| View previous topic :: View next topic |
| Author |
Message |
BlackMajor
How do I cheat?
![]() Reputation: 0
Joined: 19 Feb 2015
Posts: 5
Location: New Zealand
|
 Posted: Fri Apr 03, 2015 12:44 am Post subject: Auto Assembly question about Pointers. |
 |
|
Hello friends.
I have a question about scripting in Auto Assembly.
I'm trying to put a pointer into Auto Assembly to teleport one object to another object.
I have pointers for the position of both objects.
The offsets for the pointer of the first object are d0, 100, 320, 20, 1a0
While the second objects offsets are 10, 50, 10.
I'm trying to put these pointers into Auto Assembly like such.
[[[game.exe]+10]+50]+10:
readmem([[[[[game.exe]+d0]+100]+320]+20]+1a0,12)
But CE tells me that the pointers are invalid specifiers, despite working fine if i manually copy the bytes from the first address into the second.
The game i'm working in is 64-bit.
Any idea what i'm doing wrong here?
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25291
Location: The netherlands
|
| Posted: Fri Apr 03, 2015 3:46 am Post subject: |
|
|
currently pointer notations like that don't work on 64 bit targets (it's fixed in the svn)
you may instead want to use two entries in the cheat table (aob's 12 length)
entry1 with address [[game.exe]+10]+50]+10
entry2 with address [[[[[game.exe]+d0]+100]+320]+20]+1a0
then assign a hotkey to entry1 of type "set value" and set the new value to (entry2)
setting values using round braces will take on the current value of the entry it specifies
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
BlackMajor
How do I cheat?
![]() Reputation: 0
Joined: 19 Feb 2015
Posts: 5
Location: New Zealand
|
| Posted: Fri Apr 03, 2015 7:47 am Post subject: |
|
|
Ah, thanks frienderino.
A tad dissapointed that i can't get the pointer into an AA script, for now.
Had some other things going on in the script other than the teleport, so it's a bit inconvenient to do it with multiple hotkeys.
Thanks for the info.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 458
Joined: 09 May 2003
Posts: 25291
Location: The netherlands
|
| Posted: Fri Apr 03, 2015 8:07 am Post subject: |
|
|
you could use a {$lua} section to define the address (or do the writing itself)
e.g:
| Code: |
{$lua}
--this replaces
--[[[game.exe+123]+10]+50]+10:
--readmem([[[[[game.exe+123]+d0]+100]+320]+20]+1a0,12)
local address
address=readPointer("game.exe+123")+0x10
address=readPointer(address)+0x50
address=readPointer(address)+0x10
local address2
address2=readPointer("game.exe+123")+0xd0
address2=readPointer(address2)+0x100
address2=readPointer(address2)+0x320
address2=readPointer(address2)+0x20
address2=readPointer(address2)+0x1a0
return string.format([[
%x:
readmem(%x,12)
]],address,address2)
{$asm}
//rest of the script
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
mgr.inz.Player
I post too much
 Reputation: 218
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Fri Apr 10, 2015 3:16 pm Post subject: |
|
|
similar thread: http://forum.cheatengine.org/viewtopic.php?t=580783
Could someone test this fix. It fixes the [] notation on 64bit CE attached to 64bit game or other 64bit target.
| Code: | fix64bitPointerString = [[
// only for 64bit CE6.4 from 26 VI 2014
define(address1,cheatengine-x86_64.exe+957AC)
define(bytes1,89 45 C0 EB 2B)
define(address2,cheatengine-x86_64.exe+95944)
define(bytes2,8B 45 C0 48 89 45 A8)
alloc(newmem,64,cheatengine-x86_64.exe)
label(part2)
label(return2)
assert(address1,bytes1)
assert(address2,bytes2)
newmem:
mov [rbp-40],rax
jmp cheatengine-x86_64.exe+957DC
part2:
mov rax,[rbp-40]
mov [rbp-58],rax
jmp return2
address1:
jmp newmem
address2:
jmp part2
nop
nop
return2:
]]
autoAssemble(fix64bitPointerString,true) |
_________________
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Fri Apr 10, 2015 3:32 pm Post subject: |
|
|
I don't appear to be experiencing the bug. Or I'm not understanding it correctly.
| Code: | [ENABLE]
alloc(myvar,8)
registersymbol(myvar)
[[[DarkSoulsII.exe+160B8D0]+d0]+490]+ec:
dd #9999999
myvar:
readmem([[DarkSoulsII.exe+160B8D0]+d0]+490,8)
[DISABLE]
dealloc(myvar)
unregistersymbol(myvar) |
This is the Souls Pointer in the 64-bit Dark Souls II Scholar of the First Sin
Both instructions execute just fine. First sets my souls and the second creates a custom pointer.
Did not execute your script. Cheat Engine 6.4.
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 218
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sat Apr 11, 2015 2:41 am Post subject: |
|
|
@Zanzer
what values are inside:
DarkSoulsII.exe+160B8D0
[DarkSoulsII.exe+160B8D0]+d0
[[DarkSoulsII.exe+160B8D0]+d0]+490
[[[DarkSoulsII.exe+160B8D0]+d0]+490]+ec
what OS you have?
_________________
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Sat Apr 11, 2015 7:57 am Post subject: |
|
|
Windows 7 SP1 64-bit
| Code: | Pointer Address Value
DarkSoulsII.exe+160B8D0 0161B8D0 7FFEC750260
[DarkSoulsII.exe+160B8D0]+d0 7FFEC750330 7FFEFDE9A40
[[DarkSoulsII.exe+160B8D0]+d0]+490 7FFEFDE9ED0 7FFEFECEFD0
[[[DarkSoulsII.exe+160B8D0]+d0]+490]+ec 7FFEFECF0BC #999999999 |
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 218
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sat Apr 11, 2015 1:29 pm Post subject: |
|
|
Really? Are you sure you are not using newer version ?
uninstall any CheatEngine, or use some "virtual machine". (virtualbox or etc)
Be sure you have original CE6.4, download it from cheatengine main page.
Install it.
1 Now, download CT file in the attachment
2 launch 64bit cheatengine, and attach it to itself cheatengine-x86_64
(it could be any 64 target, but my CT file is prepared only for targeting itself, because it seeks for 64 bit lua dll, because this module will probably be loaded above 0xFFFFFFFF)
3 open my CT file
4 check "lua5.1-64.dll start address". Address must be something bigger than 0xFFFFFFFF.
For me, it is 0x180000000
5 now, tick "phase 1 - init"
6 at the first entry you will see "this bike is red" instead of '??'
7 tick "phase 2 - pointerstring test"
You can not.........
8 now, execute my fix written in Lua (because only with Lua we can inject code to CE itself, well, we attached CE to itself, but, normally we don't do that, we attach CE to game process)
9 now try tick "phase 1 - init" and then "phase 2 - pointerstring test" again
10 the bike isn't red
Your CT files with pointerstrings won't work for people which are using CE6.4 and the game is also 64bit
It could work if they use CE6.4+ (my builds)
or CE6.4+ prepared by DarkByte (it still says it is 6.4)
or they compiled CE themselves.
| Description: |
|
Download |
| Filename: |
pointerstring tester.CT |
| Filesize: |
2.17 KB |
| Downloaded: |
790 Time(s) |
_________________
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 218
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sun Apr 12, 2015 8:13 am Post subject: |
|
|
| BlackMajor wrote: | I'm trying to put these pointers into Auto Assembly like such.
[[[game.exe]+10]+50]+10:
readmem([[[[[game.exe]+d0]+100]+320]+20]+1a0,12) |
AA script would be like this (I 'compressed' my fix, so it takes less lines):
| Code: | [ENABLE]
{$lua}
if syntaxcheck then return end
fix64bitPointerString = [[// only for 64bit CE6.4 from 26 VI 2014 \n
define(address1,cheatengine-x86_64.exe+957AC)\ndefine(bytes1,8945C0EB2B)\ndefine(address2,cheatengi
ne-x86_64.exe+95944)\ndefine(bytes2,8B45C0488945A8)\nassert(address1,bytes1)\nassert(address2,bytes
2)\n\nalloc(newmem,64,cheatengine-x86_64.exe)\nlabel(return2)\n\nnewmem:\nmov [rbp-40],rax\njmp che
atengine-x86_64.exe+957DC\nnewmem+A:\nmov rax,[rbp-40]\nmov [rbp-58],rax\njmp return2\naddress1:\nj
mp newmem\naddress2:\njmp newmem+A\nnop\nnop\nreturn2:]]
autoAssemble(fix64bitPointerString:gsub('\n',''):gsub('\\n','\n'),true)
-- it is safe to execute it many times because of 'assert' instruction
{$asm}
[[[game.exe]+10]+50]+10:
readmem([[[[[game.exe]+d0]+100]+320]+20]+1a0,12)
[DISABLE]
|
_________________
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Sun Apr 12, 2015 9:54 am Post subject: |
|
|
I think the reason my script works with Dark Souls II is because the initial address is not larger than 0xFFFFFFFF.
So CE's only problem may be that the initial address is being read as 32-bits. All others are correctly 64.
I did test your script mgr.inz.Player and I was not able to enable Phase 2 without running your fix first.
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 218
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sun Apr 12, 2015 3:36 pm Post subject: |
|
|
ah, yes.
| Quote: | | DarkSoulsII.exe+160B8D0 0161B8D0 |
For "DarkSoulsII Scholar of the First Sin", you don't need this fix.
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
