9E44 { [0571BC80] }
PuzzleGem:SetGrid+40- E8 B3250AEE - call System:Object:__icall_wrapper_mono_object_new_ptrfree_box
PuzzleGem:SetGrid+45- 83 C4 10 - add esp,10 { 16 }
PuzzleGem:SetGrid+48- 8B 4D EC - mov ecx,[ebp-14] ; ecx = local2
PuzzleGem:SetGrid+4b- 89 48 08 - mov [eax+08],ecx ; obj1[8] = local2
PuzzleGem:SetGrid+4e- 89 45 F0 - mov [ebp-10],eax ; local3 = obj1
PuzzleGem:SetGrid+51- 8B 46 30 - mov eax,[esi+30] ; eax = this[30] ; probably gem colour
PuzzleGem:SetGrid+54- 89 45 F4 - mov [ebp-0C],eax ; local4 = this[30]
PuzzleGem:SetGrid+57- 83 EC 0C - sub esp,0C { 12 }
PuzzleGem:SetGrid+5a- 68 ACC38F10 - push 108FC3AC { [0F25D7B8] }
PuzzleGem:SetGrid+5f- E8 94250AEE - call System:Object:__icall_wrapper_mono_object_new_ptrfree_box
PuzzleGem:SetGrid+64- 83 C4 10 - add esp,10 { 16 }
... - ... |
I'd bet SetGrid+10 accesses the X coordinate, SetGrid+32 accesses the Y coordinate, and SetGrid+51 accesses the gem colour.
If you hook this code, it can work, but you'd need to store references to every gem in the board. You might be better off copying a pointer to whatever object contains the gems (as long as the container isn't anything too complicated).
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
