View previous topic :: View next topic |
Author |
Message |
Taibreah Cheater Reputation: 0
Joined: 19 Mar 2014 Posts: 35
|
Posted: Thu Sep 22, 2016 6:59 pm Post subject: Organizing a table under one Script. |
|
|
I'm now trying learn using injection copies (read a tutorial on it) in my tables so I can see the actual values. I have successfully created working scripts and the pointers are directly below each script; there are 3 of them, but it seems very unorganized this way because each of them are nested under the other.
Is there a way I should be editing the script to have all 3 pointers neatly under one script only?
Here is what the table looks like activated, side by side with game.
Edit: Removed the old CT
Description: |
|
Filesize: |
313.76 KB |
Viewed: |
8433 Time(s) |
|
Last edited by Taibreah on Sat Sep 24, 2016 8:54 pm; edited 2 times in total |
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Thu Sep 22, 2016 7:16 pm Post subject: |
|
|
Have you tried finding a parent structure to each pointer? Possibly 1 level up.
For example, you might have something like:
[base+100]+10 is health
[base+108]+10 is stamina
[base+110]+10 is ikhor
That way you'd only need to find 1 address and then adjust the pointers to each stat.
Debug each instruction and find a common address in the registers of each.
Then use the structure dissect to see if you are able to find each stat from there.
|
|
Back to top |
|
|
Taibreah Cheater Reputation: 0
Joined: 19 Mar 2014 Posts: 35
|
Posted: Thu Sep 22, 2016 9:57 pm Post subject: |
|
|
Health, Stamina, and Ikhor were all in different registers. How can I make that work in one script? I'm thinking that maybe I'm not understanding what you mean above.
Since posting the topic I've gone back into the game and I've found and made some changes:
1. Health is at [rcx+10] // The code is unchanged from the original code, it's still movss xmm12,[rcx+10]
2. Stamina has been changed to [rcx+10] //In my original script it was [rbx+10]. I changed the code to movss [rcx+10],xmm0 because that also worked.
3. Ikhor has been changed to [rcx+0C] //In my original script it was [rdi+0C]. The script works both ways, but I think I'm supposed to use registers that are all RCX, right? I changed the code to movss xmm0,[rcx+0C]
Now that all 3 registers match, how can I make the one script with the 3 pointers? Thanks.
I've re-uploaded the CT with the changes.
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Fri Sep 23, 2016 4:02 pm Post subject: |
|
|
Debug each instruction and show a screenshot of the registers for each.
Also, paste some of the code above the instruction, maybe it'll be useful.
|
|
Back to top |
|
|
Taibreah Cheater Reputation: 0
Joined: 19 Mar 2014 Posts: 35
|
Posted: Fri Sep 23, 2016 7:21 pm Post subject: |
|
|
I'm sorry, I don't entirely understand how to debug my code as I've never used the Debugger, so hopefully what I've shown is right.
Here are screenshots of some of the code that are above the instruction along with one of each registers in the right hand window, is that correct?
The pointers for the screenshots below were:
Health: P->09AC9E90
Stamina: P->E731A260
Ikhor: P->E731A1CC
Description: |
Health Code and Registers |
|
Filesize: |
73.07 KB |
Viewed: |
8328 Time(s) |
|
Description: |
Stamina Code and Registers |
|
Filesize: |
62.75 KB |
Viewed: |
8328 Time(s) |
|
Description: |
|
Filesize: |
60.35 KB |
Viewed: |
8328 Time(s) |
|
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Fri Sep 23, 2016 9:13 pm Post subject: |
|
|
With different injection points, you can combine multiple scripts in to one. CE will do this for you, automatically, as many times as you want:
Example
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Fri Sep 23, 2016 9:17 pm Post subject: |
|
|
Perfect, that first screenshot for health shows the parent structure.
Code: | mov rcx,[rax+00002530] |
So at this instruction, you should instead be saving the register RAX (55C12D60).
Now your health pointer should be: [[player]+2530]+10
It is very likely that this same structure holds a pointer to your stamina and ikhor.
If you're lucky, it will be: [[player]+2538]+10 or [[player]+2540]+10
Search through the memory within that new structure for the stamina address (E731A260).
It will be very far down from that new base structure (around the offset of hex 2530).
|
|
Back to top |
|
|
Taibreah Cheater Reputation: 0
Joined: 19 Mar 2014 Posts: 35
|
Posted: Sat Sep 24, 2016 5:48 pm Post subject: |
|
|
@Zanzer:
Great, that worked with the Health and Stamina. You were right about Stamina being at [player]+2538+10. By the way, how did you know that rcx,[rax+2530] was the player structure? Is it usually found by looking a little above the player's health?
As for the Ikhor, I wasn't able to find it so far looking through the player structure. I tried [player]+2540+10 through [player]+2660+10 with no luck. Should I be looking even further down, or is the offset suppose to be different, because Ikhor was the only one that came up with the offset of 0C, and not 10. This was the Ikhor code: movss xmm0,[rcx+0C]. I don't know if it matters, but Ikhor will always return to zero, it does it's regeneration opposite; the more you use the more it goes up and then goes back down to zero as being "fully regenerated". Thanks for all your help.
@Methos:
Thanks for those examples. I'll try that method as well in another CT, as I am aiming to learn all possible ways to do these things.
PS: Adding a new screenshot of what I've got so far from the player structure and how I input the pointers information.
Description: |
I know I forgot to change the Stamina type from 4-bytes to Float in the pointer screenshot, but I did changed it when I saved it. |
|
Filesize: |
41.77 KB |
Viewed: |
8193 Time(s) |
|
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Sat Sep 24, 2016 7:18 pm Post subject: |
|
|
Since the instruction accessing health used RCX, I just looked above to see if something was populating RCX.
You could perform an 8-byte hex search for the ikhor base address (E731A1C0 above).
Simply set the Start and Stop addresses within CE to match the player structure.
In your original screenshots, start at 55C12D60 and stop at 55C2000.
If it's not found then it's possibly several pointers deeper.
|
|
Back to top |
|
|
Taibreah Cheater Reputation: 0
Joined: 19 Mar 2014 Posts: 35
|
Posted: Sat Sep 24, 2016 8:56 pm Post subject: |
|
|
Found out what it was, I could have sworn I had gone across that address before, but I think the last time I didn't use the offset C, and that's what it was. Ikhor ended up being [player]+2548+C. Yay, I learned something new and now I can release the table. Thanks again for helping me, I'm sure I'll be asking more questions later on.
|
|
Back to top |
|
|
|