Cheat Engine

penpenpen · Cheater Reputation: 0 Joined: 23 Feb 2014 Posts: 39

Hey everyone,

what is the general way to make a charachter in a shooter shoot, without sending a click event to the game ?.

I managed to get Charachters walk across the map by reverse engineering and finding out what triggers the walking procedures. But I do have problems finding Variables that I need to change in order for the game to think "ok I have to send an fire command now" (Like "0x042323 is 1" so left mouse has been pressed ie.).

I tried using ultimap, and checking for all functions that have been executed the X time i have fired, going back in these functions to see where and why they were called, but I didnt have any luck yet.

Any help or general ideas would be appreciated.

zm0d · Posted: Mon Oct 13, 2014 4:25 am Post subject:

penpenpen · Cheater Reputation: 0 Joined: 23 Feb 2014 Posts: 39

Thanks for the reply.
Can you elaborate this a bit ?

I think the variable that says I'm shooting will switch back to its old value immediately after sending the command to fire (left click ie.).

So I have no clue how to find such variable that is changing immediately back, after action has been performed.

zm0d · Posted: Mon Oct 13, 2014 6:43 am Post subject:

penpenpen · Cheater Reputation: 0 Joined: 23 Feb 2014 Posts: 39

The way the game works is.

If I hold MouseLeft, one shoot is fired.
When I release the Mouse and Click Again another shoot is fired.

So the MouseClick Triggers the firing but the variable that says firing will change back to its old value until the mouse is released and clicked again.
Actualy there may be more than one variable important for the game to trigger the fire event.

zm0d · Posted: Mon Oct 13, 2014 8:29 am Post subject:

Sorry my fault. Was expacting an automatic rifle^^ Very Happy

Well, do you have some ammunition? If you've, than search for the ammunition and find out what writes to it. If you found the code that writes to it, you are a step closer to your function that is responsibe for shooting. Trace back from there until you found the real "shooting" function, which you can CALL then like you want (watch out for the params).

penpenpen · Cheater Reputation: 0 Joined: 23 Feb 2014 Posts: 39

Hey.
Yeah I found that quite easily.

But the function that refreshes the ammo after you fire is called in like 200 locations in memory.

Any Idea how i could find the right call, besides testing them one by one ?

Dark Byte · Posted: Mon Oct 13, 2014 9:39 am Post subject:

it doesn't 'have' to be a variable
it could also be a call to "get(async)keystate" for the left mouse button, and if it returns positive (state changed since last check or currently down) call the "FireGun()" method

In that case you could do a hook on get(async)keystate and make it return what you wish it to be

zm0d · Posted: Mon Oct 13, 2014 9:52 am Post subject:

Yeah this might be, because there are probably xxx guns/magazines around you and every gun/magazin has its own call to decreasing the amount of its storing ammo. (Well, I'm not sure if this is really the case Razz

Just a thought I had.) You should probably look for a CALL of this method close to your ammo address.
Which game are we talking about btw? Smile

Edit: Or try the easy way DB mentioned Razz

This sounds very legit to me. =)

penpenpen · Cheater Reputation: 0 Joined: 23 Feb 2014 Posts: 39

Thanks for your input DarkByte.

The game never calls getasynckeystate.
And GetKeyState is only called if you jump out of the game.

I just went through all of the 200 adresses where the Function that decreases the ammo is called, with no luck. None of them seems to trigger the event.

So its maybe called in another dll file. Cause I did only dissect code for the main.exe.

e: Game is blades of time, you can get it for $1, if you wanna try Very Happy

. Its pretty fun. The translation is lame though.

zm0d · Posted: Mon Oct 13, 2014 9:58 am Post subject:

So if it's in a DLL try to find it with "Enumerate DLL's and Symbols" in the Cheat Engine "Memory View". Just search for some fitting function names.

penpenpen · Cheater Reputation: 0 Joined: 23 Feb 2014 Posts: 39

Well I dont know what it is.
I Found a function that is called whenever you shoot you can also edit some
stuff inside it to make it shoot whereever you want it.

The Function enters here:

zm0d · Posted: Mon Oct 13, 2014 10:26 am Post subject:

look a little below PUSH. PUSH well, pushes, parameter onto the stack to access them within a function, so most likely after push statements, there comes a CALL.

penpenpen · Cheater Reputation: 0 Joined: 23 Feb 2014 Posts: 39

I think its just initializing the function or so.

It's written to some sort of list in memory. Because when i search in CE for the address(in hex) (game.exe+C0C30) I find some results.

When I search what accesses them I find functions on some of the results.

Those must be what call the "shoot" function.

The problem is that they are triggered so very often that its hard to keep track.

edit:
I found where the Shooting function is called.
It looks like this: