|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
d3d1337 How do I cheat? Reputation: 0
Joined: 18 Feb 2017 Posts: 6
|
Posted: Sat Feb 18, 2017 11:27 am Post subject: Finding the Map Target Pos |
|
|
hi
I searched in samp (gta san andreas) for the map target position (red marker), and found the x and y of it both green static addresses, but only readable for some reason.
when I try to change the position of it, it always changes back to the last value.
other addresses and pointers like health and player position are easy to find but this took me hours and I still not found it.
do you have any tips to find the right address of the map target position? |
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Sat Feb 18, 2017 11:34 am Post subject: |
|
|
Are you referring to map marker location? If so, why do you want to change these values? Typically, you only want to read from these values so that you can teleport to map marker location.
That said, if you really want to change these values, then you need to find the correct values that are not read-only. You can do this by setting the map marker location and searching for an unknown, initial value (float type). Set the map marker again, but this time, set it higher up on the map (in the northern region), and search for increased value. Keep doing this until you find the correct values. If this does not work, then the values may be inverted (i.e. setting the map marker higher up on the map may require you to search for a decreased value instead of an increased value and vice versa). |
|
Back to top |
|
|
d3d1337 How do I cheat? Reputation: 0
Joined: 18 Feb 2017 Posts: 6
|
Posted: Sat Feb 18, 2017 12:50 pm Post subject: |
|
|
thanks for your answer
I wanted to change this values because a cleo script depends on the marker pos and I dont want to go to menu always, so I make this in a little bit of code.
I tried this way already but not with the inversed one, now I found the changeable static addresses of the marker position but they always change when I restart the game, so I tried it with a pointer scan of one address with an offset of 4096, which gave me no results after restarting the game and rescan it. |
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Sat Feb 18, 2017 1:04 pm Post subject: |
|
|
Use injection. |
|
Back to top |
|
|
d3d1337 How do I cheat? Reputation: 0
Joined: 18 Feb 2017 Posts: 6
|
Posted: Mon Feb 20, 2017 6:21 am Post subject: |
|
|
if you mean attaching the debugger and do the "find out what accesses/writes ..." method, I now also tried it, but without any working results.
Also to be sure I made a pointer scan again, but this time some hours with over 300gb of pointer path results, which did not lead to any working address after rescan it. this confuses me because I think in exactly 25538147222 results must be lead to at least one working address.
if the static addr is: gta_sa.exe+7A9170 first and after restart: gta_sa.exe+7A8A68 and difference is 708, can I do anything with this? |
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Mon Feb 20, 2017 9:23 am Post subject: |
|
|
Use Injection.
Do not waste your time with pointers if you do not have to. You say that attaching the debugger did not work...why? Did you try changing the debugger/breakpoint settings? Did you try to setting the map marker while the debugger was attached (sometimes, such values are not being accessed until in-game actions are taken, so nothing may populate the debugger list until that happens). |
|
Back to top |
|
|
d3d1337 How do I cheat? Reputation: 0
Joined: 18 Feb 2017 Posts: 6
|
Posted: Mon Feb 20, 2017 10:37 am Post subject: |
|
|
I read something about code injection in ce which give me everytime the right address if you mean that, but I never worked with it.
I tried to change the marker to an other point and two instructions showing up in the what access method then, but when I try to search for the value of the pointer given in the extra info, nothing shows up in scan results. The pointer which didn't show up would have an offset of -1D as I read in the info.
What should I change in my current debug settings @attachment? |
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Mon Feb 20, 2017 11:08 am Post subject: |
|
|
Using injection eliminates any need for finding pointers. When you right-click on one of the addresses for the map coordinates inside of your cheat table, and check to see what is accessing it, the debugger window pops up, giving you the results in the image that you have posted.
When that happens, right-click on an empty, white space inside of that debugger window and select the option to 'check if found opcodes...'.
This should show you if the instruction(s) that populate the list are exclusive to your map coordinate address. A number inside parentheses will appear in the 'count' column. If you see a (1), even after you return to the game and play for a bit, then that is a likely indicator that the instruction in question is exclusive to your map coordinate address, and can be used for your injection point without any need for filtering.
If a number greater than (1) appears ( 2 through 8 ), then that means that the instruction is also accessing other addresses and that those other addresses will need to be filtered out so that you can deal with map coordinate values-only.
Once you have this information, you can right-click on an empty, white space again and deselect 'check if found opcodes...'. You can also click 'stop' on the debugger window.
Choose an instruction to use (preferably, one that is exclusive to map coordinate address and is also being accessed constantly - e.g. the first one in the image). If no instructions are exclusive to map coordinate address, then just choose the first one in the list (or any instruction with constant access or a high count number).
With the instruction highlighted, click on 'show disassembler'. Now, inside memory viewer, with the instruction still highlighted, click on 'tools' from the drop-down menu and select 'auto assemble'. A new window will pop up. In the new window, click on 'template' from the drop-down menu and select 'AOB injection'. Click on 'file', and 'assign to current cheat table'.
Copy/paste what CE gives you and paste it here in its entirety. If no instructions were available that were exclusive to your map coordinates address, then further steps will need to be taken prior to proceeding. |
|
Back to top |
|
|
d3d1337 How do I cheat? Reputation: 0
Joined: 18 Feb 2017 Posts: 6
|
Posted: Mon Feb 20, 2017 12:07 pm Post subject: |
|
|
Just went for an other static address and accessed it. I found out that a working offset was 0x74 and it still worked after restarting the game, finally.
but I also tried your instruction on the address which got the number 1 when clicking at opcode access. it gaves me this lines of code below, but I guess that address I found is already a working one.
For next time when I have this problem, how to use the generated code, or what infos can I read out of it?
Code: |
[ENABLE]
aobscanmodule(INJECT,gta_sa.exe,CC 46 74 8B 56 70) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
fld dword ptr [esi+74]
mov edx,[esi+70]
jmp return
INJECT:
jmp newmem
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db CC 46 74 8B 56 70
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "gta_sa.exe"+17759A
"gta_sa.exe"+177577: 6A 02 - push 02
"gta_sa.exe"+177579: E8 22 F9 F8 FF - call gta_sa.exe+106EA0
"gta_sa.exe"+17757E: 8B 4E 2C - mov ecx,[esi+2C]
"gta_sa.exe"+177581: 51 - push ecx
"gta_sa.exe"+177582: E8 59 07 01 00 - call gta_sa.exe+187CE0
"gta_sa.exe"+177587: 83 C4 04 - add esp,04
"gta_sa.exe"+17758A: C7 46 2C 00 00 00 00 - mov [esi+2C],00000000
"gta_sa.exe"+177591: EB 52 - jmp gta_sa.exe+1775E5
"gta_sa.exe"+177593: 6A 01 - push 01
"gta_sa.exe"+177595: E8 06 F9 F8 FF - call gta_sa.exe+106EA0
// ---------- INJECTING HERE ----------
"gta_sa.exe"+17759A: D9 46 74 - fld dword ptr [esi+74]
"gta_sa.exe"+17759D: 8B 56 70 - mov edx,[esi+70]
// ---------- DONE INJECTING ----------
"gta_sa.exe"+1775A0: 68 E8 53 86 00 - push gta_sa.exe+4653E8
"gta_sa.exe"+1775A5: 6A 02 - push 02
"gta_sa.exe"+1775A7: 6A 00 - push 00
"gta_sa.exe"+1775A9: 83 EC 0C - sub esp,0C
"gta_sa.exe"+1775AC: 8B CA - mov ecx,edx
"gta_sa.exe"+1775AE: 8B C4 - mov eax,esp
"gta_sa.exe"+1775B0: 89 08 - mov [eax],ecx
"gta_sa.exe"+1775B2: 89 54 24 50 - mov [esp+50],edx
"gta_sa.exe"+1775B6: D9 5C 24 54 - fstp dword ptr [esp+54]
"gta_sa.exe"+1775BA: 8B 54 24 54 - mov edx,[esp+54]
} |
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Mon Feb 20, 2017 12:24 pm Post subject: |
|
|
Okay. So, for future reference, using the example above, you could do something like this:
Code: | [ENABLE]
aobscanmodule(example,gta_sa.exe,CC 46 74 8B 56 70)
alloc(newmem,$1000)
label(return)
label(address)
registersymbol(example)
registersymbol(address)
newmem:
push edi
lea edi,[esi+74]
mov [address],edi
pop edi
fld dword ptr [esi+74]
mov edx,[esi+70]
jmp return
address:
dd 0
example:
jmp newmem
nop
return:
[DISABLE]
example:
dealloc(newmem)
db CC 46 74 8B 56 70
unregistersymbol(example)
unregistersymbol(address) |
Once the script has been added to your table, you can activate it. Once activated, you will want to add an address to your table, manually. Click on the pointer box, then, in the address field (bottom text field), put address. Change the data type, if needed, then click okay. You can now save your table; you are finished.
This will eliminate the need for pointer scanning and you will no longer have to search for the correct address during each run. You can also incorporate this address/value inside any other script, easily, to create more advanced cheats. |
|
Back to top |
|
|
d3d1337 How do I cheat? Reputation: 0
Joined: 18 Feb 2017 Posts: 6
|
Posted: Mon Feb 20, 2017 5:17 pm Post subject: |
|
|
Thanks for you help. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|