Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Attempt to create auto potion tool for Titan Quest

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Dramorian
How do I cheat?
Reputation: 0

Joined: 21 Oct 2020
Posts: 1
PostPosted: Wed Oct 21, 2020 5:29 pm    Post subject: Attempt to create auto potion tool for Titan Quest Reply with quote
I'm trying to find out static memory addresses for max and current HP and write them to the program I wrote in C#.
After a few scans, there are a bunch of values: some are float, some are 4 bytes.

Then I'm trying to find out what accesses the addresses, it's a dead-end for me. I don't know what to do.

Last edited by Dramorian on Tue Oct 27, 2020 11:19 pm; edited 5 times in total
Back to top
View user's profile Send private message
Csimbi
I post too much
Reputation: 97

Joined: 14 Jul 2007
Posts: 3337
PostPosted: Thu Oct 22, 2020 1:23 am    Post subject: Reply with quote
Find the code that reads it and grab the address from there.
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 205

Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
PostPosted: Thu Oct 22, 2020 2:06 am    Post subject: Reply with quote
Titan Quest includes most of its debug symbols still left in-tact so it's fairly easy to find things. The main update loop can be found via:

Code:

57 E8 ?? ?? ?? ?? A1 ?? ?? ?? ?? 8B 88 ?? ?? ?? ?? 8B 01


You can find the main game engine object here as well. (Game.GAME::gGameEngine) At this location, EBX holds your player pointer to the start of all your player data.

You can use Cheat Engines feature of finding all referenced functions (or use a tool like IDA/Ghidra) and disassemble the game as well. (TQ.exe and Game.dll are the two important ones to look at.)

Here's a script I made for an older version of TQ Anniversary edition a while back to do infinite health and one hit kills. Should be fairly easy to adapt it to the current version of the game:

Code:

{ Game   : TQ.exe
  Version: ??? - Jun 30, 2017
  Date   : Jun 30, 2017
  Author : atom0s

  Implements infinite health (god mode) and one hit kills.
}
[ENABLE]
aobscanmodule(health1,Game.dll,F3 0F 11 87 34 07 00 00 F3 0F 10 87 3C 07 00 00)
aobscanmodule(health2,Game.dll,F3 0F 11 46 1C F3 0F 5C C1)
registersymbol(health1)
registersymbol(health2)
alloc(newmem1,1024,"Game.dll")
alloc(newmem2,1024,"Game.dll")
registersymbol(infiniteHealth)
label(infiniteHealth)
label(notplayer)
label(skip1)
label(skip2)
label(skip3)
label(rethere1)
registersymbol(oneHitKills)
label(oneHitKills)
label(skip4)
label(rethere2)

//
// Part 1 - CombatManager::ApplyDamage
// One hit kills and prevent player damage.
//
newmem1:
    // Check that this entity is the player..
    push eax
    mov eax, [playerPointer]
    mov eax, [eax+00000020]
    cmp eax, [edi+00000020]
    pop eax
    jne notplayer

    // Check if infinite health is enabled..
    cmp [infiniteHealth], 1
    jne skip1

    // Infinite health is enabled..
    //push [edi+00000778] // Max Health
    //pop [edi+00000734]  // Current Health
    pushad
    mov ecx, edi
    call GAME::Character::GetLifeLimit
    fstp [edi+00000734]
    popad
    jmp rethere1

    // Infinite health is disabled..
skip1:
    movss [edi+00000734], xmm0
    jmp rethere1

notplayer:
    // Check if one hit kills is enabled..
    cmp [oneHitKills], 1
    jne skip3

    // One hit kills is enabled..
    // Check if the attacker is the player..
    push eax
    mov eax, [playerPointer]
    mov eax, [eax+00000020]
    cmp eax, [ebx+000000BC] // Attacker id..
    pop eax
    jne skip2
    mov [edi+00000734], (float)0.0 // Set monster to 0 health..
    jmp rethere1

    // Check if the attacker is a player pet..
skip2:
    push eax
    push ecx
    push [ebx+000000BC]
    mov ecx, [Game.GAME::gGameEngine]
    call GAME::GameEngine::IsLocalPet
    test al, al
    pop ecx
    pop eax
    jz skip3
    mov [edi+00000734], (float)0.0 // Set monster to 0 health..
    jmp rethere1

    // One hit kill is disabled..
skip3:
    movss [edi+00000734], xmm0
    jmp rethere1

infiniteHealth:
    dd 0
oneHitKills:
    dd 0

health1:
    jmp newmem1
    nop
    nop
    nop
rethere1:

//
// Part 2 - Health tick update.
// Force set the players health to their max constantly.
//
newmem2:
    cmp [infiniteHealth], 1
    jne skip4
    cmp [playerPointer], ebp
    jne skip4

    // Set to the players max health..
    movss [esi+0000001C], xmm4
    subss xmm0, xmm1
    jmp rethere2

skip4:
    // Restore original code..
    movss [esi+0000001C], xmm0
    subss xmm0, xmm1
    jmp rethere2

health2:
    jmp newmem2
    db 90 90 90 90
rethere2:

[DISABLE]
health1:
    db F3 0F 11 87 34 07 00 00 F3 0F 10 87 3C 07 00 00
health2:
    db F3 0F 11 46 1C F3 0F 5C C1
dealloc(newmem1)
dealloc(newmem2)
unregistersymbol(health1)
unregistersymbol(health2)
unregistersymbol(infiniteHealth)
unregistersymbol(oneHitKills)


_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites