Finding a pointer

NumberXer0

Expert Cheater
Mar 12, 2017
132
1
18
#1
I'm kind of lost on how to make my cheats stick. I can find values easy, but I can never find a pointer. For example, hacking ammo. I can find and lock the ammo fine, but changing guns, areas or restarting the game breaks the cheat. If I try to pointer scan, I get so many results that I can't manage. Here is my process:

Find original value
Pointer scan for address
Change value in game
Rescan memory
Repeat until results stop narrowing down
Close and open game
Rehook CE
Find original value again
Pointer scan for new address
Repeat until results stop narrowing down
Still stuck with a million results, none of which actually effect my ammo

I followed a direct tutorial on this and sometimes it works, but that's 1% of the time. Most games give too many results.
 

jungletek

Reality Bytes
Oct 17, 2017
158
6
18
#2
http://fearlessrevolution.com/viewtopic.php?f=11&t=4113

TL;DR: AOB scans in your scripts.
 

NumberXer0

Expert Cheater
Mar 12, 2017
132
1
18
#3
jungletek post_id=29842 time=1515633031 user_id=9475 said:
http://fearlessrevolution.com/viewtopic.php?f=11&t=4113

TL;DR: AOB scans in your scripts.
I tried following that, and it kind of works, but I'm completely lost when it gets to the breakpoints. I can lock my current ammo at whatever value fine, but I can't make it sync up with my maximum.

"If you are anything like me; you are not fullfilled yet. You dislike having a railgun or shotgun with 25 ammo and really need to do something about it. Luckily this is often very easy. In my experience so far, the current and MAX ammo count are VERY close friends.
So, lets change the current ammo count to the MAX ammo count!

There is literally a million ways to do find this out, but it really comes down to luck and ingenuity.
Lets get back to the disassembler. (Actually, my game crashed here because i forgot to restore the original code and activated the script; addressed are slightly off now)

We want to know where in memory RAX is located. We do this by setting a breakpoint in our new script or above it. In the image the cheat is activated so the proper instruction is now replaced by a jmp <address>. If you highlight it and press SPACE you will go to the new place in memory where our injection resides.
Set a breakpoint and hit fire. If the game halts, you know you did it right. To the right you will see the registers. In the code you see that the rax is getting the value that resides in rdi+40. And we know that rax is the thing we want. Remember from the script, that [rax+30] is where the ammo resides"


I don't understand this part. I have the script set and activated. How do I open up the disassembler for the script? I don't see any options at the top or the right click.
 

jungletek

Reality Bytes
Oct 17, 2017
158
6
18
#4
I'm not sure what you're asking. You went through the tutorial and made a script for your game but you don't know how to open the disassembly window again?
 

NumberXer0

Expert Cheater
Mar 12, 2017
132
1
18
#5
I mean how do you open the disassembly window for the script. I know how to open it for the original address I was searching for, it was in the right click menu. It isn't in the menu when clicking on the script. And if I repeat my steps to get back to the original address and then do it there, the tutorial falls apart. There's no jmp address and nothing happens if I press space.
 

Blayde

Expert Cheater
Aug 25, 2017
229
1
16
#6
NumberXer0 post_id=29839 time=1515630239 user_id=1084 said:
...... I get so many results that I can't manage.
It's very easy if you have 2 or more computers, but...
Look here: https://www.youtube.com/watch?v=SFr0nRjDJfE&t=428s
 

jungletek

Reality Bytes
Oct 17, 2017
158
6
18
#7
NumberXer0 post_id=29847 time=1515638710 user_id=1084 said:
I mean how do you open the disassembly window for the script. I know how to open it for the original address I was searching for, it was in the right click menu. It isn't in the menu when clicking on the script. And if I repeat my steps to get back to the original address and then do it there, the tutorial falls apart. There's no jmp address and nothing happens if I press space.
There's no such thing. There's a script editor, and a disassembler/mem view window. You get the former by double-clicking the address area of that script in the main CE window (where it says <script>), and the latter from the right-click menu when you click on an entry in the main window, or the keyboard shortcut is CTRL-D.

Also just blindly following the tutorial without understanding what and why you're doing things isn't going to teach you anything other than how to follow that tutorial.
There's no jmp address and nothing happens if I press space.
Then either your script isn't activated, or the code relocated in memory and your addresses changed. Your script WRITES the jmp, which jumps to memory you allocate in your script.
 
Top Bottom