View previous topic :: View next topic |
Author |
Message |
Dlve Advanced Cheater Reputation: 0
Joined: 24 Feb 2014 Posts: 54
|
Posted: Sat Mar 08, 2014 5:17 pm Post subject: |
|
|
When I type in "value" in the bottom text field the pointer shows -> ??????.
So I can't get it to work. Adding the offset doesn't help.
|
|
Back to top |
|
|
danrevella Master Cheater Reputation: 2
Joined: 11 Jun 2008 Posts: 290
|
Posted: Sat Mar 08, 2014 5:32 pm Post subject: |
|
|
Dlve wrote: | When I type in "value" in the bottom text field the pointer shows -> ??????.
So I can't get it to work. Adding the offset doesn't help. |
May you tell us "exactelly" the name and the version of this game?
I have a lot of time so I may give a try.
Of course nothingh to do if this is a "online-only" game......
|
|
Back to top |
|
|
Dlve Advanced Cheater Reputation: 0
Joined: 24 Feb 2014 Posts: 54
|
Posted: Sat Mar 08, 2014 5:39 pm Post subject: |
|
|
It's the game of the year edition. Version is the most recent of course.
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Sat Mar 08, 2014 6:51 pm Post subject: |
|
|
Dlve-
Did you enable the script first? If so, and it still shows ???, then the instruction that you are using is only accessing your address at certain times (for example, only when the address is getting written to). If you can, use an instruction that accesses the address, not writes to.
Nonetheless, if the instruction handles money, spend (or gain) some money, then try again...all while the script is enabled.
It is always better, if we can, to use an instruction that accesses our targeted address several times per second, as opposed to only when something changes.
|
|
Back to top |
|
|
Dlve Advanced Cheater Reputation: 0
Joined: 24 Feb 2014 Posts: 54
|
Posted: Sat Mar 08, 2014 8:11 pm Post subject: |
|
|
SORRY! I made a huge NOOB mistake. I didn't enable the script first even though you had plainly told me to do that. I should have figured it out myself, sorry.
Yeah, the script works once I've bought something.
Where can I find information on how to do that value addition there or can you tell me?
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Sat Mar 08, 2014 8:37 pm Post subject: |
|
|
Dlve wrote: | Where can I find information on how to do that value addition there or can you tell me? | -Not sure what you mean here. Also, it sounds like you have a bad injection point...you might do as suggested above, and see if there is a better choice. By doing so, any changes you make to [value] will be instantaneous, regardless of any change to that address.
|
|
Back to top |
|
|
Dlve Advanced Cheater Reputation: 0
Joined: 24 Feb 2014 Posts: 54
|
Posted: Sat Mar 08, 2014 9:01 pm Post subject: |
|
|
++METHOS wrote: | Dlve wrote: | Where can I find information on how to do that value addition there or can you tell me? | -Not sure what you mean here. Also, it sounds like you have a bad injection point...you might do as suggested above, and see if there is a better choice. By doing so, any changes you make to [value] will be instantaneous, regardless of any change to that address. |
You made that value thing below the script. I was wondering about that. Well basically the whole, how should I put it, value injection is a bit of a mystery.
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Sat Mar 08, 2014 9:10 pm Post subject: |
|
|
Not sure what your question is.
If you look at the script, all we are doing is moving the register (esi, I think), in to a temporary address that we create so that we can manipulate it as we see fit. Adding the offset was necessary to get to the value that we wanted in the data structure. We knew that the offset was +4, because the instruction that writes to our value is [esi+4]. The register esi holds the base address for our value's structure (probably). 'value' was just a user-defined label that I used. We could have used anything.
|
|
Back to top |
|
|
Dlve Advanced Cheater Reputation: 0
Joined: 24 Feb 2014 Posts: 54
|
Posted: Sun Mar 09, 2014 5:08 am Post subject: |
|
|
I don't know the correct terms so I'm trying to explain in words that I know but since it's difficult for you to understand I'll attach a picture.
In that picture there is "VALUE" below the script right?
How is that done?
What I mean is that I would like to learn how to do that myself so I can do that in other games and other things in this game. Plus, as you said, I need to change the injection point for money. Hope I was clear enough this time...
Description: |
|
Filesize: |
27.29 KB |
Viewed: |
10382 Time(s) |
|
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Sun Mar 09, 2014 10:43 am Post subject: |
|
|
That's just an address that I added manually. Click on the button that says 'add address manually'. From there, you just follow the steps that I outlined in a previous post. Of course, for that custom address to work, you have to write the script accordingly (e.g. mov [value],esi).
|
|
Back to top |
|
|
Dlve Advanced Cheater Reputation: 0
Joined: 24 Feb 2014 Posts: 54
|
Posted: Sun Mar 09, 2014 12:18 pm Post subject: |
|
|
There is an instruction that accesses the money address several times but it also accesses four other addresses, so I need to filter them. The question is how can that be accomplished?
|
|
Back to top |
|
|
danrevella Master Cheater Reputation: 2
Joined: 11 Jun 2008 Posts: 290
|
Posted: Sun Mar 09, 2014 12:30 pm Post subject: |
|
|
Dlve wrote: | There is an instruction that accesses the money address several times but it also accesses four other addresses, so I need to filter them. The question is how can that be accomplished? |
This question is really interest and important.......
Apratical example will be really welcome....
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Sun Mar 09, 2014 2:02 pm Post subject: |
|
|
There are several ways to do it. Look at Geri's tutorial covering data structure dissection.
Since there are only 4 addresses, I would check their registers to see if there is a unique identifier. You can do this by adding all 4 addresses to your cheat table, and individually, one-by-one, right-clicking on them to see which instructions access them. In the debugger windows, at the bottom, you can see the value of each register...there, you may find that simply comparing a register will work.
|
|
Back to top |
|
|
Dlve Advanced Cheater Reputation: 0
Joined: 24 Feb 2014 Posts: 54
|
Posted: Wed Mar 12, 2014 12:22 pm Post subject: |
|
|
I'm not sure what I should be looking for in the bottom of the debugger. I mean the addresses for esi etc. are different but so what? In my humble opinion Geri says nothing about how he makes the code work for his unit only and not the enemies also. If it's there in the script, I'm in trouble because I'm no coder and that code looks nothing like I've seen so far.
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Wed Mar 12, 2014 2:07 pm Post subject: |
|
|
Checking the register values is only one way to filter out unwanted addresses. It doesn't always work. Of course esi is different, that is the register that holds the base address of your targeted value. We are interested in the other register values. Of course, if you find a unique identifier, you will have to close out the game etc. and check it again to see if it's a static value or not, because we want to ensure that whatever we use for our compare will be consistent and reliable.
Regarding the script, all I can say is learn more about assembly language and review tutorials that cover 'dissect data structures'.
Here is an excerpt from Geri's script:
Code: | fstp dword ptr [esi+04] //original code which is changing the health
pushfd //save flags
pushad //save registers
cmp [esi],0 //check if ESI=0
jne +6 //if ESI is not 0, the code will jump over the next 2 lines, jumping to the "popad" instruction
mov eax,[esi+08] //copy the max health on eax
mov [esi+04],eax //copy eax to the health, so max health = health
popad //load registers
popfd //load flags |
If you notice:
You will see that this is where he performs his compare, to filter out nonessential addresses. Looking at his structure:
You can see that player ID is stored at offset +0. The first two players have an ID of 0, and the enemy players have an ID of 1. That being the case, by comparing [esi],0 we can filter out all players that have an ID of 1, therefore filtering out all enemy players:
Code: | cmp [esi],0 //check if player ID equals 0
jne returnhere //if player ID does NOT equal 0, then leave and do nothing, but if player ID does equal 0, continue with code to alter health
mov [esi+4],#999 //move value 999 in to player health
jmp returnhere //leave |
Not all structures will be this straightforward and simple. In fact, most games will not be. But that doesn't matter. Really, we can use whatever we want to filter out unwanted addresses. It doesn't necessarily have to be player ID, it can be any value that differs from the others. For example, player maximum health, which is stored at offset +8, could be used in this case. If you notice, the values for maximum health for enemy players is 360, but the value for maximum health for ally players is 150, so that should work. Unfortunately, using maximum health value for your compare will not work for most games, but it just shows you what is possible, and that any value(s) can be used for filtering. In fact, you could use as many values as you want...you don't have to use a single value/offset.
If you're not sure about something, just ask...but be specific. If you need help with your script, post it and people can help with that, too.
|
|
Back to top |
|
|
|