Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Unity Engine spawn item?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Frouk
Grandmaster Cheater
Reputation: 5

Joined: 22 Jun 2021
Posts: 510
PostPosted: Sat Aug 28, 2021 11:31 am    Post subject: Unity Engine spawn item? Reply with quote
I saw the script that spawns item from entered id and amount, well firstly i opened script but i,ve didn't get code (explanation i.e.)
Here's script:
Code:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(spawnItem,2048,PowerupInventory:GetSpeedMultiplier+29)
registersymbol(spawnItem)
label(returnhere)
label(originalcode)
label(exit)
label(drIt)
label(skipcall)

ClientSend:DropItem:
drIt:
registersymbol(drIt)

spawnItem: //this is allocated memory, you have read,write,execute access
//place your code here

mov [spawnItem+100],rax
mov [spawnItem+108],rcx
mov [spawnItem+110],rdx
mov [spawnItem+118],r11
movsxd rcx,dword ptr[spawnItem+200]
movsxd rdx,dword ptr[spawnItem+204]
lahf
test rdx,rdx
je skipcall
mov r11,drIt
call r11
mov [spawnItem+204],0
skipcall:
sahf
mov rax,[spawnItem+100]
mov rcx,[spawnItem+108]
mov rdx,[spawnItem+110]
mov r11,[spawnItem+118]

originalcode:
mov rax,[rax]
mov rax,[rax+70]

exit:
jmp returnhere

PowerupInventory:GetSpeedMultiplier+29:
jmp spawnItem
nop 2
returnhere:





 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(spawnItem)
PowerupInventory:GetSpeedMultiplier+29:
mov rax,[rax]
mov rax,[rax+70]
unregistersymbol(spawnItem)
unregistersymbol(drIt)
//Alt: db 48 8B 00 48 8B 40 70
Back to top
View user's profile Send private message
Birdi
Expert Cheater
Reputation: 0

Joined: 08 Jun 2020
Posts: 124
Location: Migrating
PostPosted: Sat Aug 28, 2021 8:32 pm    Post subject: Reply with quote
Comments for clarity. I didn't write this and I may be incorrect but it's to the best of my understanding.. to recreate this in your game of choice you'd need to reverse its functions well enough to know what you need.
This is seemingly written for a Unity game so it's a little easier.

Code:

[ENABLE]
//Allocate 2kb memory at +29 bytes in method "GetSpeedMultiplier" from class "PowerupInventory"
alloc(spawnItem,2048,PowerupInventory:GetSpeedMultiplier+29)
//Register the spawnItem symbol at base allocated memory so CE can utilize it by name
registersymbol(spawnItem)
label(returnhere)
label(originalcode)
label(exit)
label(drIt)
label(skipcall)

//Starting at the "DropItem" method in class "ClientSend", register symbol "drIt" -- likely meant to represent 'Drop It'
ClientSend:DropItem:
drIt:
registersymbol(drIt)

//Start of "spawnItem" -- at "GetSpeedMultiplier+29"
spawnItem:
//Move the relevant addresses from registers into specific bytes, offset +8 from each other
  //Seemingly acts as storage for later
mov [spawnItem+100],rax
mov [spawnItem+108],rcx
mov [spawnItem+110],rdx
mov [spawnItem+118],r11
//Move with sign-extension the pointed values into registers
  //Guessing these hold values of ID and Amount? Hard to tell without seeing the table
  //These are likely used in the "DropItem" method called just ahead
movsxd rcx,dword ptr[spawnItem+200]
movsxd rdx,dword ptr[spawnItem+204]
//Load Status Flags into AH Register
  //also storage for later
lahf
//OF & CF = 0 ; SF/ZF/PF result of AND ; AF undefined
test rdx,rdx
//jmp if result unchanged (0)
je skipcall
//Moves the symbol "drIt" into register r11 -- drIt contains the base method "DropItem", so we're loading that here
mov r11,drIt
//call "drIt" -- call "DropItem" method
call r11
//after returning from "DropItem", move value 0 into "GetSpeedMultiplier+22D"
mov [spawnItem+204],0
//jumped to from above TEST
skipcall:
//Store AH into Flags
  //Restores flags from our previous LAHF
sahf
  //Restore addresses from our previous storage just at the start of the 'spawnItem' symbol
mov rax,[spawnItem+100]
mov rcx,[spawnItem+108]
mov rdx,[spawnItem+110]
mov r11,[spawnItem+118]
//run original code -- everything above this is what we did to spawn an item
originalcode:
mov rax,[rax]
mov rax,[rax+70]

exit:
//jmp to prevent loop
jmp returnhere

PowerupInventory:GetSpeedMultiplier+29:
//instead of doing original code, we jmp to symbol, start of allocated memory
jmp spawnItem
nop 2
returnhere:
//end







[DISABLE]
//deallocate memory
dealloc(spawnItem)
//restore original code at injection point
PowerupInventory:GetSpeedMultiplier+29:
mov rax,[rax]
mov rax,[rax+70]
//unregister symbols
unregistersymbol(spawnItem)
unregistersymbol(drIt)

_________________
Trying to learn!

Add me on Discord if you want hands-on help:
Birdi.
Back to top
View user's profile Send private message Visit poster's website
Frouk
Grandmaster Cheater
Reputation: 5

Joined: 22 Jun 2021
Posts: 510
PostPosted: Sun Aug 29, 2021 6:18 am    Post subject: Reply with quote
thx for explanation, and you guessed right that spawnitem+200 and spawnitem+204 are id and amount
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites