Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Finding the Map Target Pos

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
d3d1337
How do I cheat?
Reputation: 0

Joined: 18 Feb 2017
Posts: 6

PostPosted: Sat Feb 18, 2017 11:27 am    Post subject: Finding the Map Target Pos Reply with quote

hi
I searched in samp (gta san andreas) for the map target position (red marker), and found the x and y of it both green static addresses, but only readable for some reason.
when I try to change the position of it, it always changes back to the last value.

other addresses and pointers like health and player position are easy to find but this took me hours and I still not found it.

do you have any tips to find the right address of the map target position?
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Sat Feb 18, 2017 11:34 am    Post subject: Reply with quote

Are you referring to map marker location? If so, why do you want to change these values? Typically, you only want to read from these values so that you can teleport to map marker location.

That said, if you really want to change these values, then you need to find the correct values that are not read-only. You can do this by setting the map marker location and searching for an unknown, initial value (float type). Set the map marker again, but this time, set it higher up on the map (in the northern region), and search for increased value. Keep doing this until you find the correct values. If this does not work, then the values may be inverted (i.e. setting the map marker higher up on the map may require you to search for a decreased value instead of an increased value and vice versa).
Back to top
View user's profile Send private message
d3d1337
How do I cheat?
Reputation: 0

Joined: 18 Feb 2017
Posts: 6

PostPosted: Sat Feb 18, 2017 12:50 pm    Post subject: Reply with quote

thanks for your answer
I wanted to change this values because a cleo script depends on the marker pos and I dont want to go to menu always, so I make this in a little bit of code.
I tried this way already but not with the inversed one, now I found the changeable static addresses of the marker position but they always change when I restart the game, so I tried it with a pointer scan of one address with an offset of 4096, which gave me no results after restarting the game and rescan it.
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Sat Feb 18, 2017 1:04 pm    Post subject: Reply with quote

Use injection.
Back to top
View user's profile Send private message
d3d1337
How do I cheat?
Reputation: 0

Joined: 18 Feb 2017
Posts: 6

PostPosted: Mon Feb 20, 2017 6:21 am    Post subject: Reply with quote

if you mean attaching the debugger and do the "find out what accesses/writes ..." method, I now also tried it, but without any working results.

Also to be sure I made a pointer scan again, but this time some hours with over 300gb of pointer path results, which did not lead to any working address after rescan it. this confuses me because I think in exactly 25538147222 results must be lead to at least one working address.

if the static addr is: gta_sa.exe+7A9170 first and after restart: gta_sa.exe+7A8A68 and difference is 708, can I do anything with this?
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Mon Feb 20, 2017 9:23 am    Post subject: Reply with quote

Use Injection.

Do not waste your time with pointers if you do not have to. You say that attaching the debugger did not work...why? Did you try changing the debugger/breakpoint settings? Did you try to setting the map marker while the debugger was attached (sometimes, such values are not being accessed until in-game actions are taken, so nothing may populate the debugger list until that happens).
Back to top
View user's profile Send private message
d3d1337
How do I cheat?
Reputation: 0

Joined: 18 Feb 2017
Posts: 6

PostPosted: Mon Feb 20, 2017 10:37 am    Post subject: Reply with quote

I read something about code injection in ce which give me everytime the right address if you mean that, but I never worked with it.

I tried to change the marker to an other point and two instructions showing up in the what access method then, but when I try to search for the value of the pointer given in the extra info, nothing shows up in scan results. The pointer which didn't show up would have an offset of -1D as I read in the info.

What should I change in my current debug settings @attachment?
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Mon Feb 20, 2017 11:08 am    Post subject: Reply with quote

Using injection eliminates any need for finding pointers. When you right-click on one of the addresses for the map coordinates inside of your cheat table, and check to see what is accessing it, the debugger window pops up, giving you the results in the image that you have posted.

When that happens, right-click on an empty, white space inside of that debugger window and select the option to 'check if found opcodes...'.

This should show you if the instruction(s) that populate the list are exclusive to your map coordinate address. A number inside parentheses will appear in the 'count' column. If you see a (1), even after you return to the game and play for a bit, then that is a likely indicator that the instruction in question is exclusive to your map coordinate address, and can be used for your injection point without any need for filtering.

If a number greater than (1) appears ( 2 through 8 ), then that means that the instruction is also accessing other addresses and that those other addresses will need to be filtered out so that you can deal with map coordinate values-only.

Once you have this information, you can right-click on an empty, white space again and deselect 'check if found opcodes...'. You can also click 'stop' on the debugger window.

Choose an instruction to use (preferably, one that is exclusive to map coordinate address and is also being accessed constantly - e.g. the first one in the image). If no instructions are exclusive to map coordinate address, then just choose the first one in the list (or any instruction with constant access or a high count number).

With the instruction highlighted, click on 'show disassembler'. Now, inside memory viewer, with the instruction still highlighted, click on 'tools' from the drop-down menu and select 'auto assemble'. A new window will pop up. In the new window, click on 'template' from the drop-down menu and select 'AOB injection'. Click on 'file', and 'assign to current cheat table'.

Copy/paste what CE gives you and paste it here in its entirety. If no instructions were available that were exclusive to your map coordinates address, then further steps will need to be taken prior to proceeding.
Back to top
View user's profile Send private message
d3d1337
How do I cheat?
Reputation: 0

Joined: 18 Feb 2017
Posts: 6

PostPosted: Mon Feb 20, 2017 12:07 pm    Post subject: Reply with quote

Just went for an other static address and accessed it. I found out that a working offset was 0x74 and it still worked after restarting the game, finally.
but I also tried your instruction on the address which got the number 1 when clicking at opcode access. it gaves me this lines of code below, but I guess that address I found is already a working one.
For next time when I have this problem, how to use the generated code, or what infos can I read out of it?


Code:

[ENABLE]

aobscanmodule(INJECT,gta_sa.exe,CC 46 74 8B 56 70) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:

code:
  fld dword ptr [esi+74]
  mov edx,[esi+70]
  jmp return

INJECT:
  jmp newmem
  nop
return:
registersymbol(INJECT)

[DISABLE]

INJECT:
  db CC 46 74 8B 56 70

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "gta_sa.exe"+17759A

"gta_sa.exe"+177577: 6A 02                    -  push 02
"gta_sa.exe"+177579: E8 22 F9 F8 FF           -  call gta_sa.exe+106EA0
"gta_sa.exe"+17757E: 8B 4E 2C                 -  mov ecx,[esi+2C]
"gta_sa.exe"+177581: 51                       -  push ecx
"gta_sa.exe"+177582: E8 59 07 01 00           -  call gta_sa.exe+187CE0
"gta_sa.exe"+177587: 83 C4 04                 -  add esp,04
"gta_sa.exe"+17758A: C7 46 2C 00 00 00 00     -  mov [esi+2C],00000000
"gta_sa.exe"+177591: EB 52                    -  jmp gta_sa.exe+1775E5
"gta_sa.exe"+177593: 6A 01                    -  push 01
"gta_sa.exe"+177595: E8 06 F9 F8 FF           -  call gta_sa.exe+106EA0
// ---------- INJECTING HERE ----------
"gta_sa.exe"+17759A: D9 46 74                 -  fld dword ptr [esi+74]
"gta_sa.exe"+17759D: 8B 56 70                 -  mov edx,[esi+70]
// ---------- DONE INJECTING  ----------
"gta_sa.exe"+1775A0: 68 E8 53 86 00           -  push gta_sa.exe+4653E8
"gta_sa.exe"+1775A5: 6A 02                    -  push 02
"gta_sa.exe"+1775A7: 6A 00                    -  push 00
"gta_sa.exe"+1775A9: 83 EC 0C                 -  sub esp,0C
"gta_sa.exe"+1775AC: 8B CA                    -  mov ecx,edx
"gta_sa.exe"+1775AE: 8B C4                    -  mov eax,esp
"gta_sa.exe"+1775B0: 89 08                    -  mov [eax],ecx
"gta_sa.exe"+1775B2: 89 54 24 50              -  mov [esp+50],edx
"gta_sa.exe"+1775B6: D9 5C 24 54              -  fstp dword ptr [esp+54]
"gta_sa.exe"+1775BA: 8B 54 24 54              -  mov edx,[esp+54]
}
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Mon Feb 20, 2017 12:24 pm    Post subject: Reply with quote

Okay. So, for future reference, using the example above, you could do something like this:

Code:
[ENABLE]
aobscanmodule(example,gta_sa.exe,CC 46 74 8B 56 70)
alloc(newmem,$1000)

label(return)
label(address)

registersymbol(example)
registersymbol(address)

newmem:
push edi
lea edi,[esi+74]
mov [address],edi
pop edi

fld dword ptr [esi+74]
mov edx,[esi+70]
jmp return

address:
dd 0

example:
jmp newmem
nop
return:

[DISABLE]

example:
dealloc(newmem)
db CC 46 74 8B 56 70

unregistersymbol(example)
unregistersymbol(address)


Once the script has been added to your table, you can activate it. Once activated, you will want to add an address to your table, manually. Click on the pointer box, then, in the address field (bottom text field), put address. Change the data type, if needed, then click okay. You can now save your table; you are finished.

This will eliminate the need for pointer scanning and you will no longer have to search for the correct address during each run. You can also incorporate this address/value inside any other script, easily, to create more advanced cheats.
Back to top
View user's profile Send private message
d3d1337
How do I cheat?
Reputation: 0

Joined: 18 Feb 2017
Posts: 6

PostPosted: Mon Feb 20, 2017 5:17 pm    Post subject: Reply with quote

Thanks for you help.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites