 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
FedeXZY
How do I cheat?
![]() Reputation: 0
Joined: 18 Mar 2022
Posts: 5
|
 Posted: Fri Mar 18, 2022 3:39 pm Post subject: Need Help pls, i'm noob |
 |
|
Hi everyone, need help for a basic script i need for changing an address value.
In the game "settings menu" there are sliders that modify values (like precision or speed) and i would love to make a script to change those values during gameplay.
I could find those addresses easily plus they are always the same, no floating point stuff needed. I tried to modify manually values and it worked.
Then i tried to make a script, i used "find out what writes to this address" and i got one instruction "mov [rax+rcx*8],r12d", so i made an auto assembled script using code injection and under newmem i put mov r12d,3 in order to change value to 3.
Unfortunately this method doesn't change the value immediately, it only change the value to 3 after i manually trigger the game settings menu slider.
So i tried to "find out what accesses this address" and i kinda understood what is going on by replacing with code that does nothing....
144DEFE2B - 8B 34 C8 - mov esi,[rax+rcx*8]
144DF089F - 44 3B 24 C8 - cmp r12d,[rax+rcx*8]
144DF08A5 - 44 89 24 C8 - mov [rax+rcx*8],r12d
first instruction (x3) responsible for updating the value visually on the slider
second instruction (x1) is like a check, but disabling it does nothing i could see
third instruction (x1) is for real value
Am i missing something? there are better ways to change address value with a AAscript?
Pls guys, try to help me. Thanks in advance.
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4697
|
| Posted: Fri Mar 18, 2022 3:51 pm Post subject: |
|
|
| FedeXZY wrote: | | Unfortunately this method doesn't change the value immediately |
Code you inject is only run when the game goes to run the original code where the injection is at.
The value you found might only be for UI and it could be copied by value to the real address after the settings menu is exited. Does changing it during active gameplay without going to the settings menu affect the game?
If so, then just pick whatever instruction is accessing the data during active gameplay.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
FedeXZY
How do I cheat?
![]() Reputation: 0
Joined: 18 Mar 2022
Posts: 5
|
| Posted: Fri Mar 18, 2022 4:08 pm Post subject: |
|
|
"Does changing it during active gameplay without going to the settings menu affect the game?" Yes it does but only when i change value manually without any script.
I mean, i'm not interested in having the value shown correctly on the setting menu, i only want to change value during gameplay.
I suspect that that instruction result is bounded with the other two and they affect each other in some way so that only manually insert value works bypassing some stuff.
There are no methods to make a script that only change address value without starting/passing from a instruction?
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4697
|
| Posted: Fri Mar 18, 2022 4:54 pm Post subject: |
|
|
The instruction that writes to the address is bad since it only gets run when you change the slider.
If changing the value manually works outside the settings menu, then some other instruction must be accessing that address. Use that instruction instead.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
FedeXZY
How do I cheat?
![]() Reputation: 0
Joined: 18 Mar 2022
Posts: 5
|
| Posted: Sat Mar 19, 2022 9:56 am Post subject: |
|
|
I tried to merge the two script (real and slider values) and i found out that now, when i activate the script, the value change immediately as i wanted.
This means that the addresses and instructions are the good ones, they only have to be activated simultaneously.
BUT, as i'm a noob, i merged those scripts badly so that some other values of the game got strange numbers....
So i tried again to merge into one script more accurately but now i don't get the same effect as before.
Can somebody overview my script? What can i do to make those two scrips to activate at the same time?
code n.1 for real value
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,"FIFA22.exe"+4DF08A5)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov r12,3
mov rcx,6C
originalcode:
mov [rax+rcx*8],r12d
mov [rax+rcx*8+04],r15l
exit:
jmp returnhere
"FIFA22.exe"+4DF08A5:
jmp newmem
nop 4
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"FIFA22.exe"+4DF08A5:
mov [rax+rcx*8],r12d
mov [rax+rcx*8+04],r15l
//Alt: db 44 89 24 C8 44 88 7C C8 04
|
code n.2 for slider value
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,"FIFA22.exe"+4DEFE2B)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
mov esi,[rax+rcx*8]
jmp FIFA22.exe+4DF0073
exit:
jmp returnhere
"FIFA22.exe"+4DEFE2B:
jmp newmem
nop 3
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"FIFA22.exe"+4DEFE2B:
mov esi,[rax+rcx*8]
jmp FIFA22.exe+4DF0073
//Alt: db 8B 34 C8 E9 40 02 00 00
|
code n.3 my attempt but not working as i wanted
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,"FIFA22.exe"+4DF08A5)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov r12,3
mov rcx,6C
originalcode:
mov [rax+rcx*8],r12d
mov [rax+rcx*8+04],r15l
exit:
jmp returnhere
"FIFA22.exe"+4DF08A5:
jmp newmem
nop 4
returnhere:
alloc(newmem2,2048,"FIFA22.exe"+4DEFE2B)
label(returnhere2)
label(originalcode2)
label(exit2)
newmem2: //this is allocated memory, you have read,write,execute access
//place your code here
mov esi,[rax+rcx*8]
originalcode2:
mov esi,[rax+rcx*8]
jmp FIFA22.exe+4DF0073
exit2:
jmp returnhere2
"FIFA22.exe"+4DEFE2B:
jmp newmem2
nop 3
returnhere2:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"FIFA22.exe"+4DF08A5:
mov [rax+rcx*8],r12d
mov [rax+rcx*8+04],r15l
dealloc(newmem2)
"FIFA22.exe"+4DEFE2B:
mov esi,[rax+rcx*8]
jmp FIFA22.exe+4DF0073
|
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4697
|
| Posted: Sat Mar 19, 2022 11:22 am Post subject: |
|
|
This is bad. If that instruction accesses multiple addresses, you should be checking which address it's accessing. See step 9 of the CE tutorial.
A cheap way of doing this might be to use `cmp rcx,6c` and skip writing 3 to r12 if it's not equal, but if that offset might change, then it won't work.
(this is basically an if statement- look up an x64 assembly tutorial if you don't know how to do this)
I don't know what you're doing with those two injection points. The "code n.2" script looks like you just generated a template and copy/pasted it here.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
FedeXZY
How do I cheat?
![]() Reputation: 0
Joined: 18 Mar 2022
Posts: 5
|
| Posted: Sat Mar 19, 2022 1:03 pm Post subject: |
|
|
Thanks ParkourPenguin for your replies, i appreciate it very much.
I don't have enough knowledge to make it work unfortunately, i give up.
I don't understand why there's no possibility to change address value without passing from an instruction. 
|
|
| Back to top |
|
|
cooleko
Grandmaster Cheater
![]() Reputation: 11
Joined: 04 May 2016
Posts: 717
|
| Posted: Sun Mar 20, 2022 1:22 am Post subject: |
|
|
As mentioned above, you are very close to finding the solution.
There are multiple paths you can follow from here to get your solution.
First you find the address. Once the address is known (such as by accessing the slider), you can figure out where it is stored in memory and reference it there. As you mentioned, you can't rely on an AOB that is only called when the slider is accessed, because then the slider has to always be used to get it. But as a starting point this opens up the next steps!
That could be a static pointer, it could be finding another instruction that accesses the value, or it could be finding another instruction that accesses the structure around the value.
With a pointer you just set the value it points to.
With the direct instruction you can use an AOB and set it to always use your preferred value instead.
With the indirect instruction, you can use an AOB to set a specific memory location with the address and simply reference that location with a LUA loop or reference it in your table and freeze it.
So, for each, try:
Use pointer scanner on the address once you found it using the slider.
Find what accesses this address on the address once you found it using the slider.
Find what accesses this pointer on the header of the pointer holding your address that you found using the slider.
They all likely work, so whichever is easiest for you to learn from is the best.
To try and aid your visualization, you can imagine there is a massive structure, "Game State", which holds your settings values in a "Settings" structure, which holds your slider value at [+ZZ].
There is a pointer that points to [[[Game state+XX]+YY]+ZZ] which is your value.
Or there is an instruction that touches [Settings] when you start the game, which you can steal the pointer from and add ZZ to have the correct address.
Or there is an instruction that touches [Game State] all the time during the gameplay where you can simply navigate +XX,+YY,+ZZ to access your value at any time.
Lastly, if none of the above works, you can always try to find some AOB that points to the block of memory holding your slider values in it even if no instruction is used. This could be as simple as noticing that your slider values are always preceded by AB BB CE 00 11 22 33 CE BB AB and you can find that memory address and add the offset from there to your value.
For any problem there is pretty much an infinite number of solutions, just find the easiest one that works for you.
Also be aware that if the game only references the values once (such as when you press play), then no matter how much you edit it afterwards, it will never take effect. So you may have to ensure the cheat is active before the last time the value is accessed or you will never make progress.
|
|
| Back to top |
|
|
FedeXZY
How do I cheat?
![]() Reputation: 0
Joined: 18 Mar 2022
Posts: 5
|
| Posted: Sun Mar 20, 2022 11:01 am Post subject: |
|
|
| cooleko wrote: | As mentioned above, you are very close to finding the solution.
There are multiple paths you can follow from here to get your solution.
First you find the address. Once the address is known (such as by accessing the slider), you can figure out where it is stored in memory and reference it there. As you mentioned, you can't rely on an AOB that is only called when the slider is accessed, because then the slider has to always be used to get it. But as a starting point this opens up the next steps!
That could be a static pointer, it could be finding another instruction that accesses the value, or it could be finding another instruction that accesses the structure around the value.
With a pointer you just set the value it points to.
With the direct instruction you can use an AOB and set it to always use your preferred value instead.
With the indirect instruction, you can use an AOB to set a specific memory location with the address and simply reference that location with a LUA loop or reference it in your table and freeze it.
So, for each, try:
Use pointer scanner on the address once you found it using the slider.
Find what accesses this address on the address once you found it using the slider.
Find what accesses this pointer on the header of the pointer holding your address that you found using the slider.
They all likely work, so whichever is easiest for you to learn from is the best.
To try and aid your visualization, you can imagine there is a massive structure, "Game State", which holds your settings values in a "Settings" structure, which holds your slider value at [+ZZ].
There is a pointer that points to [[[Game state+XX]+YY]+ZZ] which is your value.
Or there is an instruction that touches [Settings] when you start the game, which you can steal the pointer from and add ZZ to have the correct address.
Or there is an instruction that touches [Game State] all the time during the gameplay where you can simply navigate +XX,+YY,+ZZ to access your value at any time.
Lastly, if none of the above works, you can always try to find some AOB that points to the block of memory holding your slider values in it even if no instruction is used. This could be as simple as noticing that your slider values are always preceded by AB BB CE 00 11 22 33 CE BB AB and you can find that memory address and add the offset from there to your value.
For any problem there is pretty much an infinite number of solutions, just find the easiest one that works for you.
Also be aware that if the game only references the values once (such as when you press play), then no matter how much you edit it afterwards, it will never take effect. So you may have to ensure the cheat is active before the last time the value is accessed or you will never make progress. |
thank you very much mate! i will try that
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
