Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Need help with AOB for specific game

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
shingouki
Newbie cheater
Reputation: 0

Joined: 23 Aug 2021
Posts: 14

PostPosted: Thu Sep 08, 2022 2:13 pm    Post subject: Need help with AOB for specific game Reply with quote

Hello friends,


I am not an expert on assembly and i hacked over 50+ games using pointer scanners and other methods inside Cheat Engine that i am good at.

I also managed to hack some games with simple AOB injections, but i do fail when it is getting complex.

I hope you guys can help me out with this situation:

I try to hack a game where the address of the lifebar change in each round.

Also when i pointer scan and i found the address and i relaunch the game it will rescan the memory with 0 results (try to scan for address or value as well).

So now i need advanced stuff hacking in AOB in order to make the lifebar infinite.

When i find the lifebar and i do a "find out what accesses this address"

Then i am taking a hit.

i will see this: screenshot1_579.jpg

I suppose the most bottom one is the right one to check out (i am guessing i am not assembly guru).

Then i see this: screenshot2_142.jpg

Anyone know what to do here?

Appreciate your help!

PS: I am not allowed the post URL on this forum, so the images will not be shown during my message unfortunetly.



screenshot2.JPG
 Description:
 Filesize:  49.33 KB
 Viewed:  2241 Time(s)

screenshot2.JPG



screenshot1.JPG
 Description:
 Filesize:  36.54 KB
 Viewed:  2241 Time(s)

screenshot1.JPG


Back to top
View user's profile Send private message
cooleko
Grandmaster Cheater
Reputation: 11

Joined: 04 May 2016
Posts: 717

PostPosted: Thu Sep 08, 2022 2:39 pm    Post subject: Reply with quote

The tutorial walks you through this. I highly recommend attaching Cheat Engine to itself and completing the whole thing. It shows you exactly what to do and what to look for to avoid complications, too, so is great experience!
Back to top
View user's profile Send private message
shingouki
Newbie cheater
Reputation: 0

Joined: 23 Aug 2021
Posts: 14

PostPosted: Thu Sep 08, 2022 4:45 pm    Post subject: Reply with quote

Thanks for your reply!

I followed the game tutorial and i tried to debug the colission part on my own game, but it is hard.

I can find my player X and Y position and i can also show it in memory.

When i jump or move left or right i see it changes in memory, but when any enemy touches me nothing show red in the memory area and when i let me self die by touching the enemies it will not show any zeros in the memory area and also when the game begins again the memory area is now different and i need to relocate my X and Y player again.
Back to top
View user's profile Send private message
cooleko
Grandmaster Cheater
Reputation: 11

Joined: 04 May 2016
Posts: 717

PostPosted: Thu Sep 08, 2022 6:15 pm    Post subject: Reply with quote

Your original post is about health using AOBs, which is an explicit and well detailed example in the tutorial. Your reply is about collision detection. They take different approaches and no-clip isn't nearly as uniform across games as health is so the tutorial will be less useful there. Without knowing the specifics of the game, I don't know how they handle it. Some games use a bit to flag detected collisions, others test clipping in real time. Always a pain to identify.

If it is a bit/byte, look for 0 when not colliding and 1 when colliding or vice versa or changed/unchanged. I set hotkeys so that I can be moving while filtering down addresses. If it is anything more advanced I don't have any advice, just wish you luck!
Back to top
View user's profile Send private message
shingouki
Newbie cheater
Reputation: 0

Joined: 23 Aug 2021
Posts: 14

PostPosted: Fri Sep 09, 2022 8:30 am    Post subject: Reply with quote

The main goal is to have infinity energy whatever it takes.

I mentioned the colission part, because i see this in step 2 of the gaming hacking tutorial on YouTube how others have solved this.

It is so strange that i am unable to hack this small game. I hacked tons of big games and i spend over 18 hours according to Steam play time (i didnt play the game only trying to hack months now).

Its getting frustrating.

Anyone have any advice? Maybe more focused on the pointer scan part?

I really suck at AOB hacking although i have fixed a few games where i can read simple instructions and hack it.

Appriciate your help guys.

Added a screenshot of the area when i get hit by enemies and where my energy is getting reducted.



Screenshot3.JPG
 Description:
 Filesize:  84.64 KB
 Viewed:  2149 Time(s)

Screenshot3.JPG


Back to top
View user's profile Send private message
TsTg
Master Cheater
Reputation: 5

Joined: 12 Dec 2012
Posts: 334
Location: Somewhere....

PostPosted: Sun Sep 11, 2022 12:24 am    Post subject: Reply with quote

you can try NOP the instrctions "subsd xmm0,[edi]" and "subsd xmm1,xmm0"
as for the pointer itself, you need to track where the esi register is getting it's address from, by checking the code executed before this area, and work from there.
Back to top
View user's profile Send private message
shingouki
Newbie cheater
Reputation: 0

Joined: 23 Aug 2021
Posts: 14

PostPosted: Sun Sep 11, 2022 5:24 am    Post subject: Reply with quote

Thanks for your reply!

If i NOP one of the two the game is freezing and crashing. I already tried it before.

Any other tips?

BTW: When i choose "find out what write to this address" i see the following attached as screenshot.



Knipsel.JPG
 Description:
 Filesize:  92.97 KB
 Viewed:  2038 Time(s)

Knipsel.JPG


Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Sun Sep 11, 2022 11:03 am    Post subject: Reply with quote

Right click `movsd [esi],xmm1` and select "Find out what addresses this instruction accesses". Play the game for a little bit. If anything other than the address you want to modify comes up, see step 9 of the CE tutorial.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
shingouki
Newbie cheater
Reputation: 0

Joined: 23 Aug 2021
Posts: 14

PostPosted: Sun Sep 11, 2022 1:42 pm    Post subject: Reply with quote

I think its a mission impossible.

When i found out what to do after comparing using AOB injection the game crashes. I was succesful using step 9 and also tried another game.

Thanks for the advice though! Really cool to hack games using this way.

Unfortently the game i try to crack has some insane security, because i found out its created in GameMaker and i see other topics people having trouble with games like this and its really for advanced hackers to be able to hack it.

I hope one day i will be advanced enough to understand it.
Back to top
View user's profile Send private message
shingouki
Newbie cheater
Reputation: 0

Joined: 23 Aug 2021
Posts: 14

PostPosted: Mon Sep 12, 2022 3:40 pm    Post subject: Reply with quote

I finally was able to get it working!

However after every restart of the game the "purple" addresses changes on every level and reboot so there is no fix yet to hack it constantly.

Anyone have any advice how to dig deeper to find a purple address that doesnt change?

Thanks so far!
Back to top
View user's profile Send private message
shingouki
Newbie cheater
Reputation: 0

Joined: 23 Aug 2021
Posts: 14

PostPosted: Mon Sep 19, 2022 4:19 pm    Post subject: Reply with quote

Ok so i created an AOB cheat table for this game however i need some help in understanding.

The address for the lifebar share the same instruction as the weapon energy lifebar.

If i activate the AOB injection for the weapon and energy bar simultaneously i got infinity health and infinity weapon energy, but when i try to deactivate the cheat the game crashes, because the cheat is sharing the same AOB address and injection code.

Code:
{ Game   : Meta_gal.exe
  Version:
  Date   : 2022-09-19
  Author : Shingouki2
}

[ENABLE]

aobscanmodule(INJECT,Meta_gal.exe,48 EB 04 F2 0F 10 00 F2 0F 2C C0 89 44 24 08 89 3C)
alloc(newmem,$1000)

registersymbol(player_health)
label(player_health)
label(code)
label(return)

newmem:
  cmp [player_health],0      //Check if the value of our symbol "player_health" is still 0
  jne @f                     //If it's not, we already put something there! Jump ahead to the forward label @@
  cmp [player_health],eax    //Check if the stored address is one we already have
  je @f                      //If it's the same, check ahead
  mov [player_health],eax    //Store the base address EAX contains into our symbol
  jmp code                   //Then resume normal code
@@:
code:
  movsd xmm0,[eax]
  cvttsd2si eax,xmm0
  jmp return

player_health:
  dd 0

INJECT+03:
  jmp newmem
  nop 3
return:
registersymbol(INJECT)

[DISABLE]

INJECT+03:
  db F2 0F 10 00 F2 0F 2C C0

unregistersymbol(player_health)
unregistersymbol(INJECT)
dealloc(newmem)


Code:
{ Game   : Meta_gal.exe
  Version:
  Date   : 2022-09-19
  Author : Shingouki2
}

[ENABLE]

aobscanmodule(INJECT,Meta_gal.exe,40 EB 04 F2 0F 10 00 F2 0F 2C C0 89 44 24 08 89 3C)
alloc(newmem2,$1000)

registersymbol(player_weapon)
label(player_weapon)
label(code)
label(return)

newmem2:
  cmp [player_weapon],0      //Check if the value of our symbol "player_weapon" is still 0
  jne @f                     //If it's not, we already put something there! Jump ahead to the forward label @@
  cmp [player_weapon],eax    //Check if the stored address is one we already have
  je @f                      //If it's the same, check ahead
  mov [player_weapon],eax    //Store the base address EAX contains into our symbol
  jmp code                   //Then resume normal code
@@:
code:
  movsd xmm0,[eax]
  cvttsd2si eax,xmm0
  jmp return

player_weapon:
  dd 0

INJECT+03:
  jmp newmem2
  nop 3
return:
registersymbol(INJECT)

[DISABLE]

INJECT+03:
  db F2 0F 10 00 F2 0F 2C C0

unregistersymbol(player_weapon)
unregistersymbol(INJECT)
dealloc(newmem2)


This is my cheat code.

Help will be really appriciated so i can understand more in future game hacking!
Back to top
View user's profile Send private message
cooleko
Grandmaster Cheater
Reputation: 11

Joined: 04 May 2016
Posts: 717

PostPosted: Tue Sep 20, 2022 1:11 am    Post subject: Reply with quote

You can't have the symbol inject reused across multiple scripts. How would cheat engine know which inject you mean from there on out? Inherently you guarantee a crash if you reuse symbols and then deactivate.

Also, you can't call the same AOB, twice and expect results unless there are two "unique" occurrences of the same AOB, which by definition makes it not an AOB that you should be using because you can't guarantee it is accessing the desired code.

Figure out how to tell the difference between health and energy, whether it is the value themselves, whether it is the order (health always lower or higher of the two addresses, a register has a unique identifier, etc) and write one code to handle both.
Back to top
View user's profile Send private message
shingouki
Newbie cheater
Reputation: 0

Joined: 23 Aug 2021
Posts: 14

PostPosted: Tue Sep 20, 2022 3:14 am    Post subject: Reply with quote

Both injections work once you enable both the scripts, but you can't enable it then it will crash.

Why need to enable/disable? Because the game restart the addresses every round when you win/lose or restart the game.

I know what your saying about the lifebar and energy are different addresses, but this game is really a pain.

For example:

EAX+4 = Lifebar

EAX+? = Weapon energy

What i mean by EAX+? is that the weapon energy address all the time changes in every round or restart.

Sometimes EAX+10 works then another round it is EAX+28 ... i tired EVERYTHING possible, but i really don't understand this game.

All other games works perfectly fine with the skills i have so far (and i did plenty even bigger titels).

Any other ideas?
Back to top
View user's profile Send private message
cooleko
Grandmaster Cheater
Reputation: 11

Joined: 04 May 2016
Posts: 717

PostPosted: Tue Sep 20, 2022 12:23 pm    Post subject: Reply with quote

Have you tried renaming the injection symbol yet?
Back to top
View user's profile Send private message
shingouki
Newbie cheater
Reputation: 0

Joined: 23 Aug 2021
Posts: 14

PostPosted: Tue Sep 20, 2022 4:23 pm    Post subject: Reply with quote

OMG it worked!

Thanks sir/madam for helping me out Smile

I tried to do it in one script and it didn't work so i never thought it should work doing it separatly for both scripts with different injection symbol!

Case solved! Laughing
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites