Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Need some advise

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
mexyn
How do I cheat?
Reputation: 0

Joined: 02 Oct 2015
Posts: 4

PostPosted: Sun Dec 10, 2017 2:20 pm    Post subject: Need some advise Reply with quote

Hi there,

first of all, like many others, i am kind of new to cheat engine stuff. But i already read a lot of tutorials. Right now i am able to do all the basic stuff:

    - Finding Values (known and unknown)
    - Finding static pointers (manually, pointer scan, pointer maps)
    - doin aob injections

So when it comes to things like health, skill points etc., most times its no big deal anymore. But now i want to go to some more advanced stuff (at least for me).

Right now im trying to do a super jump in The Hunter - Call of the wild.

I found a static address which holds the proper axis for height (dunno if its y or z). So i thought...find that value...find out what access/writes (to) that address. then switch to the game...jump up...and hopefully an instruction will appear which points me to the "jump function"....

yeah well....it isnt that easy i had to learn Sad right when i hit F6 to find out what writes to this address an instruction pops up which is called continously, even though my altitude in game isnt changed...when i jump up, there is is no more instruction appearing. So i guess, this instruction is shared by a lot of functions in this game.

Now i have no clue how to backtrace that code to the "right" function...i tried to go back in code, but its really a pain in the ass.

As i often see, that the pro users here, only need a few hours to find pointers, functions, etc. for that, i believe there must be an easier way for this kind of "problem", so i guess i am just doing it the wrong way or just dont know how to do it "right"?

Does anyone have an advise for me, how i can find functions like that? Maybe i am totally wrong the way i am thinking?

Thank yoouuuu Smile
Back to top
View user's profile Send private message
Piereinut
How do I cheat?
Reputation: 0

Joined: 11 Dec 2017
Posts: 2

PostPosted: Mon Dec 11, 2017 4:19 am    Post subject: Reply with quote

I want advice like you, I'm trying to find the answer. But I can not find it.
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Mon Dec 11, 2017 6:05 am    Post subject: Re: Need some advise Reply with quote

mexyn wrote:
So i guess, this instruction is shared by a lot of functions in this game.

Now i have no clue how to backtrace that code to the "right" function...i tried to go back in code, but its really a pain in the ass.


I'm no expert on this but you can set a breakpoint on the instruction before that one, then setup the break and trace on the one you care about and change it to a conditional breakpoint by opening the breakpoints list and right clicking it, and set the condition to eg. RAX == 0x<height address> (or whatever makes sense in your particular case), note that the condition is in lua, then you can remove the first breakpoint you set (which was there to prevent the b&t bp from being hit before you'd set the condition) and let the game run. That way you get the break & trace information from the address you actually care about.
Back to top
View user's profile Send private message
mexyn
How do I cheat?
Reputation: 0

Joined: 02 Oct 2015
Posts: 4

PostPosted: Mon Dec 11, 2017 11:48 am    Post subject: Re: Need some advise Reply with quote

FreeER wrote:

I'm no expert on this but you can set a breakpoint on the instruction before that one, then setup the break and trace on the one you care about and change it to a conditional breakpoint by opening the breakpoints list and right clicking it, and set the condition to eg. RAX == 0x<height address> (or whatever makes sense in your particular case), note that the condition is in lua, then you can remove the first breakpoint you set (which was there to prevent the b&t bp from being hit before you'd set the condition) and let the game run. That way you get the break & trace information from the address you actually care about.


I am not sure if i got you right...but how i understand it, that wont help me. Let me give you an example:

7FF77B34A698 holds the float Value with the height (e.g. 1122.00)

Immediately after i hit F6 to see what writes to it...i see the following instruction:

7FF7797450EE - F3 0F11 05 A255C001 - movss [7FF77B34A698],xmm0

The counter is raising continously! My height IS NOT changed in game! Its still 1122.00. The counter still raises and raises...now when i jump up in game or move somewhere higher/lower i can see, that the float value changes properly at the address mentioned above, BUT i dont get any new instruction other than that mentioned above. So i GUESS

->> 7FF7797450EE - F3 0F11 05 A255C001 - movss [7FF77B34A698],xmm0

is jused by the jump function AND something else, as it continously gets called even though i dont change my altitude in game...Something is writing the altitude value continously to that same address. So setting up a conditional BP tracking that address would break every time, if i do understand it right?

Or did i misunderstand it?

Another thing i have to mention...when i was looking for the value...i ended up with about 60 Addresses...not matter how often i changed my altitude in game...looking around and so on...all 60 addresses still had the same value, so i couldnt reduce the result count any more. The address mentioned above was the only green one. So i thought, this is the right address to work with. But maybe its not?
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Mon Dec 11, 2017 12:22 pm    Post subject: Reply with quote

hm, yeah. by
Quote:
So i guess, this instruction is shared by a lot of functions in this game.
I was thinking it was changing multiple addresses, in which case a conditional breakpoint would help only show the one you cared about, but that's clearly a constant value there.

Quote:
i ended up with about 60 Addresses...not matter how often i changed my altitude in game...looking around and so on...all 60 addresses still had the same value, so i couldnt reduce the result count any more.
Start changing them in CE and see which one(s) actually change anything in the game, that's a pretty basic skill
Back to top
View user's profile Send private message
mexyn
How do I cheat?
Reputation: 0

Joined: 02 Oct 2015
Posts: 4

PostPosted: Mon Dec 11, 2017 5:19 pm    Post subject: Reply with quote

FreeER wrote:
Start changing them in CE and see which one(s) actually change anything in the game, that's a pretty basic skill


You are absolutely right...my fault. Did that and found the address that is affecting the altitude of my character (its not static). So when i change the value to higher value, my character gets lifted in the air and drops down again, back to its old value. So seems to be the right spot.

But now again i have the same problem. Hit F6 on that address...and get these 3 instructions:

7FF77A016629 - 0F29 67 30 - movaps [rdi+30],xmm4
7FF77A7E2F08 - 0F29 65 30 - movaps [rbp+30],xmm4
7FF77A811B75 - 44 0F29 43 30 - movaps [rbx+30],xmm8

All 3 instructions are called continously no matter if i move my character or not.
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Mon Dec 11, 2017 5:22 pm    Post subject: Reply with quote

Best I can suggest is look at the code and see where it's getting the values from (xmm4/xmm8)
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Tue Dec 12, 2017 2:42 am    Post subject: Reply with quote

here is my script, please ignore my comments and commented labels etc.
its an old script i was doing some tests, but anyway it works even tho i didnt complete my work.

Code:
[ENABLE]

aobscanmodule(super,theHunterCotW_F.exe,66 90 0F 10 00 0F 11 01 0F 10 48 10 0F 11 49 10)
alloc(new,$152,"theHunterCotW_F.exe"+4E2956)
//alloc(originalValue,256) // to store original speed and jump values
alloc(superAddress,8) // address to add in address-list, hotkey will be assigned

//registersymbol(originalValue)
registersymbol(superAddress)

//label(OrgSpeedVal) // storing original value of speed
//label(OrgJumpVal) // storing original value of jump
label(SuperEnable) // enable section - it will be controlled by "superAddress"
label(SuperDisable) // disable section - it will be controlled by "superAddress"
label(code)
label(return)

//originalValue:

//OrgSpeedVal:
  //dd (float)2.0 // original speed value
//OrgJumpVal:
  //dd (float)7.0 // original jump value


new:
  cmp [superAddress],01 // pressing my hotkey to set the value to '1'
  je SuperEnable // and jump to here if i want to enable it
  cmp [superAddress],02 // pressing my hotkey to set the value to '2'
  je SuperDisable // and jump to here if i want to disable it
  // if non, then it will continue to code

code:
  movups xmm1,[rax+10]
  movups [rcx+10],xmm1
  jmp return

SuperEnable:
  mov [superAddress],00
  mov [rax+20],(float)22.00 // super speed
  mov [rax+3C],(float)77.00 // super jump
  jmp code

SuperDisable:
  mov [superAddress],00
  mov [rax+20],(float)2.0
  mov [rax+3C],(float)7.0
  jmp code

superAddress:
db 00

super+08:
  jmp new
  nop
  nop
  nop
return:
registersymbol(super)

[DISABLE]

super+08:
  db 0F 10 48 10 0F 11 49 10

//unregistersymbol(originalValue)
unregistersymbol(superAddress)
unregistersymbol(super)
//dealloc(originalValue)
dealloc(superAddress)
dealloc(new)

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
mexyn
How do I cheat?
Reputation: 0

Joined: 02 Oct 2015
Posts: 4

PostPosted: Tue Dec 12, 2017 11:13 am    Post subject: Reply with quote

OldCheatEngineUser wrote:
here is my script, please ignore my comments and commented labels etc.
its an old script i was doing some tests, but anyway it works even tho i didnt complete my work.


Thank you very much!!!

As i am very interested how to achieve such things and actually want to understand the way this is done, can you give me s short explanation how you did find these values?

Would be very cool, cause im tryin to get better at those things Smile Just a short breadcrump description to know which "way" you did it would be very nice!

Thanks again!
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Tue Dec 12, 2017 12:11 pm    Post subject: Reply with quote

in short there is no standard/general way to do/find these.

it depends on the game, and it depends very much.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites