Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Need Help: Can Not Detect Which Code Puts Values Into Memory

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions
View previous topic :: View next topic  
Author Message
VORP
Newbie cheater
Reputation: 0

Joined: 16 Aug 2022
Posts: 16

PostPosted: Tue Aug 16, 2022 10:49 am    Post subject: Need Help: Can Not Detect Which Code Puts Values Into Memory Reply with quote

Hello, I want to mod many static values in the game such as damage, attack speed, armor, health and such of many units. The problem is that all these values are static and they upload into the game only once when it is starting and never change during game process ever again and never get checked or uploaded again from memory after that. So I have found the memory addresses which are used for this, but they change each time on game startup, but I want to make these values change automatically so I don't have to do it all over again each time I launch the game.

So in order to fix it I want to use Cheat Engine Code Injection into processes that write these memory addresses with values and overwrite these values in there, so those processes would deposit overwritten values into memory in the first place. However I can not catch these processes as they finish their job long before (probably less than in 1 second after game startup) I can find values and check what writes into them. And once I have found addresses with values and try to check what writes into them, nothing writes into them anymore ever until I restart the game and so on.

So I don't know how to do this and ask for help.

Also pointerscan doesn't help either. Pointerscan just says no results found when I use 2 pointermaps.
Back to top
View user's profile Send private message
cooleko
Grandmaster Cheater
Reputation: 11

Joined: 04 May 2016
Posts: 717

PostPosted: Tue Aug 16, 2022 11:00 pm    Post subject: Reply with quote

I would suggest a different approach. You already know what the structure looks like since you have searched for it before. Create an AOB scan for it.

For example, if you know that it is

Float 1.0
Double 2.3
Decimal 100

Your AOB could span all three. Then do a search to see if it is the only one that appears. If not, make the AOB longer or choose another injection point within the structure. If it is, then all you are doing is overwriting which can be done via:

Code:
[ENABLE]
{$LUA}
local res = AOBScan("W/E the bytes are for the series of known values")
if res == nil then return end
writeBytes(tonumber(res[0],16)+0x00,0x03) //Where 0x00 is your offset and 0x03 is whatever byte you are replacing with
res.destroy()
{$ASM}
[DISABLE]
{$LUA}
local res = AOBScan("W/E the bytes are including any you changed if included in the AOB")
if res == nil then return end
writeBytes(tonumber(res[0],16)+0x00,0x2B)
res.destroy()


You can write more than just bytes so feel free to read the library notes
Back to top
View user's profile Send private message
VORP
Newbie cheater
Reputation: 0

Joined: 16 Aug 2022
Posts: 16

PostPosted: Wed Aug 17, 2022 5:24 am    Post subject: Reply with quote

Seems like a great advice!

It seems code you have given works, but I can't manage to make it change correct bytes as I am not sure how to write offset and value in bytes in there.

This is the code I have written:

Code:

[ENABLE]
{$LUA}
local res = AOBScan("00 20 7C 40 BC 06 27 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 8F 40 BC 06 27 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C0 52 40 BC")
if res == nil then return end
writeBytes(tonumber(res[0],16)+0x407C2,0x40B388)
res.destroy()
{$ASM}


At the very start of AOB scan there is a number 450 double type inside 407C20 bytes. Although those bytes are inverted and I am not sure how to write them into offset within writeBytes function. As an example, I want to replace that 450 value with 5000 value in double type, which is 40B388 in hex, and so I have written it into second parameter. If it needs to be inverted too, then I don't know how. And in the end this code did not change the value.

Although it seems it keeps saying syntax error for everything: first it says syntax error for brackets near [enable], then if I remove brackets it starts to say syntax error for word enable itself. If I remove enable, it starts to say the same for every other word with brackets and even if I remove those it keeps saying errors for every single word in there.

I am not sure how to use this code. Maybe I am using it in the wrong place.



aaa.png
 Description:
 Filesize:  42.33 KB
 Viewed:  3009 Time(s)

aaa.png


Back to top
View user's profile Send private message
cooleko
Grandmaster Cheater
Reputation: 11

Joined: 04 May 2016
Posts: 717

PostPosted: Wed Aug 17, 2022 2:25 pm    Post subject: Reply with quote

Is the offset you are using from the location the AOB returns? You can write to the output to verify that it is the correct address. Then check if the offset is adding correctly (by writing the output after adding the offset). Then verify it is reading the value correctly by writing what it says it located there once you have seen the correct address. Lastly you can write what it says is located there once you have executed write bytes to see what went wrong with your write.

If you log each step you can likely see where you went wrong.
Lastly, writeBytes uses this format: https://wiki.cheatengine.org/index.php?title=Lua:writeBytes

You can likely get away with using https://wiki.cheatengine.org/index.php?title=Lua:writeDouble since you know that it is a double you are writing.

The script I provided was just writing a single byte (replacing an add with a noop and then vice versa on close, iirc) and you are writing multiple bytes without properly formatting it.
Back to top
View user's profile Send private message
VORP
Newbie cheater
Reputation: 0

Joined: 16 Aug 2022
Posts: 16

PostPosted: Thu Aug 18, 2022 4:50 am    Post subject: Reply with quote

I am not sure how to code this. Could you please write an example of code which AOBscans for a bunch of bytes and then writes double value into first 8 bytes of AOBscan's result? That would do just what I need, please?

All bytes in my case contain double values.
Back to top
View user's profile Send private message
cooleko
Grandmaster Cheater
Reputation: 11

Joined: 04 May 2016
Posts: 717

PostPosted: Thu Aug 18, 2022 7:03 pm    Post subject: Reply with quote

The only change from the example you already have is to use writeDouble instead of writeBytes.

Assuming your offset is correct (I don't think it is), just replace with:

writeDouble(tonumber(res[0],16)+0x407C2,5000)

Keep in mind that if you are actually modifying the first 8 bytes of the AOB, that you have to replace the second AOB (for disable) with the new bytes as they appear in memory or it will never detect the AOB since it was changed.

If the AOB starts with the Double you are replacing, then the offset is 0x00 or just dont add anything at all. I leave the offset as +0x00 in my scripts so I can copy and paste from any script without having to retype an offset when there is one (and it intuitively reminds me there is an offset).
Back to top
View user's profile Send private message
VORP
Newbie cheater
Reputation: 0

Joined: 16 Aug 2022
Posts: 16

PostPosted: Fri Aug 19, 2022 5:05 am    Post subject: Reply with quote

I have made a script just like you said and it works perfectly! Thanks a lot, that does just what I wanted! Would be impossible to do without your help )
Back to top
View user's profile Send private message
cooleko
Grandmaster Cheater
Reputation: 11

Joined: 04 May 2016
Posts: 717

PostPosted: Fri Aug 19, 2022 5:53 am    Post subject: Reply with quote

Glad to hear it! Good job getting it to work!
Back to top
View user's profile Send private message
VORP
Newbie cheater
Reputation: 0

Joined: 16 Aug 2022
Posts: 16

PostPosted: Fri Aug 19, 2022 11:41 am    Post subject: Reply with quote

I have one question - how does offset value work? Is 1 point of offset equal to 8 numbers? Does 0x01 starts with 17th number in the line of bytes or something? How much is 0x01 point of offset?

Also another question - how do I make many AOBscans in a row like that? As I assume, from the code you have given all AOBscans would end once any of them returns nil into res. I tried to do do-end, but that doesn't seem to solve it.

How do I make many AOBscans and value injections?

This is code I came up with:

Code:
--[[Channeled Buildup Range]]
do
local res = AOBScan("00 00 00 00 00 30 81 40 BC 06 27 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 8F 40 BC 06 27 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C0 62 40 BC 06 27 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 BC 06 27 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E0 3F BC 06 27 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16 40")
if res == nil then return end
writeDouble(tonumber(res[0],16)+0x00,500)
res.destroy()
end


--[[ChanneledBuildup AOE ]]
do
local res = AOBScan("00 00 00 00 00 C0 62 40 BC 06 27 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 BC 06 27 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E0 3F BC 06 27 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16 40")
if res == nil then return end
writeDouble(tonumber(res[0],16)+0x00,112.5)
res.destroy()
end

--[[Advent Armor attempt 1]]
do
local res = AOBScan("00 00 00 00 00 00 24 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 BE 75 08 00 00 00 00 EF BE AD 0E 58 00 00 00 C0 BA 75 08 10 BC 75 08 40 BE 75 08 00 00 00 00 3E 00 00 00 00 00 00 00 BC 06 27 01 00 00 00 00 00 00 00 00 00 00 00 00")
if res == nil then return end
writeDouble(tonumber(res[0],16)+0x00,3)
res.destroy()
end

--[[Advent Armor attempt 2]]
do
local res = AOBScan("00 00 00 00 00 00 24 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 BE 77 08 00 00 00 00 EF BE AD 0E 58 00 00 00 C0 BA 77 08 10 BC 77 08 40 BE 77 08 00 00 00 00 3E 00 00 00 00 00 00 00 BC 06 27 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 BE 77 08 00 00 00 00 EF BE AD 0E 58 00 00 00 C0 BA 77 08 D0 BD 77 08 C0 BA 77 08 00 00 00 00 3F 00 00 00 00 00 00 00 BC 06 27 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40")
if res == nil then return end
writeDouble(tonumber(res[0],16)+0x00,3)
res.destroy()
end

--[[Advent Armor attempt 3]]
do
local res = AOBScan("00 00 00 00 00 00 24 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 BE 79 08 00 00")
if res == nil then return end
writeDouble(tonumber(res[0],16)+0x00,3)
res.destroy()
end

--[[Advent Armor attempt 4]]
do
local res = AOBScan("00 00 00 00 00 00 24 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 BE 76 08 00 00 00 00 EF BE AD 0E 58 00")
if res == nil then return end
writeDouble(tonumber(res[0],16)+0x00,3)
res.destroy()
end

--[[Advent Armor attempt 5]]
do
local res = AOBScan("00 00 00 00 00 00 24 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 BE 76 08 00 00")
if res == nil then return end
writeDouble(tonumber(res[0],16)+0x00,3)
res.destroy()
end

--[[Advent Armor attempt 6]]
do
local res = AOBScan("00 00 00 00 00 00 24 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 BE 76 08 00 00")
if res == nil then return end
writeDouble(tonumber(res[0],16)+0x00,3)
res.destroy()
end

--[[Amplifier Armor]]
do
local res = AOBScan("00 00 00 00 00 00 18 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E7 9F 08 00 00 00 00 EF BE AD 0E 58 00 00 00 90 E3 9F 08 E0 E4 9F 08 10 E7 9F 08 00 00 00 00 40 00 00 00 00 00 00 00 BC 06 27 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 F0 3F 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 E7 9F 08 00 00 00 00 EF BE AD 0E 58 00 00 00 90 E3 9F 08 A0 E6 9F 08 90 E3 9F 08 00 00 00 00 43 00 00 00 00 00 00 00 BC 06 27 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 73 40")
if res == nil then return end
writeDouble(tonumber(res[0],16)+0x00,3)
res.destroy()
end

--[[Crucible Armor]]
do
local res = AOBScan("00 00 00 00 00 00 24 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 C2 75 08 00 00 00 00 EF BE AD 0E 58 00 00 00 20 BF 75 08 70 C0 75 08 A0 C2 75 08 00 00 00 00 3E 00 00 00 00 00 00 00 BC 06 27 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C3 75 08 00 00 00 00 EF BE AD 0E 58 00 00 00 20 BF 75 08 30 C2 75 08 20 BF 75 08 00 00 00 00 3F 00 00 00 00 00 00 00 BC 06 27 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 40")
if res == nil then return end
writeDouble(tonumber(res[0],16)+0x00,3)
res.destroy()
end

--[[Overcharger Armor]]
do
local res = AOBScan("00 00 00 00 00 00 24 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 CB 75 08 00 00 00 00 EF BE AD 0E 58 00 00 00 80 CA 75 08 50 C8 75 08 30 C9 75 08 00 00 00 00 3A 00 00 00 00 00 00 00 BC 06 27 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 40")
if res == nil then return end
writeDouble(tonumber(res[0],16)+0x00,3)
res.destroy()
end

--[[Shroud Extractor Armor]]
do
local res = AOBScan("00 00 00 00 00 00 18 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B0 BA 75 08 00 00 00 00 EF BE AD 0E 60 00 00 00 B8 3E 28 01 70 19 7A 08 D4 AF 3C 08 FA E4 32 5A 5D 00 00 00 E0 01 00 00 58 02 00 00 00 00 C8 42 00 00 80 3F 00 00 00 00 F0 AA 7B 08 00 00 00 00 00 00 00 00 00 00 00 00 60 A7 7B 08 00 00 00 00 00 00 00 00 00 00 C8 42 9A 99 19 3F 00 00 20 41 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3F 20 BB 75 08 00 00 00 00 EF BE AD 0E 58 00 00 00 A0 BB 75 08 30 BB 75 08 40 BE 75 08 5C 43 6F 6E 66 69 67 2E 6D 65 67 00 00 00 00 00 0F 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 FF FF FF FF 00 01 00 00 00 00 00 00 00 00 00 00 01 00 00 00 0F 00 00 00 00 00 00 00 00 00 00 00 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 BB 75 08 00 00 00 00 EF BE AD 0E 58 00 00 00 A0 BB 75 08 C0 BA 75 08 10 BC 75 08 00 00 00 00 2E 00 00 00 00 00 00 00 BC 06 27 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3E 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 BC 75 08 00 00 00 00 EF BE AD 0E 58 00 00 00 C0 BA 75 08 30 BB 75 08 C0 BA 75 08 00 00 00 00 2D 00 00 00 00 00 00 00 BC 06 27 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 69 40")
if res == nil then return end
writeDouble(tonumber(res[0],16)+0x00,5)
res.destroy()
end


--[[Zenith Armor]]
do
local res = AOBScan("00 00 00 00 00 00 24 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 F0 C6 75 08 00 00 00 00 EF BE AD 0E 58 00 00 00 80 C3 75 08 D0 C4 75 08 00 C7 75 08 00 00 00 00 3E 00 00 00 00 00 00 00 BC 06 27 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 C7 75 08 00 00 00 00 EF BE AD 0E 58 00 00 00 80 C3 75 08 90 C6 75 08 80 C3 75 08 00 00 00 00 3F 00 00 00 00 00 00 00 BC 06 27 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40")
if res == nil then return end
writeDouble(tonumber(res[0],16)+0x00,3)
res.destroy()
end
Back to top
View user's profile Send private message
cooleko
Grandmaster Cheater
Reputation: 11

Joined: 04 May 2016
Posts: 717

PostPosted: Fri Aug 19, 2022 1:22 pm    Post subject: Reply with quote

Every hexadecimal digit is a 0x01. If you search for AB CD and find it, A is your 0x00 and D is your 0x03. If your read 4 bytes at a time it is one read at 0x00 but if you read two, it is two reads at 0x00 and then 0x02.

If you want to consider chaining AOBs, just change the logic. Instead of ending if nil, do something if not nil.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites