 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
JohannesJoestar
Advanced Cheater
![]() Reputation: 0
Joined: 01 Nov 2015
Posts: 79
|
 Posted: Sun May 08, 2016 10:07 am Post subject: Tried doing vacuum cheat , went wrong really fast |
 |
|
Hey.
So I'm trying to do a vacuum cheat.
First of all here is the script that populates my X,Y coordinates :
| Code: | [ENABLE]
aobscan(experiment.Coordinates,10 F3 0F 7E 06 66 0F D6 07 8D 65 F4) // should be unique
alloc(newmem,$1000)
globalalloc(structure.Coordinates,4)
label(code)
label(return)
newmem:
mov [structure.Coordinates],edi
code:
movq [edi],xmm0
lea esp,[ebp-0C]
jmp return
experiment.Coordinates+05:
jmp newmem
nop
nop
return:
registersymbol(experiment.Coordinates)
[DISABLE]
experiment.Coordinates+05:
db 66 0F D6 07 8D 65 F4
unregistersymbol(experiment.Coordinates)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 05D4574F
05D4572D: FF 15 F8 87 5B 00 - call dword ptr [005B87F8]
05D45733: 83 7D F0 01 - cmp dword ptr [ebp-10],01
05D45737: 74 1A - je 05D45753
05D45739: 8B 43 04 - mov eax,[ebx+04]
05D4573C: 3A 40 08 - cmp al,[eax+08]
05D4573F: 8D 78 08 - lea edi,[eax+08]
05D45742: 8B 43 04 - mov eax,[ebx+04]
05D45745: 3A 40 10 - cmp al,[eax+10]
05D45748: 8D 70 10 - lea esi,[eax+10]
05D4574B: F3 0F 7E 06 - movq xmm0,[esi]
// ---------- INJECTING HERE ----------
05D4574F: 66 0F D6 07 - movq [edi],xmm0
05D45753: 8D 65 F4 - lea esp,[ebp-0C]
// ---------- DONE INJECTING ----------
05D45756: 5B - pop ebx
05D45757: 5E - pop esi
05D45758: 5F - pop edi
05D45759: 5D - pop ebp
05D4575A: C3 - ret
05D4575B: 00 00 - add [eax],al
05D4575D: 00 00 - add [eax],al
05D4575F: 00 00 - add [eax],al
05D45761: 00 80 40 00 00 00 - add [eax+00000040],al
05D45767: 00 48 E1 - add [eax-1F],cl |
I know my namings are long and pointless. I have problems 
As you can see I have my X coordinate on [structure.Coordinate] and my Y coordinate on [[structure.Coordinate]+4].
Now let's take a look at the function who handles slime movement.
EDX here is the base adress for the coordinates for the player.
+0 is X and +4 is Y.
| Code: | 55 - push ebp
8B EC - mov ebp,esp
57 - push edi
56 - push esi
83 EC 08 - sub esp,08 { 8 }
8B F1 - mov esi,ecx
8B 46 04 - mov eax,[esi+04]
8B 48 30 - mov ecx,[eax+30]
39 09 - cmp [ecx],ecx
E8 51E63913 - call SoG.AnimatedRenderComponent::GetCurrentAnimation
66 83 78 58 01 - cmp word ptr [eax+58],01 { 1 }
74 09 - je Behaviours.SlimeAI::Move+27
8D 65 F8 - lea esp,[ebp-08]
5E - pop esi
5F - pop edi
5D - pop ebp
C2 0800 - ret 0008 { 8 }
8B 46 04 - mov eax,[esi+04]
8B 48 30 - mov ecx,[eax+30]
39 09 - cmp [ecx],ecx
E8 34E63913 - call SoG.AnimatedRenderComponent::GetCurrentAnimation
8B 40 20 - mov eax,[eax+20]
83 F8 02 - cmp eax,02 { 2 }
7C 0C - jl Behaviours.SlimeAI::Move+48
83 F8 06 - cmp eax,06 { 6 }
7F 07 - jg Behaviours.SlimeAI::Move+48
B8 01000000 - mov eax,00000001 { 1 }
EB 02 - jmp Behaviours.SlimeAI::Move+4A
33 C0 - xor eax,eax
85 C0 - test eax,eax
74 40 - je Behaviours.SlimeAI::Move+8E
8B 46 04 - mov eax,[esi+04]
8B 78 04 - mov edi,[eax+04]
3A 47 08 - cmp al,[edi+08]
8D 57 08 - lea edx,[edi+08]
D9 02 - fld dword ptr [edx]
D9 5D F4 - fstp dword ptr [ebp-0C]
D9 42 04 - fld dword ptr [edx+04]
D9 5D F0 - fstp dword ptr [ebp-10]
8B 46 04 - mov eax,[esi+04]
8B 48 18 - mov ecx,[eax+18]
39 09 - cmp [ecx],ecx
E8 EEF13100 - call SoG.BaseStats::get_fMovementSpeed
D9 45 08 - fld dword ptr [ebp+08]
D8C9 - fmul st(0),st(1)
D9 45 0C - fld dword ptr [ebp+0C]
DECA - fmulp st(2),st(0)
D9 45 F4 - fld dword ptr [ebp-0C]
DEC1 - faddp
D9 45 F0 - fld dword ptr [ebp-10]
DEC2 - faddp st(2),st(0)
8D 57 08 - lea edx,[edi+08]
D9 1A - fstp dword ptr [edx]
D9 5A 04 - fstp dword ptr [edx+04]
8D 65 F8 - lea esp,[ebp-08]
5E - pop esi
5F - pop edi
5D - pop ebp
C2 0800 - ret 0008 { 8 }
|
And here is the code I'm injecting.
| Code: | [ENABLE]
aobscan(experiment.Slime,D9 02 D9 5D F4 D9 42 04 D9 5D) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
push eax
push ecx
mov eax,[[structure.Coordinates]+0]
mov ecx,[[structure.Coordinates]+4]
mov [edx],eax
mov [edx+04],ecx
pop ecx
pop eax
fld dword ptr [edx]
fstp dword ptr [ebp-0C]
jmp return
experiment.Slime:
jmp code
return:
registersymbol(experiment.Slime)
[DISABLE]
experiment.Slime:
db D9 02 D9 5D F4
unregistersymbol(experiment.Slime)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 05CF694A
05CF692F: 7F 07 - jg 05CF6938
05CF6931: B8 01 00 00 00 - mov eax,00000001
05CF6936: EB 02 - jmp 05CF693A
05CF6938: 33 C0 - xor eax,eax
05CF693A: 85 C0 - test eax,eax
05CF693C: 74 40 - je 05CF697E
05CF693E: 8B 46 04 - mov eax,[esi+04]
05CF6941: 8B 78 04 - mov edi,[eax+04]
05CF6944: 3A 47 08 - cmp al,[edi+08]
05CF6947: 8D 57 08 - lea edx,[edi+08]
// ---------- INJECTING HERE ----------
05CF694A: D9 02 - fld dword ptr [edx]
05CF694C: D9 5D F4 - fstp dword ptr [ebp-0C]
// ---------- DONE INJECTING ----------
05CF694F: D9 42 04 - fld dword ptr [edx+04]
05CF6952: D9 5D F0 - fstp dword ptr [ebp-10]
05CF6955: 8B 46 04 - mov eax,[esi+04]
05CF6958: 8B 48 18 - mov ecx,[eax+18]
05CF695B: 39 09 - cmp [ecx],ecx
05CF695D: E8 EE F1 31 00 - call 06015B50
05CF6962: D9 45 08 - fld dword ptr [ebp+08]
05CF6965: D8 C9 - fmul st(0),st(1)
05CF6967: D9 45 0C - fld dword ptr [ebp+0C]
05CF696A: DE CA - fmulp st(2),st(0) |
Alright so basically what I'm trying to do here is set the coordinates of the "slime" same as mine when he moves.
Though what happens is ... different.
Slime gets teleported to wherever it should've been normally after the movement then I get teleported to slime's coordinates before the movement and finally as the slime finishes teleporting I teleport again to the slime and we both move in the direction of wherever the slime should be.
Any ideas ?
|
|
| Back to top |
|
 |
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sun May 08, 2016 10:12 am Post subject: |
|
|
| Is this an offline, non-browser game? Any reason why you're not using AOBScanModule?
|
|
| Back to top |
|
|
JohannesJoestar
Advanced Cheater
![]() Reputation: 0
Joined: 01 Nov 2015
Posts: 79
|
| Posted: Sun May 08, 2016 10:25 am Post subject: |
|
|
| ++METHOS wrote: | | Is this an offline, non-browser game? Any reason why you're not using AOBScanModule? |
Offline non-browser game.
What is aobscanmodule?
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sun May 08, 2016 10:56 am Post subject: |
|
|
Here is an example that you can study.
Never mind about the AOBScanModule, I hadn't noticed your code above. If you're using AOB Injection template, CE will use it automatically if it can. It allows you to scan a specific module, in lieu of all associated modules, which will significantly speed up discovery times, thus making your scripts activate a lot faster.
Can you please tell me the name of the game? I will be leaving soon, but maybe I can look at it later. I assume it's a 2-D game?
|
|
| Back to top |
|
|
JohannesJoestar
Advanced Cheater
![]() Reputation: 0
Joined: 01 Nov 2015
Posts: 79
|
| Posted: Sun May 08, 2016 12:26 pm Post subject: |
|
|
| ++METHOS wrote: | Here is an example that you can study.
Never mind about the AOBScanModule, I hadn't noticed your code above. If you're using AOB Injection template, CE will use it automatically if it can. It allows you to scan a specific module, in lieu of all associated modules, which will significantly speed up discovery times, thus making your scripts activate a lot faster.
Can you please tell me the name of the game? I will be leaving soon, but maybe I can look at it later. I assume it's a 2-D game? |
I will study the script and post/edit if i'm able to understand and apply.
The game is "Secrets of Grindea"
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sun May 08, 2016 12:38 pm Post subject: |
|
|
| I already made a vac cheat for that, but I don't recall if it needed more work or not.
|
|
| Back to top |
|
|
JohannesJoestar
Advanced Cheater
![]() Reputation: 0
Joined: 01 Nov 2015
Posts: 79
|
| Posted: Sun May 08, 2016 12:50 pm Post subject: |
|
|
| ++METHOS wrote: | | I already made a vac cheat for that, but I don't recall if it needed more work or not. |
Thanks , I'll check it out and post/edit results later.
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sun May 08, 2016 1:21 pm Post subject: |
|
|
I put together a more current table with vac-only (these scripts were auto-generated, so they may contain errors or need further testing):
EDIT:
See here for latest table.
Last edited by ++METHOS on Mon May 09, 2016 2:36 pm; edited 2 times in total |
|
| Back to top |
|
|
JohannesJoestar
Advanced Cheater
![]() Reputation: 0
Joined: 01 Nov 2015
Posts: 79
|
| Posted: Sun May 08, 2016 1:52 pm Post subject: |
|
|
| ++METHOS wrote: | | I put together a more current table with vac-only (these scripts were auto-generated, so they may contain errors or need further testing): |
I tested it and works like a charm.
The basic idea of our scripts are the same. What I got wrong was where to inject the code and to get stable player coordinates.
Thank you for your time !
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sun May 08, 2016 1:57 pm Post subject: |
|
|
| You could probably inject using other locations, I just grabbed the first two that made sense.
|
|
| Back to top |
|
|
JohannesJoestar
Advanced Cheater
![]() Reputation: 0
Joined: 01 Nov 2015
Posts: 79
|
| Posted: Sun May 08, 2016 2:48 pm Post subject: |
|
|
| ++METHOS wrote: | | You could probably inject using other locations, I just grabbed the first two that made sense. |
Bad news , script activates but does not work. I can set save and vacuum to 1 but that doesn't do anything. Save doesn't go 0 after activation.
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sun May 08, 2016 3:55 pm Post subject: |
|
|
I thought it was working for you before? Try starting a new game and see if it works. It could be that you need to choose a better injection location. The injection locations that are being used may be changing, depending on your progress in the game...I can't know without spending more time on it.
I have updated this table to include some stats. Maybe there is something useful here. You'll have to bring up the menu after activating the script in order for the addresses to populate. Some of the data types may have to change (e.g. I believe the "i" and "f" and "b" prefixes may be "integer", "float" and "boolean", respectively, so you may have to change some of them):
| Code: | [] BASE STATS
[] iHP
[] iBaseMaxHP
[] fMaxHPMultiplier
[] iEP
[] fSPFraction
[] iMaxEP
[] iClientSpellBlockEP
[] enSize
[] fPoisonCounter
[] iSkillChargeGuardCounter
[] iSkillChargeGuardMax
[] iBerserkMode
[] iPerfectGuardBonus
[] iEPCooldownReduction
[] iEPCooldownToSet
[] iEPCooldown
[] fEPRecoveryRate
[] _iDefaultKnockbackResistance
[] _iKnockbackResistanceOverride
[] iLevel
[] iShieldMaxHP
[] fShieldHPFraction
[] iShieldRecoveryCooldown
[] fShieldHPRecoveryPerTick
[] fShieldHPRecoveryFlatBonusPerTick
[] iShieldBreakRecoveryTimeToSet
[] iShieldHitRecoveryTimeToSet
[] fDamageResistance
[] iCritChanceBonus
[] iCritDamageModifier
[] iBaseDEF
[] fBaseDEFMultiplier
[] iBaseATK
[] fBaseATKMultiplier
[] iBaseMATK
[] fBaseMATKMultiplier
[] iAttackSPD
[] iCastSPD
[] iCritVulnerabilityFlat
[] fCritVulnerabilityMultiplier
[] _ichkBaseATK
[] _ichkBaseATKRandomAdd
[] _ichkBaseMATK
[] _ichkBaseMATKRandomAdd
[] _ichkBaseDEF
[] _ichkBaseDEFRandomAdd
[] _ichkBaseEP
[] _ichkBaseEPRandomAdd
[] _ichkBaseMaxEP
[] _ichkBaseMaxEPRandomAdd
[] _ichkArrows
[] _ichkArrowsRandomAdd
[] _ichkHPBalance
[] _ichkHPBalanceRandomAdd
[] fCurrentMoveSpeedFlatAdd
[] fBaseMoveSpeed
[] fCurrentMoveSpeedMod
[] fCurrentMoveSpeedDebuff
[] iInShield
[] bOwnerIsPlayer
[] bDeathImmune
[] bPerfectGuard
[] bPerfectGuardBonusActivated
[] bPerfectGuardedThisFrame
[] bStunImmune
[] bCanBeKnockedUp
[] bUntargetable
[] bSurvivedNonFatal
[] bUltimateGuard
[] bDamageIneffective
[] bShieldBreak
[] bSlowImmunity
[] bFreezeImmunity
[] bChillImmunity
[] bAllowKnockback |
EDIT:
See here for latest table.
Last edited by ++METHOS on Mon May 09, 2016 2:36 pm; edited 2 times in total |
|
| Back to top |
|
|
JohannesJoestar
Advanced Cheater
![]() Reputation: 0
Joined: 01 Nov 2015
Posts: 79
|
| Posted: Mon May 09, 2016 10:37 am Post subject: |
|
|
| ++METHOS wrote: | I thought it was working for you before? Try starting a new game and see if it works. It could be that you need to choose a better injection location. The injection locations that are being used may be changing, depending on your progress in the game...I can't know without spending more time on it.
I have updated this table to include some stats. Maybe there is something useful here. You'll have to bring up the menu after activating the script in order for the addresses to populate. Some of the data types may have to change (e.g. I believe the "i" and "f" and "b" prefixes may be "integer", "float" and "boolean", respectively, so you may have to change some of them):
| Code: | [] BASE STATS
[] iHP
[] iBaseMaxHP
[] fMaxHPMultiplier
[] iEP
[] fSPFraction
[] iMaxEP
[] iClientSpellBlockEP
[] enSize
[] fPoisonCounter
[] iSkillChargeGuardCounter
[] iSkillChargeGuardMax
[] iBerserkMode
[] iPerfectGuardBonus
[] iEPCooldownReduction
[] iEPCooldownToSet
[] iEPCooldown
[] fEPRecoveryRate
[] _iDefaultKnockbackResistance
[] _iKnockbackResistanceOverride
[] iLevel
[] iShieldMaxHP
[] fShieldHPFraction
[] iShieldRecoveryCooldown
[] fShieldHPRecoveryPerTick
[] fShieldHPRecoveryFlatBonusPerTick
[] iShieldBreakRecoveryTimeToSet
[] iShieldHitRecoveryTimeToSet
[] fDamageResistance
[] iCritChanceBonus
[] iCritDamageModifier
[] iBaseDEF
[] fBaseDEFMultiplier
[] iBaseATK
[] fBaseATKMultiplier
[] iBaseMATK
[] fBaseMATKMultiplier
[] iAttackSPD
[] iCastSPD
[] iCritVulnerabilityFlat
[] fCritVulnerabilityMultiplier
[] _ichkBaseATK
[] _ichkBaseATKRandomAdd
[] _ichkBaseMATK
[] _ichkBaseMATKRandomAdd
[] _ichkBaseDEF
[] _ichkBaseDEFRandomAdd
[] _ichkBaseEP
[] _ichkBaseEPRandomAdd
[] _ichkBaseMaxEP
[] _ichkBaseMaxEPRandomAdd
[] _ichkArrows
[] _ichkArrowsRandomAdd
[] _ichkHPBalance
[] _ichkHPBalanceRandomAdd
[] fCurrentMoveSpeedFlatAdd
[] fBaseMoveSpeed
[] fCurrentMoveSpeedMod
[] fCurrentMoveSpeedDebuff
[] iInShield
[] bOwnerIsPlayer
[] bDeathImmune
[] bPerfectGuard
[] bPerfectGuardBonusActivated
[] bPerfectGuardedThisFrame
[] bStunImmune
[] bCanBeKnockedUp
[] bUntargetable
[] bSurvivedNonFatal
[] bUltimateGuard
[] bDamageIneffective
[] bShieldBreak
[] bSlowImmunity
[] bFreezeImmunity
[] bChillImmunity
[] bAllowKnockback |
|
Yes the table was working till I re-opened the game.
The problem is definitely wiith the injection points.
Thank you for your time on the table but I already had those. I did a godmode and one-hit kill script aswell.
I will study the possible injection points when I have time and report back here. Thanks!
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Mon May 09, 2016 10:49 am Post subject: |
|
|
Ah. Okay.
Regarding the injection points, I haven't looked, but I'd guess that it's the instruction that is used for the filter that is causing the problem. Just find a more stable injection point. I may or may not have used the same injection points for the second table that I posted. I know I recreated the table, so it could be different.
By the way, I never had a problem with the scripts not working after a restart. Just to be sure, make sure that you close out CE and the game entirely (check task manager) before testing the scripts again.
Here is another one you can try with a different injection point:
EDIT:
See here for latest table.
Last edited by ++METHOS on Mon May 09, 2016 2:36 pm; edited 2 times in total |
|
| Back to top |
|
|
JohannesJoestar
Advanced Cheater
![]() Reputation: 0
Joined: 01 Nov 2015
Posts: 79
|
| Posted: Mon May 09, 2016 12:35 pm Post subject: |
|
|
| ++METHOS wrote: | Ah. Okay.
Regarding the injection points, I haven't looked, but I'd guess that it's the instruction that is used for the filter that is causing the problem. Just find a more stable injection point. I may or may not have used the same injection points for the second table that I posted. I know I recreated the table, so it could be different.
By the way, I never had a problem with the scripts not working after a restart. Just to be sure, make sure that you close out CE and the game entirely (check task manager) before testing the scripts again.
Here is another one you can try with a different injection point: |
Yeah I've restarted the game again to see if it works and it actually did.
The new one you post works aswell. All there is left to improve the filter to avoid getting rocks etc vacuumed aswell. I'm terrible with filtering so I will fiddle with that later.
Thanks !
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
