Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Guides: Pointer Scanner + Injection Copies + AOB To Data
Goto page Previous  1, 2, 3, 4, 5, 6  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials
View previous topic :: View next topic  
Author Message
coconutty
How do I cheat?
Reputation: 0

Joined: 18 Sep 2015
Posts: 2

PostPosted: Fri Sep 18, 2015 8:39 pm    Post subject: Reply with quote

Thank you, Rydian, for the extremely helpful tutorial. If I may ask a dumb question, how do you tell if an address is a "static address"? The pointer scanner mentions only finding "paths with a static address" but I don't know what characteristics identify an address as static. Is it denoted somewhere in the address list if you edit the address or something? In essence, I wouldn't recognize a static address if I stubbed my toe on it at this point.

Thank you!
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sat Sep 19, 2015 3:16 am    Post subject: Reply with quote

if an address can be found using modulename+offset it's deemed static
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
XaneXXXX
Expert Cheater
Reputation: 0

Joined: 29 Nov 2012
Posts: 212

PostPosted: Mon Sep 21, 2015 5:37 pm    Post subject: Reply with quote

Rydian! You are awesome, the thing with injection copy has saved me a lot of time! Thank you Very Happy
Back to top
View user's profile Send private message
root426
Newbie cheater
Reputation: 0

Joined: 09 Feb 2010
Posts: 22

PostPosted: Sat Oct 03, 2015 4:23 pm    Post subject: Reply with quote

lol thx man now i got my static addresses via script Smile
Back to top
View user's profile Send private message
danrevella
Master Cheater
Reputation: 2

Joined: 11 Jun 2008
Posts: 290

PostPosted: Tue Dec 15, 2015 4:27 pm    Post subject: Reply with quote

Hi!
Just now i've understand this great work, after re-reading it for the 4^ time...
(I know i'm a lot slow....)
BTW
I would like you extend this excellent job with these funcionality:
- automatically set the just find adress to a pre-determinate value
- automatically freeze the above table
I have try to realize this mixing lua and asm code, but for what I may understand also if it is putted at the end of the script the lua code is always execute before the asm code.
even worse, coz the table referred need sometimes a lot of seconds to execute, the code we wanna use for upgrade the value of the table then freezing it is never executed, coz this piece of the script is called before CE have the time to upgrade the symbol variable.
Maybe you wanna take care of this add?
BTW many thanks for your excellent work!!!
Back to top
View user's profile Send private message
suetake
How do I cheat?
Reputation: 0

Joined: 05 Jan 2016
Posts: 3

PostPosted: Tue Jan 05, 2016 11:40 am    Post subject: XYZ Coordonate Reply with quote

Do the - Injection Copies method work to search the XYZ coordonate?
Back to top
View user's profile Send private message
Rydian
Grandmaster Cheater Supreme
Reputation: 31

Joined: 17 Sep 2012
Posts: 1358

PostPosted: Tue Jan 05, 2016 7:47 pm    Post subject: Re: XYZ Coordonate Reply with quote

suetake wrote:
Do the - Injection Copies method work to search the XYZ coordonate?
Yeah, but depending on the game the same code might work on all entities instead of just the player one, in which case you'd want another method.
_________________
Back to top
View user's profile Send private message
Jiehfeng
Expert Cheater
Reputation: 0

Joined: 03 Jan 2014
Posts: 107

PostPosted: Sun May 22, 2016 11:47 am    Post subject: Reply with quote

Hi again Rydian, lovely tutorial.
Works fine for me except in the process I use, let's say [rax], all sorts of things are stored in it. So for example when the script is activated and I have the address I added manually beneath it, getting money changes the address to money, then getting say experience changes the address to experience and so on. Basically [rax+28]; rax and the same offset 28 is used to store different things, what can I do here?

_________________
I know you're reading this, Hitler.
Back to top
View user's profile Send private message
PinPoint
Expert Cheater
Reputation: 10

Joined: 07 Apr 2016
Posts: 223
Location: Scotland

PostPosted: Wed May 25, 2016 4:12 am    Post subject: Reply with quote

Jiehfeng wrote:
Hi again Rydian, lovely tutorial.
Works fine for me except in the process I use, let's say [rax], all sorts of things are stored in it. So for example when the script is activated and I have the address I added manually beneath it, getting money changes the address to money, then getting say experience changes the address to experience and so on. Basically [rax+28]; rax and the same offset 28 is used to store different things, what can I do here?


when you are in the memory viewer, right click on the instruction you are using and find out what addresses it accesses. do some things in game to populate the list. highlight a few or all of them if not that many and open them in dissect data and structures. here you can find a filter to use to only copy rax if it is for what you want. like the last step in CE tutorial.
Back to top
View user's profile Send private message
Jiehfeng
Expert Cheater
Reputation: 0

Joined: 03 Jan 2014
Posts: 107

PostPosted: Wed May 25, 2016 12:11 pm    Post subject: Reply with quote

PinPoint wrote:
Jiehfeng wrote:
Hi again Rydian, lovely tutorial.
Works fine for me except in the process I use, let's say [rax], all sorts of things are stored in it. So for example when the script is activated and I have the address I added manually beneath it, getting money changes the address to money, then getting say experience changes the address to experience and so on. Basically [rax+28]; rax and the same offset 28 is used to store different things, what can I do here?


when you are in the memory viewer, right click on the instruction you are using and find out what addresses it accesses. do some things in game to populate the list. highlight a few or all of them if not that many and open them in dissect data and structures. here you can find a filter to use to only copy rax if it is for what you want. like the last step in CE tutorial.


Ohhh...!
So how would the code look like? Can I do it without an injection at an address like the aob tutorial in the OP? I already have the aobscan bytes necessary, so would it be something like this?

Code:

[ENABLE]
//Let's assume I found a filter which is [rax+69]=8
aobscan(test,56 89 ?? ??)   //etc...
label(start)
registersymbol(testum)
label(returnhere)

cmp [rax+69],8
je start
jmp returnhere

start:
test:
testum

returnhere:


[DISABLE]
//w/e

_________________
I know you're reading this, Hitler.
Back to top
View user's profile Send private message
Cake-san
Grandmaster Cheater
Reputation: 8

Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung

PostPosted: Wed May 25, 2016 12:33 pm    Post subject: Reply with quote

Jiehfeng wrote:
...?

Have you cleared the Step 9: Shared code: (PW=31337157)
in CE tutorial ? It should covered the problem that you're asking. Rolling Eyes

_________________
...
Back to top
View user's profile Send private message
Jiehfeng
Expert Cheater
Reputation: 0

Joined: 03 Jan 2014
Posts: 107

PostPosted: Thu May 26, 2016 3:58 am    Post subject: Reply with quote

Cake-san wrote:
Jiehfeng wrote:
...?

Have you cleared the Step 9: Shared code: (PW=31337157)
in CE tutorial ? It should covered the problem that you're asking. Rolling Eyes


It has multiple solutions, the one I tried wasn't using aob.

_________________
I know you're reading this, Hitler.
Back to top
View user's profile Send private message
Cake-san
Grandmaster Cheater
Reputation: 8

Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung

PostPosted: Thu May 26, 2016 4:40 am    Post subject: Reply with quote

Jiehfeng wrote:

It has multiple solutions, the one I tried wasn't using aob.


You can use aob,though. -_-
Code:

[ENABLE]
aobscanmodule(_subhealth,Tutorial-i386.exe,D8 6B 04 D9 5D D0)
registersymbol(_subhealth)
alloc(newmem,48)
label(returnhere)
label(originalcode)

newmem:
cmp esi,01
jne originalcode
fsubr dword ptr [ebx+04]
originalcode:
fstp dword ptr [ebp-30]
jmp returnhere

_subhealth:
jmp newmem
nop
returnhere:
 
[DISABLE]
dealloc(newmem)
_subhealth:
db D8 6B 04 D9 5D D0
//fsubr dword ptr [ebx+04]
//fstp dword ptr [ebp-30]
unregistersymbol(_subhealth)

_________________
...
Back to top
View user's profile Send private message
Jiehfeng
Expert Cheater
Reputation: 0

Joined: 03 Jan 2014
Posts: 107

PostPosted: Thu May 26, 2016 5:07 am    Post subject: Reply with quote

Cake-san wrote:
Jiehfeng wrote:

It has multiple solutions, the one I tried wasn't using aob.


You can use aob,though. -_-
Code:

[ENABLE]
aobscanmodule(_subhealth,Tutorial-i386.exe,D8 6B 04 D9 5D D0)
registersymbol(_subhealth)
alloc(newmem,48)
label(returnhere)
label(originalcode)

newmem:
cmp esi,01
jne originalcode
fsubr dword ptr [ebx+04]
originalcode:
fstp dword ptr [ebp-30]
jmp returnhere

_subhealth:
jmp newmem
nop
returnhere:
 
[DISABLE]
dealloc(newmem)
_subhealth:
db D8 6B 04 D9 5D D0
//fsubr dword ptr [ebx+04]
//fstp dword ptr [ebp-30]
unregistersymbol(_subhealth)


Thanks! Will try this out on the other game too.

_________________
I know you're reading this, Hitler.
Back to top
View user's profile Send private message
satanrules666
Advanced Cheater
Reputation: 0

Joined: 31 Oct 2010
Posts: 70
Location: New Zealand

PostPosted: Wed Aug 31, 2016 9:16 pm    Post subject: Reply with quote

@Rydian

Awesome Tutorial

You helped me find two static pointers for health that always equal the same address and work everytime after game restarts and even a restart of my OS.

The game in question Farcry 3 V1.05 Uplay

One thing I did different Is instead of using the offset value of 1024 which eventually didn't find me enough I did what you suggested I ramped it up.

Instead of 1024 I used 3000 as the max offset and a level of 6 at the highest.

Took about 4 to 5 minutes sometimes a bit longer on an i7 3820K a wonderful intel CPU. Then went out of the game and rescaned which took sometimes 15 minutes well I have over 1 billion pointers. So after which it got me down to a smaller and smaller ammount eventually all the way down to two pointers which are the ones I use.

One thing I want to ask though is if I use the auto assembler method to find playerbase for me I add that and it always has a value of 0.

Odd seeing as it only accesses my health though the code that changes my health is
moss [esi+10],xmm0

Just wondering why this is it doesnt really matter I have a working autoscript that gives me godmode with no fall damage don't need a compare either.

"FC3_d3d11.dll"+3F2AFC
use code
mov [ecx+10],(float)300 and quote out the originalcode and then your all set.

_________________
I know you're reading this, Jiehfeng. Smile


http://forum.cheatengine.org/viewtopic.php?t=533625
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials All times are GMT - 6 Hours
Goto page Previous  1, 2, 3, 4, 5, 6  Next
Page 4 of 6

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites