 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Pokiaka
Cheater
![]() Reputation: 0
Joined: 09 Jul 2011
Posts: 48
|
 Posted: Fri Apr 19, 2013 6:44 pm Post subject: Issues and questions about objects & pointers |
 |
|
Hey guys, I have a couple of questions regarding finding objects or pointers, as the title suggests.
A) What do you do when there's no static address? (It happens to me a lot, and 99% of the time I can't change the assembly because it's shared with other functions (question C is about that).
B) What do you do when your search for the pointer (from the what writes/accesses the address) ends up with a lot of results)? Is there any recommended way to handle that?
C) Okay so this is the most important question for me. Let's say that I'm playing a FPS game.
I find the address where my Health is and I find the function that changes it whenever I get hurt.
What do you do when this function is called in other scenarios too (other than me getting hurt)?
The problem, of course, is that if I'll change it, it will affect other behavior in the game and it will crash sooner or later (usually immediately).
I suspect that one of the function's parameters would usually be a pointer to my player and if I could use that as a condition it would solve the situation.
If that's true and it's usually the case, how can I find a consistent address to my player and find out which parameter it is to test this condition?
P.S. Dissecting the struct didn't work out.
D) Could I get an explanation of how pointers in CE work? I'm a low-level developer so feel free to use any terms you'd like. It just might answer a lot of other questions I'm having.
I tried to write these questions as briefly as possible, so if one of them isn't clear I'll rephrase them.
Thanks a lot.
|
|
| Back to top |
|
 |
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Sat Apr 20, 2013 1:23 am Post subject: Re: Issues and questions about objects & pointers |
|
|
| Pokiaka wrote: | | A) What do you do when there's no static address? (It happens to me a lot, and 99% of the time I can't change the assembly because it's shared with other functions (question C is about that). |
Amongst the pointers you have, find the ones that are the most stable and note their lasts offsets (rightmosts). Usually I keep the 1 or 2 rightmosts, unless I see that more offsets are common to a lot of good pointers. Then do a new pointerscan with a deeper level and/or a bigger structure size, but give the offsets you noted in "pointer must end with offsets".
Otherwise if you give up on pointers, see if your game is moddable, or hack the shared code and make it differentiate between your variable and the others.
| Pokiaka wrote: | | B) What do you do when your search for the pointer (from the what writes/accesses the address) ends up with a lot of results)? Is there any recommended way to handle that? |
Don't use "find what..."+manual searches for pointers, directly use the pointerscanner. I don't recommend using manual pointer searches for any target other than the tutorial.
| Pokiaka wrote: | C) Okay so this is the most important question for me. Let's say that I'm playing a FPS game.
I find the address where my Health is and I find the function that changes it whenever I get hurt.
What do you do when this function is called in other scenarios too (other than me getting hurt)? |
I suspect this function is a basic operator (like "=") from an interpreter. In that case see if you can edit the scripts fed to this interpreter...aka mod the game.
Otherwise, make the shared code differentiate between your health and all other variables. Maybe this thread can give you some hints, since it's all about differentiation in shared codes.
| Pokiaka wrote: | | The problem, of course, is that if I'll change it, it will affect other behavior in the game and it will crash sooner or later (usually immediately). |
Just in case see if you can modify a byte of code without crashing the game: anti-cheat protections love to crash games when they detect a modification of the code.
| Pokiaka wrote: | I suspect that one of the function's parameters would usually be a pointer to my player and if I could use that as a condition it would solve the situation.
If that's true and it's usually the case, |
I cannot say if it is true in your case, but as you expected functions that write on "Something" often need to know where "Something" is. Functions that apply damage may take the health address or the player's address as input, or the player's index in an entity table or the health's index in an huge variable array (like with interpreters), or other things I can't think about atm.
The former 2 cases are the most common imo.
| Pokiaka wrote: | | how can I find a consistent address to my player and find out which parameter it is to test this condition? |
The simplest way would be to find your health, the "find out what access" it. Amongst the results there may be one function that is only used to read you health and nothing else. Use it to save the address of your health and compare with that address in your shared code.
Otherwise dive in the thread I posted above.
| Pokiaka wrote: | | D) Could I get an explanation of how pointers in CE work? I'm a low-level developer so feel free to use any terms you'd like. It just might answer a lot of other questions I'm having. |
Well you know that an address is an integer. So the following pseudo code should be clearer than paragraph I initially planned:
| Code: | int PointerBase = 0x123456; //pointer base found at at the bottom of "add address manually" dialog
int 1stPointedObjectAddress = ReadIntegerAt(PointerBase);
int 2ndPointedObjectAddress = ReadIntegerAt(1stPointedObjectAddress+1stOffset);
...
float Health = ReadFloatAt(LastPointedObjectAddress+LastOffset); |
***PointedObjectAddress are the grayed addresses you see at the left of the "add address manually" dialog and ***Offset the things you enter in the boxes at its right.
|
|
| Back to top |
|
|
Pokiaka
Cheater
![]() Reputation: 0
Joined: 09 Jul 2011
Posts: 48
|
| Posted: Sat Apr 20, 2013 2:58 am Post subject: Re: Issues and questions about objects & pointers |
|
|
Thanks a lot, Gniarf!
What do you mean mod the game? I usually only mess around with the binary.
And about the third issue, I did try to differentiate (I called it dissecting the struct in the OP); it didn't work unfortunately (or at least wasn't reliable).
It's a puzzling to me, because the function that changed something about my character was also called when the game was paused by the game's internals. So I'm really not sure how to label that function or how to deal with it. (To be specific, the game is Don't Starve and I'm talking about the function that makes you hungry).
By the way, I couldn't find the hunger's static address while pointerscanning too. Ugh, such stubborn games...
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Sat Apr 20, 2013 4:49 am Post subject: Re: Issues and questions about objects & pointers |
|
|
| Pokiaka wrote: | | What do you mean mod the game? I usually only mess around with the binary. |
Modding a game refers to altering the files of the game, textures, scripts, sounds, maps, etc... Most video games take their resources (textures, sounds, etc...and scripts) from archives that may or may not be compressed. Just look at the directory where your game is installed and find files of several hundreds of Mb in size, it's those archives, then try to find an unpacker/repacker for those archives on the internet, or write your own.
| Pokiaka wrote: | | It's a puzzling to me, because the function that changed something about my character was also called when the game was paused by the game's internals. So I'm really not sure how to label that function or how to deal with it. (To be specific, the game is Don't Starve and I'm talking about the function that makes you hungry). |
Ah! Don't starve, yes, I remember hearing this game uses lua, which is a script interpreter, so yes the function that writes to your address is the function that does all/most assignments throughout the game. With lua forget about pointers, and code hooking is quite hairy. However look for .lua files, there is a 50% chance that they are text files (=the game's source code, at least part of it) in which you'll just have to edit the function that handles hunger. Seeing that there is a modding community for this game, they should be editable.
Otherwise you can try console commands. Google "Don't starve lua commands", if the console is disabled in the version you use, Me and mgr.inz.Player cooked up an injected lua console, see if you can get it to work for your game.
Lastly, mgr.inz.Player might just pop up in this thread a give you more accurate help for this game. He's a fairly good hacker and was dealing with this game not long ago. He also released tables for the beta version of this game.
|
|
| Back to top |
|
|
Pokiaka
Cheater
![]() Reputation: 0
Joined: 09 Jul 2011
Posts: 48
|
| Posted: Sat Apr 20, 2013 7:05 pm Post subject: Re: Issues and questions about objects & pointers |
|
|
Ah, yes, I see lua files.
I wonder why the developers choose to use something like that..
Thanks for your help Gniarf. But what happens in those situations when everything's binary like in just about every game?
I keep encountering those situations in other games.
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Sun Apr 21, 2013 3:34 am Post subject: Re: Issues and questions about objects & pointers |
|
|
| Pokiaka wrote: | Ah, yes, I see lua files.
I wonder why the developers choose to use something like that.. |
That way the guy who makes (for example) the maps doesn't have to recompile the game's exe each time he changes a scenario script used in his map(s). So the exe remains generic, the not-that-good-at-coding level designers don't go spam dirty hacks all over the code, and the company that makes the engine (if different from the one that makes the game) does not even need to give its source code.
| Pokiaka wrote: | | But what happens in those situations when everything's binary like in just about every game? |
Depends on what languages are used in the game or used to write it. A general, but not always true, guideline would be:
-First don't forget to check if there is a console, and if there are cheat codes.
-Interpreted languages (like lua, squirrel, python,...) or java: mod the game. For squirrel and java there are working decompilers. As of 2013/02 lua decompilers were not ready for real-life scripts, but can give insignts on what function and variable names are used.
-Dynamically compiling languages (like flash or .NET stuff (c#)): "find out what...." and aobscans.
-Compiled languages (C/C++ most of the time): pointers or assembly patches.
-Combination of several above (C++ with lua is frequent): completely dependent on the game, so just try my suggestions for both categories.
-Lua-specific: you can try the injected console I mentioned above (that thing hasn't been used outside lab tests afaik). You can also hook the function that accesses variables and overwrite when a given sequence of variable names is detected (i.e: if game accesses a variable named "player" then "inventory" then "ammo", overwrite the value of the "ammo" variable).
Now if your question meant "What happens when the .lua files are in binary (they start with the fourCC 'LuaQ')?", the answer is: look for a console, and/or hook luaV_gettable. Now since the luaV_gettable thing is a bit hairy I'd rather not explain it unless you want to apply it right now.
|
|
| Back to top |
|
|
Pokiaka
Cheater
![]() Reputation: 0
Joined: 09 Jul 2011
Posts: 48
|
| Posted: Mon Apr 22, 2013 2:42 pm Post subject: Re: Issues and questions about objects & pointers |
|
|
| Gniarf wrote: | | Pokiaka wrote: | Ah, yes, I see lua files.
I wonder why the developers choose to use something like that.. |
That way the guy who makes (for example) the maps doesn't have to recompile the game's exe each time he changes a scenario script used in his map(s). So the exe remains generic, the not-that-good-at-coding level designers don't go spam dirty hacks all over the code, and the company that makes the engine (if different from the one that makes the game) does not even need to give its source code.
|
I thought about that but IMO the developer should have done that though DLLs. Using an interpreter could just slow things done (maybe not for Don't Starve.. but with massive games on slower computers it could actually make a difference.
| Gniarf wrote: |
| Pokiaka wrote: | | But what happens in those situations when everything's binary like in just about every game? |
Depends on what languages are used in the game or used to write it. A general, but not always true, guideline would be:
-First don't forget to check if there is a console, and if there are cheat codes.
-Interpreted languages (like lua, squirrel, python,...) or java: mod the game. For squirrel and java there are working decompilers. As of 2013/02 lua decompilers were not ready for real-life scripts, but can give insignts on what function and variable names are used.
-Dynamically compiling languages (like flash or .NET stuff (c#)): "find out what...." and aobscans.
-Compiled languages (C/C++ most of the time): pointers or assembly patches.
-Combination of several above (C++ with lua is frequent): completely dependent on the game, so just try my suggestions for both categories.
-Lua-specific: you can try the injected console I mentioned above (that thing hasn't been used outside lab tests afaik). You can also hook the function that accesses variables and overwrite when a given sequence of variable names is detected (i.e: if game accesses a variable named "player" then "inventory" then "ammo", overwrite the value of the "ammo" variable).
Now if your question meant "What happens when the .lua files are in binary (they start with the fourCC 'LuaQ')?", the answer is: look for a console, and/or hook luaV_gettable. Now since the luaV_gettable thing is a bit hairy I'd rather not explain it unless you want to apply it right now. |
Ah I see.
You mentioned aobscan, but I have no idea what that is. I wouldn't like to take much of your time more than I already did, so I'd be happy to get a reference that would explain what that is. I tried to Google it but the explanations were terrible.
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Mon Apr 22, 2013 3:12 pm Post subject: |
|
|
To put it simply, it's just scanning for hexadecimal code. For example, say you have a script that modifies a particular instruction at a particular address, and the developers update the game, causing that instruction to shift and be moved to a different location/address. With AOBscan, you can tell your script to search for a series of hexadecimal values so that it can inject your script properly, and work with either version of the game.
So, instead of writing your script to inject at a specific address, you write it to inject at a specific array of bytes.
|
|
| Back to top |
|
|
Riatre
How do I cheat?
![]() Reputation: 0
Joined: 31 May 2013
Posts: 1
|
| Posted: Fri May 31, 2013 8:52 am Post subject: Re: Issues and questions about objects & pointers |
|
|
| Gniarf wrote: | | Pokiaka wrote: | Ah, yes, I see lua files.
I wonder why the developers choose to use something like that.. |
That way the guy who makes (for example) the maps doesn't have to recompile the game's exe each time he changes a scenario script used in his map(s). So the exe remains generic, the not-that-good-at-coding level designers don't go spam dirty hacks all over the code, and the company that makes the engine (if different from the one that makes the game) does not even need to give its source code.
| Pokiaka wrote: | | But what happens in those situations when everything's binary like in just about every game? |
Depends on what languages are used in the game or used to write it. A general, but not always true, guideline would be:
-First don't forget to check if there is a console, and if there are cheat codes.
-Interpreted languages (like lua, squirrel, python,...) or java: mod the game. For squirrel and java there are working decompilers. As of 2013/02 lua decompilers were not ready for real-life scripts, but can give insignts on what function and variable names are used.
-Dynamically compiling languages (like flash or .NET stuff (c#)): "find out what...." and aobscans.
-Compiled languages (C/C++ most of the time): pointers or assembly patches.
-Combination of several above (C++ with lua is frequent): completely dependent on the game, so just try my suggestions for both categories.
-Lua-specific: you can try the injected console I mentioned above (that thing hasn't been used outside lab tests afaik). You can also hook the function that accesses variables and overwrite when a given sequence of variable names is detected (i.e: if game accesses a variable named "player" then "inventory" then "ammo", overwrite the value of the "ammo" variable).
Now if your question meant "What happens when the .lua files are in binary (they start with the fourCC 'LuaQ')?", the answer is: look for a console, and/or hook luaV_gettable. Now since the luaV_gettable thing is a bit hairy I'd rather not explain it unless you want to apply it right now. |
Could you share a working Squirrel decompiler? I cannot find it by Google.
Thanks in advance.
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Fri May 31, 2013 10:54 am Post subject: Re: Issues and questions about objects & pointers |
|
|
| @Riatre: here is DamianXVI's squirrel decompiler, with binaries and source slightly modified to compile under vs2008. This is meant for squirrel compiler version 2.2.4, 32bit, non-unicode.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
