 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
jim2point0
Master Cheater
 Reputation: 4
Joined: 05 Oct 2012
Posts: 336
|
 Posted: Tue Aug 06, 2013 5:43 pm Post subject: Teleport scripts (saving and setting coordinate) |
 |
|
I'm still learning the basics around creating scripts in CE. There's some stuff I can do, but I'm trying to actually do some useful stuff as a learning exercise.
I created a single player cheat request similar to this, but this is more generic if anyone can just explain the logic around a teleport script.
I'll use this script I found from lowbit's Far Cry 3 table (awesome table, that).
| Code: | [ENABLE]
//---------TELEPORTER-----------//
alloc(newmem_Teleport,2048)
label(returnhere_Teleport)
label(originalcode_Teleport)
label(exit_Teleport)
label(z_coord)
label(x_coord)
label(y_coord)
label(save_coord)
label(load_coord)
label(s_enable)
label(l_enable)
registersymbol(s_enable)
registersymbol(l_enable)
"FC3_d3d11.dll"+108612A:
jmp newmem_Teleport
nop
returnhere_Teleport:
newmem_Teleport:
cmp dword ptr [eax+4C],(int)0
jne originalcode_Teleport
cmp [s_enable],1
je save_coord
cmp [l_enable],1
je load_coord
save_coord:
mov [s_enable],0
push edx
mov edx,[eax+30]
mov [x_coord],edx
mov edx,[eax+34]
mov [z_coord],edx
mov edx,[eax+38]
mov [y_coord],edx
pop edx
jmp originalcode_Teleport
load_coord:
mov [l_enable],0
cmp [z_coord],0
je originalcode_Teleport
push edx
mov edx,[x_coord]
mov [eax+30],edx
mov edx,[z_coord]
mov [eax+34],edx
mov edx,[y_coord]
mov [eax+38],edx
pop edx
jmp originalcode_Teleport
originalcode_Teleport:
mov edx,[eax+30]
mov [ebp-30],edx
exit_Teleport:
jmp returnhere_Teleport
x_coord:
dd 0
z_coord:
dd 0
y_coord:
dd 0
s_enable:
dd 0
l_enable:
dd 0
[DISABLE]
dealloc(newmem_Teleport)
unregistersymbol(s_enable)
unregistersymbol(l_enable)
"FC3_d3d11.dll"+108612A:
mov edx,[eax+30]
mov [ebp-30],edx
|
First of all:
| Code: | | "FC3_d3d11.dll"+108612A: |
I'm not really sure how to pick the spot for the code injection. Is this just any opcode that accesses the first coordinate as an injection point?
| Code: | | cmp dword ptr [eax+4C],(int)0 |
That logic I'm also not sure about. I don't know what that is comparing or why.
| Code: | cmp [z_coord],0
je originalcode_Teleport |
For that: if no value is stored, do not execute the teleport and just do the original code?
I've only done basic scripts that get values to store them in pointers, so this is all kinda new to me.
Thanks for any help\tips 
|
|
| Back to top |
|
 |
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Aug 06, 2013 6:42 pm Post subject: Re: Teleport scripts (saving and setting coordinate) |
|
|
| jim2point0 wrote: |
First of all:
| Code: | | "FC3_d3d11.dll"+108612A: |
I'm not really sure how to pick the spot for the code injection. Is this just any opcode that accesses the first coordinate as an injection point? |
-Sometimes. There are two things that you must check. First, make sure that the coordinate address is correct (before looking at any instruction). For example, some addresses will not teleport your through objects (walls, high ground etc.). So, make sure you have an address that does that. Second, you need to check the instruction because not all of them may work. I usually have my script written out, and just swap out the instruction address (and registers etc.), if it doesn't appear to be panning out. You can usually spot which offset you need to be working with. I usually start with an instruction that is being accessed the most, and move on to the next, if it doesn't work, based on that. So, if the instruction that accesses your first coordinate address that is being accessed the most does not work, I move on to the second most accessed instruction with the proper offset.
| jim2point0 wrote: | | Code: | | cmp dword ptr [eax+4C],(int)0 |
That logic I'm also not sure about. I don't know what that is comparing or why. |
-This is just a simple compare for player ID; filtering out everyone/everything except hero player. You do this if the instruction that you are using is not exclusive to your hero player and handles the coordinates for other things...and since you only want to store and load your hero coordinates, you need to filter the addresses out.
| jim2point0 wrote: | | Code: | cmp [z_coord],0
je originalcode_Teleport |
For that: if no value is stored, do not execute the teleport and just do the original code? |
-This is just a simple compare, in case someone accidentally loads their coordinates without storing them first...otherwise, the player will be teleported to some place off of the map and/or may crash the game etc.
|
|
| Back to top |
|
|
jim2point0
Master Cheater
Reputation: 4
Joined: 05 Oct 2012
Posts: 336
|
| Posted: Tue Aug 06, 2013 7:55 pm Post subject: |
|
|
Thanks for the response.
Things seem to be going well. I have the right addresses. I did pick instruction that was accessed the most, which panned out well. But I seem to be falling apart at the hotkey logic. For example, I only want to save coordinates once you press a hotkey. See here:
| Code: | [ENABLE]
label(pCoordX)
label(pCoordY)
label(pCoordZ)
label(s_enable)
label(save_coord)
registersymbol(pCoordX)
registersymbol(pCoordY)
registersymbol(pCoordZ)
registersymbol(s_enable)
alloc(newmem_Teleport,2048)
label(returnhere_Teleport)
label(originalcode_Teleport)
label(exit_Teleport)
newmem_Teleport:
cmp [s_enable],1
je save_coord
save_coord:
mov [s_enable],0
push edx
mov edx,[esi+50]
mov [pCoordX],edx
mov edx,[esi+54]
mov [pCoordY],edx
mov edx,[esi+58]
mov [pCoordZ],edx
pop edx
jmp originalcode_Teleport
originalcode_Teleport:
movss xmm0,[esi+50]
exit_Teleport:
jmp returnhere_Teleport
///
pCoordX:
dd 0
pCoordY:
dd 0
pCoordZ:
dd 0
s_enable:
dd 0
///
"DMC-DevilMayCry.exe"+15D49E1:
jmp newmem_Teleport
returnhere_Teleport:
[DISABLE]
dealloc(newmem_Teleport)
"DMC-DevilMayCry.exe"+15D49E1:
movss xmm0,[esi+50]
unregistersymbol(pCoordX)
unregistersymbol(pCoordY)
unregistersymbol(pCoordZ)
unregistersymbol(s_enable) |
Problem is, as soon as I enable the script, the code under "save_coord" is being run and the coordinates are being saved. So I guess the logic I have to only run when "s_enable" is 1 isn't working, and it's just running anyways all the time.
Do you see any problems with that script above?
The good thing is, when I press my hotkey to set "s_enable" to 1, the code resets it to 0. So once the logic is nailed down, it should only save once when I press the key, which is good.
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Aug 06, 2013 8:32 pm Post subject: |
 |
|
| Code: | newmem_Teleport:
cmp [s_enable],1
je save_coord
jmp originalcode_Teleport //you must add this, otherwise, save_coord will always be executed.
save_coord:
mov [s_enable],0
push edx
mov edx,[esi+50]
mov [pCoordX],edx
mov edx,[esi+54]
mov [pCoordY],edx
mov edx,[esi+58]
mov [pCoordZ],edx
pop edx
jmp originalcode_Teleport |
|
|
| Back to top |
|
|
jim2point0
Master Cheater
Reputation: 4
Joined: 05 Oct 2012
Posts: 336
|
| Posted: Tue Aug 06, 2013 9:53 pm Post subject: |
|
|
*facepalm*
Well, that works great Loading the stored values was easy enough to add to the script after that.
Slowly learning how to use this thing. Thanks for the help!
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Aug 06, 2013 11:01 pm Post subject: |
|
|
| No problem. Thank you for reporting back.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
