 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
PimpinRice
Newbie cheater
![]() Reputation: 0
Joined: 27 Sep 2012
Posts: 19
|
 Posted: Tue Dec 22, 2015 9:48 am Post subject: Need Teleport Hack with da AA (Auto Assembly) help |
 |
|
So I recently am on a stump of a problem. Been trying for a while to try and get a teleport hack using AA within Cheat Engine. Still young and learning, while young, I can't seem to find the solution to my script... I've looked at it, seems quite logical to me....
My goal is to try to assign 3 different key functions.
1. Press 1 to save the current position I'm in in-game
2. Press 2 to save the current position into another stack and then loads the 1st saved position
3. Press 3 to load the newer saved position from the other stack instead of 1st one.
So I can teleport to an old spot while still retaining and warping back to the newer coords in-game.
Heck I've even made a video DETAILING my steps and where the addresses are located and how the instructions are structured in the game along with where the offsets of my coordinates and what happens when I activate the hack in-game.
https://www.youtube.com/watch?v=xW38xbS4tvY
| Code: | [ENABLE]
aobscanmodule(teleport,Fallout4.exe,0F 28 00 48 8B CF) // should be unique
alloc(newmem,$1000,"Fallout4.exe"+221F9D1)
label(originalcode)
label(return)
label(start)
label(save_coord)
label(load_coord)
label(load_last_coord)
label(store_coord)
label(store_coord2)
label(s_enable)
label(l_enable)
label(ll_enable)
registersymbol(s_enable)
registersymbol(l_enable)
registersymbol(ll_enable)
newmem:
s_enable:
dd 0
l_enable:
dd 0
ll_enable:
dd 0
store_coord:
dd 0
dd 0
dd 0
store_coord2:
dd 0
dd 0
dd 0
start:
cmp [s_enable],1
je save_coord
cmp [l_enable],1
je load_coord
cmp [ll_enable],1
je load_last_coord
jmp originalcode
save_coord:
push eax
mov eax,[rax]
mov [store_coord],eax
mov eax,[rax+04]
mov [store_coord+04],eax
mov eax,[rax+08]
mov [store_coord+08],eax
pop eax
mov [s_enable],0
jmp originalcode
load_coord:
cmp [store_coord],0
je originalcode
push eax
mov eax,[rax]
mov [store_coord2],eax
mov eax,[rax+04]
mov [store_coord2+04],eax
mov eax,[rax+08]
mov [store_coord2+08],eax
pop eax
push esi
mov esi,[store_coord]
mov rax,[esi]
mov esi,[store_coord+04]
mov [rax+04],esi
mov esi,[store_coord+08]
mov [rax+08],esi
pop esi
mov [l_enable],0
jmp originalcode
load_last_coord:
cmp [store_coord2],0
je originalcode
push edi
mov edi,[store_coord2]
mov rax,[edi]
mov edi,[store_coord2+04]
mov [rax+04],edi
mov edi,[store_coord2+08]
mov [rax+08],edi
pop edi
mov [ll_enable],0
jmp originalcode
originalcode:
movaps xmm0,[rax]
mov rcx,rdi
jmp return
teleport:
jmp newmem
nop
return:
registersymbol(teleport)
[DISABLE]
teleport:
db 0F 28 00 48 8B CF
unregistersymbol(teleport)
unregistersymbol(s_enable)
unregistersymbol(l_enable)
unregistersymbol(ll_enable)
dealloc(newmem) |
|
|
| Back to top |
|
 |
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Dec 22, 2015 10:11 am Post subject: |
|
|
|
|
| Back to top |
|
|
vng21092
Grandmaster Cheater
 Reputation: 15
Joined: 05 Apr 2013
Posts: 644
|
| Posted: Tue Dec 22, 2015 11:38 am Post subject: |
|
|
| well, I don't have the game anymore but check Zanzer's table for Fallout 4, and check out the teleport script in that table. What you'll want to do is basically make another set of variables, lets call them X2,Y2 and Z2, and every time you teleport, you can just swap X1 with X2 (I guess you'll need an X3 to serve as a temp for the swap) and so on.
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4714
|
| Posted: Tue Dec 22, 2015 1:30 pm Post subject: |
|
|
Thank you for providing all the information this time.
The eax register is a part of the rax register. The lower 32 bits, more precisely. So moving the value stored at rax into eax changes the value of rax as well (zero-extended IIRC), making all further instructions invalid. In your script, it's like your treating rax as a 32-bit pointer to something else. This will likely access memory that doesn't exist, firing a page fault that crashes the game.
Just use a different register, like rbx, to temporarily store the coordinates. Also, if you're working with a 64-bit process, try to use the 64-bit equivalent of registers (rax, rsi, rdi... instead of eax, esi, edi...).
PS: You're trying to dereference something twice in your script when you load your coordinates, which will crash the game in a similar manner as mentioned above.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
PimpinRice
Newbie cheater
![]() Reputation: 0
Joined: 27 Sep 2012
Posts: 19
|
| Posted: Tue Dec 22, 2015 3:26 pm Post subject: |
|
|
Just changed them into rsi, rdi, rbx and shit. Still crashing just trying to attempt to save my coordinates.
| Code: | start:
cmp [s_enable],1
je save_coord
cmp [l_enable],1
je load_coord
cmp [ll_enable],1
je load_last_coord
jmp originalcode
save_coord:
push rsi
mov rsi,[rax]
mov [store_coord],rsi
mov rsi,[rax+04]
mov [store_coord+04],rsi
mov rsi,[rax+08]
mov [store_coord+08],rsi
pop rsi
mov [s_enable],0
jmp originalcode
load_coord:
cmp [store_coord],0
je originalcode
push rdi
mov rdi,[rax]
mov [store_coord2],rdi
mov rdi,[rax+04]
mov [store_coord2+04],rdi
mov rdi,[rax+08]
mov [store_coord2+08],rdi
pop rdi
push rbx
mov rbx,[store_coord]
mov rax,[rbx]
mov rbx,[store_coord+04]
mov [rax+04],rbx
mov rbx,[store_coord+08]
mov [rax+08],rbx
pop rbx
mov [l_enable],0
jmp originalcode
load_last_coord:
cmp [store_coord2],0
je originalcode
push rbx
mov rbx,[store_coord2]
mov rax,[rbx]
mov rbx,[store_coord2+04]
mov [rax+04],rbx
mov rbx,[store_coord2+08]
mov [rax+08],rbx
pop rbx
mov [ll_enable],0
jmp originalcode |
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4714
|
| Posted: Tue Dec 22, 2015 3:54 pm Post subject: |
|
|
Oh, wait. I see a pretty obvious problem. Just run through the entire process in your mind and you should see it within seconds. (Hint: I've already stated what's wrong in this case in this topic)
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
PimpinRice
Newbie cheater
![]() Reputation: 0
Joined: 27 Sep 2012
Posts: 19
|
| Posted: Tue Dec 22, 2015 9:58 pm Post subject: |
|
|
A response that shows your inadequacy, nice try though 
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Tue Dec 22, 2015 10:04 pm Post subject: |
|
|
Or was it more to point out that you should rename the load_coord label to infinite_stupidity?
Well, I guess that wouldn't cause a crash... but treating the game as 32-bit would.
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4714
|
| Posted: Tue Dec 22, 2015 10:29 pm Post subject: |
|
|
This is what I was talking about:
| ParkourPenguin wrote: | | ...I don't know why in the hell you're trying to jump to memory that's not meant to be executed (regardless if it's executable or not). |
If you still don't get it after that, then you probably don't understand what jumping to code means, in which case you should either use google or study a bit more.
You still didn't fix that other error I told you about. Regardless if you ask for help with that or not, I'm done. You come to these forums, beg us for help, and then treat us like shit when we try to give you help. I've ignored your belligerent remarks for a while, but you need to learn that acting hostile towards people giving any help to someone like you isn't a smart thing to do. If someone else is either kind enough or asinine enough to help you, then that's their business. If you have questions on where you can go to learn more, I'll be glad to answer those, but I'm not handing out anything to you any more.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
PimpinRice
Newbie cheater
![]() Reputation: 0
Joined: 27 Sep 2012
Posts: 19
|
| Posted: Wed Dec 23, 2015 4:40 pm Post subject: |
|
|
| Zanzer wrote: | Or was it more to point out that you should rename the load_coord label to infinite_stupidity?
Well, I guess that wouldn't cause a crash... but treating the game as 32-bit would. |
I did that.... It's still crashing.... Maybe that idea isn't so bright. 
| ParkourPenguin wrote: | | You still didn't fix that other error I told you about. |
.... That's because the save coordinates function doesn't even work before even reaching that second situation.
| ParkourPenguin wrote: | | Regardless if you ask for help with that or not, I'm done. You come to these forums, beg us for help, and then treat us like shit when we try to give you help. I've ignored your belligerent remarks for a while, but you need to learn that acting hostile towards people giving any help to someone like you isn't a smart thing to do. If someone else is either kind enough or asinine enough to help you, then that's their business. If you have questions on where you can go to learn more, I'll be glad to answer those, but I'm not handing out anything to you any more. |
Treat you guys like shit?! lmao! Right... To recap, I came in here, from the previous thread, posted my problem, one guy you seem to respect didn't get the situation I had at hand, I corrected him politely on it and everyone loses their shit jumping in to defend him (correction, not everyone because I wouldn't want to label everyone with you and the other guys here), and now you want to pull the victim card, especially in a time where PC culture is normal. Look I don't care if you're the admin of this forum or let alone Obama, with the exception of Kim Jong-un, but if you can't correctly analyze something objectively and truthfully I'd jump in to tell you about it, if that offends you that I stand up and challenge some position you hold in life, boy you got's lot to learn than holding an ego degree in programming, let alone a very very small niche specific of programming. There is thing call life, and everyone won't see eye to eye, but dictating history and claiming victim in excuse for your passive-aggressive responses just doesn't cut it.
vng21092 is the only one here in this thread that posted something that is actually productive, even though I don't want to copy and paste someones code and try to learn stuff by doing it myself, UNLESS I absolutely have to, I just want to thank him and then thank the guy who he mentioned but lo and behold the guy who he mentions comes into this thread and makes a condescending statement... Clever move. Makes you wonder... Is this how Cheat Engine forum runs like, filled with ego-maniacs?
|
|
| Back to top |
|
|
akumakuja28
Master Cheater
 Reputation: 16
Joined: 28 Jun 2015
Posts: 432
|
| Posted: Wed Dec 23, 2015 4:51 pm Post subject: |
|
|
| ParkourPenguin wrote: |
You still didn't fix that other error I told you about. Regardless if you ask for help with that or not, I'm done. You come to these forums, beg us for help, and then treat us like shit when we try to give you help. I've ignored your belligerent remarks for a while, but you need to learn that acting hostile towards people giving any help to someone like you isn't a smart thing to do. If someone else is either kind enough or asinine enough to help you, then that's their business. If you have questions on where you can go to learn more, I'll be glad to answer those, but I'm not handing out anything to you any more. |
lol, i love it when very nice helpful people freak out. ParkourPenguin knows his stuff pretty well. what have you done.
Anyway man your script is a mess. you dont need push but one register.
your AOB injection jump in the script is wrong
use XMM registers. 9 out ten times the higher registers are free and unused.
you didnt alloc any memory for your hotkey based values or your stored values
| Code: |
[ENABLE]
aobscanmodule(teleport,Fallout4.exe,0F 28 00 48 8B CF) // should be unique
alloc(newmem,$1000,"Fallout4.exe"+221F9D1)
label(originalcode)
label(return)
label(start)
label(save_coord)
label(load_coord)
label(load_last_coord)
label(store_coord)
label(store_coord2)
label(s_enable)
label(l_enable)
label(ll_enable)
registersymbol(s_enable) where are the alloc memory
registersymbol(l_enable)
registersymbol(ll_enable)
newmem: //// Everything below to start is in the wrong location and unnecessary as it defaults to zero
s_enable:
dd 0
l_enable:
dd 0
ll_enable:
dd 0
store_coord:
dd 0
dd 0
dd 0
store_coord2:
dd 0
dd 0
dd 0
start:
cmp [s_enable],1 // hotkey value's
je save_coord
cmp [l_enable],1
je load_coord
cmp [ll_enable],1
je load_last_coord
jmp originalcode
save_coord:
push eax // use a XMM register for all of this but correct so far
mov eax,[rax]
mov [store_coord],eax
mov eax,[rax+04]
mov [store_coord+04],eax
mov eax,[rax+08]
mov [store_coord+08],eax
pop eax
mov [s_enable],0
jmp originalcode
load_coord:
cmp [store_coord],0 // checking to make sur eyou have a value
je originalcode
push eax
mov eax,[rax]
mov [store_coord2],eax // storing position before you execute the teleport
mov eax,[rax+04]
mov [store_coord2+04],eax
mov eax,[rax+08]
mov [store_coord2+08],eax
pop eax
push esi // executing stored coords
mov esi,[store_coord]
mov rax,[esi]
mov esi,[store_coord+04]
mov [rax+04],esi
mov esi,[store_coord+08]
mov [rax+08],esi
pop esi
mov [l_enable],0
jmp originalcode
load_last_coord:
cmp [store_coord2],0
je originalcode
push edi
mov edi,[store_coord2]
mov rax,[edi]
mov edi,[store_coord2+04]
mov [rax+04],edi
mov edi,[store_coord2+08]
mov [rax+08],edi
pop edi
mov [ll_enable],0
jmp originalcode
originalcode:
movaps xmm0,[rax]
mov rcx,rdi
jmp return
teleport:
jmp newmem //dont jump to here. Jump to "start"
nop
return:
registersymbol(teleport)
[DISABLE]
teleport:
db 0F 28 00 48 8B CF
unregistersymbol(teleport)
unregistersymbol(s_enable)
unregistersymbol(l_enable)
unregistersymbol(ll_enable)
dealloc(newmem) |
http://forum.cheatengine.org/viewtopic.php?t=586151 Last post is a reference is how to write a teleport script. Included is a small table. Also you should read the thing about pushing registers.
Well good luck dude
_________________
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Wed Dec 23, 2015 5:40 pm Post subject: |
|
|
Yea, your code is going to crash too because you thought he knew what he was doing when he wrote it.
Tell ya what PimpinRice, here's a constructive piece of advice:
Break and trace your injection and you can see exactly what's crashing!
|
|
| Back to top |
|
|
akumakuja28
Master Cheater
Reputation: 16
Joined: 28 Jun 2015
Posts: 432
|
| Posted: Wed Dec 23, 2015 6:56 pm Post subject: |
|
|
| Zanzer wrote: | Yea, your code is going to crash too because you thought he knew what he was doing when he wrote it.
|
Brah I cant do the whole thing for him. I linked him to a working teleport script. If he neglects to use breakpoint to see how his values are being stored I cant help that.
Whats up with all the angst on thread? Wow!
_________________
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Wed Dec 23, 2015 7:12 pm Post subject: |
|
|
His responses to those helping him. 
|
|
| Back to top |
|
|
akumakuja28
Master Cheater
Reputation: 16
Joined: 28 Jun 2015
Posts: 432
|
| Posted: Thu Dec 24, 2015 4:17 pm Post subject: |
|
|
i just checked out your youtube video and your trying to inject code on a shared opcode.
You have to write a "lock out compare" which will still prolly crash the game.
You have to at least have player base & dog companion base (depending on how the dog works based on your location).
then you need to breakpoint on that register and compare which register has your base address.
write in a compare WHEN that base address is game accessed.
then from there you need to write in your teleport script.
_________________
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
