Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


trying to understand how cheat tables function

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
MyNameIssIemaNyM
How do I cheat?
Reputation: 0

Joined: 24 Jan 2024
Posts: 2

PostPosted: Wed Jan 24, 2024 6:10 pm    Post subject: trying to understand how cheat tables function Reply with quote

hey there, ive been trying to understand cheat engine and its tables, specially ive read about aob and table upgrade tutorials along with cheat engine tutorials itself. but i havent been able to understand much of it since im a slow learner. i have this old table that i wanted to upgrade for a new version. i know that this kind of question have been asked alot and ive read most of them if not all. but the difference is, im also am trying to understand tables and my errors of thinking. the old code looks like this:

Code:

"mb_warband.exe"+1D9545: FF D2                 -  call edx
"mb_warband.exe"+1D9547: A1 A0 72 8B 00        -  mov eax,[mb_warband.exe+4B72A0]
"mb_warband.exe"+1D954C: 83 B8 38 95 01 00 00  -  cmp dword ptr [eax+00019538],00
"mb_warband.exe"+1D9553: 8B 8E A0 01 00 00     -  mov ecx,[esi+000001A0]
"mb_warband.exe"+1D9559: 8B 11                 -  mov edx,[ecx]
"mb_warband.exe"+1D955B: 74 08                 -  je mb_warband.exe+1D9565
"mb_warband.exe"+1D955D: 8B 82 D8 00 00 00     -  mov eax,[edx+000000D8]
"mb_warband.exe"+1D9563: EB 06                 -  jmp mb_warband.exe+1D956B
"mb_warband.exe"+1D9565: 8B 82 DC 00 00 00     -  mov eax,[edx+000000DC]
"mb_warband.exe"+1D956B: FF D0                 -  call eax
// ---------- INJECTING HERE ----------
"mb_warband.exe"+1D956D: D9 85 00 60 00 00     -  fld dword ptr [ebp+00006000]
// ---------- DONE INJECTING  ----------
"mb_warband.exe"+1D9573: D9 86 18 02 00 00     -  fld dword ptr [esi+00000218]
"mb_warband.exe"+1D9579: DA E9                 -  fucompp
"mb_warband.exe"+1D957B: DF E0                 -  fnstsw ax
"mb_warband.exe"+1D957D: F6 C4 44              -  test ah,44
"mb_warband.exe"+1D9580: 0F 8B 89 00 00 00     -  jnp mb_warband.exe+1D960F
"mb_warband.exe"+1D9586: D9 85 00 60 00 00     -  fld dword ptr [ebp+00006000]
"mb_warband.exe"+1D958C: 8B 8E E8 01 00 00     -  mov ecx,[esi+000001E8]
"mb_warband.exe"+1D9592: D9 9E 18 02 00 00     -  fstp dword ptr [esi+00000218]
"mb_warband.exe"+1D9598: E8 C3 0B E3 FF        -  call mb_warband.exe+A160
"mb_warband.exe"+1D959D: 8D 4C 24 60           -  lea ecx,[esp+60]


and by digging through memory view and in-game tests, ive figured that the above adresses have turned into this:

Code:

"mb_warband.exe"+1D54F5: FF D2                 -  call edx
"mb_warband.exe"+1D54F7: A1 A0 72 8B 00        -  mov eax,[mb_warband.exe+4B72A0]
"mb_warband.exe"+1D54FC: 83 B8 38 95 01 00 00  -  cmp dword ptr [eax+00019538],00
"mb_warband.exe"+1D5503: 8B 8E A0 01 00 00     -  mov ecx,[esi+000001A0]
"mb_warband.exe"+1D5509: 8B 11                 -  mov edx,[ecx]
"mb_warband.exe"+1D550B: 74 08                 -  je mb_warband.exe+1D9565
"mb_warband.exe"+1D550D: 8B 82 D8 00 00 00     -  mov eax,[edx+000000D8]
"mb_warband.exe"+1D5513: EB 06                 -  jmp mb_warband.exe+1D956B
"mb_warband.exe"+1D5515: 8B 82 DC 00 00 00     -  mov eax,[edx+000000DC]
"mb_warband.exe"+1D551B: FF D0                 -  call eax
// ---------- INJECTING HERE ----------
"mb_warband.exe"+1D551D: D9 85 00 60 00 00     -  fld dword ptr [ebp+00006000]
// ---------- DONE INJECTING  ----------
"mb_warband.exe"+1D5523: D9 86 18 02 00 00     -  fld dword ptr [esi+00000218]
"mb_warband.exe"+1D5529: DA E9                 -  fucompp
"mb_warband.exe"+1D552B: DF E0                 -  fnstsw ax
"mb_warband.exe"+1D552D: F6 C4 44              -  test ah,44
"mb_warband.exe"+1D5530: 0F 8B 89 00 00 00     -  jnp mb_warband.exe+1D960F
"mb_warband.exe"+1D5536: D9 85 00 60 00 00     -  fld dword ptr [ebp+00006000]
"mb_warband.exe"+1D553C: 8B 8E E8 01 00 00     -  mov ecx,[esi+000001E8]
"mb_warband.exe"+1D5542: D9 9E 18 02 00 00     -  fstp dword ptr [esi+00000218]
"mb_warband.exe"+1D5548: E8 C3 0B E3 FF        -  call mb_warband.exe+A160
"mb_warband.exe"+1D554D: 8D 4C 24 60           -  lea ecx,[esp+60]


but, by just overwriting the new address the table didnt work (the checkbox didnt become clickable), so im curious where is the error here. this is the full code:

Code:

<CheatEntry>
      <ID>8430</ID>
      <Description>"God Mode"</Description>
      <LastState Activated="1"/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>{
   Game   : mb_warband.exe
   Version:
   Date   :
   Author : Sbryzl
}

[ENABLE]
aobscanmodule(GodMode,mb_warband.exe,83 EC 08 D9 96 00 60 00 00)
registersymbol(GodMode)

aobscanmodule(PbHP,mb_warband.exe,D9 85 00 60 00 00 D9)
registersymbol(PbHP)

aobscanmodule(GMespC,mb_warband.exe,80 BF ? ? 00 00 00 0F 84 ? ? 00 00 8D 44 24 20 )
registersymbol(GMespC)
label(HorseGM)
registersymbol(HorseGM)

alloc(PbHPMem,1000,mb_warband.exe)

PbHPMem:
  fld dword ptr [ebp+00006000]
  mov [PBHealth],ebp
  jmp ret_PbHP
GMmem:
  cmp [esp+c],GMespC
  jne GMexit
   cmp esi,[PBHealth]
   jne  short HorseGM
   fstp st(0)
   fld [esi+00005ffc]
HorseGM:
   cmp dword ptr [ecx+5ff0],-1
   je GMreturn
GMexit:
   fst dword ptr [esi+00006000]
@@:
   jmp GMreturn
PBHealth:
dd 0

GodMode+3:
  jmp GMmem
  nop
GMreturn:

PbHP:
  jmp PbHPMem
  nop
ret_PbHP:

[DISABLE]

GodMode+3:
  db D9 96 00 60 00 00
PbHP:
  db D9 85 00 60 00 00

unregistersymbol(GodMode)
unregistersymbol(PbHP)
unregistersymbol(GMespC)
unregistersymbol(HorseGM)
dealloc(PbHPMem)

{
// ORIGINAL CODE - INJECTION POINT: "mb_warband.exe"+1D956D

"mb_warband.exe"+1D9545: FF D2                 -  call edx
"mb_warband.exe"+1D9547: A1 A0 72 8B 00        -  mov eax,[mb_warband.exe+4B72A0]
"mb_warband.exe"+1D954C: 83 B8 38 95 01 00 00  -  cmp dword ptr [eax+00019538],00
"mb_warband.exe"+1D9553: 8B 8E A0 01 00 00     -  mov ecx,[esi+000001A0]
"mb_warband.exe"+1D9559: 8B 11                 -  mov edx,[ecx]
"mb_warband.exe"+1D955B: 74 08                 -  je mb_warband.exe+1D9565
"mb_warband.exe"+1D955D: 8B 82 D8 00 00 00     -  mov eax,[edx+000000D8]
"mb_warband.exe"+1D9563: EB 06                 -  jmp mb_warband.exe+1D956B
"mb_warband.exe"+1D9565: 8B 82 DC 00 00 00     -  mov eax,[edx+000000DC]
"mb_warband.exe"+1D956B: FF D0                 -  call eax
// ---------- INJECTING HERE ----------
"mb_warband.exe"+1D956D: D9 85 00 60 00 00     -  fld dword ptr [ebp+00006000]
// ---------- DONE INJECTING  ----------
"mb_warband.exe"+1D9573: D9 86 18 02 00 00     -  fld dword ptr [esi+00000218]
"mb_warband.exe"+1D9579: DA E9                 -  fucompp
"mb_warband.exe"+1D957B: DF E0                 -  fnstsw ax
"mb_warband.exe"+1D957D: F6 C4 44              -  test ah,44
"mb_warband.exe"+1D9580: 0F 8B 89 00 00 00     -  jnp mb_warband.exe+1D960F
"mb_warband.exe"+1D9586: D9 85 00 60 00 00     -  fld dword ptr [ebp+00006000]
"mb_warband.exe"+1D958C: 8B 8E E8 01 00 00     -  mov ecx,[esi+000001E8]
"mb_warband.exe"+1D9592: D9 9E 18 02 00 00     -  fstp dword ptr [esi+00000218]
"mb_warband.exe"+1D9598: E8 C3 0B E3 FF        -  call mb_warband.exe+A160
"mb_warband.exe"+1D959D: 8D 4C 24 60           -  lea ecx,[esp+60]
}
</AssemblerScript>
      <CheatEntries>
        <CheatEntry>
          <ID>8431</ID>
          <Description>"Kill Horses"</Description>
          <LastState Activated="1"/>
          <VariableType>Auto Assembler Script</VariableType>
          <AssemblerScript>[ENABLE]
HorseGM:
 jmp short +b

[DISABLE]
HorseGM:
 cmp dword ptr [ecx+5ff0],-1
</AssemblerScript>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>


thanks in advance <3
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 140

Joined: 06 Jul 2014
Posts: 4300

PostPosted: Wed Jan 24, 2024 6:51 pm    Post subject: Reply with quote

There's 3 different aobscans happening in that one script. Check all of them.
In the "Memory Scan Options" panel in the main window, set "All" to the main exe, right click the area with Writable / Executable / CoW checkboxes, and select "Preset: Scan all memory"

MyNameIssIemaNyM wrote:
but, by just overwriting the new address the table didnt work
The script is using aobscans, there is no "new address" to overwrite...
If you're just changing the comment at the end, that's not going to do anything.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
MyNameIssIemaNyM
How do I cheat?
Reputation: 0

Joined: 24 Jan 2024
Posts: 2

PostPosted: Wed Jan 24, 2024 7:14 pm    Post subject: Reply with quote

thank you very much for taking the time to reply to me, i feel less stupid than before i posted my message lol

just to understand it better, are these:

Code:

aobscanmodule(GodMode,mb_warband.exe,83 EC 08 D9 96 00 60 00 00)
registersymbol(GodMode)

aobscanmodule(PbHP,mb_warband.exe,D9 85 00 60 00 00 D9)
registersymbol(PbHP)

aobscanmodule(GMespC,mb_warband.exe,80 BF ? ? 00 00 00 0F 84 ? ? 00 00 8D 44 24 20 )
registersymbol(GMespC)
label(HorseGM)
registersymbol(HorseGM)


the only piece that i have to edit or am i doomed to evaluate everything?
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 140

Joined: 06 Jul 2014
Posts: 4300

PostPosted: Wed Jan 24, 2024 7:42 pm    Post subject: Reply with quote

Well you should find out why it isn't working in the first place. Try to activate the memory record, and after it fails, right click on it and the error message should be at the top.
My bet is not all the AOB patterns could be found.

If the original code changed, then you might have to change the injected code. e.g. maybe the offset 6000 in the GodMode injection point changed to something else.

You might have to change the injected code anyway. e.g. maybe [esp+C] is the wrong value now. No idea.

That's a future problem if the script doesn't work or crashes the game after it's activated. For now, just figure out which aob can't be found and fix it (find the new pattern).

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites