 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Shahryar
Advanced Cheater
 Reputation: 0
Joined: 11 Jun 2011
Posts: 85
|
|
| Back to top |
|
 |
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
 Posted: Thu Mar 08, 2012 2:05 pm Post subject: |
 |
|
find the pointer of address of money
then in aa scrip compare the address that the script writes in to with the result of the pointer
if yes nop or write 99999
if no do originalcode
_________________
... Fresco |
|
| Back to top |
|
|
Shahryar
Advanced Cheater
Reputation: 0
Joined: 11 Jun 2011
Posts: 85
|
| Posted: Fri Mar 09, 2012 5:16 am Post subject: |
|
|
| Fresco wrote: | find the pointer of address of money
then in aa scrip compare the address that the script writes in to with the result of the pointer
if yes nop or write 99999
if no do originalcode |
When I replace the register, the game will be crashed or closed. How can i do that?
|
|
| Back to top |
|
|
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
| Posted: Fri Mar 09, 2012 9:23 am Post subject: |
|
|
1)right click your code
2)open the diassembler at this location
3)tools -> auto assamble [Ctrl+A]
4)template -> code injection -> ok
5)
| Code: | label (popandoriginalcode)
popandoriginalcode:
popfd
popebx
jmp originalcode
push ebx
pushfd
mov ebx,"lua100+dll"+offset // "lua100+dll"+offset = base offset
mov ebx,[ebx]
add ebx,// offset no1 in hex
mov ebx,[ebx]
add ebx,//offset no2 in hex
mov ebx,[ebx]
add ebx,//offset no3 in hex
mov ebx,[ebx]
add ebx,// last offset
cmp [ebx],0
je popandoriginalcode
cmp eax,ebx
jne popandoriginalcode
//your code here
popfd
pop ebx
jmp exit |
whre's the //place your code here
place this above
and change base offset and offsets ... also add offsets if they're not enough
use pointerscan to find pointer
if it's about gold:
change //your code here with:
| Code: | | mov [eax],#9999999 //your code here |
_________________
... Fresco |
|
| Back to top |
|
|
Shahryar
Advanced Cheater
Reputation: 0
Joined: 11 Jun 2011
Posts: 85
|
| Posted: Sat Mar 10, 2012 10:25 am Post subject: |
|
|
I did what you said but the game crashed again. the register address work like a zipped file. I mean, in the register address exist a lot of other addresses. see the attached photo, green line is my real address for gold and red line shown number of address. Well, I have a question. How can I change the real address value without change other addresses value?
| Description: |
|
| Filesize: |
92.56 KB |
| Viewed: |
16036 Time(s) |
|
|
|
| Back to top |
|
|
Smanettone83
Expert Cheater
 Reputation: 3
Joined: 21 Feb 2011
Posts: 146
Location: Italia
|
| Posted: Sat Mar 10, 2012 10:38 am Post subject: |
|
|
Try
| Code: |
mov [eax],(float)9999999 //your code here
|
_________________
|
|
| Back to top |
|
|
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
| Posted: Sat Mar 10, 2012 10:42 am Post subject: |
|
|
did you found the pointer ?
tutorial step8 PW=525927
have you ever used pointer scan ?
... find the pointer of "green line"
do what i said before ...
the code above checks if the code writes to greed address:
how does it knows that ? -> because of the pointer
if the code writes to green address ... it executes your custom code (write 99999) if the code writes to another address (one of the red ones) it does the original instruction ... original code
if you have found the pointer ... you can replay it
and i'll help
base = ....exe+hexbla bla
offset 1 = ... hex
offset 2 = etc
_________________
... Fresco |
|
| Back to top |
|
|
Shahryar
Advanced Cheater
Reputation: 0
Joined: 11 Jun 2011
Posts: 85
|
| Posted: Sat Mar 10, 2012 12:45 pm Post subject: |
|
|
Here:
Base address = "Vision100.dll"+00148C28
Offset0 = 48
Offset1 = 148
Offset2 = 1C8
Offset3 = 40
Offset4 = 10
Offset5 = 2F4
Offset6 = 4C
Offset7 = 24
Offset8 = 50
Offset9 = 10
Offset10 = B0
Offset11 = 10
Offset12 = 10
Offset13 = 38
Offset14 = 50
|
|
| Back to top |
|
|
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
| Posted: Sun Mar 11, 2012 10:47 am Post subject: |
|
|
thats how it would look like
if you still don't understand...
attach a screen shot of the debugger at that location
| Code: | [ENABLE]
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
label (popandoriginalcode)
push ebx
pushfd
mov ebx,"Vision100.dll"+00148C28 //what a huge pointer ...
mov ebx,[ebx]
add ebx,48
mov ebx,[ebx]
add ebx,148
mov ebx,[ebx]
add ebx,1C8
mov ebx,[ebx]
add ebx,40
mov ebx,[ebx]
add ebx,10
mov ebx,[ebx]
add ebx,2F4
mov ebx,[ebx]
add ebx,4C
mov ebx,[ebx]
add ebx,24
mov ebx,[ebx]
add ebx,50
mov ebx,[ebx]
add ebx,10
mov ebx,[ebx]
add ebx,B0
mov ebx,[ebx]
add ebx,10
mov ebx,[ebx]
add ebx,10
mov ebx,[ebx]
add ebx,38
mov ebx,[ebx]
add ebx,50
cmp [ebx],0
je popandoriginalcode
cmp eax,ebx
jne popandoriginalcode
mov [eax],#999999 //your code here //gives you 999999 (dec) money
popfd
pop ebx
jmp exit //place your code here
originalcode:
mov [eax],edx
[b]// right here there should be more code (cut it and put it here)[/b]
exit:
[b](cut it and put it here)[/b]
jmp returnhere
popandoriginalcode:
popfd
popebx
jmp originalcode
"lua100.dll"+1907B:
jmp newmem
nop // also check for how many nops
returnhere:
[DISABLE]
dealloc(newmem)
"lua100.dll"+1907B:
//copy everything you find in original code
[b]"" -- mov [eax],edx
// right here there should be more code (copy it and put it here) -- ""[/b]
|
remember
right click on the code in the codelist -> show diassembler at this location -> Ctrl+A or tools -> Auto Assemble -> template -> code injection -> ok
paste this at //place your code here
| Code: | label (popandoriginalcode)
push ebx
pushfd
mov ebx,"Vision100.dll"+00148C28 //what a huge pointer ...
mov ebx,[ebx]
add ebx,48
mov ebx,[ebx]
add ebx,148
mov ebx,[ebx]
add ebx,1C8
mov ebx,[ebx]
add ebx,40
mov ebx,[ebx]
add ebx,10
mov ebx,[ebx]
add ebx,2F4
mov ebx,[ebx]
add ebx,4C
mov ebx,[ebx]
add ebx,24
mov ebx,[ebx]
add ebx,50
mov ebx,[ebx]
add ebx,10
mov ebx,[ebx]
add ebx,B0
mov ebx,[ebx]
add ebx,10
mov ebx,[ebx]
add ebx,10
mov ebx,[ebx]
add ebx,38
mov ebx,[ebx]
add ebx,50
cmp [ebx],0
je popandoriginalcode
cmp eax,ebx
jne popandoriginalcode
mov [eax],#999999 //your code here //gives you 999999 (dec) money
popfd
pop ebx
jmp exit
popandoriginalcode:
popfd
popebx
jmp originalcode |
remember the enable / disable part ... and to delete part of original code and place it at exit and at disable part...
after you finish ... click -> file -> assign to current chat table
a new entry should appear .... your code ... if [x] give 999999 if [ ] normal
_________________
... Fresco
Last edited by Fresco on Fri Mar 30, 2012 7:27 am; edited 2 times in total |
|
| Back to top |
|
|
Shahryar
Advanced Cheater
Reputation: 0
Joined: 11 Jun 2011
Posts: 85
|
|
| Back to top |
|
|
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
| Posted: Wed Mar 28, 2012 3:09 pm Post subject: |
|
|
just upload a screenshot of the debugger at that location ...
go in advanced options -> right click the code -> show disassembler at this location -> scroll up 4 instructions -> take screenshot -> upload screen shot ;
or you could simply gime me the address bytes and instructions
of the first 4 instructions before and after that code, ok ?
then i'll make you a script that works.
_________________
... Fresco |
|
| Back to top |
|
|
Shahryar
Advanced Cheater
Reputation: 0
Joined: 11 Jun 2011
Posts: 85
|
| Posted: Fri Mar 30, 2012 6:44 am Post subject: |
|
|
Here:
| Description: |
|
| Filesize: |
448.71 KB |
| Viewed: |
15303 Time(s) |
|
|
|
| Back to top |
|
|
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
| Posted: Fri Mar 30, 2012 7:22 am Post subject: |
|
|
| Code: | [ENABLE]
alloc(newmem,128) //128 bytes should be enough
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
label(popandoriginalcode)
push ebx
pushfd
mov ebx,["Vision100.dll"+00148C28] //what a huge pointer ...
mov ebx,[ebx+48]
mov ebx,[ebx+148]
mov ebx,[ebx+1C8]
mov ebx,[ebx+40]
mov ebx,[ebx+10]
mov ebx,[ebx+2F4]
mov ebx,[ebx+4C]
mov ebx,[ebx+24]
mov ebx,[ebx+50]
mov ebx,[ebx+10]
mov ebx,[ebx+B0]
mov ebx,[ebx+10]
mov ebx,[ebx+10]
mov ebx,[ebx+38]
lea ebx,[ebx+50]
cmp [ebx],0
je popandoriginalcode
cmp eax,ebx
jne popandoriginalcode
mov [eax],#99999999 //your code here //gives you 99999999 (dec) money
popfd
pop ebx
jmp exit //place your code here
originalcode:
mov [eax],edx
//deleted code : mov edx,[ecx+04]
exit:
mov edx,[ecx+04] // moved : original code
jmp returnhere
popandoriginalcode:
popfd
popebx
jmp originalcode
"lua100.dll"+1907B:
jmp newmem
returnhere:
[DISABLE]
dealloc(newmem)
"lua100.dll"+1907B:
mov [eax],edx // the full original code
mov edx,[ecx+04] // the full original code |
check if it works ... add it to the table
let me know
PS: my bad  , about where to put popandoriginalcode: label, i have edited the other posts too
_________________
... Fresco |
|
| Back to top |
|
|
Shahryar
Advanced Cheater
Reputation: 0
Joined: 11 Jun 2011
Posts: 85
|
| Posted: Mon Apr 09, 2012 8:12 am Post subject: |
|
|
Thanks Fresco. Its worked but when I want to exit the game, the game comes out. 
Can you help me?
|
|
| Back to top |
|
|
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
| Posted: Wed Apr 18, 2012 2:29 pm Post subject: |
|
|
what do you mean with : "the game comes out"
_________________
... Fresco |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
