 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
XaneXXXX
Expert Cheater
 Reputation: 0
Joined: 29 Nov 2012
Posts: 212
|
 Posted: Tue Sep 13, 2016 12:59 am Post subject: What can i do to get infinite fuel? Out of ideas.. (RoN) |
 |
|
I'am playing Rise Of Nations, and I'm trying to get infinite fuel for airplanes.
The problem i have, all the opcodes except one is also accesed by the enemy. I have been looking through the structure and can't find anything static enough to compare it with. The closest I've gotten is that i used the one opcode that only accesses my planes and wrote this:
| Code: | [ENABLE]
aobscanmodule(findfuel,rise.exe,0F BF 8B 96 00 00 00 8B)
alloc(newmem,$100)
label(code)
label(return)
globalalloc(_findfuel,4)
newmem:
code:
mov [_findfuel],ebx
movsx ecx,word ptr [ebx+00000096]
jmp return
findfuel:
jmp code
nop
nop
return:
registersymbol(findfuel)
[DISABLE]
findfuel:
db 0F BF 8B 96 00 00 00
unregistersymbol(findfuel)
dealloc(newmem)
|
And then i added _findfuel+96 as a pointer, it works partially, it does freeze the fuel of the planes but not fast enough, since the address switches from plane to plane, the more planes i got, the more addresses it has to jump through, which makes it so that it won't have time to freeze all the them before i run out.
Any tips on what i can do to modify this? (Except pointer scanning). I wanna do this for learning. Thanks!
|
|
| Back to top |
|
 |
STN
I post too much
 Reputation: 43
Joined: 09 Nov 2005
Posts: 2676
|
| Posted: Tue Sep 13, 2016 4:25 am Post subject: |
|
|
Write a massive fuel value ? Or find another instruction which is accessed when you mouse over your planes or select one of them making enemy have zero fuel and yours massive.
_________________
|
|
| Back to top |
|
|
XaneXXXX
Expert Cheater
Reputation: 0
Joined: 29 Nov 2012
Posts: 212
|
| Posted: Tue Sep 13, 2016 4:35 am Post subject: |
|
|
| STN wrote: | | Write a massive fuel value ? Or find another instruction which is accessed when you mouse over your planes or select one of them making enemy have zero fuel and yours massive. |
Thanks for your answer, what do you mean with write a massive fuel value?
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Sep 13, 2016 9:43 am Post subject: |
|
|
Have you tried all of these?:
| ++METHOS wrote: |
- You can use a pointer address for your filter, inside of your script, for the value that you are trying to manipulate.
- You can use pointer trees inside of the data structure to find something viable.
- You can shift the data structure (+ or -) and/or expand its size to find something useful.
- You can use the structure spider to find workable strings and/or for comparative analysis.
- You can check the register values by attaching the debugger or setting a breakpoint to see if something can be used for your filter.
- You can check to see if there are any instructions that are exclusive to the address/value that you are trying to manipulate and store the address for your filter by creating a second injection point.
- You can check to see if there are any instructions that are exclusive to any other address/value inside of the data structure for the address/value that you are trying to manipulate and store the address for your filter by creating a second injection point.
- You can analyze assembly code to see if an identifier is being checked or assigned somewhere.
- Et al.
|
|
|
| Back to top |
|
|
XaneXXXX
Expert Cheater
Reputation: 0
Joined: 29 Nov 2012
Posts: 212
|
| Posted: Tue Sep 13, 2016 11:53 am Post subject: |
|
|
| ++METHOS wrote: | Have you tried all of these?:
| ++METHOS wrote: |
- You can use a pointer address for your filter, inside of your script, for the value that you are trying to manipulate.
- You can use pointer trees inside of the data structure to find something viable.
- You can shift the data structure (+ or -) and/or expand its size to find something useful.
- You can use the structure spider to find workable strings and/or for comparative analysis.
- You can check the register values by attaching the debugger or setting a breakpoint to see if something can be used for your filter.
- You can check to see if there are any instructions that are exclusive to the address/value that you are trying to manipulate and store the address for your filter by creating a second injection point.
- You can check to see if there are any instructions that are exclusive to any other address/value inside of the data structure for the address/value that you are trying to manipulate and store the address for your filter by creating a second injection point.
- You can analyze assembly code to see if an identifier is being checked or assigned somewhere.
- Et al.
|
|
Thank you, right now I'm trying to find something with structure spider, I might as well ask, I have found some intresting'/static addresses, but the ones that i have found in structure spider uses multi-level offsets, and i have no idea how to write that into a cmp,
For example Offset 0: CC Offset 1: 2C
etc, do you know how i enter that in a cmp script? Thanks!!
Edit: 
If i want to cmp the value i have selected, how do i tell the cmp to look inside? like: cmp ptr as in pointer, then what? Cheers!
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Sep 13, 2016 12:48 pm Post subject: |
|
|
| ++METHOS wrote: | Assuming the instruction is: mov eax,[esi+4]
Let's assume that at offset +C, a pointer tree exists. Within that pointer tree, another pointer exists at offset +40. Within that pointer tree, a unique identifier can be found at offset +8, with a hex value of DEADBEEF:
| Code: | push edi
mov edi,[esi+C]
mov edi,[edi+40]
mov edi,[edi+8]
cmp edi,DEADBEEF
pop edi
je cow_killer |
There are other ways that you can write it, but this simple format should be easy to understand. |
I have found the structure spider to be useful a total of 1 time. I don't use it often, to be fair, but it's not usually needed.
|
|
| Back to top |
|
|
XaneXXXX
Expert Cheater
Reputation: 0
Joined: 29 Nov 2012
Posts: 212
|
| Posted: Tue Sep 13, 2016 1:53 pm Post subject: |
|
|
| ++METHOS wrote: | | ++METHOS wrote: | Assuming the instruction is: mov eax,[esi+4]
Let's assume that at offset +C, a pointer tree exists. Within that pointer tree, another pointer exists at offset +40. Within that pointer tree, a unique identifier can be found at offset +8, with a hex value of DEADBEEF:
| Code: | push edi
mov edi,[esi+C]
mov edi,[edi+40]
mov edi,[edi+8]
cmp edi,DEADBEEF
pop edi
je cow_killer |
There are other ways that you can write it, but this simple format should be easy to understand. |
I have found the structure spider to be useful a total of 1 time. I don't use it often, to be fair, but it's not usually needed. |
Awesome thank you! In the example showed a pointer tree inside another tree. If i only have one tree with a unique value, can i just skip one of the "mov edi, [edi+40]"?
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Sep 13, 2016 3:12 pm Post subject: |
|
|
Yes. In your example, assuming instruction is mov eax,[esi+4]:
| Code: | push edi
mov edi,[esi+18]
mov edi,[edi+20]
cmp edi,#11
pop edi
je cow_killer |
|
|
| Back to top |
|
|
XaneXXXX
Expert Cheater
Reputation: 0
Joined: 29 Nov 2012
Posts: 212
|
| Posted: Wed Sep 14, 2016 4:48 am Post subject: |
|
|
| ++METHOS wrote: | Yes. In your example, assuming instruction is mov eax,[esi+4]:
| Code: | push edi
mov edi,[esi+18]
mov edi,[edi+20]
cmp edi,#11
pop edi
je cow_killer |
|
Thanks for all your help! I ended up finding a lot of unique values inside of that pointer tree and i learned something new! Cheers 
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
