 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
DreamingInsanity
How do I cheat?
![]() Reputation: 0
Joined: 29 Nov 2020
Posts: 5
|
 Posted: Sun Nov 29, 2020 8:04 am Post subject: AOB injector script wrong addresses |
 |
|
I am vey new to cheat engine but I've decided to try and make a free cam for The Witness. I am following along with a video by Stephen Chapman called "How to Make a FlyCam from Scratch - Part 1: Coordinates, Rotation, and More!" (I can't yet post links). I've found the X Y and Z addresses and I am now making the AOB injector script. It looks like this:
| Code: |
[ENABLE]
assert("witness64_d3d11.exe"+1861FF,8B 42 2C 0F 29 74 24 70 F2 0F 11 04 24 0F) // should be unique
define(camStruct,"witness64_d3d11.exe"+1861FF),
registersymbol(camStruct)
alloc(camStructMem,$1000,"witness64_d3d11.exe"+1861FF)
registersymbol(camStructMem)
define(pCamStruct,camStructMem+100)
registersymbol(pCamStruct)
label(code)
label(return)
pCamStruct:
dq 0
camStructMem:
code:
mov [pCamStruct],rdx
mov eax,[rdx+2C]
movaps [rsp+70],xmm6
jmp return
camStruct:
jmp camStructMem
nop 3
return:
[DISABLE]
camStruct:
db 8B 42 2C 0F 29 74 24 70
unregistersymbol(pCamStruct)
unregistersymbol(camStructMem)
unregistersymbol(camStruct)
dealloc(camStructMem)
|
which is almost identical to the one in the video (url to script is in description of video).
I also added an address manually that points to "[pCamStruct]+2C" (2C being the offset from the (maybe) player object, which is the Z value. In the video when he enables the script, the address just created updates and points to the right value (about 56:50 in the video).
However mine does not do that. It just points to seemingly random addresses with random values which change periodically.
The correct address would be 5B2F3074 but some of the ones I have gotten are: 2670C654, 2670D9D4, 56564F54, and others.
What have I done wrong?
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4719
|
| Posted: Sun Nov 29, 2020 1:11 pm Post subject: |
|
|
Did you check and see if that instruction accesses other addresses?
Right click the instruction in the disassembler -> "Find out what addresses this instruction accesses"; play in the game for a while; see if anything aside from the address you want pops up.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
DreamingInsanity
How do I cheat?
![]() Reputation: 0
Joined: 29 Nov 2020
Posts: 5
|
| Posted: Tue Dec 01, 2020 12:13 pm Post subject: |
|
|
Thanks for the reply! I have before but I didn't take note of them so I will check again.
I think I know what you mean but I'll ask anyway. The script is (constantly?) pointing to the address that that instruction accesses. So, do you mean if that instruction then references a different address elsewhere the script is also going to reflect that change?
Because, I only glanced but I'm sure that the values of the registers (so, RDX) were something close to the one I wanted which would mean by adding 2C it points to the value I need. For it to change, it would need to change the value of RDX but that would affect all other instructions around it too.
I'll check this anyway by looking at what addresses it references
|
|
| Back to top |
|
|
DreamingInsanity
How do I cheat?
![]() Reputation: 0
Joined: 29 Nov 2020
Posts: 5
|
| Posted: Wed Dec 02, 2020 2:23 pm Post subject: |
|
|
| ParkourPenguin wrote: | Did you check and see if that instruction accesses other addresses?
Right click the instruction in the disassembler -> "Find out what addresses this instruction accesses"; play in the game for a while; see if anything aside from the address you want pops up. |
Ok so I got the addresses back and did what you said but I'm quite confused. This game was made with a custom game engine so I'm sure that play a part in this but the issue there seems to be hundreds of addresses that store the same value.
I've found 2 addresses that have identical values but do two different things. One, when locked, stops the player from moving (teleports you back). The other seems to do something with the camera although I don't think CE can write the value to the address fast enough. This is a first-person game so I dont know if the camera and player are two different object but so far they seem to be.
Anyway, the first address is: 59C1E050
Lots of instructions access this address but I chose the one with the highest count. When looking at what addresses that instruction accesses literally hundreds of different addresses show up with different value show.
The other address is: 140649834
Which has an identical value to the other one. I did the same as before and this time only two other addresses were accessed: 140649A84 and 140649834 which again both have the same values.
I don't know what one is right, if any. Surely at some point there has to be a "master value" that everything is referencing, you just have to follow the chain very far down, right?
I'll try the script again but instead using the most recent address I've found and see if anything different happens.
-----
Ok so I tried it while writing this and surprisingly it has worked. I guess the address I was using was not the "real"/source? address.
Thank you for your help!
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
