| View previous topic :: View next topic |
| Author |
Message |
aikoncwd
Grandmaster Cheater
 Reputation: 23
Joined: 21 Dec 2012
Posts: 591
Location: Spain (Barcelona)
|
 Posted: Tue Dec 09, 2014 6:38 pm Post subject: Why CE's Structure Dissect is so AWESOME?! |
 |
|
Well, I need to ask this because I can't understand haha. I decided to make a cheat table:
1. Search & found the address that holds player HP
2. F5 to this address (show what access this address)
3. Pick one instruction mov eax,[esi+4C)
4. Assume that ESI hold the baseaddress of player structure and 4C is the offset of HP
5. Let's copy ESI value to dissect:
6. Paste ESI address/value to the dissect tool
7. Say YES to default options (CE will fill the structure data/type)
8. A wizard cast some shit on my CE and the structure looks like this:
What the f*ck? CE filled the structure, dumping all the descriptions associated to the player structure, with the correct address type (float, byte, ...), etc...
First time of my live I see this, every time I use dissect/structure, CE fill 4048 address of data, without descriptions... Just need to say thanks. This helped me a lot and saved precious time to spend seeing cat's over the internet.
I was obligated to say thanks for this DB
Is there any way to reproduce this magic to every game?
_________________
Hey Hitler
Test here your skill with CheatEngine, I coded a challenge for you. Try to beat it!
HERE |
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25784
Location: The netherlands
|
| Posted: Tue Dec 09, 2014 6:48 pm Post subject: |
|
|
This is done when the target uses .net
You can also get these kind of results for mono (unity) but you have to activate the mono features first before CE can gather that data when dissecting structures (as it's more intrusive)
for other games it's not possible (unless there are .pdb files available but ce doesn't use those yet as it's very rare that happens)
I wonder what happens when both isDead and isAlive are 1 or 0 at the same time.
edit: seeing that it's called brainsss, i'd have to guess, zombie
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
aikoncwd
Grandmaster Cheater
Reputation: 23
Joined: 21 Dec 2012
Posts: 591
Location: Spain (Barcelona)
|
| Posted: Tue Dec 09, 2014 6:55 pm Post subject: |
|
|
| Dark Byte wrote: | This is done when the target uses .net
You can also get these kind of results for mono (unity) but you have to activate the mono features first before CE can gather that data when dissecting structures (as it's more intrusive)
for other games it's not possible (unless there are .pdb files available but ce doesn't use those yet as it's very rare that happens)
(I wonder what happens when both isDead and isAlive are 1 or 0 at the same time) |
Thanks for the explanation. I got some mono games but I don't know how to use the monocollector 
Game is: I, Zombie
I tried isAlive + isDead = 1
The game don't crash (one point to devs), you can't move but can send commands to your zombie horde hahaha.
Where I can find a tutorial to use monodatacollector? Every time I press, a window apprears with a lot of structures but don't know what to do next...
_________________
Hey Hitler
Test here your skill with CheatEngine, I coded a challenge for you. Try to beat it!
HERE |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25784
Location: The netherlands
|
| Posted: Tue Dec 09, 2014 6:59 pm Post subject: |
|
|
you don't need to know how to use the mono data collector. if it's activated, the structure dissect will use it for you (it just doesn't activate automatically, because if it fails, the game will crash. You can change that behaviour in monoscript.lua though)
(it can help if you know the functions , as you can pre-jit methods and modify them instead of having to wait till you die at least one time before AOB's can work)
check the monoscript.lua file in autorun. It contains quite a lot of functions that can be used inside cheat table scripts ( using the {$lua} tag )
---
I also recommend looking at the assembler code of the function that accesses health in the memory viewer. With luck it'll show names that can be easily looked up ( If it shows no names, click on file->set symbol searchpath and click ok and wait, or call lua command reinitializeDotNetSymbolhandler() )
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
KevAqn
Cheater
![]() Reputation: 0
Joined: 14 Nov 2014
Posts: 37
|
| Posted: Tue Dec 09, 2014 11:16 pm Post subject: |
|
|
| Off-topic slightly but what would cause this to not work on a .NET game?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25784
Location: The netherlands
|
| Posted: Wed Dec 10, 2014 6:34 am Post subject: |
|
|
If it uses .net 3.5 or older this won't work
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
aikoncwd
Grandmaster Cheater
Reputation: 23
Joined: 21 Dec 2012
Posts: 591
Location: Spain (Barcelona)
|
| Posted: Wed Dec 10, 2014 3:00 pm Post subject: |
|
|
| Dark Byte wrote: | | If it uses .net 3.5 or older this won't work |
FOr the love of god, today I focus to another game (DugeonMans), got the HP address, get Basepointer of structure, dissect and... boomb:
Ok, is there any (fast) way to dump all the info to a "globalalloc pointer" table? This is what I want to do:
| Code: | [ENABLE]
aobscan(INJECT,8B 50 58 FF 70 5C) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
globalalloc(pBase,4)
newmem:
code:
mov edx,[eax+58]
mov [pBase],eax
push [eax+5C]
jmp return
INJECT:
jmp code
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 8B 50 58 FF 70 5C
unregistersymbol(INJECT)
dealloc(newmem)
dealloc(pBase) |
As you can see I use AOB template and add globalalloc(pBase,4) so I can move EAX (basepointer structure) and use this value to add manual pointers like this:
Is there any way to do this work fast? Now I'm dumping all the structure pressing "A" at structure/dossect window and then double-cilck each address, click pointer and enter the pBase % offset manually.
Please, tell me there are a better method to do this
Thanks 
_________________
Hey Hitler
Test here your skill with CheatEngine, I coded a challenge for you. Try to beat it!
HERE |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25784
Location: The netherlands
|
| Posted: Wed Dec 10, 2014 4:00 pm Post subject: |
|
|
An alternate method is copying an existing entry and paste it a dozen time andthen only change the description and offset
Or lua
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
aikoncwd
Grandmaster Cheater
Reputation: 23
Joined: 21 Dec 2012
Posts: 591
Location: Spain (Barcelona)
|
| Posted: Fri Dec 19, 2014 7:00 am Post subject: |
|
|
| Dark Byte wrote: | An alternate method is copying an existing entry and paste it a dozen time andthen only change the description and offset
Or lua |
Hi
Finally I discovered a method to do this work really fast. AFter I use globalalloc() to create a "pointer" that holds the base_structure_address I put this "pointer" into the structure/dissect tool, select all the offsets and press "A" to copy into the table, then rightclick 1st address and select:
Recalculate new address / CHange to address and write "pBase" (the name of my "pointer").
booom, all the pointers now point's to my baseaddress. Just awesome, haha.
_________________
Hey Hitler
Test here your skill with CheatEngine, I coded a challenge for you. Try to beat it!
HERE |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
