Help with finding pointer in structure dissect

barashkafromRO

What is cheating?
Mar 13, 2017
25
0
1
#1
I'm trying to make god mode for They Are Billions and I can't overcome a problem. In structure Dissect I can find a Player Id but it is hidden behind a pointer and I can't therefore use it. All the tutorials and advices on the internet only talk about finding Player Id as a plain value, but nobody ever talks about when it is behind a pointer like on my screenshot
https://imgur.com/a/WGcOr
I switched red and purple colors.
how do I connect the value behind the pointer to my script?
 

jungletek

Reality Bytes
Staff member
Shogun
Oct 17, 2017
156
6
18
#2
Your image doesn't work, FYI...

But if you're asking about the syntax of pointers: if DEADBEEF is an address, then [DEADBEEF] is a pointer, and [[DEADBEEF]+420] is a pointer to a pointer offset by 0x420, etc.
 

Betcha

What is cheating?
Nov 26, 2017
12
0
1
#3
Right click that pointer, - select Change Element and change Type into Byte.
Then in your script write something like this : cmp byte ptr [eax+4],#1
 

barashkafromRO

What is cheating?
Mar 13, 2017
25
0
1
#4
Betcha post_id=26975 time=1512328131 user_id=10819 said:
Right click that pointer, - select Change Element and change Type into Byte.
Then in your script write something like this : cmp byte ptr [eax+4],#1
The address is not a pointer. It is behind a pointer together with a lot of other addresses.
I write it like this
Code:
cmp byte [rsi+18]+15C,0
and it doesn't work

the only way I can make it work is through compare based on a unit hp regeneration but it works for enemy buildings too, because all buildings have 0 hp regen
Code:
cmp [rsi+38],0 //building hp regen
  je playerHP
  cmp [rsi+38],1 //ranger hp regen
  je playerHP
  cmp [rsi+38],2 //soldier hp regen
  je playerHP
  cmp [rsi+38],3 //sniper hp regen
  je playerHP
all other usable values are hidden below a pointer and I don't know how to use them
 

Betcha

What is cheating?
Nov 26, 2017
12
0
1
#5
Do same, but instead of replacing value whats behind pointer, use it as your compare.
http://fearlessrevolution.com/viewtopic.php?f=16&t=4942
 

barashkafromRO

What is cheating?
Mar 13, 2017
25
0
1
#6
here is what I finally managed to complete with all my understanding.
Everything works, but newly built buildings will stay at low health because I simply removed the script that changes health in any direction. It works only for human player
Code:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048,ZX.Components.CLife::Entity_EventOnUpdate+30A) 
label(returnhere)
label(originalcode)
label(exit)
label(playerHP)
label(invalid)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here
  push rax
  mov rax,[rsi+18]
  cmp rax,0
  je invalid
  cmp byte [rax+15C], #0
  je playerHP
  jmp originalcode

playerHP:
  pop rax
  nop //mov [rsi+30],edx
  mov edx,[rsi+34]
  jmp returnhere

invalid:
  pop rax
  jmp returnhere

originalcode:
  pop rax
  mov [rsi+30],edx
  mov edx,[rsi+34]

exit:
  jmp returnhere

ZX.Components.CLife::Entity_EventOnUpdate+30A:
jmp newmem
nop
returnhere:


 
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
ZX.Components.CLife::Entity_EventOnUpdate+30A:
mov [rsi+30],edx
mov edx,[rsi+34]
//Alt: db 89 56 30 8B 56 34

Code:
{ Game   : TheyAreBillions.exe
  Version: 
  Date   : 2017-12-03
  Author : I tried and failed several times

  This script checks for player ID and
  makes human player units and
  buildings health from changing
}

[ENABLE]


aobscan(INJECT,89 56 30 8B 56 34) // should be unique
alloc(newmem,$1000,7FFE94C010AA)

label(originalcode)
label(return)
label(playerHP)
label(invalid)

newmem:
  push rax
  mov rax,[rsi+18]
  cmp rax,0
  je invalid
  cmp byte [rax+15C], #0
  je playerHP
  jmp originalcode

playerHP:
  pop rax
  nop //mov [rsi+30],edx
  mov edx,[rsi+34]
  jmp return

invalid:
  pop rax
  jmp return

originalcode:
  pop rax
  mov [rsi+30],edx
  mov edx,[rsi+34]
  jmp return

INJECT:
  jmp newmem
  nop
return:
registersymbol(INJECT)

[DISABLE]

INJECT:
  db 89 56 30 8B 56 34

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: 7FFE94C010AA

7FFE94C0108F: E8 FC 03 FC FF                 -  call 7FFE94BC1490
7FFE94C01094: 8B 90 14 01 00 00              -  mov edx,[rax+00000114]
7FFE94C0109A: 85 FF                          -  test edi,edi
7FFE94C0109C: 7D 04                          -  jnl 7FFE94C010A2
7FFE94C0109E: 33 D2                          -  xor edx,edx
7FFE94C010A0: EB 08                          -  jmp 7FFE94C010AA
7FFE94C010A2: 3B FA                          -  cmp edi,edx
7FFE94C010A4: 7E 02                          -  jle 7FFE94C010A8
7FFE94C010A6: EB 02                          -  jmp 7FFE94C010AA
7FFE94C010A8: 8B D7                          -  mov edx,edi
// ---------- INJECTING HERE ----------
7FFE94C010AA: 89 56 30                       -  mov [rsi+30],edx
7FFE94C010AD: 8B 56 34                       -  mov edx,[rsi+34]
// ---------- DONE INJECTING  ----------
7FFE94C010B0: 01 56 40                       -  add [rsi+40],edx
7FFE94C010B3: 83 7E 34 00                    -  cmp dword ptr [rsi+34],00
7FFE94C010B7: 7D 78                          -  jnl 7FFE94C01131
7FFE94C010B9: 48 BA 38 5A DE B2 82 01 00 00  -  mov rdx,00000182B2DE5A38
7FFE94C010C3: 48 8B 12                       -  mov rdx,[rdx]
7FFE94C010C6: 48 8B CE                       -  mov rcx,rsi
7FFE94C010C9: 48 8B 06                       -  mov rax,[rsi]
7FFE94C010CC: 48 8B 40 60                    -  mov rax,[rax+60]
7FFE94C010D0: FF 50 28                       -  call qword ptr [rax+28]
7FFE94C010D3: 48 8B CE                       -  mov rcx,rsi
}

Edit: no, sorry,, it somehow doesn't work and crashed my game I guess rax register that I used
The problem with crashing is presumably that I can't find what to use for a register during player ID check without causing crash.
The the part of the script that checks for player ID is working.
Edit2: ok, I just forgot to pop rax before originalcode, I noticed it when my units were invulnerable byt the moment when enemy took damage it crashed the game. It works now.