Cheat Engine

Zanko · Cheater Reputation: 0 Joined: 28 May 2014 Posts: 40

I am just trying to learn and currently trying to disable lighnting strike in Final Fantasy X. I already created a small script to dodge lightning by itself but I just want to explore further to modify some code. I have been drawing blank for 14 hours + now. Maybe somebody can give me some insight. So I was just using cheat engine and (like a noob) put debug here and there, trying to replace the function call with code that does nothing. Something it crashes the game and one particular function disable the lightning!

The problem is that although i disable it i feel that I have replaced a generic function that is most likely used by the game elsewhere. The reason is that when I put breakpoint, it still breaks even in the home screen. I mean if it breaks in the map that has lightning then it make some sense. So I was just trying to trace but no luck : ( There seem to be so many generic call. When I put the break point it break almost at every tick. I did find some magic about lightning though, some break point trigger exactly 12 times before lightning comes up and extra 3 times after lightning. But anyway after looking at spaghetti code, I try IDA pro mayb, I can get something. So if anyone have any comment to help me please do so! Thanks!!

The atttached is the iamge from IDA pro for the function that if I replace, no lightning will occur.
http://imgur.com/JxYjHh2

Another note is that this particular function is used a total of 4 times (I found the xhref to) I haven't explore the other 3 yet. But I just know that if I replace this particular function call I won't get lightning. Not sure about other 3

++METHOS · Posted: Sat Jun 25, 2016 1:42 am Post subject:

Two things...

1. You may have found the wrong call. If so, find a better one to work with (it could be in an entirely different area of code).
2. If the call is right, but you're just not digging deep enough, you can try to step in to the call and discover, exactly, where the lightening function is getting executed. (It could be inside another call, or several calls deep)

Zanko · Cheater Reputation: 0 Joined: 28 May 2014 Posts: 40

Hello, thank you for your response. I have a question. Since I replace the function call with code that does noting and the lightning doesn't trigger, does that mean surely the call gonna be somewhere deep starting from this function? I am suspecting that I am looking at the wrong area of code too. But I am so focused on this particular function since it is the function that somehow make lightning stop...

++METHOS · Posted: Sat Jun 25, 2016 3:59 am Post subject:

Not necessarily. For example, you may find several calls that will disable something in the game, but that does not mean that they are the right calls...they could just disable parts of the game that are required for that effect to happen (such as sending a key press or playing an animation etc.).

It is best to use ultimap in these cases. But, even with ultimap, it may require more work on your part to create a working script that will do what you want it to and not do what you don't want it to.

Zanko · Cheater Reputation: 0 Joined: 28 May 2014 Posts: 40

Thanks, yea I have looked into ultimap and ran it. However it lag so much and whenever i press STOP i meet the blue screen of death ahha. That is why I resort to IDA Pro to hopefully understand some peaudo code. Where other suggestion do you have? I lack technique and insight to thes thing at the moment. I tried break and trace, debug, break point.

Also sometimes assembly compare something like

cmp eax, CSERHELPER.dll

which I am not sure what it does. I am suspecting the lightning is generated randomly so how should rand function look like in assembly?

++METHOS · Posted: Sat Jun 25, 2016 5:04 am Post subject:

I would first try to get ultimap working properly. If that is not possible, then you'll have to do everything manually. You'll need to find a way to locate the lightening function (or related function) in code and back trace and/or analyze the code until you find the correct sub-routine that handles that.

Depending on how the game works and how the lightening gets triggered, it may be easier to use a debugger/analyzer to find it.

Zanko · Cheater Reputation: 0 Joined: 28 May 2014 Posts: 40

1 ) Hi you mentioned that I should get my ultimap working properly. Can it simply mean that my laptop cannot handle such heavy computation? I have 16GB Ram i7 mac book pro labtop on bootcamp. Or I can do some configuration to make ultimap works ? The only configuration i see is the chunk size which defaulted to 4 million? I tried reducing and the game is freeze when I run ultimap.

2 ) Is it even possible that there is no such function triggerLightning() that cleanly called once when lightning came? it might be something like checkState function that call on every tick. If so.. I can't really pinpoint the function that get trigger EXACTLY once right?

++METHOS · Posted: Sat Jun 25, 2016 5:49 am Post subject:

1. Better to ask DB about ultimap technical questions.

2. I would not expect to see a simple function like triggerlightening() unless the game is mono/java or has a lot of symbol data in order for you to find stuff like that easily. More than likely, the call is going to be buried and unidentifiable, so, you're probably going to have to do some work in order to find it. Get creative and think of different ways that can be used to narrow in on the appropriate segment of code. However, it might be worth your time to investigate whether or not you can get ultimap working properly...especially if you're going to be doing more advanced stuff.