 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
aleksey0
How do I cheat?
![]() Reputation: 0
Joined: 18 Oct 2023
Posts: 3
|
 Posted: Wed Oct 18, 2023 6:23 pm Post subject: Can't find unique code for AOB Injection Copy |
 |
|
Hello,
I'm just getting into game hacking and am trying to hack a game, but am running into issues. My original goal was to just find a pointer to money, but I can't seem to find it with pointer maps and scans or manually. I read about AOB Injection Copy, which I'm attempting to do now, but I'm kind of stuck.
First, I look for my money value and find it. Then I check what accesses/writes to that address and I'm finding a specific instruction. The problem is that this subroutine is shared throughout the whole game. It's called when you're standing there doing nothing, so setting a breakpoint is not working because it breaks on the first time that instruction is executed, freezing the game, which is expected.
So, what do I do in this situation? This particular code is shared when money is increased or decreased, health is increased or decreased, or really anything. How can I find unique code for these game functions? I can't really see where the proper instance of this subroutine returns to because I'm never able to get the breakpoint at the time when money increased or decrease, or any other value for that matter.
Not sure if it helps, but the game I'm hacking is Pokemon Insurgence and the shared code I keep finding is this:
| Code: | mov eax,[esp+1C]
mov [edi+08],eax
pop edi
pop esi
pop ebp
mov eax,00000001
pop ebx
ret |
I'm still learning Assembly, so one day this will make better sense to me, but any help would be greatly appreciated.
|
|
| Back to top |
|
 |
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Wed Oct 18, 2023 6:40 pm Post subject: Re: Can't find unique code for AOB Injection Copy |
|
|
| aleksey0 wrote: | | Then I check what accesses/writes to that address and I'm finding a specific instruction. |
-When you do this (check what accesses), do you see more than one instruction populate the list? Be sure to let the debugger run when you give money and receive money, since there may be different instructions involved. You can also let it run during other actions (such as dying, sleeping/saving or whatever the game provides), as there may be an isolated instruction that you can target.
If you have done this, and still only have one instruction populating the list, then you will need to learn about filters/ID's, so that you can separate the money address from the other addresses that the instruction is accessing.
There are many different ways to go about this. The last step in the CE tutorial can walk you through one of those methods.
|
|
| Back to top |
|
|
Csimbi
I post too much
 Reputation: 97
Joined: 14 Jul 2007
Posts: 3298
|
| Posted: Thu Oct 19, 2023 12:59 pm Post subject: |
|
|
Another alternative is trying to dissect the structure and its parent structure(s).
A lot of game use a generic code to read/write properties of scripted objects.
So, rather than finding the code that reads/writes the properties, you could find a piece of code that reads the child structure from the parent.
At that point, you save the pointer and expose the value directly so you don't need to mess with that read/write code.
|
|
| Back to top |
|
|
aleksey0
How do I cheat?
![]() Reputation: 0
Joined: 18 Oct 2023
Posts: 3
|
| Posted: Thu Oct 19, 2023 3:15 pm Post subject: Re: Can't find unique code for AOB Injection Copy |
|
|
| ++METHOS wrote: | When you do this (check what accesses), do you see more than one instruction populate the list? Be sure to let the debugger run when you give money and receive money, since there may be different instructions involved. You can also let it run during other actions (such as dying, sleeping/saving or whatever the game provides), as there may be an isolated instruction that you can target.
If you have done this, and still only have one instruction populating the list, then you will need to learn about filters/ID's, so that you can separate the money address from the other addresses that the instruction is accessing.
There are many different ways to go about this. The last step in the CE tutorial can walk you through one of those methods. |
Usually there are two to three instructions in the list, but when I spend money or take my action in the game, there is only one that shows up, so in that moment, it's unique, but it's shared code.
I'll look into filters and IDs because this is the first time I'm hearing about that.
I'll check out the tutorial as well. Funnily enough, I didn't start with that lol. Thanks for the tips!
| Quote: | Another alternative is trying to dissect the structure and its parent structure(s).
A lot of game use a generic code to read/write properties of scripted objects.
So, rather than finding the code that reads/writes the properties, you could find a piece of code that reads the child structure from the parent.
At that point, you save the pointer and expose the value directly so you don't need to mess with that read/write code. |
I tried finding the structure at first when I was searching for the pointer. I found a structure that held the money, but what do I do after that? The other values in the structure looked like unrelated data, so I'm not sure.
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Thu Oct 19, 2023 7:43 pm Post subject: Re: Can't find unique code for AOB Injection Copy |
|
|
| aleksey0 wrote: | | Usually there are two to three instructions in the list, but when I spend money or take my action in the game, there is only one that shows up, so in that moment, it's unique, but it's shared code. |
-Maybe you can clarify whether or not you ever receive multiple instructions populating the list when checking to see what accesses your money address.
If more than one shows up (ever), then you can try right-clicking the empty white space in that debugger window to see if found opcodes are accessing other addresses. This is a quick way to see if the instruction(s) may be exclusive to the address that you are interested in.
You should see a number (1 through 8), in parentheses, show up next to the instruction(s).
Regarding data structures, even if the data seems irrelevant, there may be some value(s) that have instructions that are exclusive to those addresses, allowing you to perform your injection there.
In other words, let's say that you do not have any instructions that are exclusive to your money address, but in the same data structure, there is an address at some random offset or distance away from your money address... you could add that unknown address to your cheat table and check to see what is accessing it. You may find that there is an instruction that is exclusive to that address, that does not access anything else. You can do this with all of the values that may exist within that same data structure.
So, let's say that money address is at offset +2A inside of the data structure, and the unknown address is at offset +10, when doing your injection (at the unknown address of offset +10), just include something in there that will allow you to manipulate the value at offset +2A (money address). Just be sure to choose an instruction that is being accessed constantly for best results.
Hopefully, this is making sense.
|
|
| Back to top |
|
|
aleksey0
How do I cheat?
![]() Reputation: 0
Joined: 18 Oct 2023
Posts: 3
|
| Posted: Fri Oct 20, 2023 4:21 pm Post subject: |
|
|
| Quote: | | Maybe you can clarify whether or not you ever receive multiple instructions populating the list when checking to see what accesses your money address. |
Sorry, maybe I didn't explain it well. There are 0-2 addresses that are immediately accessed, just as the game is running. When I perform my action, there is only one, and performing it again increments the count by 1.
| Quote: | If more than one shows up (ever), then you can try right-clicking the empty white space in that debugger window to see if found opcodes are accessing other addresses. This is a quick way to see if the instruction(s) may be exclusive to the address that you are interested in.
You should see a number (1 through 8), in parentheses, show up next to the instruction(s). |
The number is 8 for all instructions in the list. That's good to know though.
| Quote: | Regarding data structures, even if the data seems irrelevant, there may be some value(s) that have instructions that are exclusive to those addresses, allowing you to perform your injection there.
In other words, let's say that you do not have any instructions that are exclusive to your money address, but in the same data structure, there is an address at some random offset or distance away from your money address... you could add that unknown address to your cheat table and check to see what is accessing it. You may find that there is an instruction that is exclusive to that address, that does not access anything else. You can do this with all of the values that may exist within that same data structure.
So, let's say that money address is at offset +2A inside of the data structure, and the unknown address is at offset +10, when doing your injection (at the unknown address of offset +10), just include something in there that will allow you to manipulate the value at offset +2A (money address). Just be sure to choose an instruction that is being accessed constantly for best results.
Hopefully, this is making sense. |
I think I get it, but how will I be able to fire the code (potentially) unique to those other values in the struct if I don't know what they may represent? I'd have to perform an action in the game that relates to that value changing, right?
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Fri Oct 20, 2023 5:15 pm Post subject: |
|
|
| aleksey0 wrote: | | I think I get it, but how will I be able to fire the code (potentially) unique to those other values in the struct if I don't know what they may represent? I'd have to perform an action in the game that relates to that value changing, right? |
-This is just one of many ways, and probably not the best approach, but I will try my best to describe the process.
You will want to use the data structure dissection tool. There are different ways to go about this. I will cover one way here. Once you have the value/address that you are interested in (e.g. money address), and you right-click on it to see what is accessing it, you will hopefully see some instruction(s) populate the list. From here, you can highlight one of the instructions and click the button that says 'Show disassembler'.
The Memory Viewer window should open with the instruction already highlighted. From here, right-click on the instruction to 'find out what addresses this instruction accesses'.
A new window will open, showing all of the addresses that the instruction is accessing. Find the address that you are looking for (e.g. money address). You may have to click stop first, and then sort the list using the address column. Once you have found the address that you are looking for, right-click on it and select 'open dissect data with selected addresses'. Keep clicking okay and yes until you have the data structure.
This should be the data structure that your address resides in. You should be able to find it in this list. If it's missing, you can just add the appropriate offset and data type so that it shows up in the list.
Any addresses in this structure can potentially be used for your injection point. You can simply add them to your cheat table and go through them, one-by-one, just like you did with money address, to see what is accessing it. Then check to see if found opcodes access any other addresses. If you find an instruction that is exclusive to one of the unknown addresses in the same data structure, then you may be able to use it for your injection point so that you can manipulate the money value without affecting other values. As mentioned, it's better to choose an instruction that is accessing the address frequently.
For example, let's say that you found an address in the same data structure that is being accessing by an instruction that does not access any other addresses except for the address that you are looking at (of which, you have no idea what it is for, but it doesn't matter). Let's say that the instruction is something like this:
The address may be at offset +120 inside of your data structure, depending on the instruction. You may see that your money address is at offset +140, for example. So, when you inject at this instruction, you might do something like this:
| Code: | newmem:
mov [esi+140],#9999 //manipulating money value
originalcode:
mov edx,[esi+120] //original code that you do not care about |
As mentioned, this is not a great approach, and not something that you will have to consider very often. Fortunately, there are many ways to differentiate data when an instruction is accessing many addresses. Hopefully, this will give you some insight into one of those ways. At the very least, it might force you to start thinking outside of the box a little bit.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
