|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
mexyn How do I cheat? Reputation: 0
Joined: 02 Oct 2015 Posts: 4
|
Posted: Sun Dec 10, 2017 2:20 pm Post subject: Need some advise |
|
|
Hi there,
first of all, like many others, i am kind of new to cheat engine stuff. But i already read a lot of tutorials. Right now i am able to do all the basic stuff:
- Finding Values (known and unknown)
- Finding static pointers (manually, pointer scan, pointer maps)
- doin aob injections
So when it comes to things like health, skill points etc., most times its no big deal anymore. But now i want to go to some more advanced stuff (at least for me).
Right now im trying to do a super jump in The Hunter - Call of the wild.
I found a static address which holds the proper axis for height (dunno if its y or z). So i thought...find that value...find out what access/writes (to) that address. then switch to the game...jump up...and hopefully an instruction will appear which points me to the "jump function"....
yeah well....it isnt that easy i had to learn right when i hit F6 to find out what writes to this address an instruction pops up which is called continously, even though my altitude in game isnt changed...when i jump up, there is is no more instruction appearing. So i guess, this instruction is shared by a lot of functions in this game.
Now i have no clue how to backtrace that code to the "right" function...i tried to go back in code, but its really a pain in the ass.
As i often see, that the pro users here, only need a few hours to find pointers, functions, etc. for that, i believe there must be an easier way for this kind of "problem", so i guess i am just doing it the wrong way or just dont know how to do it "right"?
Does anyone have an advise for me, how i can find functions like that? Maybe i am totally wrong the way i am thinking?
Thank yoouuuu
|
|
Back to top |
|
|
Piereinut How do I cheat? Reputation: 0
Joined: 11 Dec 2017 Posts: 2
|
Posted: Mon Dec 11, 2017 4:19 am Post subject: |
|
|
I want advice like you, I'm trying to find the answer. But I can not find it.
|
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Mon Dec 11, 2017 6:05 am Post subject: Re: Need some advise |
|
|
mexyn wrote: | So i guess, this instruction is shared by a lot of functions in this game.
Now i have no clue how to backtrace that code to the "right" function...i tried to go back in code, but its really a pain in the ass. |
I'm no expert on this but you can set a breakpoint on the instruction before that one, then setup the break and trace on the one you care about and change it to a conditional breakpoint by opening the breakpoints list and right clicking it, and set the condition to eg. RAX == 0x<height address> (or whatever makes sense in your particular case), note that the condition is in lua, then you can remove the first breakpoint you set (which was there to prevent the b&t bp from being hit before you'd set the condition) and let the game run. That way you get the break & trace information from the address you actually care about.
|
|
Back to top |
|
|
mexyn How do I cheat? Reputation: 0
Joined: 02 Oct 2015 Posts: 4
|
Posted: Mon Dec 11, 2017 11:48 am Post subject: Re: Need some advise |
|
|
FreeER wrote: |
I'm no expert on this but you can set a breakpoint on the instruction before that one, then setup the break and trace on the one you care about and change it to a conditional breakpoint by opening the breakpoints list and right clicking it, and set the condition to eg. RAX == 0x<height address> (or whatever makes sense in your particular case), note that the condition is in lua, then you can remove the first breakpoint you set (which was there to prevent the b&t bp from being hit before you'd set the condition) and let the game run. That way you get the break & trace information from the address you actually care about. |
I am not sure if i got you right...but how i understand it, that wont help me. Let me give you an example:
7FF77B34A698 holds the float Value with the height (e.g. 1122.00)
Immediately after i hit F6 to see what writes to it...i see the following instruction:
7FF7797450EE - F3 0F11 05 A255C001 - movss [7FF77B34A698],xmm0
The counter is raising continously! My height IS NOT changed in game! Its still 1122.00. The counter still raises and raises...now when i jump up in game or move somewhere higher/lower i can see, that the float value changes properly at the address mentioned above, BUT i dont get any new instruction other than that mentioned above. So i GUESS
->> 7FF7797450EE - F3 0F11 05 A255C001 - movss [7FF77B34A698],xmm0
is jused by the jump function AND something else, as it continously gets called even though i dont change my altitude in game...Something is writing the altitude value continously to that same address. So setting up a conditional BP tracking that address would break every time, if i do understand it right?
Or did i misunderstand it?
Another thing i have to mention...when i was looking for the value...i ended up with about 60 Addresses...not matter how often i changed my altitude in game...looking around and so on...all 60 addresses still had the same value, so i couldnt reduce the result count any more. The address mentioned above was the only green one. So i thought, this is the right address to work with. But maybe its not?
|
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Mon Dec 11, 2017 12:22 pm Post subject: |
|
|
hm, yeah. by Quote: | So i guess, this instruction is shared by a lot of functions in this game. | I was thinking it was changing multiple addresses, in which case a conditional breakpoint would help only show the one you cared about, but that's clearly a constant value there.
Quote: | i ended up with about 60 Addresses...not matter how often i changed my altitude in game...looking around and so on...all 60 addresses still had the same value, so i couldnt reduce the result count any more. | Start changing them in CE and see which one(s) actually change anything in the game, that's a pretty basic skill
|
|
Back to top |
|
|
mexyn How do I cheat? Reputation: 0
Joined: 02 Oct 2015 Posts: 4
|
Posted: Mon Dec 11, 2017 5:19 pm Post subject: |
|
|
FreeER wrote: | Start changing them in CE and see which one(s) actually change anything in the game, that's a pretty basic skill |
You are absolutely right...my fault. Did that and found the address that is affecting the altitude of my character (its not static). So when i change the value to higher value, my character gets lifted in the air and drops down again, back to its old value. So seems to be the right spot.
But now again i have the same problem. Hit F6 on that address...and get these 3 instructions:
7FF77A016629 - 0F29 67 30 - movaps [rdi+30],xmm4
7FF77A7E2F08 - 0F29 65 30 - movaps [rbp+30],xmm4
7FF77A811B75 - 44 0F29 43 30 - movaps [rbx+30],xmm8
All 3 instructions are called continously no matter if i move my character or not.
|
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Mon Dec 11, 2017 5:22 pm Post subject: |
|
|
Best I can suggest is look at the code and see where it's getting the values from (xmm4/xmm8)
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1586
|
Posted: Tue Dec 12, 2017 2:42 am Post subject: |
|
|
here is my script, please ignore my comments and commented labels etc.
its an old script i was doing some tests, but anyway it works even tho i didnt complete my work.
Code: | [ENABLE]
aobscanmodule(super,theHunterCotW_F.exe,66 90 0F 10 00 0F 11 01 0F 10 48 10 0F 11 49 10)
alloc(new,$152,"theHunterCotW_F.exe"+4E2956)
//alloc(originalValue,256) // to store original speed and jump values
alloc(superAddress,8) // address to add in address-list, hotkey will be assigned
//registersymbol(originalValue)
registersymbol(superAddress)
//label(OrgSpeedVal) // storing original value of speed
//label(OrgJumpVal) // storing original value of jump
label(SuperEnable) // enable section - it will be controlled by "superAddress"
label(SuperDisable) // disable section - it will be controlled by "superAddress"
label(code)
label(return)
//originalValue:
//OrgSpeedVal:
//dd (float)2.0 // original speed value
//OrgJumpVal:
//dd (float)7.0 // original jump value
new:
cmp [superAddress],01 // pressing my hotkey to set the value to '1'
je SuperEnable // and jump to here if i want to enable it
cmp [superAddress],02 // pressing my hotkey to set the value to '2'
je SuperDisable // and jump to here if i want to disable it
// if non, then it will continue to code
code:
movups xmm1,[rax+10]
movups [rcx+10],xmm1
jmp return
SuperEnable:
mov [superAddress],00
mov [rax+20],(float)22.00 // super speed
mov [rax+3C],(float)77.00 // super jump
jmp code
SuperDisable:
mov [superAddress],00
mov [rax+20],(float)2.0
mov [rax+3C],(float)7.0
jmp code
superAddress:
db 00
super+08:
jmp new
nop
nop
nop
return:
registersymbol(super)
[DISABLE]
super+08:
db 0F 10 48 10 0F 11 49 10
//unregistersymbol(originalValue)
unregistersymbol(superAddress)
unregistersymbol(super)
//dealloc(originalValue)
dealloc(superAddress)
dealloc(new)
|
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
mexyn How do I cheat? Reputation: 0
Joined: 02 Oct 2015 Posts: 4
|
Posted: Tue Dec 12, 2017 11:13 am Post subject: |
|
|
OldCheatEngineUser wrote: | here is my script, please ignore my comments and commented labels etc.
its an old script i was doing some tests, but anyway it works even tho i didnt complete my work. |
Thank you very much!!!
As i am very interested how to achieve such things and actually want to understand the way this is done, can you give me s short explanation how you did find these values?
Would be very cool, cause im tryin to get better at those things Just a short breadcrump description to know which "way" you did it would be very nice!
Thanks again!
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1586
|
Posted: Tue Dec 12, 2017 12:11 pm Post subject: |
|
|
in short there is no standard/general way to do/find these.
it depends on the game, and it depends very much.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|