 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
FulltimeWaifu
How do I cheat?
![]() Reputation: 0
Joined: 01 Apr 2019
Posts: 3
|
 Posted: Mon Apr 01, 2019 6:33 pm Post subject: Help with reverse engineering |
 |
|
Hey!, so I've just come back from a massive hiatus from Cheat Engine and trying to re-learn it using Cheat Engine via reverse engineering a table & script I had found online for a game I'm trying out, the only problem is that the tutorial never really covered this type of scripting
I'm more so confused on this
"aobscanregion(Get_MaxHP_OnScreenDamage_AOB,RoR2.PostProcessing:ScreenDamage:OnRenderImage,RoR2.PostProcessing:ScreenDamage:OnRenderImage+1e3,F3 0F 10 88 CC 01 00 00 F3 0F 5A C9 F2 0F 5A E9 F3 0F 11 6D E4)"
I found the memory region for RoR2.PostProcessing:ScreenDamage:OnRenderimage+1e3, but it's the AOB after it that confuses me, if anyone could nudge me in the right direction as to how the original person created this and/or found this AOB I'd be very grateful
tl;dr
I'm nub but I am trying
_________________
I honestly have no idea what I'm doing, I just search random values in the hope one of them does something cool |
|
| Back to top |
|
 |
TheyCallMeTim13
Wiki Contributor
 Reputation: 51
Joined: 24 Feb 2017
Posts: 976
Location: Pluto
|
|
| Back to top |
|
|
FulltimeWaifu
How do I cheat?
![]() Reputation: 0
Joined: 01 Apr 2019
Posts: 3
|
| Posted: Mon Apr 01, 2019 6:54 pm Post subject: |
|
|
| TheyCallMeTim13 wrote: | | You have to find the code first, so find health and see what accesses or writes to the address. |
Sorry if dumb question, can you clarify what you mean by "find the code first"
Do you mean like the base address?
_________________
I honestly have no idea what I'm doing, I just search random values in the hope one of them does something cool |
|
| Back to top |
|
|
TheyCallMeTim13
Wiki Contributor
Reputation: 51
Joined: 24 Feb 2017
Posts: 976
Location: Pluto
|
| Posted: Mon Apr 01, 2019 7:18 pm Post subject: |
|
|
You want to find the assembly code that manipulates the value. From there you can just hook the code and make your own pointer. Or backtrace to figure out how the game builds the pointer, to reverse engineer the game.
https://wiki.cheatengine.org/index.php?title=Tutorials:Auto_Assembler:Templates
https://wiki.cheatengine.org/index.php?title=Tutorials:Auto_Assembler:Injection_basic
https://wiki.cheatengine.org/index.php?title=Tutorials:Auto_Assembler:Injection_full
Example:
| Code: |
define(bytes, 0F 28 88 20 01 00 00)
////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobCoordHook, FC_m64.dll, 0F28xxxxxxxxxx0F29xxxx0F28xxxxxxxxxx0F29xxxx4D)
define(injCoordHook, aobCoordHook+B)
assert(injCoordHook, bytes)
registerSymbol(injCoordHook)
alloc(memCoordHook, 0x400, injCoordHook)
label(ptrCoordHook)
registerSymbol(ptrCoordHook)
label(n_code)
label(o_code)
label(exit)
label(return)
memCoordHook:
ptrCoordHook:
dq 0
align 10 CC
n_code:
mov [ptrCoordHook],rax
o_code:
movaps xmm1,[rax+00000120]
exit:
jmp return
////
//// ---------- Injection Point ----------
injCoordHook:
jmp n_code
nop
nop
return:
////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injCoordHook:
db bytes
unregisterSymbol(injCoordHook)
unregisterSymbol(ptrCoordHook)
dealloc(memCoordHook) |
But if there is enough around the value that doesn't change you can use that and just use wildcards for the value itself. Then the AOB symbol can be used as a base for a pointer. But I've never had much luck with that, so I just go with code injection, but it can work fine on older games. That might be what they did originally but I assumed it was code injection. And for that you need to find a good place a base address is stored; but, to me, at that point you might as well be using the pointer scanner.
_________________
|
|
| Back to top |
|
|
FulltimeWaifu
How do I cheat?
![]() Reputation: 0
Joined: 01 Apr 2019
Posts: 3
|
| Posted: Mon Apr 01, 2019 7:41 pm Post subject: |
|
|
| TheyCallMeTim13 wrote: | You want to find the assembly code that manipulates the value. From there you can just hook the code and make your own pointer. Or backtrace to figure out how the game builds the pointer, to reverse engineer the game.
Example:
| Code: |
define(bytes, 0F 28 88 20 01 00 00)
////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobCoordHook, FC_m64.dll, 0F28xxxxxxxxxx0F29xxxx0F28xxxxxxxxxx0F29xxxx4D)
define(injCoordHook, aobCoordHook+B)
assert(injCoordHook, bytes)
registerSymbol(injCoordHook)
alloc(memCoordHook, 0x400, injCoordHook)
label(ptrCoordHook)
registerSymbol(ptrCoordHook)
label(n_code)
label(o_code)
label(exit)
label(return)
memCoordHook:
ptrCoordHook:
dq 0
align 10 CC
n_code:
mov [ptrCoordHook],rax
o_code:
movaps xmm1,[rax+00000120]
exit:
jmp return
////
//// ---------- Injection Point ----------
injCoordHook:
jmp n_code
nop
nop
return:
////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injCoordHook:
db bytes
unregisterSymbol(injCoordHook)
unregisterSymbol(ptrCoordHook)
dealloc(memCoordHook) |
But if there is enough around the value that doesn't change you can use that and just use wildcards for the value itself. Then the AOB symbol can be used as a base for a pointer. But I've never had much luck with that, so I just go with code injection, but it can work fine on older games. That might be what they did originally but I assumed it was code injection. And for that you need to find a good place a base address is stored; but, to me, at that point you might as well be using the pointer scanner. |
Okay so I did some more digging on his script, the uh Get_MaxHP_OnScreenDamage_AOB was actually just a fancy name he gave his symbol, it has nothing to do with HP at all.
The address listed for the AOB is just slightly further down where I was digging, so afew more scrolls down and I would have found that AOB, the address itself seems to be a housing point for base stats it seems, so I'll do some digging & see what I can find.
The one thing I am still curious about, is how did he know to go to that exact part of the .dll with Mono Dissects, is that just something that comes with experience?
_________________
I honestly have no idea what I'm doing, I just search random values in the hope one of them does something cool |
|
| Back to top |
|
|
TheyCallMeTim13
Wiki Contributor
Reputation: 51
Joined: 24 Feb 2017
Posts: 976
Location: Pluto
|
| Posted: Mon Apr 01, 2019 9:48 pm Post subject: |
|
|
| FulltimeWaifu wrote: |
Okay so I did some more digging on his script, the uh Get_MaxHP_OnScreenDamage_AOB was actually just a fancy name he gave his symbol, it has nothing to do with HP at all.
The address listed for the AOB is just slightly further down where I was digging, so afew more scrolls down and I would have found that AOB, the address itself seems to be a housing point for base stats it seems, so I'll do some digging & see what I can find.
The one thing I am still curious about, is how did he know to go to that exact part of the .dll with Mono Dissects, is that just something that comes with experience? |
Yeah the AOB symbol is just a placeholder for an address the you create.
If it's Mono it gets a lot easier, you can just search for keywords; i.e. health, player, speed, and whatnot.
https://wiki.cheatengine.org/index.php?title=Mono
With out Mono it's like the Wiki shows for code injection, find a value and see what accesses or writes to it.
_________________
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
