Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


A little help with a script?
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Jiehfeng
Expert Cheater
Reputation: 0

Joined: 03 Jan 2014
Posts: 107

PostPosted: Sat May 21, 2016 8:47 am    Post subject: A little help with a script? Reply with quote

Hopefully this is the right subforum, anyways,

I'm trying to hack AC:Unity. The money and creed points are easy to hack so I'm focusing more on the skillpoints. After a few scans I came across two addresses with the same values (which is the skillpoint value), I found out what the address writes to and they use the same opcode, with a different address. I took screenshots:

This screenshot is of the left opcode


This is of the right opcode


The problem is, making a script for either of them crashes the game, or if the code is replaced with a nop. Any ideas?

_________________
I know you're reading this, Hitler.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Sat May 21, 2016 9:03 am    Post subject: Reply with quote

Does changing one of those values in the address list actually change the number of skill points in-game? If not, then you haven't found the right value.

Regardless, I'd guess those instructions also access other addresses. Read this topic for more information.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Jiehfeng
Expert Cheater
Reputation: 0

Joined: 03 Jan 2014
Posts: 107

PostPosted: Sat May 21, 2016 9:14 am    Post subject: Reply with quote

ParkourPenguin wrote:
Does changing one of those values in the address list actually change the number of skill points in-game? If not, then you haven't found the right value.

Regardless, I'd guess those instructions also access other addresses. Read this topic for more information.


No it doesn't. And no I don't think so, I did try rightclicking the opcode and checking what addresses change or w/e but it's just the address I found.
Furthermore, if the addresses are wrong, how do I find the right one? All I did was use the traditional method, scanning for all types with the exact value.

_________________
I know you're reading this, Hitler.
Back to top
View user's profile Send private message
Cake-san
Grandmaster Cheater
Reputation: 8

Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung

PostPosted: Sat May 21, 2016 9:32 am    Post subject: Reply with quote

If I'm you,I will backtrace that ebx. (that game looks easy to find the base addres) Rolling Eyes
_________________
...
Back to top
View user's profile Send private message
Jiehfeng
Expert Cheater
Reputation: 0

Joined: 03 Jan 2014
Posts: 107

PostPosted: Sat May 21, 2016 9:38 am    Post subject: Reply with quote

Cake-san wrote:
If I'm you,I will trace back that ebx. (that game looks easy to find the base addres) Rolling Eyes


I'm sorry I don't follow, teach me like I'm five? xD

But I think I found something. Instead of searching for the actual skillpoint value, I searched for the amount of skillpoints spent instead, and the address I came up with indeed got me a ton of skillpoints, but making a script with it still crashes (the mission here is not that I want skillpoints, I just wanna learn. Razz).


_________________
I know you're reading this, Hitler.
Back to top
View user's profile Send private message
Cake-san
Grandmaster Cheater
Reputation: 8

Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung

PostPosted: Sat May 21, 2016 9:43 am    Post subject: Reply with quote

I thought this game had some kind protection ?

Well, nevermind.

Sorry, I think I can't teach/guide you.

You can just find the pointer like you do in CE tutorial. Laughing

_________________
...
Back to top
View user's profile Send private message
Jiehfeng
Expert Cheater
Reputation: 0

Joined: 03 Jan 2014
Posts: 107

PostPosted: Sat May 21, 2016 9:47 am    Post subject: Reply with quote

Cake-san wrote:
I thought this game had some kind protection ?

Well, nevermind.

Sorry, I think I can't teach/guide you.

You can just find the pointer like you do in CE tutorial. Laughing


Funny you mention I think I just found that out lol.

.

^By simply replicating the code even it crashes the game, anyone know where I could go from here? Pointers are the only option I see, but is there any workaround the protection or a working script?

EDIT:
HOLY CRAP.
I did it, the game doesn't crash.
And what I did, was use stealthedit, and it went all well!
So on to the final question,
is there a way I can get a script to activate stealth edit and then go on with the instructions?

_________________
I know you're reading this, Hitler.
Back to top
View user's profile Send private message
Cake-san
Grandmaster Cheater
Reputation: 8

Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung

PostPosted: Sat May 21, 2016 10:04 am    Post subject: Reply with quote

Just make a script that disable integrity check,then. -_-
_________________
...
Back to top
View user's profile Send private message
Jiehfeng
Expert Cheater
Reputation: 0

Joined: 03 Jan 2014
Posts: 107

PostPosted: Sat May 21, 2016 11:28 am    Post subject: Reply with quote

Ok for some reason now, opening the debugger crashes the game, worked fine earlier...
_________________
I know you're reading this, Hitler.
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Sun May 22, 2016 1:13 am    Post subject: This post has 1 review(s) Reply with quote

EDIT:
I mistakenly thought you were referring to a different version of AC. Nonetheless, here is a sample script that you can use as reference:

Code:
//Target:  firefox.exe
//Author:  ++METHOS

[ENABLE]

{====================  example  ====================}

aobscanmodule(aob_example,firefox.exe,8B 4D 08 C6 46 0C 00)
alloc(newmem_example,1024,firefox.exe)
stealtheditex(stealth_example,aob_example,3)

label(originalcode_example)
label(return_example)
label(stealthedit_example)

registersymbol(stealthedit_example)


newmem_example:

originalcode_example:
mov ecx,[ebp+08]
mov byte ptr [esi+0C],00
jmp return_example

stealth_example:
stealthedit_example:
jmp newmem_example
db 90 90
return_example:


[DISABLE]
dealloc(newmem_example)
stealthedit_example:
db 8B 4D 08 C6 46 0C 00

unregistersymbol(stealthedit_example)


Be sure that you are running the latest version of CE, as well as the latest version of the SE plugin. Also, make sure that you have the plugin enabled and that you are using the correct version (e.g. x86 or x64).

When working with the SE plugin, you may have to completely close out the target process and CE in order to 'reset' things back to normal if you start experiencing issues. Be sure to check your task manager to ensure that nothing is running in the background.
Back to top
View user's profile Send private message
Jiehfeng
Expert Cheater
Reputation: 0

Joined: 03 Jan 2014
Posts: 107

PostPosted: Sun May 22, 2016 6:44 am    Post subject: Reply with quote

Thanks to ++METHOS, I got stealthedit working in a script and everything works fine, except I need a little help in the actual script.


Code:

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
stealtheditex(stealth,"ACU.exe"+FDA3C4,2)
alloc(newmem,2048)
label(returnhere)
label(originalcode)
registersymbol(test)
label(test)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here

originalcode:
mov [rax+28],#200000
movzx eax,byte ptr [rsp+70]

exit:
jmp returnhere

stealth:
test:
jmp newmem
nop
nop
nop
returnhere:


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"ACU.exe"+FDA3C4:
mov [rax+28],ecx
movzx eax,byte ptr [rsp+70]
//Alt: db 89 48 28 0F B6 44 24 70


^That code works perfectly for getting me money, but the problem is it gets me everything else too. Things like items get set to 200,000 also. So what could I write in the script to get it to work only for money or only once? Something like to compare if it is 200,000, it will do the normal code, or if it isn't it will go to 200,000?

I know the basics of auto assembly, but I never got how the flow works. After all the labels are assigned, does it go in order and execute every instruction? Or does it go to the first assigned label and go from there?

_________________
I know you're reading this, Hitler.
Back to top
View user's profile Send private message
STN
I post too much
Reputation: 42

Joined: 09 Nov 2005
Posts: 2672

PostPosted: Sun May 22, 2016 7:25 am    Post subject: Reply with quote

^Scroll up and follow ParkourPenguin's advice/link, it explains how you can find an identifier so you can access only one address type (items/money etc). Or find a pointer.

What is auto-assembly? if you mean CE auto-assembler then it assigns all labels/symbols first then injects the instructions according to the labels they're placed in. That is all what AA does, it doesn't execute anything. You can see which order CE does what in the source, i don't remember but i think it takes care of labels first then allocates memory or kind of ran a loop ?

Your injected code is then executed by game when control (EIP) reaches your desired instruction, jumps to your code cave (if you have one) and executes it in the same way assembly language does (i.e imperative or step-by-step execution).

_________________
Cheat Requests/Tables- Fearless Cheat Engine
https://fearlessrevolution.com
Back to top
View user's profile Send private message
Jiehfeng
Expert Cheater
Reputation: 0

Joined: 03 Jan 2014
Posts: 107

PostPosted: Sun May 22, 2016 10:12 am    Post subject: Reply with quote

STN wrote:
^Scroll up and follow ParkourPenguin's advice/link, it explains how you can find an identifier so you can access only one address type (items/money etc). Or find a pointer.

What is auto-assembly? if you mean CE auto-assembler then it assigns all labels/symbols first then injects the instructions according to the labels they're placed in. That is all what AA does, it doesn't execute anything. You can see which order CE does what in the source, i don't remember but i think it takes care of labels first then allocates memory or kind of ran a loop ?

Your injected code is then executed by game when control (EIP) reaches your desired instruction, jumps to your code cave (if you have one) and executes it in the same way assembly language does (i.e imperative or step-by-step execution).


I see, thanks.
About the tutorial, Rydian gave 3 methods. The first I cannot do or is the same thing, when I find two instructions that happen all the time, both of them access more than one address or in other words , not only the money address. So using both of them basically does the same thing, all my inventory and money values goes to the set value.
The second method is like the invincibility timer in mario games, so that's a no.
Finally the third is kind of impossible as there are so many "purple" values in the dissect data structure.

_________________
I know you're reading this, Hitler.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Sun May 22, 2016 10:15 am    Post subject: Reply with quote

++METHOS wrote:
There are other things that you can try.
  • You can use a pointer address for your filter, inside of your script, for the value that you are trying to manipulate.
  • You can use pointer trees inside of the data structure to find something viable.
  • You can shift the data structure (+ or -) and/or expand its size to find something useful.
  • You can use the structure spider to find workable strings and/or for comparative analysis.
  • You can check the register values by attaching the debugger or setting a breakpoint to see if something can be used for your filter.
  • You can check to see if there are any instructions that are exclusive to the address/value that you are trying to manipulate and store the address for your filter by creating a second injection point.
  • You can check to see if there are any instructions that are exclusive to any other address/value inside of the data structure for the address/value that you are trying to manipulate and store the address for your filter by creating a second injection point.
  • You can analyze assembly code to see if an identifier is being checked or assigned somewhere.
  • Et al.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
STN
I post too much
Reputation: 42

Joined: 09 Nov 2005
Posts: 2672

PostPosted: Sun May 22, 2016 10:33 am    Post subject: Reply with quote

What i like to do - and it is very time-consuming - is debug around the function and figure out some sort of identifier that game uses for each value type. Or perhaps the caller is different for when money/items is accessed. Usually, one of the registers will contain an ID e.g 1 for money, 2 for item a, 3 for item b etc.

I don't recommend this until as a last resort because CE offers way easier and quicker methods. I haven't trained this game so i don't know what you can use but have a look around the tables section and see what identifier they used for differentiating ?

The dissect data structure is a good tool, if you can't find a difference, expand the search addresses ? for example select money-100/items-100 as starting address and look 1024 bytes further...something like this

_________________
Cheat Requests/Tables- Fearless Cheat Engine
https://fearlessrevolution.com
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites