View previous topic :: View next topic |
Author |
Message |
TurboKid Newbie cheater Reputation: 0
Joined: 01 Aug 2018 Posts: 14
|
Posted: Thu Aug 02, 2018 7:28 am Post subject: VEH Debugger can't find any addresses |
|
|
Hi I'm having a problem with borderlands 2 and cheat engine
Since the windows debugger was crashing my game I started to use VEH Debugger but I noticed sometimes it couldn't catch anything when I right click on an opp code and I choose "Find out what addresses this instruction accesses"
This upset me because this instruction is accessing the z coord of the player and I don't want to scan all the values again until I find the right address because I'm not even sure using "Find out what writes to this address" will works this time.
Despite this I was able to write an unfinite ammo cheat and i'll be happy to make another cheat that allows me to access some inaccessible areas
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Thu Aug 02, 2018 7:39 am Post subject: |
|
|
Are you sure the code actually runs, with VEH I had no problems with BL2. Try setting a breakpoint.
_________________
|
|
Back to top |
|
|
TurboKid Newbie cheater Reputation: 0
Joined: 01 Aug 2018 Posts: 14
|
Posted: Thu Aug 02, 2018 8:36 am Post subject: |
|
|
Yes the code was actually running
I even tried with the instruction changing the ammo and I was getting no results(by right clicking on the oppcode and choosing"Find out what addresses this instruction accesses")
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Thu Aug 02, 2018 8:45 am Post subject: |
|
|
Here is where I hook the ammo, try to find this code and see if it shows any addresses.
Code: |
//// Injection Point: Borderlands2.exe+81F0E5 - 0192F0E5
//// AOB address: 0192F0A3 - Borderlands2.exe+81F0A3
//// Process: Borderlands2.exe - p
//// Module: Borderlands2.exe - p
//// Module Size: 02378000
Borderlands2.exe+81F0A6: 8B 01 - mov eax,[ecx]
Borderlands2.exe+81F0A8: F3 0F10 45 0C - movss xmm0,[ebp+0C]
Borderlands2.exe+81F0AD: F3 0F11 45 0C - movss [ebp+0C],xmm0
Borderlands2.exe+81F0B2: 85 C0 - test eax,eax
Borderlands2.exe+81F0B4: 74 21 - je 0192F0D7
Borderlands2.exe+81F0B6: 8A 51 04 - mov dl,[ecx+04]
Borderlands2.exe+81F0B9: 80 FA 10 - cmp dl,10
Borderlands2.exe+81F0BC: 73 19 - jae 0192F0D7
Borderlands2.exe+81F0BE: 0FB6 D2 - movzx edx,dl
Borderlands2.exe+81F0C1: 8B 84 90 88010000 - mov eax,[eax+edx*4+00000188]
Borderlands2.exe+81F0C8: 89 41 08 - mov [ecx+08],eax
Borderlands2.exe+81F0CB: 85 C0 - test eax,eax
Borderlands2.exe+81F0CD: 74 08 - je 0192F0D7
Borderlands2.exe+81F0CF: 8A 51 05 - mov dl,[ecx+05]
Borderlands2.exe+81F0D2: 3A 50 40 - cmp dl,[eax+40]
Borderlands2.exe+81F0D5: 74 0E - je 0192F0E5
Borderlands2.exe+81F0D7: C7 41 08 00000000 - mov [ecx+08],00000000
Borderlands2.exe+81F0DE: D9 45 0C - fld dword ptr [ebp+0C]
Borderlands2.exe+81F0E1: 5D - pop ebp
Borderlands2.exe+81F0E2: C2 0800 - ret 0008
//// INJECTING START ----------------------------------------------------------
Borderlands2.exe+81F0E5: F3 0F10 40 6C - movss xmm0,[eax+6C] // Ammo address(es)
//// INJECTING END ----------------------------------------------------------
Borderlands2.exe+81F0EA: F3 0F11 45 0C - movss [ebp+0C],xmm0
Borderlands2.exe+81F0EF: D9 45 0C - fld dword ptr [ebp+0C]
Borderlands2.exe+81F0F2: 5D - pop ebp
Borderlands2.exe+81F0F3: C2 0800 - ret 0008
Borderlands2.exe+81F0F6: CC - int 3
Borderlands2.exe+81F0F7: CC - int 3
Borderlands2.exe+81F0F8: CC - int 3
Borderlands2.exe+81F0F9: CC - int 3
Borderlands2.exe+81F0FA: CC - int 3
Borderlands2.exe+81F0FB: CC - int 3
Borderlands2.exe+81F0FC: CC - int 3
Borderlands2.exe+81F0FD: CC - int 3
Borderlands2.exe+81F0FE: CC - int 3
Borderlands2.exe+81F0FF: CC - int 3
Borderlands2.exe+81F100: 53 - push ebx
Borderlands2.exe+81F101: 56 - push esi
Borderlands2.exe+81F102: 57 - push edi
Borderlands2.exe+81F103: 8B D9 - mov ebx,ecx
Borderlands2.exe+81F105: 33 FF - xor edi,edi
Borderlands2.exe+81F107: 39 7B 44 - cmp [ebx+44],edi |
Do you have an AV running?
_________________
|
|
Back to top |
|
|
TurboKid Newbie cheater Reputation: 0
Joined: 01 Aug 2018 Posts: 14
|
Posted: Thu Aug 02, 2018 9:14 am Post subject: |
|
|
I tried what you gave me and This time it was working well your instruction was giving me an address but actually this is what i'm using personally for the ammo(the only problem I've encountered is that the instruction is accessing multiple addresses some are for ammo and the others are for the dammage but I've managed to make a distinction between both)
Code: | {
// ORIGINAL CODE - INJECTION POINT: "Borderlands2.exe"+A189C2
"Borderlands2.exe"+A189A7: 76 07 - jna Borderlands2.exe+A189B0
"Borderlands2.exe"+A189A9: F3 0F 11 4E 6C - movss [esi+6C],xmm1
"Borderlands2.exe"+A189AE: EB 17 - jmp Borderlands2.exe+A189C7
"Borderlands2.exe"+A189B0: 0F 2F C8 - comiss xmm1,xmm0
"Borderlands2.exe"+A189B3: 76 05 - jna Borderlands2.exe+A189BA
"Borderlands2.exe"+A189B5: 0F 28 C1 - movaps xmm0,xmm1
"Borderlands2.exe"+A189B8: EB 08 - jmp Borderlands2.exe+A189C2
"Borderlands2.exe"+A189BA: 0F 2F D0 - comiss xmm2,xmm0
"Borderlands2.exe"+A189BD: 77 03 - ja Borderlands2.exe+A189C2
"Borderlands2.exe"+A189BF: 0F 28 C2 - movaps xmm0,xmm2
// ---------- INJECTING HERE ----------
"Borderlands2.exe"+A189C2: F3 0F 11 46 6C - movss [esi+6C],xmm0
// ---------- DONE INJECTING ----------
"Borderlands2.exe"+A189C7: 8B 0D 44 FD 11 03 - mov ecx,[Borderlands2.exe+1EEFD44]
"Borderlands2.exe"+A189CD: 85 C9 - test ecx,ecx
"Borderlands2.exe"+A189CF: 74 0F - je Borderlands2.exe+A189E0
"Borderlands2.exe"+A189D1: E8 FA 99 1B 00 - call Borderlands2.exe+BD23D0
"Borderlands2.exe"+A189D6: D9 5D 08 - fstp dword ptr [ebp+08]
"Borderlands2.exe"+A189D9: F3 0F 10 45 08 - movss xmm0,[ebp+08]
"Borderlands2.exe"+A189DE: EB 03 - jmp Borderlands2.exe+A189E3
"Borderlands2.exe"+A189E0: 0F 57 C0 - xorps xmm0,xmm0
"Borderlands2.exe"+A189E3: 8B 16 - mov edx,[esi]
"Borderlands2.exe"+A189E5: 8B 82 70 01 00 00 - mov eax,[edx+00000170]
} |
Anyway the instruction that was supposed to change the z coord wasn't giving any result so maybe I should try to find another one :/
and yes I have an AV running called ESET nod 32 and it has a HIPS system running too do you think this could interfer with CE?Because that's weird to have no result sometimes even when I use "find out what writes to this address"
|
|
Back to top |
|
|
Arsh Newbie cheater Reputation: 1
Joined: 02 Aug 2018 Posts: 22 Location: India
|
Posted: Thu Aug 02, 2018 9:23 am Post subject: |
|
|
i don't got any problem with ce or borderland.mostly problem we faces when we are using physical memory
|
|
Back to top |
|
|
TurboKid Newbie cheater Reputation: 0
Joined: 01 Aug 2018 Posts: 14
|
Posted: Thu Aug 02, 2018 9:31 am Post subject: |
|
|
Just in case here are the settings i'm using
Description: |
|
Filesize: |
29.71 KB |
Viewed: |
3619 Time(s) |
|
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Thu Aug 02, 2018 9:40 am Post subject: |
|
|
I'm betting it's just the code doesn't run, I remember running into this a couple of times with BL2; code that only runs in certain situations.
_________________
|
|
Back to top |
|
|
TurboKid Newbie cheater Reputation: 0
Joined: 01 Aug 2018 Posts: 14
|
Posted: Thu Aug 02, 2018 9:44 am Post subject: |
|
|
TheyCallMeTim13 wrote: | I'm betting it's just the code doesn't run, I remember running into this a couple of times with BL2; code that only runs in certain situations. |
okay thanks I'll find another instructions then
|
|
Back to top |
|
|
Arsh Newbie cheater Reputation: 1
Joined: 02 Aug 2018 Posts: 22 Location: India
|
Posted: Thu Aug 02, 2018 9:49 am Post subject: |
|
|
turbo kid,bro i remember there was not difficulty to hack borderline games if you still cannot able to edit memory then download table but our own hacking gives pleasure
|
|
Back to top |
|
|
TurboKid Newbie cheater Reputation: 0
Joined: 01 Aug 2018 Posts: 14
|
Posted: Thu Aug 02, 2018 9:50 am Post subject: |
|
|
Just in case someone wants to give it a try
here is how i'm able to find the instruction that was changing the z coord
I use memory scan with this array of bytes
F3 0F 10 4E 68 F3 0F 5C 55 E0 F3 0F 5C 45 E4 F3 0F 5C 4D E8
Edit:"but our own hacking gives pleasure " Hmmmm.... OK Arsh
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
|
Back to top |
|
|
TurboKid Newbie cheater Reputation: 0
Joined: 01 Aug 2018 Posts: 14
|
Posted: Thu Aug 02, 2018 10:17 am Post subject: |
|
|
Thanks again I already have the first table but I wanted to make my own ammo cheat simply because the two ammo cheats in the table weren't only giving me unlimited ammo but they were giving me no reload too (and it's fun to make your own cheat that works :p )
Now I only have to scan again for the z coord and i'll work on another instructions then
|
|
Back to top |
|
|
Arsh Newbie cheater Reputation: 1
Joined: 02 Aug 2018 Posts: 22 Location: India
|
Posted: Thu Aug 02, 2018 10:20 am Post subject: |
|
|
Turbo kid
|
|
Back to top |
|
|
TurboKid Newbie cheater Reputation: 0
Joined: 01 Aug 2018 Posts: 14
|
Posted: Thu Aug 02, 2018 10:31 am Post subject: |
|
|
Arsh i'm sorry but every time I see one of your post I can't stop thinking about this meme
"Hello betiful, send me bobs and vagene plis"
Pls don't feel offended
I understand your difficulty since I'm not a native english speaker too
|
|
Back to top |
|
|
|