 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Ferdilanz
Advanced Cheater
![]() Reputation: 0
Joined: 01 Aug 2012
Posts: 50
|
 Posted: Tue Dec 23, 2025 4:57 pm Post subject: Where to Inject, Injection Method, and How to Assemble? |
 |
|
Hee-yowdy folks. I've been busy making a table for the Road to Vostok Demo on Steam. I've been able to scan for pointers for normal stats and such, but the bottomless magazine cheat I've been working on isn't going well. The pointer scanner can't find a pointer no matter how many pointermaps I throw at it.
I read somewhere that perhaps the value for the number of rounds in the magazine is not stored in an address, but rather in a register, like rax or rsi. I know a little of what I need to be doing since I've been doing this for over a decade, but I've never been good at autoassembly. Always get crashes or unintended effects. I usually inject at the "Write" instruction and try NOPing or MOVing [rcx+08],64 and then Writing but this causes really bad glitching that I can't even begin to describe; also with trying to modify rax and [rax] since that register is involved as well.
My question is, where should I inject in the picrelated? Should I just go with the write instruction like I normally would? And then, what's my most robust method for injection? Full injection, AOB injection? But finally, how am I going to force the magazine capacity to 100?
In the picrelated's Write instruction, rcx is the "value of the address required to find the pointer" if that helps.
One last thing, yes, I've tried looking for the pointer manually. The game (Godot engine) refuses to change the pointer while I have a debugger looking at it. 3 debuggers causes a CTD, by the way.
| Description: |
| magazine decrease function with write location labeled |
|
| Filesize: |
196.09 KB |
| Viewed: |
141 Time(s) |
|
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4719
|
| Posted: Tue Dec 23, 2025 10:19 pm Post subject: |
|
|
Right click on that instruction `mov [rcx+08],rax` in the disassembler, select "Find out what addresses this instruction accesses", and play the game for a few seconds. You'll probably find that it accesses tons of addresses.
I've never looked into this much, but it's my understanding that games made with the godot engine run by interpreting GDScript code. Approaching such a game from assembly is a bad idea: you'd be modifying the interpreter, not the game.
There are other tools out there that are better suited to this- e.g. decompilers that specifically target games made with the godot engine.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Ferdilanz
Advanced Cheater
![]() Reputation: 0
Joined: 01 Aug 2012
Posts: 50
|
| Posted: Wed Dec 24, 2025 6:16 am Post subject: |
|
|
| ParkourPenguin wrote: | Right click on that instruction `mov [rcx+08],rax` in the disassembler, select "Find out what addresses this instruction accesses", and play the game for a few seconds. You'll probably find that it accesses tons of addresses.
I've never looked into this much, but it's my understanding that games made with the godot engine run by interpreting GDScript code. Approaching such a game from assembly is a bad idea: you'd be modifying the interpreter, not the game.
There are other tools out there that are better suited to this- e.g. decompilers that specifically target games made with the godot engine. |
I was curious about whether that instruction accessed anything that could give me a clue, and yes, I did see that it accessed a bunch of addresses with dynamically changing values.
Your response likely means I'll need to unpack the game and make a mod for a bottomless magazine. I'll put that on the backburner, lol. Thank you for your insight!
When I was pointerscanning for the other stats the demo has, I noticed none of the actual pointers I got began with "Road_to_Vostok_Demo.exe"+abc123. They instead started with "THREADSTACK01+628" and had their associated offsets. I need to get a friend to test whether they persist across machines but regardless, I found myself fortunate in that they were all 5-level offsets instead of the 15 levels Dark_Byte says modern games tend to use now. That would've been helpful to know when I was looking for the health pointer in Far Cry 3 lmao!
Anyway, have a merry holiday and thank you again.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
