omnidouche
How do I cheat?
![]() Reputation: 0
Joined: 30 Oct 2014
Posts: 9
|
 Posted: Tue Nov 18, 2014 7:37 am Post subject: What do I do when sig scans fail and other stuff |
 |
|
So I'm keeping this vague as I'm just looking for ideas on how to basically keep a cheat without using the aobscan. From what I gather, most modern games don't seem to use base pointers and such so finding the same address every time it's launched, saves reloaded, etc is tough. I understand how aobscans search for bytes that correspond to the particular instruction I'm trying to change but what should I do when the sig scan fails (through either CE 6.4's innate AOB injection and other LUA AOB identifiers)? I figure it would have something to do with dissecting the data, finding something static (like a character id) and then setting an offset but shouldn't that be exactly what the automatic scan does? Anyways, I am really new to dissecting data and while I don't have a problem in very simple programs (like tutorial step 9) I find myself lost in much more complex ones when there are multiple structures with pointers in between. Also what's a good example of how to use the structure spider? I read the help file and kind of understand but I don't know how I would apply it.
My second question is a little more specific. So I'm trying to work my way back from a code I found for stamina in a game. I found the display value as a float between 0 and 100. The odd thing is that there are two addresses spaced 4 bytes apart always with the same value. The lower address actually affects my bar when frozen/changed but the other doesn't seem to change anything. I tried to see what writes and accesses these codes. Basically for the address that changes my bar's display, it multiplies a floating point register by the value at my display address, loads a fp into the value at the same address, then moves a scalar fp from the register it multiplied earlier into the value of this address. The address that does nothing AFAIK has the same last two opcodes....almost. The address offset is 4 bytes higher than the other (the first is +58 and the second is +5C). I'm sure this all can be traced back to the actual instruction that decreases and increases my stamina but that function is over 1000 bytes long and contains many many subs and adds in memory viewer. I just need an idea now of how to move on and figure out the next step or what I should look for next. Granted I probably have the definitions of these opcodes wrong so here they are
The code that actually changes the display
| Quote: | 0565C959 - F3 0F59 47 58 - mulss xmm0,[edi+58]
0565CCCB - D9 46 58 - fld dword ptr [esi+58]
0565CD86 - F3 0F11 46 58 - movss [esi+58],xmm0 |
The ??? code with the same exact float value
| Quote: | 0565CC96 - F3 0F11 41 5C - movss [ecx+5C],xmm0
0565CCD2 - D9 46 5C - fld dword ptr [esi+5C] |
BTW EDI+58=ESI+58. Oh and I have dissected the data at the two original addresses and the addresses of the two movss instructions. The only similarities at all are 0s between any combination of 2 of 4. Break and Trace Instructions grinds everything to a halt and usually causes a CE and game crash
Sorry about the wall of text but I'm trying to be specific because I'd like to learn this. I also wasn't for sure if I should have made two topics or not so I played it safe.
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
