Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


A reliable compare point in an everchanging environment?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
TheTornadoTitan
Cheater
Reputation: 0

Joined: 30 Dec 2013
Posts: 36
Location: Oklahoma, United States

PostPosted: Sat Jan 11, 2014 9:10 pm    Post subject: A reliable compare point in an everchanging environment? Reply with quote

Alright guys, I have a problem with a cheat table I'm trying to make. Actually I've ran into this a few times and just went to work on something else.

I've read up countless time what the FST, FSTP, and FLD things do and are.

I know my problem, and I know my end goal, just not how to get there.

I need a compare point, so I can alter the code in a way that only affects my guy(s), which means a stable compare point.

however, when "finding out what writes to this address", and then "find out what addresses this code accesses", I find that every stat is counted as [eax], mine or the others.

Which means that if in "dissect data/structures" [eax+10] is a good comparison point, that is only true if the stat that is being read is say attack, any other stat and [eax+10] will be something else and no longer applicable as a comparison point (or so it seams as only one stat increased and others didn't even though all are affected by it).

so at this point I can make everyone gods, which doesn't quite help me lol.

Code:

kenshi_STEAM.exe+3D0B0A - D9 45 0C              - fld dword ptr [ebp+0C]
kenshi_STEAM.exe+3D0B0D - DC 1D D8B03F01        - fcomp qword ptr [kenshi_STEAM.AK::MusicEngine::Init+98118]
kenshi_STEAM.exe+3D0B13 - DFE0                  - fnstsw ax
kenshi_STEAM.exe+3D0B15 - F6 C4 05              - test ah,05
kenshi_STEAM.exe+3D0B18 - 7B 10                 - jnp kenshi_STEAM.exe+3D0B2A
kenshi_STEAM.exe+3D0B1A - D9 45 F8              - fld dword ptr [ebp-08]
kenshi_STEAM.exe+3D0B1D - DC 1D D8B03F01        - fcomp qword ptr [kenshi_STEAM.AK::MusicEngine::Init+98118]
kenshi_STEAM.exe+3D0B23 - DFE0                  - fnstsw ax
kenshi_STEAM.exe+3D0B25 - F6 C4 05              - test ah,05
kenshi_STEAM.exe+3D0B28 - 7A 02                 - jp kenshi_STEAM.exe+3D0B2C
kenshi_STEAM.exe+3D0B2A - EB 10                 - jmp kenshi_STEAM.exe+3D0B3C
kenshi_STEAM.exe+3D0B2C - D9 45 0C              - fld dword ptr [ebp+0C]
kenshi_STEAM.exe+3D0B2F - D8 4D F8              - fmul dword ptr [ebp-08]
kenshi_STEAM.exe+3D0B32 - 8B 4D 08              - mov ecx,[ebp+08]
kenshi_STEAM.exe+3D0B35 - D8 01                 - fadd dword ptr [ecx]
kenshi_STEAM.exe+3D0B37 - 8B 55 08              - mov edx,[ebp+08]
kenshi_STEAM.exe+3D0B3A - D9 1A                 - fstp dword ptr [edx] <---- This writes to every skill used in a situation, be it my skills or someone elses
kenshi_STEAM.exe+3D0B3C - 8B E5                 - mov esp,ebp



what are some tips for this situation, what can i do to remedy this issue?

I know my way around Cheat Engine and auto assembler decently but these floats and stacks really get me :/

_________________
I like this
Hitler check out
My Tables!
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Sat Jan 11, 2014 10:09 pm    Post subject: Reply with quote

A few things you can try...

1. Set a breakpoint to see if you can work with any unique register values.
2. Dissect data structures and compare as many addresses as you can to find a reliable offset (or, just dig deeper inside pointer trees to find a good compare).
3. Use pointers in the script.

It can help to reroute data for filtering purposes (i.e. create a codecave and set up your compare...have all garbage addresses jmp originalcode, but have your targeted address(es) continue running [same code as originalcode, but different location], then just set a breakpoint on that 'target' code). By doing this, you can ensure that your targeted address is the ONLY address that is being filtered.
Back to top
View user's profile Send private message
TheTornadoTitan
Cheater
Reputation: 0

Joined: 30 Dec 2013
Posts: 36
Location: Oklahoma, United States

PostPosted: Sat Jan 11, 2014 10:30 pm    Post subject: Reply with quote

well lets say I found a compare point for money, it works and is reliable for things involving the money script, can I use that in someway in my stats scripts?

Like maybe setting the compare in my money script as a registered symbol
and then using that registered symbol in my stats script?

Would the stat script have any idea what I was trying to link there or would it just check to see if the compare was true, and if it was, continue as normal and apply normally to everyone, rendering my compare useless?

_________________
I like this
Hitler check out
My Tables!
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Sat Jan 11, 2014 10:39 pm    Post subject: Reply with quote

TheTornadoTitan wrote:
well lets say I found a compare point for money, it works and is reliable for things involving the money script, can I use that in someway in my stats scripts?
-That depends...if the money and the stats are part of the same structure, or, the offset is constant between them (the distance never changes), then you can. However, you don't need to do this. If you can use the pointer scanner, use that. Or, if you're comfortable, do one of the other options.

By the way, don't forget to try 'what accesses', instead of 'what writes'. You may even find an instruction that only accesses hero address. Not only that, but most things that you want to happen instantly, will require injection at an instruction that reads the address as opposed to writes to it, because the reading may occur several times per second, as opposed to the writing...which may only occur when something actually happens that requires the address to be written to.
Back to top
View user's profile Send private message
TheTornadoTitan
Cheater
Reputation: 0

Joined: 30 Dec 2013
Posts: 36
Location: Oklahoma, United States

PostPosted: Sat Jan 11, 2014 10:48 pm    Post subject: Reply with quote

I think this may be over my head honesty, using "what accesses" is how I found all the enemies stats too compare too haha Very Happy

I wouldn't know what I was looking for in the breakpoints. When I did it nothing stood out as unique, everything was constant except the ECX and EDX registers but they both store the address of the current skill being changed

don't know how to reference something within a pointer tree, and even if I could, wouldn't where the pointer tree was located say [edx+3] change if edx changed because a different skill was being referenced?

I may try pointers but the pointer scan always returns like 100k addresses and even when I narrow it, even after 10-15 scans, there are still tons of pointers. Plus if I found pointer to each stat I would need the script.

I appreciate the help but this looks too be far above my skill level at the moment, all I have is a working money script haha. I'm all for learning of course, and I'm not giving up, jut need to learn more before I tackle a beast such as this.

Then again maybe not, I realized that when you said "what accesses", you meant on the actual address not the op code, so I tried that and have some new stuff to try, we shall see. Thanks a bunch, what an oversight on my part lol I'd +rep if I could!

_________________
I like this
Hitler check out
My Tables!
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Sat Jan 11, 2014 11:33 pm    Post subject: This post has 1 review(s) Reply with quote

TheTornadoTitan wrote:
I think this may be over my head honesty, using "what accesses" is how I found all the enemies stats too compare too haha Very Happy
-Using health address, as an example...say you have hero health address in your cheat table, instead of right-clicking it and selecting 'what writes', select 'what accesses'. Then, in the debugger window, you can right-click in the open space and select 'check if found opcodes also access other addresses'.

TheTornadoTitan wrote:
I wouldn't know what I was looking for in the breakpoints. When I did it nothing stood out as unique, everything was constant except the ECX and EDX registers but they both store the address of the current skill being changed
-Good. If all of the registers are constant, except for the register(s) holding the actual address, then you know that you can't use them for filtering...moving on.

TheTornadoTitan wrote:
don't know how to reference something within a pointer tree, and even if I could, wouldn't where the pointer tree was located say [edx+3] change if edx changed because a different skill was being referenced?
-Using health as an example, every health address (ally + enemy) is being stored in [edx]. This is constant and never changes unless the code changes in an update or something. So, when you dissect data structures you may find that, at edx+4, then +C (inside first pointer), then +14 (inside second pointer), all of the addresses that you load to compare (hero and enemy addresses) tell you if the character is good or bad at that location [[[edx+4]+C+14]. So, in our script, we would write something like this:

Code:
push edi
mov edi,[edx+04]
mov edi,[edi+0C]
mov edi,[edi+14]
cmp edi,69766943        //Friendly
pop edi
je friendly


TheTornadoTitan wrote:
I may try pointers but the pointer scan always returns like 100k addresses and even when I narrow it, even after 10-15 scans, there are still tons of pointers.
-It doesn't matter if you have 1 million addresses...so long as you have one that works consistently. You DO NOT have to run the pointer scan over and over again to the point that you only have a handful of results - rarely is that ever the case with newer games. You may have to run the pointer scan (a lot), but as long as you have a set of pointers that continue to work, there is no reason to whittle your results down if the pointers keep working.

TheTornadoTitan wrote:
Plus if I found pointer to each stat I would need the script.
-I don't understand. Using the health as an example, let's say you perform a pointer scan on your health address and add it to your cheat table. Now, let's say that you double-click on the address and you see something similar to this:



If the instruction that writes/accesses your address is this:

fstp dword ptr [edx]

You know that edx holds the address of your health. So, in our script, we would write something like this:

Code:
cmp edx,[[[["game.exe"+0035C4BC]+4]+C]+14]
je hero



TheTornadoTitan wrote:
I appreciate the help but this looks too be far above my skill level at the moment.
-If you have any questions or need help, just ask.

Last edited by ++METHOS on Sat Jan 11, 2014 11:41 pm; edited 2 times in total
Back to top
View user's profile Send private message
TheTornadoTitan
Cheater
Reputation: 0

Joined: 30 Dec 2013
Posts: 36
Location: Oklahoma, United States

PostPosted: Sat Jan 11, 2014 11:39 pm    Post subject: Reply with quote

Choosing what accesses on the actual address helped, I have some new stuff to work with (thanks to you), and also that whole post is chalk full of useful information, and I can actually use that in a different game I've been working on Very Happy thanks a ton friend, you have helped me in numerous ways on numerous issues that I haven't even touched on in this post. I will archive this on my machine locally so I always have this to reference too. Thanks again Smile
_________________
I like this
Hitler check out
My Tables!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites