writeBytes to address without timer

Want Cheat Engine to do something specific and no idea how to do that, ask here. (From simple scripts to full trainers and extensions)
Post Reply
User avatar
nightn4
Cheater
Cheater
Posts: 31
Joined: Sat Jul 08, 2017 7:31 pm
Reputation: 19

writeBytes to address without timer

Post by nightn4 » Mon Sep 25, 2017 3:36 am

Hi all ! Can this be done without using a timer? Without the timer, the value will change after changing the location. I will be grateful for the example, Thank you.

if flag == 0 then -- bla
writeBytes("[[[[baseaddres]+1c]+5c]+c]+30", 2)

else --bla

if flag == 1 then -- bla
writeBytes("[[[[baseadress]+1c]+5c]+c]+30", 1)
Last edited by nightn4 on Mon Sep 25, 2017 11:15 am, edited 2 times in total.

User avatar
FreeER
Cheater
Cheater
Posts: 48
Joined: Fri Mar 10, 2017 7:11 pm
Reputation: 5
Contact:

Re: writeBytes to address without timer

Post by FreeER » Mon Sep 25, 2017 11:03 am

without the createTimer object, sure you can use createThread and sleep to reimplement your own timer, but without the general idea of repeatedly checking it... no. At least not without hooking the assembly actual code that changes it and doing the check/assignment there but that's not necessarily lua then.

You can do anything once without a delay (just write the code and, ta da!), you can do something multiple times in a row with a loop, and you can even do it multiple times in a row with a delay using a loop and sleep IF it's ok for the rest of CE to freeze while waiting for your script to run. Beyond that you have to use CE's already existing concept of a thing that can wait x amount time before doing something aka the timer, or recreate it using what CE and lua make available to you.

The only "real" alternative I see for it is using a hotkey when you press a key to reset it whenever you do something that changes it, that may not be very practical depending on exactly how everything is working in your game and may not be as convenient either way. So in the end you're mostly left with the question, why not use a timer?

User avatar
nightn4
Cheater
Cheater
Posts: 31
Joined: Sat Jul 08, 2017 7:31 pm
Reputation: 19

Re: writeBytes to address without timer

Post by nightn4 » Mon Sep 25, 2017 11:18 am

Thanks FreeER!
Difficulties of translation
Could you give an example of how?

Maybe it can be done in assembler?
//example
//or asm

Inv:
cmp [Inv_flag],0
je health
mov [baseaddres]+1c]+5c]+c]+30,#1 //how to freeze this value exactly 1 byte
Last edited by nightn4 on Sat Sep 30, 2017 8:03 pm, edited 2 times in total.

User avatar
FreeER
Cheater
Cheater
Posts: 48
Joined: Fri Mar 10, 2017 7:11 pm
Reputation: 5
Contact:

Re: writeBytes to address without timer

Post by FreeER » Mon Sep 25, 2017 11:36 am

You've got the basic idea there. To read a pointer path in assembly you have to do each offset separately (well I believe CE supports the combined format but it only calculates the address when you enable the script so if it changes that's useless because it'd still be using the old address after it changed)

Code: Select all

// assuming eax is free, if not use another register or push/pop
mov eax, [baseaddress+anyBaseOffset]
mov eax, [eax+1C]
mov eax, [eax+5C]
mov eax, [eax+C]
// eax is now player/struct/object base
// now you can access the actual value as you normally would for it's type
mov byte ptr [eax+30], #1
There's a couple other way where your final address ends up in eax instead of just the player base but with the player base you could access multiple values without recalculating eax or having to push/pop it to prevent recalculating it.

User avatar
nightn4
Cheater
Cheater
Posts: 31
Joined: Sat Jul 08, 2017 7:31 pm
Reputation: 19

Re: writeBytes to address without timer

Post by nightn4 » Mon Sep 25, 2017 12:00 pm

It's almost what I wanted, I think it works,
I'm going to try now

Update after the test, this method works fine
Thank you very much FreeER :)

User avatar
gir489
RCE Fanatics
RCE Fanatics
Posts: 58
Joined: Mon May 08, 2017 4:08 am
Reputation: 16
Contact:

Re: writeBytes to address without timer

Post by gir489 » Thu Oct 05, 2017 4:04 pm

You should look at how the game is accessing these variables, and either hijack that getter/setter schema, or emulate it.

People who tried to cheat on Fallout 3/Fallout New Vegas found this out the hard way, because the game had a generic getter and setter and that's what people would see from the breakpoint, but if you look at what calls the generic getter for the player, you would've noticed that the call puts a static pointer deref to the stack, and from there, you could figure out if the call is coming from the player or not.

It's probably doing something like FreeER said. But if it's just doing EAX+C in the call or EAX+2AE, you'd want to look for a pointer that ends with +2AE, since that's more likely to be consistent.

Post Reply

Who is online

Users browsing this forum: No registered users