Strece How do I cheat? Reputation: 0
Joined: 09 Oct 2012 Posts: 2
|
Posted: Wed Nov 11, 2015 8:23 am Post subject: Need help with finding some infos about Zuma Deluxe |
|
|
Hello,
I am trying to get some addresses from Zuma Deluxe to create a cheat table for it.
For now I only have Score, Lives and the Progress Bar which needs to be filled so no new balls are spawned.
But I try to find some other things, most important speed of the balls and my current ball (to change it like for example to a slow ball). Also I like to have the position and color of the balls (trying to write a bot for it).
I tried several ways.
1. Scan for unknown initial value and scan for changed and unchanged value after I shoot a ball (not really working)
2. I looked up the score address and used the structure tool to hopefully find the player struct (some success). I found the score, lives, bar also there, a value if the game is paused or not and many other values and pointers, but can't find anything else related to the balls there
3. Looked up the register values and found some value in register ebx which don't change. I looked up the structure and it looked like the main class, but this is just a suggestion. From there I had no idea to continue.
4. I downloaded a cheat table for Zuma Revenge and looked into the script to get an idea in which way the actual ball is placed.
The script was short:
Code: | //Made by Geri with Cheat Engine 5.6.1
//11th November, 2010
//All rights reserved. You are not allowed to use these scripts to create Your own trainer without my permission.
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
label(bonus)
registersymbol(bonus)
aobscan(abonus,8b 83 1c 01 00 00 83 f8 0e * * 8b c8)
abonus:
bonus:
jmp newmem
nop
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
mov [ebx+0000011c],1
originalcode:
mov eax,[ebx+0000011c]
exit:
jmp returnhere
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
004571E7:
mov eax,[ebx+0000011c]
//Alt: db 8B 83 1C 01 00 00
unregistersymbol(bonus) |
So for me it looks like at ebx+0000011c there is the next ball which will be active in the game and the script overwrite it with another value (like Slow Ball).
I tried to find code like this and found a huge amount. Adding breakpoints at some didn't lead to a successful break when I shoot a ball.
Can someone help to lead me in the right direction or someone already have a table or static addresses for this game?
Greetings, Strece
|
|