View previous topic :: View next topic |
Author |
Message |
shingouki Newbie cheater Reputation: 0
Joined: 23 Aug 2021 Posts: 14
|
Posted: Thu Sep 08, 2022 2:13 pm Post subject: Need help with AOB for specific game |
|
|
Hello friends,
I am not an expert on assembly and i hacked over 50+ games using pointer scanners and other methods inside Cheat Engine that i am good at.
I also managed to hack some games with simple AOB injections, but i do fail when it is getting complex.
I hope you guys can help me out with this situation:
I try to hack a game where the address of the lifebar change in each round.
Also when i pointer scan and i found the address and i relaunch the game it will rescan the memory with 0 results (try to scan for address or value as well).
So now i need advanced stuff hacking in AOB in order to make the lifebar infinite.
When i find the lifebar and i do a "find out what accesses this address"
Then i am taking a hit.
i will see this: screenshot1_579.jpg
I suppose the most bottom one is the right one to check out (i am guessing i am not assembly guru).
Then i see this: screenshot2_142.jpg
Anyone know what to do here?
Appreciate your help!
PS: I am not allowed the post URL on this forum, so the images will not be shown during my message unfortunetly.
Description: |
|
Filesize: |
49.33 KB |
Viewed: |
2241 Time(s) |
|
Description: |
|
Filesize: |
36.54 KB |
Viewed: |
2241 Time(s) |
|
|
|
Back to top |
|
|
cooleko Grandmaster Cheater Reputation: 11
Joined: 04 May 2016 Posts: 717
|
Posted: Thu Sep 08, 2022 2:39 pm Post subject: |
|
|
The tutorial walks you through this. I highly recommend attaching Cheat Engine to itself and completing the whole thing. It shows you exactly what to do and what to look for to avoid complications, too, so is great experience!
|
|
Back to top |
|
|
shingouki Newbie cheater Reputation: 0
Joined: 23 Aug 2021 Posts: 14
|
Posted: Thu Sep 08, 2022 4:45 pm Post subject: |
|
|
Thanks for your reply!
I followed the game tutorial and i tried to debug the colission part on my own game, but it is hard.
I can find my player X and Y position and i can also show it in memory.
When i jump or move left or right i see it changes in memory, but when any enemy touches me nothing show red in the memory area and when i let me self die by touching the enemies it will not show any zeros in the memory area and also when the game begins again the memory area is now different and i need to relocate my X and Y player again.
|
|
Back to top |
|
|
cooleko Grandmaster Cheater Reputation: 11
Joined: 04 May 2016 Posts: 717
|
Posted: Thu Sep 08, 2022 6:15 pm Post subject: |
|
|
Your original post is about health using AOBs, which is an explicit and well detailed example in the tutorial. Your reply is about collision detection. They take different approaches and no-clip isn't nearly as uniform across games as health is so the tutorial will be less useful there. Without knowing the specifics of the game, I don't know how they handle it. Some games use a bit to flag detected collisions, others test clipping in real time. Always a pain to identify.
If it is a bit/byte, look for 0 when not colliding and 1 when colliding or vice versa or changed/unchanged. I set hotkeys so that I can be moving while filtering down addresses. If it is anything more advanced I don't have any advice, just wish you luck!
|
|
Back to top |
|
|
shingouki Newbie cheater Reputation: 0
Joined: 23 Aug 2021 Posts: 14
|
Posted: Fri Sep 09, 2022 8:30 am Post subject: |
|
|
The main goal is to have infinity energy whatever it takes.
I mentioned the colission part, because i see this in step 2 of the gaming hacking tutorial on YouTube how others have solved this.
It is so strange that i am unable to hack this small game. I hacked tons of big games and i spend over 18 hours according to Steam play time (i didnt play the game only trying to hack months now).
Its getting frustrating.
Anyone have any advice? Maybe more focused on the pointer scan part?
I really suck at AOB hacking although i have fixed a few games where i can read simple instructions and hack it.
Appriciate your help guys.
Added a screenshot of the area when i get hit by enemies and where my energy is getting reducted.
Description: |
|
Filesize: |
84.64 KB |
Viewed: |
2149 Time(s) |
|
|
|
Back to top |
|
|
TsTg Master Cheater Reputation: 5
Joined: 12 Dec 2012 Posts: 334 Location: Somewhere....
|
Posted: Sun Sep 11, 2022 12:24 am Post subject: |
|
|
you can try NOP the instrctions "subsd xmm0,[edi]" and "subsd xmm1,xmm0"
as for the pointer itself, you need to track where the esi register is getting it's address from, by checking the code executed before this area, and work from there.
|
|
Back to top |
|
|
shingouki Newbie cheater Reputation: 0
Joined: 23 Aug 2021 Posts: 14
|
Posted: Sun Sep 11, 2022 5:24 am Post subject: |
|
|
Thanks for your reply!
If i NOP one of the two the game is freezing and crashing. I already tried it before.
Any other tips?
BTW: When i choose "find out what write to this address" i see the following attached as screenshot.
Description: |
|
Filesize: |
92.97 KB |
Viewed: |
2038 Time(s) |
|
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Sun Sep 11, 2022 11:03 am Post subject: |
|
|
Right click `movsd [esi],xmm1` and select "Find out what addresses this instruction accesses". Play the game for a little bit. If anything other than the address you want to modify comes up, see step 9 of the CE tutorial.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
shingouki Newbie cheater Reputation: 0
Joined: 23 Aug 2021 Posts: 14
|
Posted: Sun Sep 11, 2022 1:42 pm Post subject: |
|
|
I think its a mission impossible.
When i found out what to do after comparing using AOB injection the game crashes. I was succesful using step 9 and also tried another game.
Thanks for the advice though! Really cool to hack games using this way.
Unfortently the game i try to crack has some insane security, because i found out its created in GameMaker and i see other topics people having trouble with games like this and its really for advanced hackers to be able to hack it.
I hope one day i will be advanced enough to understand it.
|
|
Back to top |
|
|
shingouki Newbie cheater Reputation: 0
Joined: 23 Aug 2021 Posts: 14
|
Posted: Mon Sep 12, 2022 3:40 pm Post subject: |
|
|
I finally was able to get it working!
However after every restart of the game the "purple" addresses changes on every level and reboot so there is no fix yet to hack it constantly.
Anyone have any advice how to dig deeper to find a purple address that doesnt change?
Thanks so far!
|
|
Back to top |
|
|
shingouki Newbie cheater Reputation: 0
Joined: 23 Aug 2021 Posts: 14
|
Posted: Mon Sep 19, 2022 4:19 pm Post subject: |
|
|
Ok so i created an AOB cheat table for this game however i need some help in understanding.
The address for the lifebar share the same instruction as the weapon energy lifebar.
If i activate the AOB injection for the weapon and energy bar simultaneously i got infinity health and infinity weapon energy, but when i try to deactivate the cheat the game crashes, because the cheat is sharing the same AOB address and injection code.
Code: | { Game : Meta_gal.exe
Version:
Date : 2022-09-19
Author : Shingouki2
}
[ENABLE]
aobscanmodule(INJECT,Meta_gal.exe,48 EB 04 F2 0F 10 00 F2 0F 2C C0 89 44 24 08 89 3C)
alloc(newmem,$1000)
registersymbol(player_health)
label(player_health)
label(code)
label(return)
newmem:
cmp [player_health],0 //Check if the value of our symbol "player_health" is still 0
jne @f //If it's not, we already put something there! Jump ahead to the forward label @@
cmp [player_health],eax //Check if the stored address is one we already have
je @f //If it's the same, check ahead
mov [player_health],eax //Store the base address EAX contains into our symbol
jmp code //Then resume normal code
@@:
code:
movsd xmm0,[eax]
cvttsd2si eax,xmm0
jmp return
player_health:
dd 0
INJECT+03:
jmp newmem
nop 3
return:
registersymbol(INJECT)
[DISABLE]
INJECT+03:
db F2 0F 10 00 F2 0F 2C C0
unregistersymbol(player_health)
unregistersymbol(INJECT)
dealloc(newmem) |
Code: | { Game : Meta_gal.exe
Version:
Date : 2022-09-19
Author : Shingouki2
}
[ENABLE]
aobscanmodule(INJECT,Meta_gal.exe,40 EB 04 F2 0F 10 00 F2 0F 2C C0 89 44 24 08 89 3C)
alloc(newmem2,$1000)
registersymbol(player_weapon)
label(player_weapon)
label(code)
label(return)
newmem2:
cmp [player_weapon],0 //Check if the value of our symbol "player_weapon" is still 0
jne @f //If it's not, we already put something there! Jump ahead to the forward label @@
cmp [player_weapon],eax //Check if the stored address is one we already have
je @f //If it's the same, check ahead
mov [player_weapon],eax //Store the base address EAX contains into our symbol
jmp code //Then resume normal code
@@:
code:
movsd xmm0,[eax]
cvttsd2si eax,xmm0
jmp return
player_weapon:
dd 0
INJECT+03:
jmp newmem2
nop 3
return:
registersymbol(INJECT)
[DISABLE]
INJECT+03:
db F2 0F 10 00 F2 0F 2C C0
unregistersymbol(player_weapon)
unregistersymbol(INJECT)
dealloc(newmem2) |
This is my cheat code.
Help will be really appriciated so i can understand more in future game hacking!
|
|
Back to top |
|
|
cooleko Grandmaster Cheater Reputation: 11
Joined: 04 May 2016 Posts: 717
|
Posted: Tue Sep 20, 2022 1:11 am Post subject: |
|
|
You can't have the symbol inject reused across multiple scripts. How would cheat engine know which inject you mean from there on out? Inherently you guarantee a crash if you reuse symbols and then deactivate.
Also, you can't call the same AOB, twice and expect results unless there are two "unique" occurrences of the same AOB, which by definition makes it not an AOB that you should be using because you can't guarantee it is accessing the desired code.
Figure out how to tell the difference between health and energy, whether it is the value themselves, whether it is the order (health always lower or higher of the two addresses, a register has a unique identifier, etc) and write one code to handle both.
|
|
Back to top |
|
|
shingouki Newbie cheater Reputation: 0
Joined: 23 Aug 2021 Posts: 14
|
Posted: Tue Sep 20, 2022 3:14 am Post subject: |
|
|
Both injections work once you enable both the scripts, but you can't enable it then it will crash.
Why need to enable/disable? Because the game restart the addresses every round when you win/lose or restart the game.
I know what your saying about the lifebar and energy are different addresses, but this game is really a pain.
For example:
EAX+4 = Lifebar
EAX+? = Weapon energy
What i mean by EAX+? is that the weapon energy address all the time changes in every round or restart.
Sometimes EAX+10 works then another round it is EAX+28 ... i tired EVERYTHING possible, but i really don't understand this game.
All other games works perfectly fine with the skills i have so far (and i did plenty even bigger titels).
Any other ideas?
|
|
Back to top |
|
|
cooleko Grandmaster Cheater Reputation: 11
Joined: 04 May 2016 Posts: 717
|
Posted: Tue Sep 20, 2022 12:23 pm Post subject: |
|
|
Have you tried renaming the injection symbol yet?
|
|
Back to top |
|
|
shingouki Newbie cheater Reputation: 0
Joined: 23 Aug 2021 Posts: 14
|
Posted: Tue Sep 20, 2022 4:23 pm Post subject: |
|
|
OMG it worked!
Thanks sir/madam for helping me out
I tried to do it in one script and it didn't work so i never thought it should work doing it separatly for both scripts with different injection symbol!
Case solved!
|
|
Back to top |
|
|
|