Can help with multilevel pointers find?

chusski

Cheater
Joined
Sep 8, 2018
Messages
39
Reaction score
6
Hello.

I am noob with CE, and i am tryign to learm find multilevel pointers.
But i have a problem to find Health pointer on The_Swords_of_Dittov1.14.01-202.
Can some one help my with it plz?
My finally is learm how to do for other games too...

I can find the pointer for the one sesion of the game, but change for every map, and every session.

Thx very much guys.
 

TheyCallMeTim13

Enchanter
Staff member
Administrator
Fearless Donors
Talents
Joined
Mar 3, 2017
Messages
1,786
Reaction score
748
You likely need to change the structure size and max. level. That or look into code injection and just hook the address.
https://wiki.cheatengine.org/index.php?title=Tutorials:Auto_Assembler:Injection_full
 

chusski

Cheater
Joined
Sep 8, 2018
Messages
39
Reaction score
6
thx for reply.

how injection works, if the address change every time the game are reloaded?

i was try to to compare scanned address with another scaned adres after reload game, but one one address be finded...

thx for the help. (and sorry for my english)
 

TheyCallMeTim13

Enchanter
Staff member
Administrator
Fearless Donors
Talents
Joined
Mar 3, 2017
Messages
1,786
Reaction score
748
Check the wiki it goes over code injection and the use of AOBs. But basically you hook the code that accesses the address.
https://wiki.cheatengine.org/index.php?title=Tutorials:AOBs
https://wiki.cheatengine.org/index.php?title=Tutorials:Auto_Assembler:Basics
https://wiki.cheatengine.org/index.php?title=Tutorials:Auto_Assembler:Templates
https://wiki.cheatengine.org/index.php?title=Tutorials:Auto_Assembler:Injection_full
Code:
define(bytes, 8B 47 58 5F 8D 14 F6)

////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobSkillPointsHook, Borderlands2.exe, E8xxxxxxxx83xxxx8Bxxxxxx8Dxxxxxx8Dxxxxxx8B)
define(injSkillPointsHook, aobSkillPointsHook+8)
assert(injSkillPointsHook, bytes)
registerSymbol(injSkillPointsHook)

alloc(memSkillPointsHook, 0x400, injSkillPointsHook)

label(ptrSkillPointsHook)
registerSymbol(ptrSkillPointsHook)

label(n_code)
label(o_code)
label(exit)
label(return)

memSkillPointsHook:
	ptrSkillPointsHook:
		dd 0
	align 10 CC
	n_code:
		mov [ptrSkillPointsHook],edi
	o_code:
		mov eax,[edi+58]
		pop edi
		lea edx,[esi+esi*8]
	exit:
		jmp return


////
//// ---------- Injection Point ----------
injSkillPointsHook:
	jmp n_code
	nop
	nop
	return:


////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injSkillPointsHook:
	db bytes

unregisterSymbol(injSkillPointsHook)

unregisterSymbol(ptrSkillPointsHook)

dealloc(memSkillPointsHook)

{
//// Injection Point: Borderlands2.exe+BA6377  -  01C46377
//// AOB address: 01C4636F  -  Borderlands2.exe+BA636F
//// Process: Borderlands2.exe  -  010A0000
//// Module: Borderlands2.exe  -  010A0000
//// Module Size: 01AC7000
Borderlands2.exe+BA633C:  83 C0 04                    -  add eax,04                         
Borderlands2.exe+BA633F:  74 E4                       -  je 01C46325                        
Borderlands2.exe+BA6341:  8B 30                       -  mov esi,[eax]                      
Borderlands2.exe+BA6343:  85 F6                       -  test esi,esi                       
Borderlands2.exe+BA6345:  78 DE                       -  js 01C46325                        
Borderlands2.exe+BA6347:  3B 77 5C                    -  cmp esi,[edi+5C]                   
Borderlands2.exe+BA634A:  7D D9                       -  jnl 01C46325                       
Borderlands2.exe+BA634C:  8B 47 5C                    -  mov eax,[edi+5C]                   
Borderlands2.exe+BA634F:  3B F0                       -  cmp esi,eax                        
Borderlands2.exe+BA6351:  7C 24                       -  jl 01C46377                        
Borderlands2.exe+BA6353:  85 F6                       -  test esi,esi                       
Borderlands2.exe+BA6355:  75 04                       -  jne 01C4635B                       
Borderlands2.exe+BA6357:  85 C0                       -  test eax,eax                       
Borderlands2.exe+BA6359:  74 1C                       -  je 01C46377                        
Borderlands2.exe+BA635B:  68 E8082A02                 -  push 022A08E8                      [00000000]
Borderlands2.exe+BA6360:  68 5C020000                 -  push 0000025C                      
Borderlands2.exe+BA6365:  68 F80B2A02                 -  push 022A0BF8                      ["d:\bamboo\builds\man-mancanapccert-job1\development\src\core\inc\Array.h"]
Borderlands2.exe+BA636A:  68 C80B2A02                 -  push 022A0BC8                      ["i>=0 && (i<ArrayNum||(i==0 && ArrayNum==0))"]
Borderlands2.exe+BA636F:  E8 ACF64DFF                 -  call 01125A20                      <<<--- AOB Starts Here
Borderlands2.exe+BA6374:  83 C4 10                    -  add esp,10                         
////  INJECTING START  ----------------------------------------------------------
Borderlands2.exe+BA6377:  8B 47 58                    -  mov eax,[edi+58]                   
Borderlands2.exe+BA637A:  5F                          -  pop edi                            
Borderlands2.exe+BA637B:  8D 14 F6                    -  lea edx,[esi+esi*8]                
////  INJECTING END  ----------------------------------------------------------
Borderlands2.exe+BA637E:  5E                          -  pop esi                            
Borderlands2.exe+BA637F:  8D 04 90                    -  lea eax,[eax+edx*4]                
Borderlands2.exe+BA6382:  5B                          -  pop ebx                            
Borderlands2.exe+BA6383:  8B E5                       -  mov esp,ebp                        
Borderlands2.exe+BA6385:  5D                          -  pop ebp                            
Borderlands2.exe+BA6386:  C2 0400                     -  ret 0004                           
Borderlands2.exe+BA6389:  CC                          -  int 3                              
Borderlands2.exe+BA638A:  CC                          -  int 3                              
Borderlands2.exe+BA638B:  CC                          -  int 3                              
Borderlands2.exe+BA638C:  CC                          -  int 3                              
Borderlands2.exe+BA638D:  CC                          -  int 3                              
Borderlands2.exe+BA638E:  CC                          -  int 3                              
Borderlands2.exe+BA638F:  CC                          -  int 3                              
Borderlands2.exe+BA6390:  55                          -  push ebp                           
Borderlands2.exe+BA6391:  8B EC                       -  mov ebp,esp                        
Borderlands2.exe+BA6393:  8B 45 08                    -  mov eax,[ebp+08]                   
Borderlands2.exe+BA6396:  53                          -  push ebx                           
Borderlands2.exe+BA6397:  50                          -  push eax                           
//// Template: I2CEA_AOBFullInjection
//// Generated with: I2 Cheat Engine Auto Assembler Script Template Generator
//// Code Happy, Code Freely, Be Awesome.
}
https://wiki.cheatengine.org/index.php?title=Tutorials
 

Twistedself

Noobzor
Joined
Jun 30, 2018
Messages
12
Reaction score
12
Iittle off-topic, but you can aobscanmodules, then just the (variableName, module, ?? ??)? and it works the same way as a regualar aobscan(VariableName, ?? ??) but only scans within the module?

@OP if you post the game or an address I can help you make this work. Tim is saying that you don't need the pointer if you have the code, you can just scan for the assembly(opcode) via AOB that uses that address.

They way I normally do it is , lets say;

your code is:
push edx
mov edx, [esi+eax*8+4]

When you dissassemble you have the following bytes (I am making this up with no code)
a3 43 F0 D2 37 28 24 64

You know the variable is what ever the value is after they do esi+eax8*+4 and shove that into edx. So identify the byte range that is esi"""""""+4 and mask out those bytes. In our example something like
a3 43 F0 D2 ?? ?? ?? ??

Then write the code like

Aobscan(WantedVariableOrig, a3 43 F0 D2 ?? ?? ?? ??)
This will take the value at the AOB and load it into your variableORIG. make sure to add a lable and registersymbol(multiple if you will use that data more than once)

Then just go into your code
[enable]
alloc
label
register

activateScript:
mov edx, [WantedVariable]
jmp [WantedVariableOrig]+1

WantedVariable:
dd (float) 1.5

deactivateScript:
mov edx, [esi+eax*8+4]
jmp WantedVariableOrig

[disable]

unregister
dealloc

Something like this. I am very new to ASM and coding in general! I am self taught and I am sorry If my information is off. I do like helping tho and I hope I covered your question.
 

chusski

Cheater
Joined
Sep 8, 2018
Messages
39
Reaction score
6
Thx very much rellay for the help.
I going around 1 moth reading and tryig to learm how it work... But i am sure my problem are the comprension of the english, going better when see the examples.

I make this code, but something wrong, because when i execute; the game crash.
i was do with template cheat table framework and AOB injection.
And not modify any part off atm.
Code:
{ Game   : The_Swords_of_Ditto.exe
  Version: 
  Date   : 2019-05-05
  Author : ChusskiNew

  This script does blah blah blah
}

[ENABLE]

aobscanmodule(INJECT,The_Swords_of_Ditto.exe,5C C8 F2 0F 11 0E 89 F0) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:

code:
  movsd [esi],xmm1
  mov eax,esi
  jmp return

INJECT+02:
  jmp newmem
  nop
return:
registersymbol(INJECT)

[DISABLE]

INJECT+02:
  db F2 0F 11 0E 89 F0

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "The_Swords_of_Ditto.exe"+4921E

"The_Swords_of_Ditto.exe"+491F5: DD 5C 24 20                       -  fstp qword ptr [esp+20]
"The_Swords_of_Ditto.exe"+491F9: F2 0F 10 44 24 20                 -  movsd xmm0,[esp+20]
"The_Swords_of_Ditto.exe"+491FF: EB 04                             -  jmp The_Swords_of_Ditto.exe+49205
"The_Swords_of_Ditto.exe"+49201: F2 0F 2A 06                       -  cvtsi2sd xmm0,[esi]
"The_Swords_of_Ditto.exe"+49205: F2 0F 5C 07                       -  subsd xmm0,[edi]
"The_Swords_of_Ditto.exe"+49209: F2 0F 11 06                       -  movsd [esi],xmm0
"The_Swords_of_Ditto.exe"+4920D: C7 46 0C 00 00 00 00              -  mov [esi+0C],00000000
"The_Swords_of_Ditto.exe"+49214: EB 0C                             -  jmp The_Swords_of_Ditto.exe+49222
"The_Swords_of_Ditto.exe"+49216: F2 0F 10 07                       -  movsd xmm0,[edi]
"The_Swords_of_Ditto.exe"+4921A: F2 0F 5C C8                       -  subsd xmm1,xmm0
// ---------- INJECTING HERE ----------
"The_Swords_of_Ditto.exe"+4921E: F2 0F 11 0E                       -  movsd [esi],xmm1
"The_Swords_of_Ditto.exe"+49222: 89 F0                             -  mov eax,esi
// ---------- DONE INJECTING  ----------
"The_Swords_of_Ditto.exe"+49224: 8D 65 F8                          -  lea esp,[ebp-08]
"The_Swords_of_Ditto.exe"+49227: 5E                                -  pop esi
"The_Swords_of_Ditto.exe"+49228: 5F                                -  pop edi
"The_Swords_of_Ditto.exe"+49229: 5D                                -  pop ebp
"The_Swords_of_Ditto.exe"+4922A: C2 04 00                          -  ret 0004
"The_Swords_of_Ditto.exe"+4922D: CC                                -  int 3 
"The_Swords_of_Ditto.exe"+4922E: CC                                -  int 3 
"The_Swords_of_Ditto.exe"+4922F: CC                                -  int 3 
"The_Swords_of_Ditto.exe"+49230: 55                                -  push ebp
"The_Swords_of_Ditto.exe"+49231: 89 E5                             -  mov ebp,esp
}
thx both guys.
 

TheyCallMeTim13

Enchanter
Staff member
Administrator
Fearless Donors
Talents
Joined
Mar 3, 2017
Messages
1,786
Reaction score
748
Twistedself said:
Iittle off-topic, but you can aobscanmodules, then just the (variableName, module, ?? ??)? and it works the same way as a regualar aobscan(VariableName, ?? ??) but only scans within the module?...
Yes. It's good for larger module based games, which most newer games are.

Twistedself said:
...
Aobscan(WantedVariableOrig, a3 43 F0 D2 ?? ?? ?? ??)
...
And any non hex number in a CE aob string is seen as a wild card, so ending one with all wildcards is pointless; i.e. "a3 43 F0 D2" is basically equal to this "a3 43 F0 D2 ?? ?? ?? ??". Not sure if CE just ignores it or if it would actually make the scan take longer.

chusski said:
...
I make this code, but something wrong, because when i execute; the game crash....
Try doing a manual AOB scan (in the CE scan UI) and make sure you only get 1 address, or at least the first address is the right one. And just increase the AOB until it's works. But the code looks fine so that would be my guess at this point.
 

chusski

Cheater
Joined
Sep 8, 2018
Messages
39
Reaction score
6
Hello guys.
I am know near to learm... but i dont know where are me wrong..... i think the problem are i am working on bad address... any idea? thx guys
by mobs hitting my, reloading game, i take 4 times the bytes, from diferent address. This address are the one i can change to up health again.
Its was i tryng without luck:
Finding address:


opcodes write at address:


memory viewer:


codes listing on notepad to compare:

Code:
00 00 00 00 00 00 59 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 59 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 40 00 00 00 00 00 00 00 00 0A D7 A3 70 3D 0A D7 3F 00 00 00 00 00 00 00 00
00 00 00 00 00 00 59 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 59 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 78 78 78 00 00 00 00 00 00 00 00 00 00 00 00 78 78 78 78 00 00 00 00 00 00 00 00 00 00 00 00 78 78 78 78 00 00 00 00 00 00 00 00 00 00 00 00 78 78 78 78 00 00 00 00
00 00 00 00 00 00 59 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 59 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 78 78 78 00 00 00 00 00 00 00 00 00 00 00 00 78 78 78 78 00 00 00 00 00 00 00 00 00 00 00 00 78 78 78 78 00 00 00 00 00 00 00 00 00 00 00 00 78 78 78 78 00 00 00 00
00 00 00 00 00 00 59 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 59 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 78 78 78 00 00 00 00 00 00 00 00 00 00 00 00 78 78 78 78 00 00 00 00 00 00 00 00 00 00 00 00 78 78 78 78 00 00 00 00 00 00 00 00 00 00 00 00 78 78 78 78 00 00 00 00
00 00 00 00 00 00 59 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 59 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 78 78 78 00 00 00 00 00 00 00 00 00 00 00 00 78 78 78 78 00 00 00 00 00 00 00 00 00 00 00 00 78 78 78 78 00 00 00 00 00 00 00 00 00 00 00 00 78 78 78 78 00 00 00 00
Code:
[ENABLE]
aobscanmodule(health,The_Swords_of_Ditto.exe+4921e,?? ?? ?? ?? ?? ?? 59 40)
label(dittohealth)
registersymbol(dittohealth)

health:
dittohealth:

[DISABLE]
unregistersymbol(dittohealth)
 

chusski

Cheater
Joined
Sep 8, 2018
Messages
39
Reaction score
6
Hello guys, i am getting crazy....

Any idea?
thx for advanced
 

TheyCallMeTim13

Enchanter
Staff member
Administrator
Fearless Donors
Talents
Joined
Mar 3, 2017
Messages
1,786
Reaction score
748
chusski said:
Hello guys, i am getting crazy....

Any idea?
thx for advanced
Try an actual injection hook and use the AOB injection template, but it looks like that might be shared instruction and you'll have to filter it out someway. If you are unsure how to do that, do the CE tutorial.
https://wiki.cheatengine.org/index.php?title=Tutorials:Cheat_Engine_Tutorial_Guide_x32
https://wiki.cheatengine.org/index.php?title=Tutorials:Cheat_Engine_Tutorial_Guide_x64
TheyCallMeTim13 said:
...
https://wiki.cheatengine.org/index.php?title=Tutorials:AOBs
https://wiki.cheatengine.org/index.php?title=Tutorials:Auto_Assembler:Basics
https://wiki.cheatengine.org/index.php?title=Tutorials:Auto_Assembler:Templates
https://wiki.cheatengine.org/index.php?title=Tutorials:Auto_Assembler:Injection_full

...

https://wiki.cheatengine.org/index.php?title=Tutorials
 

chusski

Cheater
Joined
Sep 8, 2018
Messages
39
Reaction score
6
Thx Tim. I really appreciate your help, this wiki with images is great I'm moving forward a lot. But I know I'm not a great student, I think it's devolved to my inlges ... but I've completed it until Step 9 and those examples do not help me understand what happens when I try it in the Ditto game.
It's as if the address is looping or something like that ...
I have managed to find a pointer that when I get hit the initial address appears but I can not get more of that. This pointer when passing between screens does not change, but if when restarting the game.
If I understood correctly:
 -injection hook: is to inject another direction on which you are looking. When I do this the game crash. To avoid this, I would need the address that was not shared, no?

-AOB injection template:
It is to avoid looking for a pointer, like in Step 9, if you do not look for the correct bytes, several times you compare them and with the pattern create an AOB that looks for it alone. But as I only find the initial address, and this is not serving me because of many patterns that I do ... when I set it up in the AOB, it finds a direction that has nothing to do ...

cant understand what i doing wrong...
 

TheyCallMeTim13

Enchanter
Staff member
Administrator
Fearless Donors
Talents
Joined
Mar 3, 2017
Messages
1,786
Reaction score
748
chusski said:
...
 -injection hook: is to inject another direction on which you are looking. When I do this the game crash. To avoid this, I would need the address that was not shared, no?
...
If you used a template, then it most likely crashes because more than one address is accessed by the instruction. Step 9 of the tutorial goes over shared instructions.

chusski said:
...
-AOB injection template:
It is to avoid looking for a pointer, like in Step 9, if you do not look for the correct bytes, several times you compare them and with the pattern create an AOB that looks for it alone. But as I only find the initial address, and this is not serving me because of many patterns that I do ... when I set it up in the AOB, it finds a direction that has nothing to do ...
No AOB injection is for using a "scan signature" to deal with the instructions address changing, like after an update and even some games the address will change after a reboot. The injection hook itself is for "hooking" the base of the address you want to basically make your own pointer.
 

chusski

Cheater
Joined
Sep 8, 2018
Messages
39
Reaction score
6
Well, let's see if I do the steps correctly.

1- I look for the direction of life. (100)
-Busco 100 (is Double)
-I get hit
-I look for Decrease

2-With the direction of Life: (00123BBB)
-I do Find writte to address:
-In the beginning I was 2 and its counters do not stop going up.
-I let them stick and an instruction is added (always the same: 0109921E - F2 0F11 0E - movsd [esi], xmm1)
-in this instruction I do show dissasembler

3-Find what access to this instruction: (difficult because the game slows down a lot)
-I let them hit me. and I stop it.
- Appear hundreds of addresses.
-Address 3 addresses with 1 counter. (Double)
-Only one of them has the value of life. which is the same as at the beginning (00123BBB)

What i need do next? compare the hundreds of addresses that come out?
In the tutorial Step 9 only 4 and it is easy to find the differences, more or less ....
If i compare the 3 address that have 1 counter, really dont know what i am looking for...

thx again
 

VampTY

Vampire Queen
Table Maker
Joined
Mar 5, 2019
Messages
307
Reaction score
276
@ chusski

In order to help you out, on version 1.15.02-202 REL, by Plaza, if you have that one, test this option below.
So while playing, load that table and F2 ..ESC then so that the visual will activate and you'll have unlimited bombs, i can find the health also..let me know if this works for your version, on the version i've mentioned works very well.
 

Attachments

chusski

Cheater
Joined
Sep 8, 2018
Messages
39
Reaction score
6
Thx very much for the help VampTY.

I am working at with The_Swords_of_Dittov1.14.01-202. Only workign with that because, i was stard with it.
Too Got installled 1.15.02-202 REL. But its np i can try tomorrow. Now i a at work.
If you can find way to health pointer, its great to see your work. And help my alot see it, for understand my wrong.
But i want understand what i am doing bad, and learm how this world works. really i am getting crazy with that pointer, but iam new on CE.

Thx again for all your time guys.
 

Garrett Dark

Novice Cheater
Joined
May 8, 2019
Messages
15
Reaction score
23
@chusski

Hi, I think the problem you're encountering with the hit points in this particular game is specific to the game itself.

I'm not really good at all this myself, but I have used pointer scans and AOB Code Injections methods to make pointers and scripts which act as pointers in many games before with success. I've been playing with this game for the past 4 days, and it's been incredible frustrating and unsuccessful for hit points. The best I could do is for status effects granted by items, but they keep resetting every map change, and merely when looking at the "Stickers" screen.

To be specific, I'm running "The_Swords_of_Dittov1.14.01-202". All the codes that read/write to the hit points memory location are utilized by many other memory addresses, so AOB code injection won't work to my understanding. I've pointer scanned using 3 maps, Offset 2047 Level 5 fails to find any results. I then tried Offset 9047 Level 4, got a lot of results but none of them stayed when the game was restarted. Same thing with Offset 5047 Level 5 scan, and Offset 2047 Level 6 scan.

Maybe I'm using the scans inefficiently, but to my understanding increasing the offset and levels should reveal trickier pointers that are common in all three maps I was using (it has before). My total guess (as I said, I'm not very good at this myself) is that there's nothing in common with the three maps. That the game does something weird for hit points and how it stores it in memory, like it's different every time.

So if you're using this game to learn code injection method or pointer scanning, this might not be the best game to learn on.
 

chusski

Cheater
Joined
Sep 8, 2018
Messages
39
Reaction score
6
Hi guys

I chose this game thinking it would be an easy one.

Comrade Garrett Dark, added his trainer and his experience in this thread: http://fearlessrevolution.com/viewtopic.php?f=4&t=6598&p=88845#p88994

You can have an eye, but it seems that your experience has also been crazy.

Good job and Thank you very much for sharing your work. Garrett Dark

Add la info of the table from him:
Code:
{
NOTES (This is not actually a script)

The Swords of Ditto
v1.14.01-202

GENERAL NOTES
- The game appears to store all values in Double

INVENTORY ITEMS WITH NUMBER COUNT
- 5 (Double) = 5 items
= Can be editted in CE to exceed the usual 5 cap, change is permanent ingame. So just search and edit as needed.
- Finding an item which was editted above the 5 cap resets the item quanity to the cap. This appears to be only for bombs and such.
- Later in the game the 5 cap can be increased ingame
- Item upgrade components items are capped at 99

STATUS EFFECTS
- Effects that Stickers applies (Fire Atk & Res, Ether, Poison, Etc)
- Fire, Ether, Poison Atk & Res stored as Double value 0.00 to 1.00 (0% to 100%), can exceed 100%
- Changing Map Locations ingame changes memory storage locations
- Pointer Scans at Offset 2047 Level 5 takes a long time and fails to find valid pointers
- Continual reading opcodes reading memory location of Status effect not viable, too many other memory locations use same code
- Can use Continual reading opcode ie. "movsd xmm0,[ebx]" to find all Status Effect Atk & Res by "finding out all addreess that access it" in Memory Viewer of CE
- Status Effects values appear to reset when changing stickers and when enterting and exiting the sticker screen
- Static opcode that resets value viable, only one status effect uses it
- Static opcode looks something like this "mov [edi],00000000" for each status effect
= Using AOB Injection Lookup Script method
- AOB Lookups are can be enbaled right away, but pointers not found until a sticker is changed ingame
- Values seem to stick after ingame map location change as long as Stickers Screen not looked at
= LOCKING VALUES IN CE WILL CRASH GAME: During ingame Map Location change. Memory locations change and script slow to update, wrong memory locations values are messed up with CE Locking Values, thus crash

HITPOINTS
- 100hp = 100 (Double)
- Can be easily found, but memory location changes with ingame map change
- Can't AOB Lookup because Continual and Static opcodes reading memory locations all not viable
* Pointer Scan (3 maps): Offset 2047 Level 5 = failed, 0 results
* Pointer Scan (3 maps): Offset 9047 Level 4 = Success, 92005 Results Found
- None of the 92005pp held aftert game restarted
* Pointer Scan (3 maps): Offset 5047 Level 5 = Success, 541376 Results Found (in about 2:25hrs scan time)
- None of the 541376pp held aftert game restarted
* Pointer Scan (3 maps): Offset 2047 Level 6 = Sucess, 428531 Results Found
- None of the 428531pp held aftert game restarted
* Pointer Scan (3 maps): Offset 2047 Level 9 = failed, 19:03hrs so far and 0 results, aborting scan
= Giving up on HP; Rengeration, Armor, Max HP cheats good enough
= Another alternative, there's a Piggy Bank Sticker which makes hits subtract from money instead (though status effects still damage), money can be editted to a very high value

ARMOR BONUS
- No Bonus = 1.00 (Double), 6% bonus = 1.06 (Double), 100% bonus = 2.00 (Double). Can exceed 100%
- 100% doesn't fully block all damage, this bonus appears to be a reduction bonus
- At 1000% (11.00 Double) still taking damage
- At 2000% (21.00 Double) damage appears to be less than 1 HP
= AOB Lookup viable, as per Status Effects there is a resetting code when looking at Stickers Screen. "mov [edi],00000000"

ATTACK BONUS
- No Bonus = 1.00 (Double), 6% bonus = 1.06 (Double), 100% bonus = 2.00 (Double). Can exceed 100%
- Same as Armor Bonus
= AOB Lookup viable, as per Status Effects there is a resetting code when looking at Stickers Screen. "mov [edi],00000000"

MONEY
- 100 money is 100 (Double)
- Continual Read opcode "movsd xmm0,[esi]" viable for AOB Lookup Method

CELESTRIAL FRAGMENTS
- 1 (Double) = 1 Celestrial Fragment
= AOB not viable, but like money/items only require a one time edit

SWORD XP
- Continual & Static Read/Write opcodes not viable for AOB Lookup Method
= Just use the pointer the other cheat has

ENERGY
- Value is 100 (Double) when Energy Bar is Full
- Continual & Static Read/Write opcodes not viable for AOB Lookup Method
* Pointer Scan (3 maps): Offset 2047 Level 5 = failed, 0 results
* Pointer Scan (3 maps): Offset 5047 Level 3 = failed, 0 results, instantly
* Pointer Scan (3 maps): Offset 9047 Level 3 = failed, 0 results, instantly
* Pointer Scan (3 maps): Offset 9047 Level 4 = Success, 2 Results Found
- 2pp found did not hold when game restarted

HP Regneration
- 1 (Double) = 100%, 0.1 (Double) = 10%
- Values unlike Attack and Armor Bonus, base is not 1 but rather at 0 (Double)
= AOB Lookup viable, as per Status Effects there is a resetting code when looking at Stickers Screen. "mov [edi],00000000"

Max HP Bonus
- 1.01 (Double) = 1%, 2.00 (Double) = 100%
- Like Attack & Armor Bonus
= AOB Lookup viable, as per Status Effects there is a resetting code when looking at Stickers Screen. "mov [edi],00000000"

LUCK
- 0.01 (Double) = 1 Luck, 1.00 (Double) = 100 Luck
= AOB Lookup viable, as per Status Effects there is a resetting code when looking at Stickers Screen.
- Resetting code slightly different than Armor, Attack Bonus, and etc. "mov [edi],47AE147B" instead of moving 00000000 into edi. But in terms of AOB lookup script it makes no difference for cheating purposes

SHIELD BREAK
- 0.10 (Double) = 10%, 1.00 (Double) = 100%
= AOB Lookup viable, as per Status Effects there is a resetting code when looking at Stickers Screen. "mov [edi],00000000"

DROP RATE
- 0.06 (Double) = 6%, 1.00 (Double) = 100%
= AOB Lookup viable, as per Status Effects there is a resetting code when looking at Stickers Screen. "mov [edi],00000000"

TP RENGERATION
- 1 (Double) = 100%, 0.1 (Double) = 10%
= AOB Lookup viable, as per Status Effects there is a resetting code when looking at Stickers Screen. "mov [edi],00000000"

STICKER ABILITIES
- 1 (Double) = Equipped, 0 (Double) = Not Equipped
= AOB Lookup viable, as per Status Effects there is a resetting code when looking at Stickers Screen. "mov [edi],00000000"


}
What you think about?
 

chusski

Cheater
Joined
Sep 8, 2018
Messages
39
Reaction score
6
Hi guys

Finally find something to put the infinite life or modify it.
Ver: v1.14.01-202

But you need to get hit every time you change the map or restart the game before you can locate the pointer. AOB dont work. Need put bytes on scan.

BYTES:
Code:
?0 ?? ?? ?? 60 C6 A3 03 ?4 ?? ?? 00 88 A0 A3 03 ?0 ?? ?? ?? 98 B7 43 03 88 A0 A3 03 01 00 ?? ?? ?? ?? ?? ?? 3? 3? 3? 3? 3? ?? ?? 4? 4? 4? ?? 20 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
AOB:
Code:
[ENABLE]
aobscanmodule(health,The_Swords_of_Ditto.exe,?0 ?? ?? ?? 60 C6 A3 03 ?4 ?? ?? 00 88 A0 A3 03 ?0 ?? ?? ?? 98 B7 43 03 88 A0 A3 03 01 00 ?? ?? ?? ?? ?? ?? 3? 3? 3? 3? 3? ?? ?? 4? 4? 4? ?? 20 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??)
label(dittohealth)
registersymbol(dittohealth)

health:
dittohealth:

[DISABLE]
unregistersymbol(dittohealth)
I have 2 questions:
1-I have obtained the line of bytes, which if placed in the search engine (after receiving a hit), gives the pointer of life. (While you are in that map or game)
But adding it to an AOB, it does not locate it.
How can i solve this?

2-How could you solve the issue that they have to hit you to be able to look for the pointer?

Can you giev a hand with that?
Thank you very much to all.
 

Twistedself

Noobzor
Joined
Jun 30, 2018
Messages
12
Reaction score
12
chusski said:
What i need do next? compare the hundreds of addresses that come out?
In the tutorial Step 9 only 4 and it is easy to find the differences, more or less ....
If i compare the 3 address that have 1 counter, really dont know what i am looking for...

thx again
In the tutorial on step 9,(I recommend watching a video) it will have you build data structs from each player and then look at the code to find a constant to cmp. In the tutorial it ended up being really simple if I remember it was just a switch 01 represented first player or something. then just did a
cmp Me, 1
jne End

just an easy cmp. But you can compare the stucts and usually find many things that are unique to the player.
And any of these will do just fine.

I am almost sure Tim is correct and this is a shared instruction that acts on the health of all players. Without a cmp it won't work right. You could just test it by nopping the instruction and seeing if it allows enemy health to drop.


Didn't see the new page of post! Sounds like you might have a bolean that starts the "health" code. If you could find the switch that happens when you first take damage by scanning 0 before 1 after? Maybe you could find the switch and then add that to the code.
 

Twistedself

Noobzor
Joined
Jun 30, 2018
Messages
12
Reaction score
12
Code:
[ENABLE]
aobscanmodule(health,The_Swords_of_Ditto.exe,?0 ?? ?? ?? 60 C6 A3 03 ?4 ?? ?? 00 88 A0 A3 03 ?0 ?? ?? ?? 98 B7 43 03 88 A0 A3 03 01 00 ?? ?? ?? ?? ?? ?? 3? 3? 3? 3? 3? ?? ?? 4? 4? 4? ?? 20 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??)
label(health)
label(healthOrig)
alloc(healthCode, 2048)
registersymbol(healthOrig)
registersymbol(wantedHealth)

healthCode:
cmp ?????,1      //make your compare to make sure it is your turn. or that you are not enemy- if needed
jne healthReturn     //jump not equal to healthReturn
mov ? , [wantedHealth]                // move the wanted health into You, where ever it's being stored in your orig code
//instructions from your orig code to finish it goes here

wantedHealth:
dd (float) 38274            //If its a float value make sure you say it is. Then the number you want to be plugged in
(You could also add this in your move instruction if you don't want the option for user input health) 

healthReturn:
[DISABLE]
jmp healthOrig


unregistersymbol(healthOrig)
unregistersymbol(wantedHealth)
dealloc(healthCode)
I can't afford to buy any games atm, so all I can do.
 
Top