 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
XaneXXXX
Expert Cheater
 Reputation: 0
Joined: 29 Nov 2012
Posts: 212
|
 Posted: Fri Nov 11, 2016 1:38 pm Post subject: Time for me to learn about waypoint teleportation! |
 |
|
So, I have made many teleport scripts in my days, I have found the coordinates. Made an injection copy like this etc.
But now i want to learn to take things one step further.
I have the coordinate for the player, i have also found the coordinates for the map marker. But i do not understand how i write a script to make it load the waypoint coordinates into my player coordinates.
A few pictures:
If you need anything more just tell. As you can see i have only made two script, one for loading the player coordinates, and one for loading the waypoint coordinates. Any tips is appriciated! I'am far from an expert in assembly. Just want to learn! Cheers! 
|
|
| Back to top |
|
 |
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Fri Nov 11, 2016 1:46 pm Post subject: |
|
|
| Just combine the scripts, save map coordinates with the map coordinates script, then load the map coordinates with the teleport script by using a trigger. Just set it up the same way you do a teleport script, but instead of having 1 or 2 load_coordinates segments, you'll have those plus a load_map_coordinates segment.
|
|
| Back to top |
|
|
XaneXXXX
Expert Cheater
Reputation: 0
Joined: 29 Nov 2012
Posts: 212
|
| Posted: Fri Nov 11, 2016 1:50 pm Post subject: |
|
|
| ++METHOS wrote: | | Just combine the scripts, save map coordinates with the map coordinates script, then load the map coordinates with the teleport script by using a trigger. Just set it up the same way you do a teleport script, but instead of having 1 or 2 load_coordinates segments, you'll have those plus a load_map_coordinates segment. |
Thanks i will try that. What do you mean with "Save the map coordinates"?
Also can you explain how to setup a trigger? Like a hotkey to make the teleport?
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Fri Nov 11, 2016 1:53 pm Post subject: |
|
|
| If you've made a teleport script in the past, you would have had to use a trigger of some sort. You would also have had to save off the coordinate values in order to load them later. See this recent post for examples of both.
|
|
| Back to top |
|
|
XaneXXXX
Expert Cheater
Reputation: 0
Joined: 29 Nov 2012
Posts: 212
|
| Posted: Fri Nov 11, 2016 1:55 pm Post subject: |
|
|
| ++METHOS wrote: | | If you've made a teleport script in the past, you would have had to use a trigger of some sort. You would also have had to save off the coordinate values in order to load them later. See this recent post for examples of both. |
Nice, looks way to advanced for me tho, But I'm still gonna try it, will report back in a while! 
Update: Damn this is hard for me.. I always get confused when there are a lot of code that i have to write.
I changed the opcode for the find cordinates to a more permanent one (only player coordinates accesses it)
| Code: | [ENABLE]
aobscanmodule(cordsfan,forza_x64_release_final.exe,C9 0F 5C CB 0F 57 DB 0F 58 51 30 44 0F 28 C9)
alloc(newmem,$100,"forza_x64_release_final.exe"+21764BC)
label(code)
label(return)
globalalloc(_findcordnu,4)
newmem:
code:
push rax
mov rax,_findcordnu
mov [rax],rcx
pop rax
addps xmm2,[rcx+30]
movaps xmm9,xmm1
jmp return
cordsfan+07:
jmp newmem
nop
nop
nop
return:
registersymbol(cordsfan)
[DISABLE]
cordsfan+07:
db 0F 58 51 30 44 0F 28 C9
unregistersymbol(cordsfan)
dealloc(newmem)
|
And the waypoint stays the same.
| Code: | [ENABLE]
aobscanmodule(waypoint,forza_x64_release_final.exe,0F 29 81 80 03 00 00 C3 CC EB)
alloc(newmem,$100,"forza_x64_release_final.exe"+C7C7FC)
label(code)
label(return)
globalalloc(_waypoint,4)
newmem:
code:
push rax
mov rax,_waypoint
mov [rax],rcx
pop rax
movaps [rcx+00000380],xmm0
jmp return
waypoint:
jmp newmem
nop
nop
return:
registersymbol(waypoint)
[DISABLE]
waypoint:
db 0F 29 81 80 03 00 00
unregistersymbol(waypoint)
dealloc(newmem) |
METHOS is you have time, could you make an example script using my info? I know you did one for the game before but i have a hard time understanding long codes. If you don't have the time it's cool, Anyway i will keep trying here! Also it doesn't have to be a 100% working script, just so that i understand the conept behind it a bit more. Cheers
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sat Nov 12, 2016 1:08 am Post subject: |
|
|
First thing, let CE combine your scripts:
https://c2.staticflickr.com/8/7737/28093652233_ae0068d9e6_o.gif
Name one of them player_coordinates and the other one map_coordinates (or something similar).
As per usual, this may contain errors, but should give you the idea:
| Code: | //Target: Forza Horizon 3
//Author: ++METHOS
//Script: Waypoint Teleport
[ENABLE]
aobscanmodule(aob_player_coordinates,forza_x64_release_final.exe,C9 0F 5C CB 0F 57 DB 0F 58 51 30 44 0F 28 C9)
alloc(newmem_player_coordinates,$100,"forza_x64_release_final.exe"+21764BC)
aobscanmodule(aob_map_coordinates,forza_x64_release_final.exe,0F 29 81 80 03 00 00 C3 CC EB)
alloc(newmem_map_coordinates,$100,"forza_x64_release_final.exe"+C7C7FC)
label(return_player_coordinates)
label(originalcode_player_coordinates)
label(lm)
label(loadm)
label(return_map_coordinates)
label(originalcode_map_coordinates)
label(map_coordinatesx)
label(map_coordinatesz)
registersymbol(aob_player_coordinates)
registersymbol(lm)
registersymbol(aob_map_coordinates)
registersymbol(map_coordinatesx)
registersymbol(map_coordinatesz)
//================================================//
newmem_player_coordinates:
cmp byte ptr [lm],1
je loadm
jmp originalcode_player_coordinates
loadm:
mov byte ptr [lm],0
cmp [map_coordinatesx],0
je originalcode_player_coordinates
push rdi
mov rdi,[map_coordinatesx]
mov [rcx+30],rdi
mov rdi,[map_coordinatesz]
mov [rcx+38],rdi
pop rdi
jmp originalcode_player_coordinates
originalcode_player_coordinates:
addps xmm2,[rcx+30]
movaps xmm9,xmm1
jmp return_player_coordinates
lm:
db 0
aob_player_coordinates+07:
jmp newmem_player_coordinates
db 90 90 90
return_player_coordinates:
//================================================//
newmem_map_coordinates:
push rdi
mov rdi,[rcx+380]
mov [map_coordinatesx],rdi
mov rdi,[rcx+388]
mov [map_coordinatesz],rdi
pop rdi
originalcode_map_coordinates:
movaps [rcx+00000380],xmm0
jmp return_map_coordinates
map_coordinatesx:
dq 0
map_coordinatesz:
dq 0
aob_map_coordinates:
jmp newmem_map_coordinates
db 90 90
return_map_coordinates:
//================================================//
[DISABLE]
dealloc(newmem_player_coordinates)
aob_player_coordinates+07:
db 0F 58 51 30 44 0F 28 C9
unregistersymbol(aob_player_coordinates)
unregistersymbol(lm)
dealloc(newmem_map_coordinates)
aob_map_coordinates:
db 0F 29 81 80 03 00 00
unregistersymbol(aob_map_coordinates)
unregistersymbol(map_coordinatesx)
unregistersymbol(map_coordinatesz)
|
Once the script is activated, you'll want to create a custom address for your activation toggle (trigger) and assign a hotkey for it:
lm (byte type)
By the way, most of the time, way-points do not contain any Y axis data, so you'll only be working with two coordinates X & Z. However, IF your game handles all three, then you'll need to incorporate them all so that you do not fall through the map and/or die from a fall. Normally, you can alter the Y axis to raise your character above the highest point in the game to ensure that you do not fall through the map when you teleport and just incorporate a no-falling-death of some sort. Even better, is teleport under the map and have your character quickly rise until you reach a walking surface by incorporating a check for that as shown here.
|
|
| Back to top |
|
|
XaneXXXX
Expert Cheater
Reputation: 0
Joined: 29 Nov 2012
Posts: 212
|
| Posted: Sat Nov 12, 2016 10:53 am Post subject: |
|
|
| ++METHOS wrote: | First thing, let CE combine your scripts:
https://c2.staticflickr.com/8/7737/28093652233_ae0068d9e6_o.gif
Name one of them player_coordinates and the other one map_coordinates (or something similar).
As per usual, this may contain errors, but should give you the idea:
| Code: | //Target: Forza Horizon 3
//Author: ++METHOS
//Script: Waypoint Teleport
[ENABLE]
aobscanmodule(aob_player_coordinates,forza_x64_release_final.exe,C9 0F 5C CB 0F 57 DB 0F 58 51 30 44 0F 28 C9)
alloc(newmem_player_coordinates,$100,"forza_x64_release_final.exe"+21764BC)
aobscanmodule(aob_map_coordinates,forza_x64_release_final.exe,0F 29 81 80 03 00 00 C3 CC EB)
alloc(newmem_map_coordinates,$100,"forza_x64_release_final.exe"+C7C7FC)
label(return_player_coordinates)
label(originalcode_player_coordinates)
label(lm)
label(loadm)
label(return_map_coordinates)
label(originalcode_map_coordinates)
label(map_coordinatesx)
label(map_coordinatesz)
registersymbol(aob_player_coordinates)
registersymbol(lm)
registersymbol(aob_map_coordinates)
registersymbol(map_coordinatesx)
registersymbol(map_coordinatesz)
//================================================//
newmem_player_coordinates:
cmp byte ptr [lm],1
je loadm
jmp originalcode_player_coordinates
loadm:
mov byte ptr [lm],0
cmp [map_coordinatesx],0
je originalcode_player_coordinates
push rdi
mov rdi,[map_coordinatesx]
mov [rcx+30],rdi
mov rdi,[map_coordinatesz]
mov [rcx+38],rdi
pop rdi
jmp originalcode_player_coordinates
originalcode_player_coordinates:
addps xmm2,[rcx+30]
movaps xmm9,xmm1
jmp return_player_coordinates
lm:
db 0
aob_player_coordinates+07:
jmp newmem_player_coordinates
db 90 90 90
return_player_coordinates:
//================================================//
newmem_map_coordinates:
push rdi
mov rdi,[rcx+380]
mov [map_coordinatesx],rdi
mov rdi,[rcx+388]
mov [map_coordinatesz],rdi
pop rdi
originalcode_map_coordinates:
movaps [rcx+00000380],xmm0
jmp return_map_coordinates
map_coordinatesx:
dq 0
map_coordinatesz:
dq 0
aob_map_coordinates:
jmp newmem_map_coordinates
db 90 90
return_map_coordinates:
//================================================//
[DISABLE]
dealloc(newmem_player_coordinates)
aob_player_coordinates+07:
db 0F 58 51 30 44 0F 28 C9
unregistersymbol(aob_player_coordinates)
unregistersymbol(lm)
dealloc(newmem_map_coordinates)
aob_map_coordinates:
db 0F 29 81 80 03 00 00
unregistersymbol(aob_map_coordinates)
unregistersymbol(map_coordinatesx)
unregistersymbol(map_coordinatesz)
|
Once the script is activated, you'll want to create a custom address for your activation toggle (trigger) and assign a hotkey for it:
lm (byte type)
By the way, most of the time, way-points do not contain any Y axis data, so you'll only be working with two coordinates X & Z. However, IF your game handles all three, then you'll need to incorporate them all so that you do not fall through the map and/or die from a fall. Normally, you can alter the Y axis to raise your character above the highest point in the game to ensure that you do not fall through the map when you teleport and just incorporate a no-falling-death of some sort. Even better, is teleport under the map and have your character quickly rise until you reach a walking surface by incorporating a check for that as shown here. |
Awesome thank you very much!! I'm gonna try this soon
And yes the waypoint does utilize the up/down coordinate, when i place the waypoint, it shows how high up/down the ground is at that waypoint.
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sat Nov 12, 2016 11:16 am Post subject: |
|
|
| It's very uncommon, but not totally unheard of...but I don't usually mess with racing games, either.
|
|
| Back to top |
|
|
XaneXXXX
Expert Cheater
Reputation: 0
Joined: 29 Nov 2012
Posts: 212
|
| Posted: Sun Nov 13, 2016 9:02 am Post subject: |
|
|
Sorry for the late answer, Your script worked perfectly! I had a few questions.
Why do i need to use the cmp byte ptr and now just cmp byte? I know that ptr stands for pointer but i have never used it that way before.
What does:
do?
And what does: | Code: | map_coordinatesx:
dq 0
map_coordinatesz:
dq 0 |
Do?
Thank you!
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sun Nov 13, 2016 9:27 am Post subject: |
|
|
You can simply use cmp. The ptr is not needed.
The:
| Code: | lm:
db 0
map_coordinatesx:
dq 0
map_coordinatesz:
dq 0 |
...initializes whatever byte size/allocation that you declare for those custom symbols:
db - define byte
dw - define word (2 bytes)
dd - define double-word (4 bytes)
dq - define quad-word (8 bytes)
|
|
| Back to top |
|
|
XaneXXXX
Expert Cheater
Reputation: 0
Joined: 29 Nov 2012
Posts: 212
|
| Posted: Mon Nov 14, 2016 12:28 pm Post subject: |
|
|
| ++METHOS wrote: | You can simply use cmp. The ptr is not needed.
The:
| Code: | lm:
db 0
map_coordinatesx:
dq 0
map_coordinatesz:
dq 0 |
...initializes whatever byte size/allocation that you declare for those custom symbols:
db - define byte
dw - define word (2 bytes)
dd - define double-word (4 bytes)
dq - define quad-word (8 bytes) |
Thank you very much for your help! I tried removing your assembly code and did it all by myself thanks to your help!! Cheers
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Mon Nov 14, 2016 12:38 pm Post subject: |
|
|
| Good work. With a better understanding of assembly, you can write more elaborate scripts. Time to get creative.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
