 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Bl00dWolf
Advanced Cheater
 Reputation: 0
Joined: 04 Jan 2010
Posts: 79
Location: Russia, Moscow
|
 Posted: Sun Aug 30, 2015 7:15 am Post subject: [Help] Party Hard - how to freeze via script? |
 |
|
So I have found:
eax = BASE
base + 30 = run multiper
base + 44 = run bar value
I can freeze base+44 - it's ok.
But multiper is changing TOO fast to freeze it just via freezing address. So I need a script for this.
So I have now:
FIND BASE ADDRESS (for some realon this script always finds eax+4, not eax, but this is not a big problem)
| Code: |
[ENABLE]
aobscan(base, 00 00 00 00 01 00 00 00 00 00 96 42 00 00 96 42 0F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 80 3F 00 00 80 3F 9A 99 19 3F 00 00 80 3F 9A 99 99 3F 00) // uniq for our base
label(_base)
registersymbol(_base)
base:
_base:
[DISABLE]
unregistersymbol(_base)
|
This always work after game restart.
And this is for NO cops (they can't run anymore) and for our player fast run:
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,512)
alloc(run,4)
label(mult_run)
label(no_run)
label(returnhere)
label(originalcode)
label(exit)
newmem:
cmp [eax+2C],0 // only we and cops doesn't have 0 here
jne originalcode // not me or cops? go to original code
cmp [eax+08],0 // Only cops have 0 here.
jne mult_run // so if not 0 jump to multy run to set our speed x5
cmp [eax+08],0 // if you are cop
je no_run //you now can't run, cop :D (speed x 0 = 0)
originalcode:
fstp dword ptr [eax+30]
fld1
jmp returnhere
mult_run:
mov [run],(float)5
fld [run]
fstp dword ptr [eax+30]
jmp returnhere
no_run:
mov [run],(float)0
fld [run]
fstp dword ptr [eax+30]
exit:
jmp returnhere
0C688413:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
0C688413:
fstp dword ptr [eax+30]
fld1
//Alt: db D9 58 30 D9 E8
|
BUT this script is not AOB, this script is code inject. After game restart address of original code (0C688413 in current script) is changing and this script will stop working.
So how I supposted to, you know, connect this 2 scripts with each other?
_________________
Sry for my english, Hitler.
 |
|
| Back to top |
|
 |
Cake-san
Grandmaster Cheater
 Reputation: 8
Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung
|
| Posted: Sun Aug 30, 2015 8:06 am Post subject: |
|
|
that base's aobscan is the value of the address,
while the script need the aobscan of the intruction that access the address...
like this:
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscan(_base1,D9 58 30 D9 E8) //make it more unique/longer if there are many aob like this...
registersymbol(_base1)
alloc(newmem,512)
alloc(run,4)
label(mult_run)
label(no_run)
label(returnhere)
label(originalcode)
label(exit)
newmem:
cmp [eax+2C],0 // only we and cops doesn't have 0 here
jne originalcode // not me or cops? go to original code
cmp [eax+08],0 // Only cops have 0 here.
jne mult_run // so if not 0 jump to multy run to set our speed x5
cmp [eax+08],0 // if you are cop
je no_run //you now can't run, cop :D (speed x 0 = 0)
originalcode:
fstp dword ptr [eax+30]
fld1
jmp returnhere
mult_run:
mov [run],(float)5
fld [run]
fstp dword ptr [eax+30]
jmp returnhere
no_run:
mov [run],(float)0
fld [run]
fstp dword ptr [eax+30]
exit:
jmp returnhere
_base1:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
_base1:
db D9 58 30 D9 E8
//fstp dword ptr [eax+30]
//fld1
unregistersymbol(_base1)
|
_________________
... |
|
| Back to top |
|
|
Bl00dWolf
Advanced Cheater
Reputation: 0
Joined: 04 Jan 2010
Posts: 79
Location: Russia, Moscow
|
| Posted: Sun Aug 30, 2015 8:14 am Post subject: |
|
|
But it the same function actually (expect offset). Hm.. Okay, thx, I'll try it.
And this is bad method, since i know all offsets, but must every time search uniq signature to ALL of them.
There is no way, you know, like first script aob + 30 = aob for my second script and etc?
_________________
Sry for my english, Hitler.
|
|
| Back to top |
|
|
Cake-san
Grandmaster Cheater
Reputation: 8
Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung
|
| Posted: Sun Aug 30, 2015 8:33 am Post subject: |
|
|
Lol,you don't need that much aobscan...
one or two aobscan is enough...
many of the address are connected
_________________
... |
|
| Back to top |
|
|
Bl00dWolf
Advanced Cheater
Reputation: 0
Joined: 04 Jan 2010
Posts: 79
Location: Russia, Moscow
|
| Posted: Sun Aug 30, 2015 8:54 am Post subject: |
|
|
Can't get script to work =( I don't know why. I tried many signatures, with out good result. I find uniq, put it into code, and after activate just nothin happens.
UPDATED:
Hm. The script is always finds the desired value, but does nothing with it.
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscan(_base1, 00 00 80 3F 00 00 80 3F 9A 99 19 3F 00 00 80 3F 9A 99 99 3F 00 00 C8 42 00 00 82 42 00 00 80 BF 00 00 00 00 01) //make it more unique/longer if there are many aob like this...
registersymbol(_base1)
alloc(newmem,512)
alloc(run,4)
label(mult_run)
label(no_run)
label(returnhere)
label(originalcode)
label(exit)
newmem:
cmp [eax+2C],0 // only we and cops doesn't have 0 here
jne originalcode // not me or cops? go to original code
cmp [eax+08],0 // Only cops have 0 here.
jne mult_run // so if not 0 jump to multy run to set our speed x5
cmp [eax+08],0 // if you are cop
je no_run //you now can't run, cop :D (speed x 0 = 0)
originalcode:
fstp dword ptr [eax+30]
fld1
jmp returnhere
mult_run:
mov [run],(float)5
fld [run]
fstp dword ptr [eax+30]
jmp returnhere
no_run:
mov [run],(float)0
fld [run]
fstp dword ptr [eax+30]
exit:
jmp returnhere
_base1:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
_base1:
db D9 58 30 D9 E8
//fstp dword ptr [eax+30]
//fld1
unregistersymbol(_base1)
|
After checking scripts it finds _base = my run multiper. But nothin happens after it. 0_o Why it does not work?
_________________
Sry for my english, Hitler.
|
|
| Back to top |
|
|
Cake-san
Grandmaster Cheater
Reputation: 8
Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung
|
| Posted: Sun Aug 30, 2015 9:02 am Post subject: |
|
|
that's odd, did the intruction also change ?
try to manually scan the oab using all grayed protection...
what's the result ?
Edit
maybe the value that you tried to compare has changed ?
why did your aobscan is difference?
_________________
...
Last edited by Cake-san on Sun Aug 30, 2015 9:07 am; edited 1 time in total |
|
| Back to top |
|
|
Bl00dWolf
Advanced Cheater
Reputation: 0
Joined: 04 Jan 2010
Posts: 79
Location: Russia, Moscow
|
| Posted: Sun Aug 30, 2015 9:05 am Post subject: |
|
|
| Cake-san wrote: | that's odd, did the intruction also change ?
|
fstp dword ptr [eax+30] always same, but different address
| Cake-san wrote: | try to manually scan the oab using all grayed protection...
what's the result ? |
If I knew how....
| Cake-san wrote: | | maybe the value that you tried to compare has changed ? |
Checked - all is ok.
New code injection script, will work, until I will restart game.
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,512)
alloc(run,4)
label(mult_run)
label(no_run)
label(returnhere)
label(originalcode)
label(exit)
newmem:
cmp [eax+2C],0
jne originalcode
cmp [eax+08],0
jne mult_run
cmp [eax+08],0
je no_run
originalcode:
fstp dword ptr [eax+30]
fld1
jmp returnhere
mult_run:
mov [run],(float)5
fld [run]
fstp dword ptr [eax+30]
jmp returnhere
no_run:
mov [run],(float)0
fld [run]
fstp dword ptr [eax+30]
exit:
jmp returnhere
0F0034F3:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
0F0034F3:
fstp dword ptr [eax+30]
fld1
//Alt: db D9 58 30 D9 E8
|
_________________
Sry for my english, Hitler.
|
|
| Back to top |
|
|
Cake-san
Grandmaster Cheater
Reputation: 8
Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung
|
|
| Back to top |
|
|
Bl00dWolf
Advanced Cheater
Reputation: 0
Joined: 04 Jan 2010
Posts: 79
Location: Russia, Moscow
|
| Posted: Sun Aug 30, 2015 9:14 am Post subject: |
|
|
Lol i failed. But this signature is not uniq. I need to make it longer/
| Quote: |
Sorry, but for the time being you may not talk about those subjects on cheatengine.org
There are other sites where you are free to talk about it though, like http://irule.at/using/cheatengine/
|
Oh, cmon, wtf.
->>>> http://pastebin.com/UHGJV4N6
_________________
Sry for my english, Hitler.
|
|
| Back to top |
|
|
Cake-san
Grandmaster Cheater
Reputation: 8
Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung
|
| Posted: Sun Aug 30, 2015 10:27 am Post subject: |
|
|
I don't understand much what you're trying to do...
is this the script that you want :
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscan(INJECT,D9 58 30 D9 E8 D9 58 34 C9) // should be unique
registersymbol(INJECT)
alloc(_cop1,8)
registersymbol(_cop1)
alloc(_killer1,8)
registersymbol(_killer1)
alloc(newmem,512)
alloc(run,4)
label(mult_run)
label(no_run)
label(returnhere)
label(originalcode)
label(exit)
newmem:
cmp [eax+2C],0 // only we and cops doesn't have 0 here
jne originalcode // not me or cops? go to original code
cmp [eax+08],0 // Only cops have 0 here.
jne mult_run // so if not 0 jump to multy run to set our speed x5
cmp [eax+08],0 // if you are cop
je no_run //you now can't run, cop :D (speed x 0 = 0)
originalcode:
fstp dword ptr [eax+30]
fld1
jmp returnhere
mult_run:
cmp [_killer1],01
jne exit
mov [run],(float)5
fld [run]
fstp dword ptr [eax+30]
jmp returnhere
no_run:
cmp [_cop1],01
jne exit
mov [run],(float)0
fld [run]
fstp dword ptr [eax+30]
exit:
jmp returnhere
///
_killer1:
db 0
_cop1:
db 0
///
INJECT:
jmp newmem
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
INJECT:
db D9 58 30 D9 E8
//fstp dword ptr [eax+30]
//fld1
unregistersymbol(INJECT)
dealloc(_cop1)
unregistersymbol(_cop1)
dealloc(_killer1)
unregistersymbol(_killer1)
|
make external asm script
| Code: |
[ENABLE]
_killer1:
db 01
[DISABLE]
_killer1:
db 0
|
and
| Code: |
[ENABLE]
_cop1:
db 01
[DISABLE]
_cop1:
db 0
|
_________________
... |
|
| Back to top |
|
|
Bl00dWolf
Advanced Cheater
Reputation: 0
Joined: 04 Jan 2010
Posts: 79
Location: Russia, Moscow
|
| Posted: Sun Aug 30, 2015 10:39 am Post subject: |
|
|
Cake-san
Yep exactly this. Thx! Now I know how to do that.
Ideal variant that I want, like here:
http://forum.cheatengine.org/viewtopic.php?t=583809
All code in one script, and many switches ON\OFF 
_________________
Sry for my english, Hitler.
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Sun Aug 30, 2015 5:34 pm Post subject: |
|
|
Some issues with your code.
The game's run modifier is already on the FPU stack. You never pop it.
The only reason you don't crash is because you fail to load a '1.0' back onto the stack (FLD1).
So where ever that 1.0 is supposed to go, it's actually using the current run speed modifier instead.
What I would've done:
| Code: | mult_run:
fstp st(0) // throw out the current value on the stack
fld [run]
jmp originalcode
no_run:
fstp st(0)
fldz
jmp originalcode
run: // declare [run] with a value of 5.0
dd (float)5 |
Cheat Engine comes with a built-in AOB Template for you. Simply use that!
First select the instruction: fstp dword ptr [eax+30]
Inside Auto Assemble, select Template > AOB Injection
|
|
| Back to top |
|
|
Bl00dWolf
Advanced Cheater
Reputation: 0
Joined: 04 Jan 2010
Posts: 79
Location: Russia, Moscow
|
| Posted: Sun Aug 30, 2015 6:56 pm Post subject: |
|
|
| Zanzer wrote: | Some issues with your code.
The game's run modifier is already on the FPU stack. You never pop it.
The only reason you don't crash is because you fail to load a '1.0' back onto the stack (FLD1).
So where ever that 1.0 is supposed to go, it's actually using the current run speed modifier instead.
What I would've done:
| Code: | mult_run:
fstp st(0) // throw out the current value on the stack
fld [run]
jmp originalcode
no_run:
fstp st(0)
fldz
jmp originalcode
run: // declare [run] with a value of 5.0
dd (float)5 |
Cheat Engine comes with a built-in AOB Template for you. Simply use that!
First select the instruction: fstp dword ptr [eax+30]
Inside Auto Assemble, select Template > AOB Injection |
Hm, okay, thx.
I'm always using built-in AOB Template
_________________
Sry for my english, Hitler.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
