 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
fartclot
How do I cheat?
![]() Reputation: 0
Joined: 17 Mar 2025
Posts: 4
|
 Posted: Mon Mar 17, 2025 11:20 am Post subject: [HELP] I've tried all I know on this game |
 |
|
I’ve only just started using Cheat Engine for more than the insanely basic task of finding addresses about a week ago. I’ve been trying to create a pointer to reuse later in a cheat table for the game. The game is modded, and on a modded server, you can modify points client sidedly, which still ends up saving on the servers side. I discovered this by changing the value of a doubles address, and it worked.
However, I wanted to save a pointer to reuse it later without having to find the address again which failed and I tried everything you can do to get a pointer. Now, I’ve spent three days trying to get this one thing to work. I'm very new and I’m sure there’s a lot I could be doing wrong. I’ve tried using AOB injection and watched several tutorials, but every time I execute it, my game crashes. I do have an idea of why this is happening, but I’d like to get some answers. If you have suggestions, I can respond to let you know if I’ve already tried them or if they didn’t work.
I don't know what information I should provide that would give you the ability to answer my problem but if you want me get something then I can.
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 150
Joined: 06 Jul 2014
Posts: 4657
|
| Posted: Mon Mar 17, 2025 12:35 pm Post subject: |
|
|
Make a code injection that copies the address. Search "injection copy" to find tutorials. Try to pick an instruction that only accesses the address you want (right click instruction -> Find out what addresses this instruction accesses).
| fartclot wrote: | | I don't know what information I should provide that would give you the ability to answer my problem but if you want me get something then I can. |
If the Auto Assembler script you wrote doesn't work and you want other people to tell you why it doesn't work and/or fix it for you, providing the script would be very helpful.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
fartclot
How do I cheat?
![]() Reputation: 0
Joined: 17 Mar 2025
Posts: 4
|
| Posted: Mon Mar 17, 2025 2:03 pm Post subject: re |
|
|
I have tried that recommendation as well but as youll read this you might notice thats not really feasible since the memory viewer value I'm using the second I view instructions gets over thousands of results in the first second and I have checked just about everything around it and there were no results of my value popping up without there being thousands of others.
| Code: |
[ENABLE]
aobscanmodule(INJECT,DWrite.dll,43 48 8B 2C CA 48 89 28 8B 06) // should be unique
alloc(newmem,$1000,INJECT)
label(code)
label(return)
newmem:
code:
mov [rax],rbp
mov eax,[rsi]
jmp return
INJECT+05:
jmp newmem
return:
registersymbol(INJECT)
[DISABLE]
INJECT+05:
db 48 89 28 8B 06
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: DWrite.dll+166E0D
DWrite.dll+166DE7: 0F 85 CF 11 00 00 - jne DWrite.dll+167FBC
DWrite.dll+166DED: 3B 45 30 - cmp eax,[rbp+30]
DWrite.dll+166DF0: 0F 83 C6 11 00 00 - jae DWrite.dll+167FBC
DWrite.dll+166DF6: C1 E0 03 - shl eax,03
DWrite.dll+166DF9: 48 03 45 10 - add rax,[rbp+10]
DWrite.dll+166DFD: 48 83 38 FF - cmp qword ptr [rax],-01
DWrite.dll+166E01: 74 1F - je DWrite.dll+166E22
DWrite.dll+166E03: F6 45 08 04 - test byte ptr [rbp+08],04
DWrite.dll+166E07: 75 43 - jne DWrite.dll+166E4C
DWrite.dll+166E09: 48 8B 2C CA - mov rbp,[rdx+rcx*8]
// ---------- INJECTING HERE ----------
DWrite.dll+166E0D: 48 89 28 - mov [rax],rbp
// ---------- DONE INJECTING ----------
DWrite.dll+166E10: 8B 06 - mov eax,[rsi]
DWrite.dll+166E12: 0F B6 CC - movzx ecx,ah
DWrite.dll+166E15: 0F B6 E8 - movzx ebp,al
DWrite.dll+166E18: 48 83 C6 04 - add rsi,04
DWrite.dll+166E1C: C1 E8 10 - shr eax,10
DWrite.dll+166E1F: FF 24 EB - jmp qword ptr [rbx+rbp*8]
DWrite.dll+166E22: 4C 8B 55 20 - mov r10,[rbp+20]
DWrite.dll+166E26: 4D 85 D2 - test r10,r10
DWrite.dll+166E29: 74 D8 - je DWrite.dll+166E03
DWrite.dll+166E2B: 41 F6 42 0A 02 - test byte ptr [r10+0A],02
}
|
| Code: |
[ENABLE]
aobscanmodule(INJECT,DWrite.dll,48 83 38 FF 74 1F F6 45 08 04 75 43) // should be unique
alloc(newmem,$1000,INJECT)
label(code)
label(return)
newmem:
code:
cmp qword ptr [rax],-01
je DWrite.dll+166E22
jmp return
INJECT:
jmp newmem
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 48 83 38 FF 74 1F
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: DWrite.dll+166DFD
DWrite.dll+166DD4: 73 62 - jae DWrite.dll+166E38
DWrite.dll+166DD6: 66 48 0F 6E C0 - movq xmm0,rax
DWrite.dll+166DDB: F2 0F 2C C0 - cvttsd2si eax,xmm0
DWrite.dll+166DDF: F2 0F 2A C8 - cvtsi2sd xmm1,eax
DWrite.dll+166DE3: 66 0F 2E C1 - ucomisd xmm0,xmm1
DWrite.dll+166DE7: 0F 85 CF 11 00 00 - jne DWrite.dll+167FBC
DWrite.dll+166DED: 3B 45 30 - cmp eax,[rbp+30]
DWrite.dll+166DF0: 0F 83 C6 11 00 00 - jae DWrite.dll+167FBC
DWrite.dll+166DF6: C1 E0 03 - shl eax,03
DWrite.dll+166DF9: 48 03 45 10 - add rax,[rbp+10]
// ---------- INJECTING HERE ----------
DWrite.dll+166DFD: 48 83 38 FF - cmp qword ptr [rax],-01
// ---------- DONE INJECTING ----------
DWrite.dll+166E01: 74 1F - je DWrite.dll+166E22
DWrite.dll+166E03: F6 45 08 04 - test byte ptr [rbp+08],04
DWrite.dll+166E07: 75 43 - jne DWrite.dll+166E4C
DWrite.dll+166E09: 48 8B 2C CA - mov rbp,[rdx+rcx*8]
DWrite.dll+166E0D: 48 89 28 - mov [rax],rbp
DWrite.dll+166E10: 8B 06 - mov eax,[rsi]
DWrite.dll+166E12: 0F B6 CC - movzx ecx,ah
DWrite.dll+166E15: 0F B6 E8 - movzx ebp,al
DWrite.dll+166E18: 48 83 C6 04 - add rsi,04
DWrite.dll+166E1C: C1 E8 10 - shr eax,10
}
|
| Code: |
DWrite.dll+166DFD:
7FFD0FB76DF6 - C1 E0 03 - shl eax,03
7FFD0FB76DF9 - 48 03 45 10 - add rax,[rbp+10]
7FFD0FB76DFD - 48 83 38 FF - cmp qword ptr [rax],-01 <<
7FFD0FB76E01 - 74 1F - je DWrite.dll+166E22
7FFD0FB76E03 - F6 45 08 04 - test byte ptr [rbp+08],04
RAX=000001BE23EABE20
RBX=000001BD9C811398
RCX=0000000000000010
RDX=000001BDEA82AF78
RSI=000001BDA35F75E4
RDI=000001BDA35F8138
RBP=000001BE23EABCB8
RSP=000000A38B2FEDF0
R8=000001BEEC0F9170
R9=0000000000000000
R10=000001BD9C867390
R11=0000000000008000
R12=0000000000000002
R13=00007FFD1075FB80
R14=000001C0944C7EF0
R15=000001C0944C8300
RIP=00007FFD0FB76E01
First seen:2:48:23 PM
Last seen:2:48:23 PM
|
| Code: |
DWrite.dll+166E0D:
7FFD0FB76E07 - 75 43 - jne DWrite.dll+166E4C
7FFD0FB76E09 - 48 8B 2C CA - mov rbp,[rdx+rcx*8]
7FFD0FB76E0D - 48 89 28 - mov [rax],rbp <<
7FFD0FB76E10 - 8B 06 - mov eax,[rsi]
7FFD0FB76E12 - 0FB6 CC - movzx ecx,ah
RAX=000001BE23EABE20
RBX=000001BD9C811398
RCX=0000000000000010
RDX=000001BDEA82AF78
RSI=000001BDA35F75E4
RDI=000001BDA35F8138
RBP=0000000000000000
RSP=000000A38B2FEDF0
R8=000001BEEC0F9170
R9=0000000000000000
R10=000001BD9C867390
R11=0000000000008000
R12=0000000000000002
R13=00007FFD1075FB80
R14=000001C0944C7EF0
R15=000001C0944C8300
RIP=00007FFD0FB76E10
First seen:2:48:23 PM
Last seen:2:48:23 PM
|
| Code: |
DWrite.dll+1388574:
7FFD10D9856D - 44 8B C0 - mov r8d,eax
7FFD10D98570 - 48 8B 47 10 - mov rax,[rdi+10]
7FFD10D98574 - 48 8B 14 06 - mov rdx,[rsi+rax] <<
7FFD10D98578 - 48 8B C2 - mov rax,rdx
7FFD10D9857B - 48 C1 F8 2F - sar rax,2F
RAX=000001BE23EABE10
RBX=0000000000000000
RCX=000001BD9C8103F0
RDX=0000000000000000
RSI=0000000000000010
RDI=000001BE23EABCB8
RBP=000001BD9C8103F0
RSP=000000A38B2FEDF0
R8=0000000000000003
R9=0000000000000000
R10=0000000000000000
R11=000001BE1DEFAEE8
R12=00000000000000E0
R13=000001BDA35DAE08
R14=00007FFFFFFFFFFF
R15=FFFFFFFFFFFFFFFF
RIP=00007FFD10D98578
First seen:2:48:24 PM
Last seen:2:48:24 PM
|
for some context this is a game with a score system and theres several things that can attribute to the score like how dangerous something is adds more score and ive used cheat engine and modified those values and when I check whats writing them its the same exact thing thats modifying all the other values so I don't really know what to do since 166E0D in the memory viewer is this one big thing modifying them all and while there are other things I saw when I checked whats accessing them those also led to the game crashing when modifying values and such
if you need any more information I'll happily provide it
| Description: |
|
| Filesize: |
34 KB |
| Viewed: |
8092 Time(s) |
|
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 150
Joined: 06 Jul 2014
Posts: 4657
|
| Posted: Mon Mar 17, 2025 7:11 pm Post subject: |
|
|
DWrite.dll is part of the DirectX API. It's not surprising that such code accesses many addresses.
You could try going up the callstack until you find a better injection point, but that would involve something beyond the simple "find-and-change value" task CE is commonly used for. If you're not intimately familiar with x64 assembly nor have basic knowledge of reverse engineering, you should probably just give up.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
fartclot
How do I cheat?
![]() Reputation: 0
Joined: 17 Mar 2025
Posts: 4
|
| Posted: Tue Mar 18, 2025 1:56 am Post subject: |
|
|
| ParkourPenguin wrote: | DWrite.dll is part of the DirectX API. It's not surprising that such code accesses many addresses.
You could try going up the callstack until you find a better injection point, but that would involve something beyond the simple "find-and-change value" task CE is commonly used for. If you're not intimately familiar with x64 assembly nor have basic knowledge of reverse engineering, you should probably just give up. |
do you believe pointers could be used instead? because it doesn't really have to be AOB injection just anything that really works
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 150
Joined: 06 Jul 2014
Posts: 4657
|
| Posted: Tue Mar 18, 2025 1:29 pm Post subject: |
|
|
If the pointer scanner doesn't find anything, then no, there's no easy way to find the address automatically. Scanning for it every time you need it would be the easiest way.
See this video for the pointer scanner:
https://www.youtube.com/watch?v=3dyIrcx8Z8g
Using multiple pointer maps is important
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
fartclot
How do I cheat?
![]() Reputation: 0
Joined: 17 Mar 2025
Posts: 4
|
| Posted: Wed Mar 19, 2025 3:59 am Post subject: |
|
|
yeah and that sadly didnt work either and I dont really know any other ways at all I could modify this value.. is there any others you know of? cant really make a menu or anything having to constantly reget the values
| Description: |
|
| Filesize: |
8.88 KB |
| Viewed: |
7825 Time(s) |
|
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
