View previous topic :: View next topic |
Author |
Message |
mbabo Advanced Cheater Reputation: 0
Joined: 30 Jul 2016 Posts: 74
|
Posted: Mon Sep 12, 2016 8:21 am Post subject: help ! i cant find pointer aob injection copy not working |
|
|
sorry i posted a reply down below to explain my problem in clear way with pictures ( i had to edit this main subject to avoid confusing )
Quote: |
pointer scanner isnt working ... Manuel pointer scan dosent work either
first find out the Z axis address 24D2DD69A04 then add + 20 offset to the address 24D2DD69A04+20 = 24D2DD69A24 to find
the address that contain 0.01251220703 float value which will disable the
collision if i set it to 0 . ( what am trying is to have a pointer so i dont have to do this every time )
problem there is nothing that writes to this address at all however there
are codes that are accessing this address i used them all one by one
also the address near by every time the result is the same the code will work for 5 seconds then crashes sometimes immediate crash
this example i found out whats accessing the 24D2DD69A24
i attached picture for refrance to everything
finally the code
Code: |
[ENABLE]
aobscanmodule(INJECT,physics_x64_f.dll,F2 41 0F 10 40 20 49) // should be unique
alloc(newmem,$1000,"physics_x64_f.dll"+86B463)
label(code)
label(return)
globalalloc(player,4)
newmem:
code:
mov [player],r8
movsd xmm0,[r8+20]
jmp return
INJECT:
jmp code
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db F2 41 0F 10 40 20
unregistersymbol(INJECT)
dealloc(newmem)
|
then added the adress of a pointer player+24
because r8 = 24D2DD69A00
then if i activate the script and move the player the game will freeze for
5-10 seconds then crash but the pointer address shown in cheat engine is correct
i did it a lot of times maybe 300 lol its been 2 days of trying can you please explain to me why is it crashing i know am doing something wrong :/
|
Last edited by mbabo on Tue Sep 13, 2016 11:54 am; edited 3 times in total |
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Mon Sep 12, 2016 8:53 am Post subject: |
|
|
Use injection.
|
|
Back to top |
|
|
mbabo Advanced Cheater Reputation: 0
Joined: 30 Jul 2016 Posts: 74
|
Posted: Mon Sep 12, 2016 9:48 am Post subject: |
|
|
ok but what i actually want to acheve is each time i find the z axis
for example 1B020269484 is the player height adress and
1B020269484 + 20 = 1B0202694A4 wich is float that equals 0.01251220703
controlling collision.
and this number is constant the problem is each time i die the address will change then i have to find height again then add 20 offset to it which is annoying
is there any way to find its pointer cuz auto scan didnt work even if i increased the depth :/
please help
note nothing is writing to this adress but the X and y Z are constantly accessing it ( hope that helps )
|
|
Back to top |
|
|
STN I post too much Reputation: 42
Joined: 09 Nov 2005 Posts: 2672
|
Posted: Mon Sep 12, 2016 11:18 am Post subject: |
|
|
Go through the basic ce tutorial (look for tutorial.exe in CE folder).
Like Methos said, it can very easily be done with a code injection. Put a breakpoint on your x or y or z address (Right click on address > Find out what accesses this address ), should pop-up a lot of addresses.
It is really hard to explain several steps each requiring learning of their own in one posts so do this right and do the CE tutorial then read up code injection tutorials. You should know how to do this all easily then
_________________
|
|
Back to top |
|
|
mbabo Advanced Cheater Reputation: 0
Joined: 30 Jul 2016 Posts: 74
|
Posted: Tue Sep 13, 2016 6:22 am Post subject: |
|
|
STN wrote: | Go through the basic ce tutorial (look for tutorial.exe in CE folder).
Like Methos said, it can very easily be done with a code injection. Put a breakpoint on your x or y or z address (Right click on address > Find out what accesses this address ), should pop-up a lot of addresses.
It is really hard to explain several steps each requiring learning of their own in one posts so do this right and do the CE tutorial then read up code injection tutorials. You should know how to do this all easily then |
i have finished the CE tut . i know basic stuff about aob injection
i tried code injection copy but it always crashes my game ><"
i also tried aob to data scan
it doesn't seem to work :/
well it works only for 1 second lol i see the pointer and the value is correct then game crashes i dont know why :/
i tried looking for op code that is for 1 address only but same problem
maybe they are heaving some kind of anti cheat ?
NOTE: IF I FIND A CODE THAT IS RELATED I TEST NOP THE CODE NO PROBLEM BUT IT I USE GLOBAL ALLOC THEN MOVE RBX TO _PLAYER
THE SCRIPT WOEKS FINE AFRESS IS FOUND BUT GAME WILL CRASH
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Tue Sep 13, 2016 9:38 am Post subject: |
|
|
Did you try VEH debugger?
|
|
Back to top |
|
|
mbabo Advanced Cheater Reputation: 0
Joined: 30 Jul 2016 Posts: 74
|
Posted: Tue Sep 13, 2016 11:45 am Post subject: |
|
|
++METHOS wrote: | Did you try VEH debugger? |
yes , its still crashing also i tried an address which is accessed by the code only after i jump same problem after i jump cheat engine will find the correct value then crashes .. pfff
here is what i did ....
first find out the Z axis address 24D2DD69A04 then add + 20 offset to the address 24D2DD69A04+20 = 24D2DD69A24 to find
the address that contain 0.01251220703 float value which will disable the
collision if i set it to 0 . ( what am trying is to have a pointer so i dont have to do this every time )
problem there is nothing that writes to this address at all however there
are codes that are accessing this address i used them all one by one
also the address near by every time the result is the same the code will work for 5 seconds then crashes sometimes immediate crash
this example i found out whats accessing the 24D2DD69A24
i attached picture for refrance to everything
finally the code
Code: |
[ENABLE]
aobscanmodule(INJECT,physics_x64_f.dll,F2 41 0F 10 40 20 49) // should be unique
alloc(newmem,$1000,"physics_x64_f.dll"+86B463)
label(code)
label(return)
globalalloc(player,4)
newmem:
code:
mov [player],r8
movsd xmm0,[r8+20]
jmp return
INJECT:
jmp code
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db F2 41 0F 10 40 20
unregistersymbol(INJECT)
dealloc(newmem)
|
then added the adress of a pointer player+24
because r8 = 24D2DD69A00
then if i activate the script and move the player the game will freeze for
5-10 seconds then crash but the pointer address shown in cheat engine is correct
i did it a lot of times maybe 300 lol its been 2 days of trying can you please explain to me why is it crashing i know am doing something wrong :/
Description: |
|
Filesize: |
50.76 KB |
Viewed: |
11647 Time(s) |
|
Description: |
|
Filesize: |
375.94 KB |
Viewed: |
11647 Time(s) |
|
Description: |
|
Filesize: |
153.17 KB |
Viewed: |
11647 Time(s) |
|
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Tue Sep 13, 2016 12:53 pm Post subject: |
|
|
That's a lot to read...sorry...I just skimmed.
Off the top of my head, try allocating 8 bytes, and using mov qword ptr:
Code: | globalalloc(player,8)
newmem:
code:
mov qword ptr [player],r8 |
Regarding the debugger...make sure that you don't have anything selected in your settings that may be causing the target to crash. I haven't looked to see if this target is protected or not. I am busy at the moment.
|
|
Back to top |
|
|
mbabo Advanced Cheater Reputation: 0
Joined: 30 Jul 2016 Posts: 74
|
Posted: Tue Sep 13, 2016 1:06 pm Post subject: |
|
|
++METHOS wrote: | That's a lot to read...sorry...I just skimmed.
Off the top of my head, try allocating 8 bytes, and using mov qword ptr:
Code: | globalalloc(player,8)
newmem:
code:
mov qword ptr [player],r8 |
Regarding the debugger...make sure that you don't have anything selected in your settings that may be causing the target to crash. I haven't looked to see if this target is protected or not. I am busy at the moment. |
its still crashing hmmmm im using VEH debugger the other 2 will dirctly shut off the game if used
i used it on deadpool to make one hit kill condition it worked fine
i almost give up
waiting for help thank you
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Tue Sep 13, 2016 3:17 pm Post subject: |
|
|
You could try installing the latest version of CE and letting it reset your settings when you install. Other than that, I'll have to look at it later because I'm busy at the moment.
|
|
Back to top |
|
|
mbabo Advanced Cheater Reputation: 0
Joined: 30 Jul 2016 Posts: 74
|
Posted: Tue Sep 13, 2016 4:03 pm Post subject: |
|
|
++METHOS wrote: | You could try installing the latest version of CE and letting it reset your settings when you install. Other than that, I'll have to look at it later because I'm busy at the moment. |
i tried that already same result hmmmmm, anyway thanks for your time
wenever you are free please take a look at the pictures i hope i find out what is wrong
again thank you .
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Tue Sep 13, 2016 4:09 pm Post subject: |
|
|
What happens with this:
Code: | [ENABLE]
aobscanmodule(temp1,physics_x64_f.dll,F2 41 0F 10 40 20 49)
alloc(newmem,$1000,"physics_x64_f.dll"+86B463)
label(code)
label(return)
label(player_address)
registersymbol(player_address)
registersymbol(temp1)
newmem:
code:
push rdi
lea rdi,[r8+20]
mov qword ptr [player_address],rdi
pop rdi
movsd xmm0,[r8+20]
jmp return
player_address:
dq 0
temp1:
jmp code
nop
return:
[DISABLE]
dealloc(newmem)
temp1:
db F2 41 0F 10 40 20
unregistersymbol(temp1)
unregistersymbol(player_address)
|
|
|
Back to top |
|
|
mbabo Advanced Cheater Reputation: 0
Joined: 30 Jul 2016 Posts: 74
|
Posted: Tue Sep 13, 2016 4:18 pm Post subject: |
|
|
again still crashed also after adding player_address as pointer cheat engine would not recognize the pointer
maybe its the op code problem ?? maybe i have to find another code that share same bass address without crushing game although i have tested a lot of them
nut yet no result
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Tue Sep 13, 2016 4:21 pm Post subject: |
|
|
The pointer won't be recognized until you move - if the instruction is only accessing that address when you move, as you say.
Try injecting at that location, using a default AOB Injection script and enable it to see if it crashes. If it doesn't, paste the script here. If it does, then you may need to use SE plugin or figure out a way to circumvent memory integrity check routine.
Be sure that you are running CE as admin and disable any AV software that may be interfering.
|
|
Back to top |
|
|
mbabo Advanced Cheater Reputation: 0
Joined: 30 Jul 2016 Posts: 74
|
Posted: Tue Sep 13, 2016 4:54 pm Post subject: |
|
|
++METHOS wrote: | The pointer won't be recognized until you move - if the instruction is only accessing that address when you move, as you say.
Try injecting at that location, using a default AOB Injection script and enable it to see if it crashes. If it doesn't, paste the script here. If it does, then you may need to use SE plugin or figure out a way to circumvent memory integrity check routine.
Be sure that you are running CE as admin and disable any AV software that may be interfering. |
( did you mean that i inject a normal code without changing anything ? )
if thats the case then yes i run CE as administrator
find out the op code that acssesing this while moving
injecting the normal code crashes the game thats really weird
although if i inject a code that controls ammo for E.X it dosnt crash
could the ,physics_x64_f.dll be protected somehow ?
well i tried injection copy for 2 different games it works just fine
so i think my CE setting are good
|
|
Back to top |
|
|
|