View previous topic :: View next topic |
Author |
Message |
gunite69 Newbie cheater Reputation: 0
Joined: 18 Jul 2015 Posts: 10
|
Posted: Sun Jul 19, 2015 12:53 am Post subject: Help to Find base addresses. |
|
|
So I have a script for a particular game. And every patch it changes the addresses of a particular animation. I was informed that if i could reverse find already exisiting values i could find the base address. So when the patch comes, I can just find the new addresses using old values.
Code: | alloc(newmem,256)
label(returnhere)
label(originalcode)
label(exit)
007B8EFD: // The address of the instruction that tells the client which animation to play when someone jumps
jmp newmem
nop
returnhere:
newmem:
mov eax,[00A4A374] // Player base pointer. Purpose of the code is to check whether it was yourself or someone else who jumped - only change the animation of other players.
cmp eax,ecx
je originalcode
mov [edi],00000395
jmp returnhere
originalcode:
mov [edi],00000082
exit:
jmp returnhere |
I am wondering How abouts do i go doing this.. I am a complete noob in coding or anything.
If someone could help me it would be great if not maybe link some specific guides if possible...
Thank you.
|
|
Back to top |
|
|
Daijobu Master Cheater Reputation: 13
Joined: 05 Feb 2013 Posts: 301 Location: the Netherlands
|
|
Back to top |
|
|
Rydian Grandmaster Cheater Supreme Reputation: 31
Joined: 17 Sep 2012 Posts: 1358
|
|
Back to top |
|
|
gunite69 Newbie cheater Reputation: 0
Joined: 18 Jul 2015 Posts: 10
|
Posted: Sun Jul 19, 2015 6:39 am Post subject: |
|
|
Thank you for both of your help! I have read both guides and got a major headache from it.. I have tried though but I am unsure because I'm not essentially dealing with Health. Its to do with jumps and usualyl i thought it would be a 0 and 1?
0 = not jump
1= jump?
i guess the script template is very similar but I'm still unsure how to update the new address if a patch come.
I know that this following part of the script forever remains the same.
Code: | je originalcode
mov [edi],00000395
jmp returnhere
originalcode:
mov [edi],00000082 |
for example "007B8EFD" address comes from "00000082"?
[/code]
|
|
Back to top |
|
|
vng21092 Grandmaster Cheater Reputation: 15
Joined: 05 Apr 2013 Posts: 644
|
Posted: Sun Jul 19, 2015 6:46 am Post subject: |
|
|
gunite69 wrote: | for example "007B8EFD" address comes from "00000082"? | nope... "007B8EFD" is the address being held inside the "EDI" register, "00000082" is the VALUE being copied into that address (82 HEX = 130 DEC), so when you see mov [edi],00000082, just look at it like this
|
|
Back to top |
|
|
gunite69 Newbie cheater Reputation: 0
Joined: 18 Jul 2015 Posts: 10
|
Posted: Sun Jul 19, 2015 7:03 am Post subject: |
|
|
vng21092 wrote: | gunite69 wrote: | for example "007B8EFD" address comes from "00000082"? | nope... "007B8EFD" is the address being held inside the "EDI" register, "00000082" is the VALUE being copied into that address (82 HEX = 130 DEC), so when you see mov [edi],00000082, just look at it like this
<removed. Cannot post URLs |
Wow thank you for the awesome diagram!
so sweet, correct me if im wrong. so basically "007B8EFD"Is the EDI pretty much. and this "00000082". is like the battery to a car.
So if the case "007B8EFD" changes every patch, how would i update it to work with the new patch? Im guessing I would have to use "007B8EFD" to trace back to that ???? (Hidden address) to get a new one?
Im so sorry I am soo lost >.>
For example, here was the exact same script but for the previous patch of the game.
Code: |
alloc(newmem,256)
label(returnhere)
label(originalcode)
label(exit)
007B8336: // The address of the instruction that tells the client which animation to play when someone jumps
jmp newmem
nop
returnhere:
newmem:
mov eax,[00A4A374] // Player base pointer. Purpose of the code is to check whether it was yourself or someone else who jumped - only change the animation of other players.
cmp eax,ecx
je originalcode
mov [edi],00000395
jmp returnhere
originalcode:
mov [edi],00000082
exit:
jmp returnhere
|
|
|
Back to top |
|
|
vng21092 Grandmaster Cheater Reputation: 15
Joined: 05 Apr 2013 Posts: 644
|
Posted: Sun Jul 19, 2015 7:27 am Post subject: |
|
|
no no no, that's the beauty of code injection, you don't NEED to be up to date with the current address because you DON'T need the address. Visualize it like this. You buy something off Amazon right? The order arrives at your house, what do you have? A box (in this case, it would be the register EDI), now, you don't really know what the packaging of the item LOOKS like (in this case, its the address, right now its "007B8EFD", but when you restart the game it might not be). But what you DO know is WHATS inside the packaging (in this case "00000082" or w/e you want). So all you really need to know is the REGISTER, you don't really need the address because the register already contains the address. Hope thats helps out.
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Sun Jul 19, 2015 7:36 am Post subject: |
|
|
Problem is his code is hardcoding the base player pointer.
So yes, his code will likely break on a patch.
You need to find some code which ONLY accesses the player pointer.
Setup a separate code injection there to save the address.
Then in your current script, you would read the value of that address instead of directly using mov eax,[00A4A374]
Since games normally have a HUD which only shows the player's health, you can normally find some piece of code that only accesses the player's stats. This is where you'd want to retrieve the base pointer address.
In addition to that, you should use the AOB Injection template instead of Code Injection.
That will make it even more patch-proof.
|
|
Back to top |
|
|
gunite69 Newbie cheater Reputation: 0
Joined: 18 Jul 2015 Posts: 10
|
Posted: Sun Jul 19, 2015 7:44 am Post subject: |
|
|
Ahh okay... that makes more sense now hahaha.
And with regards to code injection that was one of the guides Rydian posted. I had a read thru and sorta tried it out in terms of the game im trying to test out but yeh hahah not too easy >.>
So how would I go abouts doing the code injection now lol? (feels like a next level step, even when i cant get the addresses).
This is all soo new too me and alot harder than it seems hahaha.
|
|
Back to top |
|
|
vng21092 Grandmaster Cheater Reputation: 15
Joined: 05 Apr 2013 Posts: 644
|
Posted: Sun Jul 19, 2015 7:49 am Post subject: |
|
|
you probably don't even need to reference the player pointer, you should check if that instruction applies to anyone else BUT you, and if it does, look for FILTERS (dissect data structures), not POINTERS (pointers = no no in my book). There's usually more than one instruction ACCESSING your address, if you could find just ONE that isolates you from everybody else, use THAT as your injection point. Code injection is quite easy actually, learning it is quite easy because C.E proves TEMPLATES for you. All you have to do is make sure when you disable the script, it reverts back to what it was before.
|
|
Back to top |
|
|
gunite69 Newbie cheater Reputation: 0
Joined: 18 Jul 2015 Posts: 10
|
Posted: Sun Jul 19, 2015 7:59 am Post subject: |
|
|
Zanzer wrote: | Problem is his code is hardcoding the base player pointer.
So yes, his code will likely break on a patch.
You need to find some code which ONLY accesses the player pointer.
Setup a separate code injection there to save the address.
Then in your current script, you would read the value of that address instead of directly using mov eax,[00A4A374]
Since games normally have a HUD which only shows the player's health, you can normally find some piece of code that only accesses the player's stats. This is where you'd want to retrieve the base pointer address.
In addition to that, you should use the AOB Injection template instead of Code Injection.
That will make it even more patch-proof. |
I wouldn't say its my script. its a really old private script made by someone (so i take no credit of the making). Just i want to update it for personal uses.
And yep there is some sort of health HUD to show my health. All in all, I personally don't mind if I have to keep updating it on every patch which is also quite frequent. I just want to know how to update it lol, im soo clueless as to how atm espically making another seperate script for it.
|
|
Back to top |
|
|
vng21092 Grandmaster Cheater Reputation: 15
Joined: 05 Apr 2013 Posts: 644
|
Posted: Sun Jul 19, 2015 8:03 am Post subject: |
|
|
heres a template... TO THE TEMPLATE, use it as a guideline if you must (not AOB, but not far from it either)
|
|
Back to top |
|
|
gunite69 Newbie cheater Reputation: 0
Joined: 18 Jul 2015 Posts: 10
|
Posted: Sun Jul 19, 2015 8:07 am Post subject: |
|
|
vng21092 wrote: | you probably don't even need to reference the player pointer, you should check if that instruction applies to anyone else BUT you, and if it does, look for FILTERS (dissect data structures), not POINTERS (pointers = no no in my book). There's usually more than one instruction ACCESSING your address, if you could find just ONE that isolates you from everybody else, use THAT as your injection point. Code injection is quite easy actually, learning it is quite easy because C.E proves TEMPLATES for you. All you have to do is make sure when you disable the script, it reverts back to what it was before. |
Currently, I am not sure if there is one way to seperate me from others. BUt i see what you mean.. I really think my knowledge of CE has a very short limit haha........
But for a brief intro this is pretty much an animation.
The goal of this script is to change jump animation of players in the game to another animation maybe like a "dash".
While the jump animation is universal, including yourself, the player pointer is to make sure that your animation doesnt change but everyone else - hope i didnt state the obvious >.<.
now i got so nany ideas i dunno where to begin... let alone finding a way to update the new addresses.
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Sun Jul 19, 2015 8:39 am Post subject: |
|
|
AOB Injection is basically the same as Code Injection, with different label names.
The special part, which is done automatically, is the AOB Scan at the top.
This searches the game for the unique byte array which makes up the code at your injection point.
So when a patch comes and your injection point moves, CE will find it for you when you enable the script.
|
|
Back to top |
|
|
gunite69 Newbie cheater Reputation: 0
Joined: 18 Jul 2015 Posts: 10
|
Posted: Sun Jul 19, 2015 8:57 am Post subject: |
|
|
AHh okay! Been playing it around for abit...
Currently, I'm trying to figure out the "Your Stuff Goes" here part..... and how its structured because there is two codes to the script that i posted?
EDIT: damn i cant post urls.
|
|
Back to top |
|
|
|