View previous topic :: View next topic |
Author |
Message |
navarone Advanced Cheater Reputation: 2
Joined: 29 May 2010 Posts: 72
|
Posted: Sun Jul 18, 2010 12:59 am Post subject: Alternatives to memory scanning? |
|
|
Tbh I find some values are near impossible to find with the memory scanner. for example,
-Values that change so fast, not giving you enough time to scan for them.
Like a countdown timer starts from 5 secs then kicks you from the game when reaching 0. (Not stored as 5 in the memory, and unkown initial value takes forever.)
-Values the keep changing addresses as soon the value itself changes.
-Static values almost throughout the game
(How the hell are you going to find the recoil address if you can only use 1 weapon throughout the game? Going back to menu to choose another weapon will cause recoil address to change )
I am facing a game that keeps doing the last 2. I think it would be very impractical if I kept using memory scanner?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25287 Location: The netherlands
|
Posted: Sun Jul 18, 2010 3:56 am Post subject: |
|
|
Quote: | -Values the keep changing addresses as soon the value itself changes. |
Try a low level pointerscan for the value (preferably have the value bigger than 100)
as for recoil, no idea, try doing a textscan for recoil, perhaps the script engine is so stupid to put the text and the value near eachother
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
XaLeX Expert Cheater Reputation: 0
Joined: 19 Aug 2008 Posts: 226
|
Posted: Sun Jul 18, 2010 4:10 am Post subject: |
|
|
for #1 i'd mess directly with the code. same goes for #2.
as regards #3, those values are most likely stored in an array of integers or of structs, so you'll have to find it in memory. try regions near stuff related with weapons (e.g. ammo).
There are two possible situations:
1: Code: | //(unlikely)
enum weaponNames {P90, AK47, MP5};
char* names[3] = {"P90", "AK-47", "MP5"};
int ammo[3] = {50, 30, 30};
//code example:
currentWeaponAmmo = ammo[P90];
//and a theoretical
currentWeaponRecoil = recoil[P90]; |
and Code: | //more likely
struct weapon {
char* name[10];
int ammo;
//..
};
weapon P90 = {"P90", 50}, AK47 = {"AK-47", 30} ...;
weapon *current = &P90; |
in the first case values are stored sequentially in memory. that is, weaponName[0] weaponName[1] weaponName[2] ..;
ammo[0] ammo[1] ammo[2] ..;
in the second case, structs would be stored sequentially and each value would be at struct_base_address+weaponIndex*struct_size+var_offset
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Sun Jul 18, 2010 6:20 am Post subject: Re: Alternatives to memory scanning? |
|
|
navarone wrote: | -Values that change so fast, not giving you enough time to scan for them.
Like a countdown timer starts from 5 secs then kicks you from the game when reaching 0. (Not stored as 5 in the memory, and unkown initial value takes forever.) |
Pause the game while you scan. Or have Cheat Engine force the game to be frozen when scanning.
navarone wrote: | -Values the keep changing addresses as soon the value itself changes. |
This is called DMA. (Dynamic Memory Allocation) There are tons of tutorials on the net about it and how to defeat it.
navarone wrote: | -Static values almost throughout the game
(How the hell are you going to find the recoil address if you can only use 1 weapon throughout the game? Going back to menu to choose another weapon will cause recoil address to change ) |
Does the game have an public SDK? If it does, you can do a lot of easy hacking then with that if you plan to program anything in the end. If not, it will take a bit more work to find things you need.
One method of finding recoil for guns would be to find other parts of the guns functionality. Not just values, but actual functions as well. Look for shooting functions, such as by looking for animations, ammo decreasing, and so on. If you're lucky in some cases you can trace things back to a function which will land up calling the function used to handle recoil for the weapon.
In some cases recoil wont be stored in the structure for each gun, it might be hard-coded per-weapon inside the function itself, or stored in a different structure of its own.
_________________
- Retired. |
|
Back to top |
|
|
navarone Advanced Cheater Reputation: 2
Joined: 29 May 2010 Posts: 72
|
Posted: Sun Jul 18, 2010 9:33 am Post subject: Re: Alternatives to memory scanning? |
|
|
Wiccaan wrote: |
Pause the game while you scan. Or have Cheat Engine force the game to be frozen when scanning.
|
That's actually a pretty decent idea . Hope pausing too much doesn't cause the game to *cough*disconnect*cough*.
So in a nutshell, there are basically no alternative to memory scanning that relies in a form of a tool and I can either:
-Look in the code section that's related to what I am looking for hoping I would find the code that controls recoil.
-Browse the memory region where (for ex) health is stored hoping I would find the ammo value stored a couple of addresses ahead.
I have no c++ experience, yet i had a pdf bookmarked that talked about arrays and how they are controlled in asm (indexed addressing?). Looks like I have some readings to do.
I know I keep asking lots of questions lol but in all honesty thanks DarkByte, XaLex and Wiccaan, your posts where nothing but absolute help.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25287 Location: The netherlands
|
Posted: Sun Jul 18, 2010 12:55 pm Post subject: |
|
|
also another tip to find something like recoil:
find the address that holds the horizontal rotation (so move up and down changes that)
Then fire and check/traceback what changes that. Perhaps you can just edit the code so no recoil happens at all
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
|