 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Cerb
How do I cheat?
![]() Reputation: 0
Joined: 23 Jul 2004
Posts: 4
|
 Posted: Fri Jul 23, 2004 12:43 pm Post subject: Diablo II |
 |
|
Ok, I'm trying to find the offset which I could read from to get the player's (X,Y) coordinates.
I started by 'Y' coord and well, I gotta get a static offset so I did a pointer and stuff (basically the same as step 6 in the tutorial)
If I freeze that and try to move ingame, it'll move me back to the previous Y coord which is right, the only problem is that this offset is not static, so I'd have to find this back every game... any help please?
|
|
| Back to top |
|
 |
Cerb
How do I cheat?
![]() Reputation: 0
Joined: 23 Jul 2004
Posts: 4
|
| Posted: Fri Jul 23, 2004 1:54 pm Post subject: |
|
|
Ok, I found the offsets.
Right now, I'd like to trace and get the whole function that makes you run/walk.
Here are the offsets.
X Coord = 6FBA79F9
Y Coord = 6FBA79FB
When I right click 6FBA79FB and choose "Find out what writes to this address" I get
6FAAD8E4 - f3 a5 - repe movsd
6FAAD8EC - f3a4 - repe movsb
I picked the top one and clicked more information:
6faad8dc - mov edi, 6fba79f8
6faad8e1 - shr ecx, 02
>> 6faad8e4 - repe movsd
6faad8e6 - mov ecx, edx
6faad8e8 - push ebx
EAX=091FD8CE
EBX = 00000005
ECX = 00000000
EDX = 00000005
ESI = 0012FAE0
EDI = 6FBA79FC
ESP = 0012F8C8
EBP = 0012FADC
EIP = 6FAAD8E6
and from 6faad8ec - f3 a4 - repe movsb...
6faad8e8 - push ebx
6faad8e9 - and ecx, 03 <-- I suspect this '03' to be for 'RUN' because the Run packet in Diablo II is 0x03
>> 6faad8ec - repe movsb
6faad8ee - mov ecx, ebx
6faad8f0 - mov [6fba7bf8], eax
EAX = 091FD8CE
EBX = 00000005
ECX = 00000000
EDX = 00000005
ESI = 0012FAE1
EDI = 6FBA79FD
ESP = 0012F8C4
EBP = 0012FADC
EIP = 6FAAD8EE
Ok now picked "Find out what writes to this address" for 0x6FBA79F9 which is the X-coordinate offset
6FAAD8E4 - f3 a5 - repe movsd <--- Same as the first one for Y coordinate
(Obviously got the same instructions)
6faad8dc - mov edi, 6fba79f8
6faad8e1 - shr ecx, 02
>> 6faad8e4 - repe movsd
6faad8e6 - mov ecx, edx
6faad8e8 - push ebx
EAX = 0927A803
EBX = 00000005
ECX = 00000000
EDX = 00000005
ESI = 0012FAE0
EDI = 6FBA79FC
ESP = 0012F8C8
EBP = 0012FADC
EIP = 6FAAD8E6
Could you help me write my Run to (X,Y) function from this?
( I wanna write it in ASM then inject the code into the game using C++ )
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25806
Location: The netherlands
|
| Posted: Fri Jul 23, 2004 2:09 pm Post subject: |
|
|
you need to use "find out what accesses" instead of writes to find the pointer.
What you're finding is where it copies what it put in the stack to the right addresses. (Like receiving the position from the offset and then copying it to the appropriate location)
|
|
| Back to top |
|
|
Cerb
How do I cheat?
![]() Reputation: 0
Joined: 23 Jul 2004
Posts: 4
|
| Posted: Fri Jul 23, 2004 7:14 pm Post subject: |
|
|
Hmm, leads to the same stuff as "Find out what writes to this address"
But how would I do to recreate the function in ASM?
Edit: By the way, can you tell me whats wrong in this:
| Code: | WORD x, y;
_asm {
mov x, [0x6FBA79F9]
mov y, [0x6FBA79FB]
} |
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
