[CE coord.] How to find correct X, Z pos. when you have found a Y position?

marek1957

Expert Cheater
Dec 16, 2017
81
0
6
#1
Hello Guys!
I am trying to find a 100% correct coordinates X,Y,Z in Asphalt 8: Airborne game to make a teleport hack. I already found correct Y position - it has a lot of offsets: 58, 0, 180, 1C, , 114, 128, 4, 10, 184, 80, 438, 40, 17C, 420 - I saved all correct base addresses for Y pos. in Cheat Table that I attached here.

My question is - how to find other 100% correct coords like X and Z when you have Y pos. with so many offsets? And the next question is - how to find 100% correct address where I will inject my code for teleport hack?

Please help me do that or explain to me how to do it because I am trying to do this for about 12 days... I made 100% working teleport hack for Counter-Strike, WoW and other games but for this Asphalt8, I cannot make correct Teleport Hack - I made one, but it is working very strange(??) - Please check it, all of my files are attached.
 

Attachments

TheyCallMeTim13

Wiki Monster
Talents
Fearless Donors
Mar 3, 2017
407
44
28
#2
Hello Guys!
I am trying to find a 100% correct coordinates X,Y,Z in Asphalt 8: Airborne game to make a teleport hack. I already found correct Y position - it has a lot of offsets: 58, 0, 180, 1C, , 114, 128, 4, 10, 184, 80, 438, 40, 17C, 420 - I saved all correct base addresses for Y pos. in Cheat Table that I attached here.

My question is - how to find other 100% correct coords like X and Z when you have Y pos. with so many offsets? And the next question is - how to find 100% correct address where I will inject my code for teleport hack?

Please help me do that or explain to me how to do it because I am trying to do this for about 12 days... I made 100% working teleport hack for Counter-Strike, WoW and other games but for this Asphalt8, I cannot make correct Teleport Hack - I made one, but it is working very strange(??) - Please check it, all of my files are attached.
Take a guess and hope your right. Just pick one that works then use the offsets there, each offset is probably for different object structures; say like: location -> vector -> actor -> player. So all would work and any can change with an update.

In the load spot you seem to set X to the saved Z (line 100 on the CT file):
Code:
// ...
load:
mov [en_load],0
push edx
mov edx,[zpos]
mov [eax+50],edx
mov edx,[zpos] // <<<<<<<<<<<
mov [eax+54],edx
mov edx,[ypos]
mov [eax+58],edx
pop edx
jmp code
// ...
 
Last edited:

marek1957

Expert Cheater
Dec 16, 2017
81
0
6
#3
Ok, thank you for answer.

I have a new question. About 20 minutes ago new version of a game came out. Now my CT table of base addresses pointers won't work. All addresses changes.
My question is - is there a method to update pointer scan addresses ? I know how to update AOB scripts, Code Injection Scripts by using bytes but - how to update Pointer Scan addresses in the new update of the game? I have no idea..
 

Kalas

Cat'n America!
Fearless Donors
Mar 3, 2017
496
16
18
#4
Do a new pointer scan :)

Or if I understand you mean offsets?
 

marek1957

Expert Cheater
Dec 16, 2017
81
0
6
#5
Game updated and my cheat table doesnt work. Is it possible to update Pointer Scan Results like AOB scans? Or not?
 

jungletek

Reality Bytes
Oct 17, 2017
155
6
18
#6
Can you please figure out the difference between Cheat Engine-related questions (which this isn't), and general gamehacking questions (which this is), so that I don't have to move your threads every time?

Thanks.
 

marek1957

Expert Cheater
Dec 16, 2017
81
0
6
#7
Ok sorry for that. But can someone answer my question about possibility to update pointer scan addresses?
 

TheyCallMeTim13

Wiki Monster
Talents
Fearless Donors
Mar 3, 2017
407
44
28
#8
You can try and rescan but if offsets have changed with the update then you'll just have to start over.
 

SunBeam

Trouble-Maker
Talents
Feb 4, 2018
553
295
63
#9
Game updated and my cheat table doesnt work. Is it possible to update Pointer Scan Results like AOB scans? Or not?
I suggest you go through the entire CE tutorial, learning of debugging and hooking. Then apply that to your situation: debug your X, see what accesses/writes to it, then record that ASM code somewhere (as well as 10-15 lines above it and 10-15 lines below it). Once game updates, make use of array scanning to pin-point that exact same location in your new version. Keep in mind the ASM code should access/write only your coordinates, else you'll need a condition to extract just your X from the tons being accessed/written to at that location. And stop using Pointer Scan. It's Point-less :)
 

Dimentio

Novice Cheater
Apr 18, 2018
18
11
3
#11
Pointer scan might be worthwhile on small games because they might go fast. But, the bigger the game, typically the deeper the pointers get.
"Point-less" in the aspect that a single update threw all the time you spent on the 1 pointer, out the window whereas an AoBscan often survives updates.

Your example of:
58, 0, 180, 1C, , 114, 128, 4, 10, 184, 80, 438, 40, 17C, 420

You can figure out what accesses your coordinates, see if all the things accessing your coordinates only access "Yours" or if it's for everything in the game.
Do an AoBscan, Registersymbol and label, and get it set up (if it's for everything, then you have to figure out how to filter it out to just you) and this will maybe shortcut to the 17C or 420 range.... bypassing 12 offsets. X/Y/Z locations are sometimes right next to each other, and maybe in ZXY or some other arrangement. (float,float,float) So 420 was your Y position, 418 might be your Z, and 41C might be your X.

How much extra time for a pointer scan were those extra 12 offsets?

The tutorial that @SunBeam mentioned is a great way to understand a lot of the concepts.
 

marek1957

Expert Cheater
Dec 16, 2017
81
0
6
#12
Ok, thank you all for explanation, I know understand all clearly.

I have last question. Why some of my hacks I need to inject directly into correct address without allocating new memory? Because when I execute the code in new allocated memory, my hack is not working - but when I inject my script directly into correct adress without allocating memory, it is working perfectly. Why is that happening?
 

TheyCallMeTim13

Wiki Monster
Talents
Fearless Donors
Mar 3, 2017
407
44
28
#13
That's most likely due to the jump being too far, try using the "AllocateNearThisAddress" parameter.
NASM:
alloc(SymbolName, Size, AllocateNearThisAddress OPTIONAL)
NASM:
alloc(SomeSymbol, 0x4, Tutorial-x86_64.exe+164C2)
NASM:
alloc(SomeSymbol, 0x4, SomeAOBSymbol)
EDIT:
From what @SunBeam said below:
NASM:
alloc(SomeSymbol, 0x4, Tutorial-x86_64.exe)
http://wiki.cheatengine.org/index.php?title=Auto_Assembler:alloc
 
Last edited:

SunBeam

Trouble-Maker
Talents
Feb 4, 2018
553
295
63
#14
NASM:
Tutorial-x86_64.exe+164C2
CE actually fetches the module and allocates close to the end of the module. Additionally specifying +164C2 does not add to it in any way :D Jus' sayin' Tutorial-x86_64.exe is enough.
 

Dimentio

Novice Cheater
Apr 18, 2018
18
11
3
#15
What @TheyCallMeTim13 is referring to as being a "jump being too far"

When you activate your script, cheatengine most of the time is creating a jump that is 5bytes long.
In large 64 bit games, if the memory allocated is more than FFFF FFFF bytes away, cheatengine will create a 14byte jump.
Which in some cases may randomly work sometimes for you (because it created 5 bytes) or crash your game/not work when it generates a 14 byte jump.

He's telling you to push cheatengine into always being a 5byte jump. (MUUUUCH simpler working with 5byte jumps and a lot more stable)
 
Top Bottom