 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
DarkIceCore
Expert Cheater
![]() Reputation: 0
Joined: 10 Jun 2012
Posts: 102
Location: Moscow
|
 Posted: Thu Nov 13, 2014 9:11 pm Post subject: |
 |
|
BIG THX for detailed explication/solution
will try. something similar tryed in the last hours, BUT with mistakes, as seen now...
|
|
| Back to top |
|
 |
jim2point0
Master Cheater
 Reputation: 4
Joined: 05 Oct 2012
Posts: 336
|
| Posted: Thu Nov 13, 2014 11:09 pm Post subject: |
|
|
| Dark Byte wrote: |
Do a code injection like you always do, but skip the part where you write a jmp to your code .
Change the script so it jumps back to the instruction after the instruction you wish to enter from (adjust the original code part as well)
inject the script and note down the address of newmem(or what you named it)
......
......
|
Is this a way to bypass the protection? Because I'm not quite getting it. Here's a real simple script that just retrieves an address. Eventually I want to disable the original line, but for now, how could I get this to run without crashing?
| Code: | [ENABLE]
alloc(newmem,2048,"ACU.exe")
label(returnhere)
label(fovAddress)
registersymbol(fovAddress)
newmem:
mov [fovAddress],r14
movss [r14+70],xmm1
jmp returnhere
///
fovAddress:
dd 0
///
"ACU.exe"+1EAF565:
jmp newmem
nop
returnhere:
[DISABLE]
dealloc(newmem)
"ACU.exe"+1EAF565:
movss [r14+70],xmm1
//
unregistersymbol(fovAddress) |
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25288
Location: The netherlands
|
| Posted: Thu Nov 13, 2014 11:33 pm Post subject: |
 |
|
It's not going to be table friendly
| Code: |
alloc(newmem,2048,"ACU.exe")
label(returnhere)
registersymbol(newmem)
label(fovAddress)
registersymbol(fovAddress)
newmem:
mov [fovAddress],r14
movss [r14+70],xmm1
jmp returnhere
///
fovAddress:
dd 0
///
"ACU.exe"+1EAF565+6: //+6 for the size of movss [r14+70],xmm1
returnhere:
|
and then go to "ACU.exe"+1EAF565, rightclick it and choose "Change register on breakpoint" fill in as EIP the address of newmem (just newmem should work too, the symbolhandler is used to parse the input)
To disable it, you have to remove the breakpoint
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
DarkIceCore
Expert Cheater
![]() Reputation: 0
Joined: 10 Jun 2012
Posts: 102
Location: Moscow
|
| Posted: Fri Nov 14, 2014 2:51 am Post subject: |
|
|
all is working, but no time for that now...
simple to make money and points as you wish:
| Code: |
[ENABLE]
alloc(compareplace,2048,"ACU.exe"+EBD057)
//
registersymbol(compareplace)
label(moneyread)
registersymbol(moneyread)
//
compareplace: //newmem
cmp [rax+28],edi
mov [moneyread],rax
setae al
jmp "ACU.exe"+EBD05D
//
moneyread:
dd 0
//
{
"ACU.exe"+EBD05A / ACU.WriteData+EB740A - 0F93 C0 - setae al //140EBD05A
"ACU.exe"+EBD05D / ACU.WriteData+EB740D - 48 8B 5C 24 30 - mov rbx,[rsp+30] //140EBD05D
}
"ACU.exe"+EBD057:
cmp [rax+28],edi
setae al
[DISABLE]
dealloc(compareplace)
"ACU.exe"+EBD057:
cmp [rax+28],edi
setae al
//Alt: db 39 78 28 0F 93 C0
unregistersymbol(moneyread)
unregistersymbol(compareplace)
|
then make changes for them in code or make addresses with "compareplace"+28, set or freeze them or whatever )
for inventory and other stuff like life will make late.
Dark Byte
very big thanx!
but have some question:
could i write somehow in my script, or in some lua, or elsewhere to "automatic" set EIP/RIP of Based instruction, where injection starts, to "newmem" address? will be very nice! but how to make it, maybe with call/ret/cs or use to jmp eax/rax or other, i dont know.
|
|
| Back to top |
|
|
omoe
Grandmaster Cheater
 Reputation: 8
Joined: 11 Jun 2013
Posts: 547
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 458
Joined: 09 May 2003
Posts: 25288
Location: The netherlands
|
| Posted: Fri Nov 14, 2014 7:14 am Post subject: |
|
|
Yes, you can use lua to set a breakpoint and in debugger_onBreakpoint check if RIP is the original and if so change RIP to the new address
The downside is that this method is a bit slower than the native buit in changeregonbp which is only exported to plugins(i'll see about adding that to lua for next version). But if your code doesn't get called constantly you shouldn't notice it
edit: Thanks omoe
And guys, again, I recommend making a copy of the .exe as it is right now, so you can use that when a patch comes out and see what it changes (That bypass uses static addresses so will break next patch)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Scarbo
Newbie cheater
![]() Reputation: 0
Joined: 14 Nov 2014
Posts: 15
|
| Posted: Fri Nov 14, 2014 10:27 am Post subject: |
|
|
Thanks to everyone trying to create a table.
Can I use the code above in a table to make the cheats works in game yet or is it not working?
|
|
| Back to top |
|
|
aikoncwd
Grandmaster Cheater
 Reputation: 23
Joined: 21 Dec 2012
Posts: 591
Location: Spain (Barcelona)
|
| Posted: Fri Nov 14, 2014 11:18 am Post subject: |
|
|
Excellent work.
I love how anticheats and antidebuggers works, I'm going to code something like CE_Tutorial but with a lot of anticheat routines. Any one here is interested on trying my routines and learn some tricks?
_________________
Hey Hitler
Test here your skill with CheatEngine, I coded a challenge for you. Try to beat it!
HERE |
|
| Back to top |
|
|
MWB
Newbie cheater
![]() Reputation: 0
Joined: 21 Jul 2012
Posts: 14
|
| Posted: Mon Nov 17, 2014 3:37 am Post subject: |
|
|
I was able to get money in the retail version of ACU, however it came up with 4-5 addresses, i set them all to 5million and locked them.
The first time i killed some random straggler and looted his body i got 5mil.
Been fiddling about with skill points and other things but that was a no go, tried the same way by locking skill points and doing a mission that awarded them but that didn't work. It did show i had 50 points available but when i used 2-4 it reset to it's original value.
I did this with Uplay in offline mode and disabled my network card so it wouldn't have any connection to the internet.
Also tried it for the lame Helix credits but that was also a no go, mini transactions.. i mean come on. Nomad points don't seem to work either.
Since i'm a complete noob at this and can only do basic things, money was the easiest i guess i've only used the options in CH and didn't write scripts or anything.
And for the whole online discussion, since it's non competitive as in no PVP it only benefits others on the coop/heist missions the first coop i did was a grand disaster because neither of us had any proper gear and we just weren't able to complete the mission due to lack of survivability. Lateron it went a lot smoother when we were able to buy some gear (the best gear which costs 125k a piece).
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
