Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Code Injection help with script?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
faizangmc
Expert Cheater
Reputation: 0

Joined: 12 Nov 2013
Posts: 167

PostPosted: Sun Nov 24, 2013 11:25 pm    Post subject: Code Injection help with script? Reply with quote

Hello there,
Im trying to edit a game "Cricket captain 2013". I managed to edit many aspects of it with help from this forum.
I wanted to ask one more question about it.

I tried to find what opcode writes to the address of number of wickets taken by the bowling team. Look at the screenshot i found an address that shows the number of wickets gone.

I right clicked that address--->Find what writes to this address.
Played the game till wicket fell. and no of wickets fell changed to 3. Then something showed in the "write to address window"
I then clicked on show in disassembler. I got the opcode that writes to the address of number of wickets as shown in the screenshot.

My question, IS THERE ANYWAY THAT I CAN EXECUTE THAT OP-CODE TO TAKE WICKETS AT MY WILL? Like i press a hotkey and the next bowl that will be bowled will result in wicket??? can this be done through code-injection? running that op-code manuallly?
If yes please can you give me a script for it? and how to do it. Sorry im a noob and learning cheat engine slowly.

One more important thing is i right clicked on that opcode and selected "break and trace". Then played the game again till the next wicket fall. As soon as a wicket fell, the game crashed and i got some results in the break and trace window. i.e. series of events happening leading to the fall of wicket. I have attached a screenshot of it too. Hope anyone can help me for this.

Thank you.
Back to top
View user's profile Send private message
justa_dude
Grandmaster Cheater
Reputation: 23

Joined: 29 Jun 2010
Posts: 891

PostPosted: Mon Nov 25, 2013 12:19 am    Post subject: Reply with quote

What happens if you simply change the score, by adjusting the number in the address table? If that works satisfactorily, then sure... If you find that changing the score in this fashion causes problems, perhaps because the game needs to know who took the shot for example, then you're going to have to dig deeper.
Back to top
View user's profile Send private message
faizangmc
Expert Cheater
Reputation: 0

Joined: 12 Nov 2013
Posts: 167

PostPosted: Mon Nov 25, 2013 1:00 am    Post subject: Reply with quote

ya the same issue. the next batsmen doesnt come on to bat and who gets out etc doesnt show up. It messes up the game in short. Is there anyway i can get a wicket like it happens in game without cheating. Create the same situation that happens before a fall of wicket so that next ball gives me a wicket like a legit way?
Back to top
View user's profile Send private message
justa_dude
Grandmaster Cheater
Reputation: 23

Joined: 29 Jun 2010
Posts: 891

PostPosted: Mon Nov 25, 2013 1:35 am    Post subject: Reply with quote

It's impossible for me to say without a first-hand look - for all I know, there may be 100 different variables that all need to be updated just to change the score by 1. You could start by looking at the code you found and scrolling up to find the beginning of the function, then setting a breakpoint and looking at all the arguments being passed to it. You might get lucky and find that you can call that function yourself to update the score. Or, it might turn out that the function you're seeing is just a small portion of the process involved in updating the score and you'll have to look elsewhere. I dunno', sorry.
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Mon Nov 25, 2013 3:26 pm    Post subject: Reply with quote

If I had to guess, a simple modification to a conditional jump might do the trick. Backtracing to the correct location may be tedious. You may also have to filter out other addresses (for other players).
Back to top
View user's profile Send private message
faizangmc
Expert Cheater
Reputation: 0

Joined: 12 Nov 2013
Posts: 167

PostPosted: Tue Nov 26, 2013 9:18 am    Post subject: Reply with quote

Thank you guys for ur replies.
2 questions :
1. How do u trace the events/process leading to that opcode. Is it lower down in break amd trace section? As u can see the value of eax = 3 in nreak and trace window I highligted it with red box. Some events I scroll.down the value of eax is 2 (tht is previous wicket). I get ur point and its true tht there r many factors leading to a wicket for eg bowers ability, batsmen anility, conditions like dark clouds, then tactics like full bowling or short stuff. Then batsmen weaknesses. Ball age. Many many factors r deciding (i knw coz I hv edited some.f thm and saw the diffrnce). So methos u may be right that changing the condition can work better thn tracing the event as it will be tedious (ol try though)

2. How do we modify the conditional.jump? I hv an idea. I found an opcode that results in a 4 being hit or 1 run hit by batsmen. Can I swap the opcodes that when the batsmen scores a 4 instead of.jumpimg to the increase score by 4, it will.jump to.the opcode f wicket loss.and.wicker is taken. Any idea hw to.do.it? Sorry im v new to learning all.this and assembly lang. I just knw the basic terminologies and what they mean like mov jmp dec etc
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Tue Nov 26, 2013 11:44 am    Post subject: Reply with quote

You may still have to back trace the code to find the conditional jump. Changing it depends on the game. There are different ways to do it. For example, if a check is being performed that looks to see if your character will receive a wicket, and only jumps if that condition is true (e.g. je or similar), simply alter that jump to always jump (jmp), or alter the code above the jump to make the condition always true etc. There are other ways as well.

Regarding your other question about swapping opcodes, I'm not sure what you are asking. I want to say that it is possible, but depending on what you're really asking, it may or may not be overly easy and/or may not be the ideal approach etc. Perhaps you can clarify?
Back to top
View user's profile Send private message
faizangmc
Expert Cheater
Reputation: 0

Joined: 12 Nov 2013
Posts: 167

PostPosted: Tue Nov 26, 2013 12:59 pm    Post subject: Reply with quote

Firstly you are right tjat there r diff ways. What I said abt opcode swapping seems v tough after I thot abt it. What ur sayng that chang the condition to always jump is the best way and easiest way it seems. But how do I trace that opcode which checks whther my player wil take a wicket? Coz there r so many factors whi ch are calculated and together they decide eg bowlers abilibity, batsmens ability, field placements, pitch cndition, weather cndition, players form etc etc.. But I feel is there must be a final value that adds up all factors and then the final check and the event happens acc to the check.
I dnt knw if cricket is famous in ur region bt as soccer is well knwn every I gv u a similar eg so that its easy fr me to convey :
A penalty kick. Messi in tkng a penalty. Nw wheher he shoots the ball in the net and scores a goal will depend n many fctrs like goalkeepers ability, messi's penalty takng ability, pressure, composure (in football manager) etc. Nw the game calculates all factors and comes to a conclusion that messi will miss the penalty (rare Wink) but we want him r any other player to always score regardless f conditions. So what we do is either change the cnditons whixh I feel is tough (coz there r so many). So what we do is that even if the final.probability (calculation of all the factors togther) comes out to be "penalty miss" we can alter the condition by writing a script of goal scoring (found frm toggle breakpoint that inveeases score) and let the goal missing conclusion to jump to our script. This way any calculatuons comes out, the event will be same that messi scores the penalty. Similarly in my game, whaetva the factors add up, the bowler should bowl a wicket taking delivery and result in a wicket loss of opposite team.
If its possible how do I find the final "jump if" code?
Also its a strategy game like.fm.

And abt my swap opcode thng Its tough to xplain. Il try
In cricket event of bowlers tkng a wicket hppns max of ten times. (as there are 10 wickets only). But the event f bowler gvng away one run occurs much more times thn that. So my point ws if we find the decision (opcode) that a bowler gvs away one run we create a jump after this r swap the event after this to the events of a wicket taking ball, then evrytime the final calculation comes out that 1 run wil be scored, it wnt gv a run but instead it will result in a wicket. (as 1 runs hapoen much more tims thn a wicket happens, its useful to swap)


EDIT : Lol I re read ur reply three four times to completly understnd it.All my xplanation is summarized in ur half sentence "make.the condition to be true always". Lol. So finally how do I do this? :S

Steps I did to get the opcode in blackbox of screenie
1. Initially the wicket count f opp was 0. So I searchd 0
2. Played the game. Took a wicket. Nw searched 1. Similarly took anther wicket. Searched 2. Then I gt the adress. Chckd whther its the right adress.
3. Then I did "what writes to this...". Took a wicket in game. An opcode appeared in the window that black box in screenie.
4. Now where to trace above this or below this opcode? Where to put breakpoints and check?

Also what is test command. Hw does it work? See screenshot?
Thanks for bearing my noobness
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Tue Nov 26, 2013 1:47 pm    Post subject: Reply with quote

I have to say that I am having a really hard time reading your posts.

To put it simply, it depends on what you want to do. For example, altering the value of an outcome of something is easy (i.e. changing the value of wickets received after you have received them). But altering what that outcome will be is more difficult (i.e. controlling whether or not you will receive a wicket before it happens).

If it's the latter, it can still be done, but the only way I know how to do it is by setting a breakpoint on the instruction that writes to your wicket value (when you receive a wicket), and back tracing that instruction until you find the conditional jump that determines whether or not you receive a wicket in the first place. This may be tedious and may require a lot of trial and error. I do not know of any other way around that. Maybe some veteran members have some secrets that they can share. Very Happy

I would start by trying to find the beginning of the routine. You can add comments in memory viewer to keep track of which jumps you have tested etc.

EDIT:
Test.
Back to top
View user's profile Send private message
faizangmc
Expert Cheater
Reputation: 0

Joined: 12 Nov 2013
Posts: 167

PostPosted: Tue Nov 26, 2013 3:02 pm    Post subject: Reply with quote

ok thankx. sorry for long posts. I was using my cell phone to write so some mistakes.
Btw I want to do the conditional jump thing. (controlling whether or not you will receive a wicket before it happens)

I did set a breakpoint some instructions "ABOVE" the instruction that writes the wicket value. on every instruction the game hangs until i release the breakpoint.

I wanted to ask if i directly make changes in memory viewer like change je to jmp, will it show any effect (i guess its read only). If i get a crash at some instruction i "break", what does this indicate? what next? im getting crash at every instruction i put a breakpoint on above the instruction that writes wicket value.
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Tue Nov 26, 2013 3:50 pm    Post subject: Reply with quote

First thing, you want to look for all jumps - even the jne's (the do not jumps if equal)...because we don't know what kind of conditions have to be met...it could be a 'jump if wickets are true', or a 'do not jump if wickets are true'.

Secondly, you do not have to set a breakpoint to change these jumps...just work back from the instruction that writes to your wickets value.

If you revise the data in assembly viewer, the changes will take effect immediately and will be applied as soon as that area of code is accessed...just as it would if you NOP'd that data.

A crash could indicate many things. But, as previously mentioned, breakpoints aren't necessary, but they can make things easier, depending on what you are doing.

Don't forget to add a comment at each jump that you test.
Back to top
View user's profile Send private message
faizangmc
Expert Cheater
Reputation: 0

Joined: 12 Nov 2013
Posts: 167

PostPosted: Tue Nov 26, 2013 3:58 pm    Post subject: Reply with quote

wow thankx bro. very simple explanation. ill test and report back. Smile

edit : i did some changes in all the jumps i found above. changed them to jmp one by one alternating with playing the game. (clicking on next bowl)
in some there wasnt any effect. in a few of them changing it jmp crashes the game.

edit 2: JUST NOW FOUND SOMETHING VERY VERY SPECIAL!!
i dropped editing jumps around the wicket thing. (it did for a long section of the data above and below the instruction for wicket change. but either it was crashing or no differencce
Then i searched the runs scored per delivery. like if a batsmen hit 4 i searched 4, then he hit 2 next ball, i searched 2, then he just defended the ball without scoring, filtred 0. found an adress which shows the runs scored just the previous delivery. -- what writes to this address. played one more bowl. Instruction appeared
Then started changing jumps above it just like i was doing for wickets.
Some places no change, some places crash.
FINALLLY got an instruction that does some diffrnce. Changing that jump from jle (dnt remember exact) to jmp MAKES THE BATSMEN SCORE RUNS ONLY IN 4'S OR 6'S OR BYES (if u knw these terms) but they dont take singles or doubles! they dnt run between wickets! giving me maidens !! hope i find a similar thing for 4's and 6's!

Also how do i save this instruction so that i can use this for future if i restart cheat engine. Also i saved some comments as u instructed. Will it be saved next time i restart cheat engine or they will get delted? if del how to save them.

And UR TRULY GRAND CHEATMASTEER. lol
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Tue Nov 26, 2013 5:26 pm    Post subject: This post has 1 review(s) Reply with quote

Typically, the data that you want to change will occur before (above) the instruction that you are working from.

Remember, you want to change the 'jumps' (and) the 'do not jumps' to their opposites for testing purposes.

Sorry, I do not understand the terminology for this kind of game.

To edit memory data, you can use the auto-assembler by doing the following:

1. Do not change the code (if you have, close the game so that the code reverts back to the original code, and reopen the game).
2. Find the instruction that you want to change and highlight it with a left-click of the mouse.
3. Select 'tools' from the drop-down menu, and click on 'auto assemble'.
4. In the auto assemble window, select 'template' from the drop-down menu, and click on 'cheat table framework code'.
5. Select 'template' again, this time, click on 'code injection'. Click okay.
6. Select 'file' from the drop-down menu, and click on 'assign to current cheat table'.

When you are done, copy everything from the auto assemble window, and paste it here within code brackets. We can take a look at it, and I will explain to you what needs to be changed.

Regarding problems with the scoring, I can not answer that question. You must continue working until you find the data that you want to change and the proper injection point etc.. It may occur before the conditional jump or after it. However, simply changing a jump may not provide you with the solution that you are looking for. You may have to make additional modifications (such as changing the value of a register) in order to achieve what you want. That being said, it's not always so easy. Very Happy

Comments can be saved by saving the cheat table.
Back to top
View user's profile Send private message
faizangmc
Expert Cheater
Reputation: 0

Joined: 12 Nov 2013
Posts: 167

PostPosted: Wed Nov 27, 2013 3:27 am    Post subject: Reply with quote

ok thank you very very much.

how do i give someone a review?

One more thing. Can you help me with this

http ://forum.cheatengine.org/viewtopic.php?t=569746

(remove space after http)
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites