|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Kawaii desu ne How do I cheat? Reputation: 0
Joined: 13 Sep 2016 Posts: 7
|
Posted: Fri Sep 16, 2016 5:51 am Post subject: |
|
|
So I have a problem doing this with a game. I have multiple resources that are not too far away from each other. For example: Wood = 0F77C1F8 and Stone = 0F77C230 and Wool = 0EEBEB30.
My problem is, that the instruction that adds resources has no offset.
Just an add [eax],ecx. Heres what I see. Red is the add instruction.
Code: |
"Game.exe"+93417: 8B CE - mov ecx,esi
"Game.exe"+93419: 6A 00 - push 00
"Game.exe"+9341B: E8 D0 6D F9 FF - call Game.exe+2A1F0
"Game.exe"+93420: 85 C0 - test eax,eax
"Game.exe"+93422: 74 6F - je Game.exe+93493
"Game.exe"+93424: 56 - push esi
"Game.exe"+93425: B9 80 A8 5B 01 - mov ecx,Game.exe+53A880
"Game.exe"+9342A: E8 21 95 FC FF - call Game.exe+5C950
"Game.exe"+9342F: 8B 4D 0C - mov ecx,[ebp+0C]
"Game.exe"+93432: 8B 3D AC 9A 5B 01 - mov edi,[Game.exe+539AAC]
"Game.exe"+93438: 01 08 - add [eax],ecx <--- Used instruction
"Game.exe"+9343A: 85 FF - test edi,edi
"Game.exe"+9343C: 75 32 - jne Game.exe+93470
"Game.exe"+9343E: 68 14 B2 02 00 - push 0002B214
"Game.exe"+93443: FF 15 48 C9 48 01 - call dword ptr [Game.exe+40C948]
"Game.exe"+93449: 83 C4 04 - add esp,04
"Game.exe"+9344C: 89 45 08 - mov [ebp+08],eax
"Game.exe"+9344F: 89 7D FC - mov [ebp-04],edi
"Game.exe"+93452: 85 C0 - test eax,eax
"Game.exe"+93454: 74 0B - je Game.exe+93461
"Game.exe"+93456: 8B C8 - mov ecx,eax
"Game.exe"+93458: E8 F3 92 16 00 - call Game.exe+1FC750
"Game.exe"+9345D: 8B F8 - mov edi,eax
|
Its all the same with Wood,Stone and Wool. But how can I find the base address without any offsets? Is that even possible or am I just to stupid to understand what I should be doing?[/code]
|
|
Back to top |
|
|
paul44 Expert Cheater Reputation: 2
Joined: 20 Jul 2017 Posts: 152
|
Posted: Mon Aug 21, 2017 2:07 pm Post subject: some Qs + feedback |
|
|
Great article, as usual!
I do have some questions though (see [imgur_com/a/TluBh] for details):
a. is there a way to "dealloc" the 'globalalloc'? Yes, we are talking 4-8 bytes here, but I see it as a "correct coding" principle...
(I assume this function acts similar as the msdn fn? which counterpart is Globalfree)
(see 1st image)
b. based on prev AOB experience (another one of your tutorials), I learned that the aobscan Label already received the appropriate address. And it works in the same way with the 'AOB to Data' approach. Ie you can use the AOBscan label; no need to introduce an additional label?!
Tested and working, but - just to be sure - can I expect "trouble" this way?
(see 2nd image)
c. I'm actually a bit amazed that I've not seen anyone mentioning the 'Userdefined Symbol' table. I find it incredibly useful while working with these scripts! As you dis/enable scripts, you'll see the appropriate labels dis/appearing... And jump to their memory locations from there.
And hence my question in pt b. (when nothing is enabled, the table is empty ~ sort of)
(see 3rd image)
Sidequestions:
1. is there a way to identify whether a structure is a 'struct' or 'class'; and whether or not it contains Virtual Functions?
2. (see 4th image)
one of the structures I found (SoM) started with pointers (or these values were identified as such). What I understand from a book I'm currently reading is, that one of the features of a structure is that all its values are aligned to the same size (in my case 4 bytes; or so I assume). But since SoM is 64bit, that would imply that pointers have a 8 byte size?!
- note that in the image some pointers (?) are 2 bytes long?
- note that I've changed some of the initial types to 'Float' (as being the correct type)
3. if one uses the same label (eg INJECT for each AOBscan) in several scripts (active in the address list), will this not cause any conflicts? Not tested myself (yet)...
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4300
|
Posted: Mon Aug 21, 2017 2:57 pm Post subject: |
|
|
paul44 wrote: | a. is there a way to "dealloc" the 'globalalloc'? Yes, we are talking 4-8 bytes here, but I see it as a "correct coding" principle... | Not really. That's the point of globalalloc. It only allocates memory once and it's there forever. If you don't like that, then use alloc in place of globalalloc and dealloc that memory in the disable section.
paul44 wrote: | b. based on prev AOB experience (another one of your tutorials), I learned that the aobscan Label already received the appropriate address. And it works in the same way with the 'AOB to Data' approach. Ie you can use the AOBscan label; no need to introduce an additional label?! | I don't know exactly what you're talking about, but if you mean something like this:
Code: | aobscan(foo,AA BB CC DD)
label(bar)
registersymbol(bar)
foo:
bar: | The label "bar" is unnecessary since the symbol "foo" could be registered instead. Code: | aobscan(foo,AA BB CC DD)
registersymbol(foo) |
paul44 wrote: | I'm actually a bit amazed that I've not seen anyone mentioning the 'Userdefined Symbol' table. I find it incredibly useful while working with these scripts! As you dis/enable scripts, you'll see the appropriate labels dis/appearing... And jump to their memory locations from there.
And hence my question in pt b. (when nothing is enabled, the table is empty ~ sort of) | I didn't see any question in those statements. If you're wondering why no one seems to talk about the symbol handler form, then IMO it's because that form is more of a trifle than anything else. I don't have any significant use for it.
paul44 wrote: | 1. is there a way to identify whether a structure is a 'struct' or 'class'; and whether or not it contains Virtual Functions? | There's very little difference between a struct and a class (at least from the perspective of C++). Objects of a class using virtual functions should have a pointer to a vtable as their first member.
paul44 wrote: | 2. (see 4th image)
one of the structures I found (SoM) started with pointers (or these values were identified as such). What I understand from a book I'm currently reading is, that one of the features of a structure is that all its values are aligned to the same size (in my case 4 bytes; or so I assume). But since SoM is 64bit, that would imply that pointers have a 8 byte size?! | I don't know if you posted the wrong image, but everything CE automatically deduced as a pointer is clearly 8 bytes long. This can be seen from their offset from the start of the structure. Perhaps it's confusing that CE doesn't show leading 0s after 8 characters, but that's as aesthetically pleasing as CE can make displaying addresses IMO.
paul44 wrote: | 3. if one uses the same label (eg INJECT for each AOBscan) in several scripts (active in the address list), will this not cause any conflicts? Not tested myself (yet)... | If you register that symbol, then of course there will be conflicts.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
paul44 Expert Cheater Reputation: 2
Joined: 20 Jul 2017 Posts: 152
|
Posted: Tue Aug 22, 2017 2:46 am Post subject: Class vs Struct (andwhatnot)... |
|
|
@ParkourPenguin: thx for your reply.
Q1: I first assumed that one HAD to use Globalalloc() to have it picked up in the address list; apparently alloc() will do as well...
Q2: that is indeed what I meant
Q3: from a beginners point of view, this table is great (when I picked up this technique, I had no idea what was saved/referred to these labels
(for a Pro this is old news; I get that ). Still, it is an easy way to get around in memory...
Q4: yep, I concluded that myself, about struct vs class. But I'm getting there evt... (meaning about identifying structures & VFs)
Q5: pointers at the start of the structure (last image):
the 1st ptr is 8 bytes (fair enough), but the 2nd one just 2 bytes (?); or am I reading/interpreting this incorrectly? Also (I need to check this), but the 1st 2 entries seem to point to my game's exe memory, while the others point to data memory?!
How would one (possibly) interpret those pointers? F.i. does (could it) mean that the 1st 2 are (virtual) functions? And what about the other ones?
AND: there is a "regularity" here: 8+2, 8+2, etc...
-EDIT-
As soon as you mentioned "hex", it hit me (like a stick on a donkey's ass ). sorry about that: blame it on my feminin side, talking before her turn .
As for the VF table stuff: way too early for me - as a beginner - to dig/debug into that. But I'll get there eventually...
And fyi: alloc() works as well. thx
Last edited by paul44 on Wed Aug 23, 2017 3:38 am; edited 1 time in total |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4300
|
Posted: Tue Aug 22, 2017 8:40 am Post subject: |
|
|
paul44 wrote: | Q1: I first assumed that one HAD to use Globalalloc() to have it picked up in the address list; apparently alloc() will do as well... | If you want to use it in the address list, make sure to register the symbol. globalalloc does this automatically; alloc does not.
paul44 wrote: | the 1st ptr is 8 bytes (fair enough), but the 2nd one just 2 bytes (?); or am I reading/interpreting this incorrectly? | That's hexadecimal. 0x10 = 16 in decimal. 16 - 8 = 8.
paul44 wrote: | Also (I need to check this), but the 1st 2 entries seem to point to my game's exe memory, while the others point to data memory?!
How would one (possibly) interpret those pointers? F.i. does (could it) mean that the 1st 2 are (virtual) functions? And what about the other ones? |
As I said before, if a class has virtual functions, then objects of that class will have a pointer to a vtable as their first member. The first pointer could be pointing to a vtable, but I don't know. The others, I have no idea what they're used for. If you're curious, debug the game and figure out how it's using those members and/or the data those members are pointing to.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
kennethas How do I cheat? Reputation: 0
Joined: 14 Aug 2017 Posts: 4
|
Posted: Wed Aug 23, 2017 5:31 am Post subject: |
|
|
@ParkourPenguin can you help me about something in aobscan codes? I can't pm you maybe because I'm new
|
|
Back to top |
|
|
Dwarface How do I cheat? Reputation: 0
Joined: 06 Nov 2017 Posts: 1
|
Posted: Mon Nov 06, 2017 7:49 am Post subject: |
|
|
I am getting 0 results after pointer scanning, am I doing something wrong?
|
|
Back to top |
|
|
seorm10 How do I cheat? Reputation: 0
Joined: 26 Dec 2017 Posts: 1
|
Posted: Tue Dec 26, 2017 12:05 am Post subject: |
|
|
Hello
My pointer scanner function is not capable of finding all sorts of pointer paths
that the traditional methods won't find.
|
|
Back to top |
|
|
GovernedSquid6 How do I cheat? Reputation: 0
Joined: 16 Jan 2018 Posts: 1
|
Posted: Tue Jan 16, 2018 5:50 pm Post subject: 0 Pointer paths |
|
|
For some reason when i do everything listed and pointer scan, it says that it found 0 pointer paths. What am I supposed to do now?
|
|
Back to top |
|
|
john1214 How do I cheat? Reputation: 0
Joined: 25 Jan 2018 Posts: 1
|
Posted: Thu Jan 25, 2018 12:54 am Post subject: |
|
|
Hello
My scanner is not working properly , So Could anyone please guide me how I can solve this?
Thanks in advance
Last edited by john1214 on Mon Jan 29, 2018 3:30 pm; edited 1 time in total |
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Thu Jan 25, 2018 6:14 am Post subject: |
|
|
@john1214 watch a video on someone working with the tutorial and make sure you do exactly what they did. If it works there then it's not the scanner.
Or perhaps make a video so we can see exactly what you mean by "does not work properly" rather than making random guesses...
|
|
Back to top |
|
|
shawn778 How do I cheat? Reputation: 0
Joined: 21 Feb 2018 Posts: 1
|
Posted: Wed Feb 21, 2018 12:49 am Post subject: |
|
|
Hello
I have windows 10, Can you tell me how to POINTER SCAN my windows using cheat engine?
Thanks.
|
|
Back to top |
|
|
frenchiveruti Cheater Reputation: 0
Joined: 07 Jun 2009 Posts: 35
|
Posted: Mon Apr 16, 2018 8:54 pm Post subject: Images Down |
|
|
Hello, i know this thread is quite old, but it seems that postimage took down all the images from this forum, so it would be nice to have them on ImgUr as you relly heavily on those for the tutorial.
Thanks!
_________________
Acknowledgeable enough. |
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
|
Back to top |
|
|
_Gonzo_ Newbie cheater Reputation: 0
Joined: 05 Jun 2011 Posts: 12 Location: Russia
|
Posted: Fri Jun 29, 2018 11:49 am Post subject: |
|
|
Thank you for link to web archive! cuz pic's dead..
_________________
? |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|