Page 1 of 1
Help with finding pointer in structure dissect
Posted: Sun Dec 03, 2017 1:58 pm
by barashkafromRO
I'm trying to make god mode for They Are Billions and I can't overcome a problem. In structure Dissect I can find a Player Id but it is hidden behind a pointer and I can't therefore use it. All the tutorials and advices on the internet only talk about finding Player Id as a plain value, but nobody ever talks about when it is behind a pointer like on my screenshot
[Link]
I switched red and purple colors.
how do I connect the value behind the pointer to my script?
Re: Help with finding pointer in structure dissect
Posted: Sun Dec 03, 2017 6:30 pm
by jungletek
Your image doesn't work, FYI...
But if you're asking about the syntax of pointers: if DEADBEEF is an address, then [DEADBEEF] is a pointer, and [[DEADBEEF]+420] is a pointer to a pointer offset by 0x420, etc.
Re: Help with finding pointer in structure dissect
Posted: Sun Dec 03, 2017 7:08 pm
by Betcha
Right click that pointer, - select Change Element and change Type into Byte.
Then in your script write something like this : cmp byte ptr [eax+4],#1
Re: Help with finding pointer in structure dissect
Posted: Mon Dec 04, 2017 3:42 am
by barashkafromRO
Betcha wrote: ↑Sun Dec 03, 2017 7:08 pm
Right click that pointer, - select
Change Element and change
Type into
Byte.
Then in your script write something like this :
cmp byte ptr [eax+4],#1
The address is not a pointer. It is behind a pointer together with a lot of other addresses.
I write it like this
and it doesn't work
the only way I can make it work is through compare based on a unit hp regeneration but it works for enemy buildings too, because all buildings have 0 hp regen
Code: Select all
cmp [rsi+38],0 //building hp regen
je playerHP
cmp [rsi+38],1 //ranger hp regen
je playerHP
cmp [rsi+38],2 //soldier hp regen
je playerHP
cmp [rsi+38],3 //sniper hp regen
je playerHP
all other usable values are hidden below a pointer and I don't know how to use them
Re: Help with finding pointer in structure dissect
Posted: Mon Dec 04, 2017 6:22 am
by Betcha
Do same, but instead of replacing value whats behind pointer, use it as your compare.
viewtopic.php?f=16&t=4942
Re: Help with finding pointer in structure dissect
Posted: Mon Dec 04, 2017 1:49 pm
by barashkafromRO
here is what I finally managed to complete with all my understanding.
Everything works, but newly built buildings will stay at low health because I simply removed the script that changes health in any direction. It works only for human player
Code: Select all
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,ZX.Components.CLife::Entity_EventOnUpdate+30A)
label(returnhere)
label(originalcode)
label(exit)
label(playerHP)
label(invalid)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
push rax
mov rax,[rsi+18]
cmp rax,0
je invalid
cmp byte [rax+15C], #0
je playerHP
jmp originalcode
playerHP:
pop rax
nop //mov [rsi+30],edx
mov edx,[rsi+34]
jmp returnhere
invalid:
pop rax
jmp returnhere
originalcode:
pop rax
mov [rsi+30],edx
mov edx,[rsi+34]
exit:
jmp returnhere
ZX.Components.CLife::Entity_EventOnUpdate+30A:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
ZX.Components.CLife::Entity_EventOnUpdate+30A:
mov [rsi+30],edx
mov edx,[rsi+34]
//Alt: db 89 56 30 8B 56 34
Code: Select all
{ Game : TheyAreBillions.exe
Version:
Date : 2017-12-03
Author : I tried and failed several times
This script checks for player ID and
makes human player units and
buildings health from changing
}
[ENABLE]
aobscan(INJECT,89 56 30 8B 56 34) // should be unique
alloc(newmem,$1000,7FFE94C010AA)
label(originalcode)
label(return)
label(playerHP)
label(invalid)
newmem:
push rax
mov rax,[rsi+18]
cmp rax,0
je invalid
cmp byte [rax+15C], #0
je playerHP
jmp originalcode
playerHP:
pop rax
nop //mov [rsi+30],edx
mov edx,[rsi+34]
jmp return
invalid:
pop rax
jmp return
originalcode:
pop rax
mov [rsi+30],edx
mov edx,[rsi+34]
jmp return
INJECT:
jmp newmem
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 89 56 30 8B 56 34
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: 7FFE94C010AA
7FFE94C0108F: E8 FC 03 FC FF - call 7FFE94BC1490
7FFE94C01094: 8B 90 14 01 00 00 - mov edx,[rax+00000114]
7FFE94C0109A: 85 FF - test edi,edi
7FFE94C0109C: 7D 04 - jnl 7FFE94C010A2
7FFE94C0109E: 33 D2 - xor edx,edx
7FFE94C010A0: EB 08 - jmp 7FFE94C010AA
7FFE94C010A2: 3B FA - cmp edi,edx
7FFE94C010A4: 7E 02 - jle 7FFE94C010A8
7FFE94C010A6: EB 02 - jmp 7FFE94C010AA
7FFE94C010A8: 8B D7 - mov edx,edi
// ---------- INJECTING HERE ----------
7FFE94C010AA: 89 56 30 - mov [rsi+30],edx
7FFE94C010AD: 8B 56 34 - mov edx,[rsi+34]
// ---------- DONE INJECTING ----------
7FFE94C010B0: 01 56 40 - add [rsi+40],edx
7FFE94C010B3: 83 7E 34 00 - cmp dword ptr [rsi+34],00
7FFE94C010B7: 7D 78 - jnl 7FFE94C01131
7FFE94C010B9: 48 BA 38 5A DE B2 82 01 00 00 - mov rdx,00000182B2DE5A38
7FFE94C010C3: 48 8B 12 - mov rdx,[rdx]
7FFE94C010C6: 48 8B CE - mov rcx,rsi
7FFE94C010C9: 48 8B 06 - mov rax,[rsi]
7FFE94C010CC: 48 8B 40 60 - mov rax,[rax+60]
7FFE94C010D0: FF 50 28 - call qword ptr [rax+28]
7FFE94C010D3: 48 8B CE - mov rcx,rsi
}
Edit: no, sorry,, it somehow doesn't work and crashed my game I guess rax register that I used
The problem with crashing is presumably that I can't find what to use for a register during player ID check without causing crash.
The the part of the script that checks for player ID is working.
Edit2: ok, I just forgot to pop rax before originalcode, I noticed it when my units were invulnerable byt the moment when enemy took damage it crashed the game. It works now.