|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Reclaimer Shawn Advanced Cheater Reputation: 0
Joined: 09 Jun 2015 Posts: 77
|
Posted: Tue Aug 16, 2016 6:28 pm Post subject: Address relocates directly after being written to? |
|
|
So, I'm using Cheat Engine to make a mod for a game in Dolphin Emulator. The Address is always at the same location whenever it's the first game loaded. However, it isn't green, and therefore not a pointer(done several pointer scans that turned up nothing as well) It works everytime the first time I write a value. However, after that the entire region gets blanked out with question marks and it relocates somewhere else(also does this the second I freeze the address, too). What is this and how exactly do I get around it? If you need me to explain it further or post pictures, I can.
|
|
Back to top |
|
|
predprey Master Cheater Reputation: 24
Joined: 08 Oct 2015 Posts: 486
|
Posted: Wed Aug 17, 2016 12:57 am Post subject: |
|
|
probably because the game allocated a different memory region for emulating the game. find the start of the game data and get the base address by injecting into the instruction that loads the game there.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Wed Aug 17, 2016 5:02 am Post subject: |
|
|
try running this lua script right after starting CE and before targeting Dolphin
Code: |
dbk_initialize()
openProcess([[cheatengine-x86_64.exe]])
reinitializeSymbolhandler()
autoAssemble([[
alloc(NewVirtualProtectEx,256, VirtualProtectEx )
alloc(OriginalVirtualProtectEx, 8, VirtualProtectEx)
registersymbol(NewVirtualProtectEx)
registersymbol(OriginalVirtualProtectEx)
label(notself)
NewVirtualProtectEx:
cmp ecx,ffffffff
jne short notself
jmp [OriginalVirtualProtectEx]
notself:
xor rax,rax
ret
]])
s=generateAPIHookScript("VirtualProtectEx", "NewVirtualProtectEx", "OriginalVirtualProtectEx")
--stupid bug in generateAPIHookScript forgets the alloc originalcall0
s=[[alloc(originalcall0, 64, VirtualProtectEx)
]]..s
autoAssemble(s)
dbk_useKernelmodeOpenProcess()
dbk_useKernelmodeProcessMemoryAccess()
--dbk_writesIgnoreWriteProtection(true)
|
if writing fails, remove the -- in front of dbk_writesIgnoreWriteProtection(true) and try again.(restart ce first)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Reclaimer Shawn Advanced Cheater Reputation: 0
Joined: 09 Jun 2015 Posts: 77
|
Posted: Thu Aug 18, 2016 7:56 pm Post subject: |
|
|
Dark Byte wrote: | try running this lua script right after starting CE and before targeting Dolphin
Code: |
dbk_initialize()
openProcess([[cheatengine-x86_64.exe]])
reinitializeSymbolhandler()
autoAssemble([[
alloc(NewVirtualProtectEx,256, VirtualProtectEx )
alloc(OriginalVirtualProtectEx, 8, VirtualProtectEx)
registersymbol(NewVirtualProtectEx)
registersymbol(OriginalVirtualProtectEx)
label(notself)
NewVirtualProtectEx:
cmp ecx,ffffffff
jne short notself
jmp [OriginalVirtualProtectEx]
notself:
xor rax,rax
ret
]])
s=generateAPIHookScript("VirtualProtectEx", "NewVirtualProtectEx", "OriginalVirtualProtectEx")
--stupid bug in generateAPIHookScript forgets the alloc originalcall0
s=[[alloc(originalcall0, 64, VirtualProtectEx)
]]..s
autoAssemble(s)
dbk_useKernelmodeOpenProcess()
dbk_useKernelmodeProcessMemoryAccess()
--dbk_writesIgnoreWriteProtection(true)
|
if writing fails, remove the -- in front of dbk_writesIgnoreWriteProtection(true) and try again.(restart ce first) |
Thank you for this Dark Byte! It works without a problem! Now, I have a question or two... How would I get this to work with a CE trainer? Do I need to change any part of the script? Also, it says the driver is missing when ran standalone from Cheat Engine. What CE files do I need to include and how would I do that? Also, it pops up a Rainbow Box saying DBK enabled. For uses with the trainer, how would I prevent the user from seeing this and keep the functionality? Thanks for reading this Dark Byte, and if you will let me use it in my trainer, I'll make sure to give you credit. If not, then I won't put it in at all. Also, you might be wondering why I do this via CE rather than Dolphin's code finder... I wanted to make a program that changes specific values in the game at random to make a "randomizer" mod for a Pokemon game. Basically, the campaign will be different every time. One thing is for certain though: the script above saved me from having to make other lines of code to increment the address and after a certain action is performed several times(An AOB scan wouldn't suffice as there are literally 400+ other structures that use the same data format in the game.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Thu Aug 18, 2016 8:31 pm Post subject: |
|
|
when you build the trainer, tell it it uses kernelmode.
(You may have to add the .sig files to the project as well, and name them the same as your trainer .exe )
As for the rest not sure. Sometimes ce trainers can be finicky depending on when what happenes.
Just be sure that the code runs before the trainer opens the process (try it at top)
as for hiding the DBK64 loaded message. That's not possible. The driver will show that message to inform the user that the driver is loaded. (It's a security thing so people don't get anything bad on their system using my driver, without them knowing it)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Reclaimer Shawn Advanced Cheater Reputation: 0
Joined: 09 Jun 2015 Posts: 77
|
Posted: Sat Aug 20, 2016 10:46 pm Post subject: |
|
|
Dark Byte wrote: | when you build the trainer, tell it it uses kernelmode.
(You may have to add the .sig files to the project as well, and name them the same as your trainer .exe )
As for the rest not sure. Sometimes ce trainers can be finicky depending on when what happenes.
Just be sure that the code runs before the trainer opens the process (try it at top)
as for hiding the DBK64 loaded message. That's not possible. The driver will show that message to inform the user that the driver is loaded. (It's a security thing so people don't get anything bad on their system using my driver, without them knowing it) |
I got DBK working in my trainer! I then made a button to hook the game that whenever pressed would initialize this:
Code: |
getAutoAttachList().add("Dolphin.exe")
|
It seems that after DBK is loaded, it ignores any other requests to hook. If I use a Cheat Engine Table and get DBK up, I'll then go and execute the auto attach and it still won't attack. However, if I go to "Open Process", it works. Is there a different way other than auto attach in Lua to get it to hook, or a way to get this working on the trainer instead of a cheat table?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Sun Aug 21, 2016 12:43 am Post subject: |
|
|
you could try a timer that calls OpenProcess with the processname every once in a while
or when the user clicks the button, just call OpenProcess("Dolphin.exe")
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Reclaimer Shawn Advanced Cheater Reputation: 0
Joined: 09 Jun 2015 Posts: 77
|
Posted: Sun Aug 21, 2016 1:43 am Post subject: |
|
|
Dark Byte wrote: | you could try a timer that calls OpenProcess with the processname every once in a while
or when the user clicks the button, just call OpenProcess("Dolphin.exe") |
Thank you so much Dark Byte! My Trainer now works 100% Tomorrow, I'll work on it a bit more and may even have it finished by then. Right now, I have it generating random stats and random moves for Pokemon in Pokemon XD based on the OS Time Seed(if it can get any more random than that, please tell me) to make an entirely random playthrough! I'll even have the ability to scale the difficultly level accordingly as well as force everything to be catchable and force all pokemon to be shiny or not. Thanks for all of your help!
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|