 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
qubn
How do I cheat?
![]() Reputation: 0
Joined: 28 Oct 2021
Posts: 3
|
 Posted: Thu Oct 28, 2021 7:18 pm Post subject: Having trouble finding an address |
 |
|
Hey! So, I've been messing around with Bloons TD 6 just to change some stuff around.
I was trying to edit the value for the money which is a bit tricky. I did an exact scan for the value which is a double. It gives you one address after 2 scans. But you can't simply edit the value related to that address.
In fact, I did a right click on it and clicked on "Find what writes to this address" and checked the dissembler for the instructions I got. I found out that the money is stored in two different xmm registers, xmm6 and xmm0. I can make a script to change the value xmm0 before it finally gets put into xmm6 and shown in-game. But, I would like to find the pointer pointing to that value at that time, the exact address. I did a of scans and pointer scans, but nothing concluent.
|
|
| Back to top |
|
 |
LeFiXER
Grandmaster Cheater Supreme
![]() Reputation: 20
Joined: 02 Sep 2011
Posts: 1069
Location: 0x90
|
| Posted: Fri Oct 29, 2021 1:07 am Post subject: |
|
|
Use AOB injection to modify the value held in xmm0. Something like this:
| Code: |
[ENABLE]
aobscan(aobMoney,[address],[aob])
alloc(newmem,$1000,aobMoney)
alloc(_money,8)
label(code)
label(return)
label(_money)
_money:
dq (float)999
newmem:
movss xmm0,[_money]
code:
// original instructions
jmp return
return:
registersymbol(aobMoney)
registersymbol(_money)
jmp return
[DISABLE]
aobMoney:
db // original bytes
unregistersymbol(aobMoney)
unregistersymbol(_money)
dealloc(_money)
dealloc(newmem)
|
|
|
| Back to top |
|
|
qubn
How do I cheat?
![]() Reputation: 0
Joined: 28 Oct 2021
Posts: 3
|
| Posted: Fri Oct 29, 2021 2:05 am Post subject: |
|
|
| LeFiXER wrote: | Use AOB injection to modify the value held in xmm0. Something like this:
| Code: |
[ENABLE]
aobscan(aobMoney,[address],[aob])
alloc(newmem,$1000,aobMoney)
alloc(_money,8)
label(code)
label(return)
label(_money)
_money:
dq (float)999
newmem:
movss xmm0,[_money]
code:
// original instructions
jmp return
return:
registersymbol(aobMoney)
registersymbol(_money)
jmp return
[DISABLE]
aobMoney:
db // original bytes
unregistersymbol(aobMoney)
unregistersymbol(_money)
dealloc(_money)
dealloc(newmem)
|
|
Thanks for replying. Unfortunately, I already did what you said and got it to work, but as I mentionned, I am trying to find the pointer. Can you find a pointer for something like this or you have to use a script?
|
|
| Back to top |
|
|
LeFiXER
Grandmaster Cheater Supreme
![]() Reputation: 20
Joined: 02 Sep 2011
Posts: 1069
Location: 0x90
|
| Posted: Fri Oct 29, 2021 4:17 am Post subject: |
|
|
| You have to trace the registers or use the pointer scanner tool. In modern games, you will rarely find a static pointer so it's easier to use AOB injection and pull the pointer that way.
|
|
| Back to top |
|
|
qubn
How do I cheat?
![]() Reputation: 0
Joined: 28 Oct 2021
Posts: 3
|
| Posted: Fri Oct 29, 2021 4:26 am Post subject: |
|
|
| LeFiXER wrote: | | You have to trace the registers or use the pointer scanner tool. In modern games, you will rarely find a static pointer so it's easier to use AOB injection and pull the pointer that way. |
Thanks for the information. I have not checked on how to pull a pointer through AOB injection, but I will take a look. Atleast, I know I can modify the value through AOB, but I wanted to find an address, but if it's not static then what I wanted to do wont work.
You know in Cheat Engine, when you get a static address or pointer, you can just click on it while its in the address list and change the value. I wanted to be able to do that, as simple as it can sound. But I can only do it through AOB.
Otherwise, I will just wait until I learn how to make a trainer and do it that way. I wanted to make it easier for the user to change the value whenever he'd like instead of going back into the script and editing the value.
Edit : I also have to note that after doing multiple pointer scans, even with multiple pointermaps, results go from 1k to empty, or 500 to empty, everytime. Why is that?
|
|
| Back to top |
|
|
LeFiXER
Grandmaster Cheater Supreme
![]() Reputation: 20
Joined: 02 Sep 2011
Posts: 1069
Location: 0x90
|
| Posted: Fri Oct 29, 2021 6:10 am Post subject: |
|
|
Could be a number of reasons. Someone more clued up could possibly give a definitive answer as to why. Here is a script I made that pulled a pointer from the register:
| Code: |
[ENABLE]
aobscanmodule(aobPlayerPtr,[module],[aob])
alloc(newmem,$1000,aobPlayerPtr)
alloc(playerPtr,8)
label(code)
label(return)
newmem:
mov [playerPtr], rbx // pointer address was held in rbx
code:
push rbx
sub rsp,20
jmp return
aobPlayerPtr:
jmp newmem
nop
return:
registersymbol(aobPlayerPtr)
registersymbol(playerPtr)
[DISABLE]
ptrPlayer:
db // aob bytes
unregistersymbol(ptrPlayer)
dealloc(newmem)
dealloc(playerPtr)
|
I verified it was the pointer by opening the dissect structure window, pasting the address held in the register in the address field and then creating a new structure. I noted the values that it should be and confirmed they were correct.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
