Can help with multilevel pointers find?

Anything Cheat Engine related, bugs, suggestions, helping others, etc..
Garrett Dark
Novice Cheater
Novice Cheater
Posts: 15
Joined: Wed May 08, 2019 7:20 am
Reputation: 22

Re: Can help with multilevel pointers find?

Post by Garrett Dark » Wed May 08, 2019 8:03 am

@chusski

Hi, I think the problem you're encountering with the hit points in this particular game is specific to the game itself.

I'm not really good at all this myself, but I have used pointer scans and AOB Code Injections methods to make pointers and scripts which act as pointers in many games before with success. I've been playing with this game for the past 4 days, and it's been incredible frustrating and unsuccessful for hit points. The best I could do is for status effects granted by items, but they keep resetting every map change, and merely when looking at the "Stickers" screen.

To be specific, I'm running "The_Swords_of_Dittov1.14.01-202". All the codes that read/write to the hit points memory location are utilized by many other memory addresses, so AOB code injection won't work to my understanding. I've pointer scanned using 3 maps, Offset 2047 Level 5 fails to find any results. I then tried Offset 9047 Level 4, got a lot of results but none of them stayed when the game was restarted. Same thing with Offset 5047 Level 5 scan, and Offset 2047 Level 6 scan.

Maybe I'm using the scans inefficiently, but to my understanding increasing the offset and levels should reveal trickier pointers that are common in all three maps I was using (it has before). My total guess (as I said, I'm not very good at this myself) is that there's nothing in common with the three maps. That the game does something weird for hit points and how it stores it in memory, like it's different every time.

So if you're using this game to learn code injection method or pointer scanning, this might not be the best game to learn on.

chusski
Cheater
Cheater
Posts: 39
Joined: Sat Sep 08, 2018 8:25 pm
Reputation: 6

Re: Can help with multilevel pointers find?

Post by chusski » Wed May 08, 2019 1:25 pm

Hi guys

I chose this game thinking it would be an easy one.

Comrade Garrett Dark, added his trainer and his experience in this thread: viewtopic.php?f=4&t=6598&p=88845#p88994

You can have an eye, but it seems that your experience has also been crazy.

Good job and Thank you very much for sharing your work. Garrett Dark

Add la info of the table from him:

Code: Select all

{
NOTES (This is not actually a script)

The Swords of Ditto
v1.14.01-202

GENERAL NOTES
- The game appears to store all values in Double

INVENTORY ITEMS WITH NUMBER COUNT
- 5 (Double) = 5 items
= Can be editted in CE to exceed the usual 5 cap, change is permanent ingame. So just search and edit as needed.
- Finding an item which was editted above the 5 cap resets the item quanity to the cap. This appears to be only for bombs and such.
- Later in the game the 5 cap can be increased ingame
- Item upgrade components items are capped at 99

STATUS EFFECTS
- Effects that Stickers applies (Fire Atk & Res, Ether, Poison, Etc)
- Fire, Ether, Poison Atk & Res stored as Double value 0.00 to 1.00 (0% to 100%), can exceed 100%
- Changing Map Locations ingame changes memory storage locations
- Pointer Scans at Offset 2047 Level 5 takes a long time and fails to find valid pointers
- Continual reading opcodes reading memory location of Status effect not viable, too many other memory locations use same code
- Can use Continual reading opcode ie. "movsd xmm0,[ebx]" to find all Status Effect Atk & Res by "finding out all addreess that access it" in Memory Viewer of CE
- Status Effects values appear to reset when changing stickers and when enterting and exiting the sticker screen
- Static opcode that resets value viable, only one status effect uses it
- Static opcode looks something like this "mov [edi],00000000" for each status effect
= Using AOB Injection Lookup Script method
- AOB Lookups are can be enbaled right away, but pointers not found until a sticker is changed ingame
- Values seem to stick after ingame map location change as long as Stickers Screen not looked at
= LOCKING VALUES IN CE WILL CRASH GAME: During ingame Map Location change. Memory locations change and script slow to update, wrong memory locations values are messed up with CE Locking Values, thus crash

HITPOINTS
- 100hp = 100 (Double)
- Can be easily found, but memory location changes with ingame map change
- Can't AOB Lookup because Continual and Static opcodes reading memory locations all not viable
* Pointer Scan (3 maps): Offset 2047 Level 5 = failed, 0 results
* Pointer Scan (3 maps): Offset 9047 Level 4 = Success, 92005 Results Found
- None of the 92005pp held aftert game restarted
* Pointer Scan (3 maps): Offset 5047 Level 5 = Success, 541376 Results Found (in about 2:25hrs scan time)
- None of the 541376pp held aftert game restarted
* Pointer Scan (3 maps): Offset 2047 Level 6 = Sucess, 428531 Results Found
- None of the 428531pp held aftert game restarted
* Pointer Scan (3 maps): Offset 2047 Level 9 = failed, 19:03hrs so far and 0 results, aborting scan
= Giving up on HP; Rengeration, Armor, Max HP cheats good enough
= Another alternative, there's a Piggy Bank Sticker which makes hits subtract from money instead (though status effects still damage), money can be editted to a very high value

ARMOR BONUS
- No Bonus = 1.00 (Double), 6% bonus = 1.06 (Double), 100% bonus = 2.00 (Double). Can exceed 100%
- 100% doesn't fully block all damage, this bonus appears to be a reduction bonus
- At 1000% (11.00 Double) still taking damage
- At 2000% (21.00 Double) damage appears to be less than 1 HP
= AOB Lookup viable, as per Status Effects there is a resetting code when looking at Stickers Screen. "mov [edi],00000000"

ATTACK BONUS
- No Bonus = 1.00 (Double), 6% bonus = 1.06 (Double), 100% bonus = 2.00 (Double). Can exceed 100%
- Same as Armor Bonus
= AOB Lookup viable, as per Status Effects there is a resetting code when looking at Stickers Screen. "mov [edi],00000000"

MONEY
- 100 money is 100 (Double)
- Continual Read opcode "movsd xmm0,[esi]" viable for AOB Lookup Method

CELESTRIAL FRAGMENTS
- 1 (Double) = 1 Celestrial Fragment
= AOB not viable, but like money/items only require a one time edit

SWORD XP
- Continual & Static Read/Write opcodes not viable for AOB Lookup Method
= Just use the pointer the other cheat has

ENERGY
- Value is 100 (Double) when Energy Bar is Full
- Continual & Static Read/Write opcodes not viable for AOB Lookup Method
* Pointer Scan (3 maps): Offset 2047 Level 5 = failed, 0 results
* Pointer Scan (3 maps): Offset 5047 Level 3 = failed, 0 results, instantly
* Pointer Scan (3 maps): Offset 9047 Level 3 = failed, 0 results, instantly
* Pointer Scan (3 maps): Offset 9047 Level 4 = Success, 2 Results Found
- 2pp found did not hold when game restarted

HP Regneration
- 1 (Double) = 100%, 0.1 (Double) = 10%
- Values unlike Attack and Armor Bonus, base is not 1 but rather at 0 (Double)
= AOB Lookup viable, as per Status Effects there is a resetting code when looking at Stickers Screen. "mov [edi],00000000"

Max HP Bonus
- 1.01 (Double) = 1%, 2.00 (Double) = 100%
- Like Attack & Armor Bonus
= AOB Lookup viable, as per Status Effects there is a resetting code when looking at Stickers Screen. "mov [edi],00000000"

LUCK
- 0.01 (Double) = 1 Luck, 1.00 (Double) = 100 Luck
= AOB Lookup viable, as per Status Effects there is a resetting code when looking at Stickers Screen.
- Resetting code slightly different than Armor, Attack Bonus, and etc. "mov [edi],47AE147B" instead of moving 00000000 into edi. But in terms of AOB lookup script it makes no difference for cheating purposes

SHIELD BREAK
- 0.10 (Double) = 10%, 1.00 (Double) = 100%
= AOB Lookup viable, as per Status Effects there is a resetting code when looking at Stickers Screen. "mov [edi],00000000"

DROP RATE
- 0.06 (Double) = 6%, 1.00 (Double) = 100%
= AOB Lookup viable, as per Status Effects there is a resetting code when looking at Stickers Screen. "mov [edi],00000000"

TP RENGERATION
- 1 (Double) = 100%, 0.1 (Double) = 10%
= AOB Lookup viable, as per Status Effects there is a resetting code when looking at Stickers Screen. "mov [edi],00000000"

STICKER ABILITIES
- 1 (Double) = Equipped, 0 (Double) = Not Equipped
= AOB Lookup viable, as per Status Effects there is a resetting code when looking at Stickers Screen. "mov [edi],00000000"


}
What you think about?

chusski
Cheater
Cheater
Posts: 39
Joined: Sat Sep 08, 2018 8:25 pm
Reputation: 6

Re: Can help with multilevel pointers find?

Post by chusski » Wed May 08, 2019 5:43 pm

Hi guys

Finally find something to put the infinite life or modify it.
Ver: v1.14.01-202

But you need to get hit every time you change the map or restart the game before you can locate the pointer. AOB dont work. Need put bytes on scan.

BYTES:

Code: Select all

?0 ?? ?? ?? 60 C6 A3 03 ?4 ?? ?? 00 88 A0 A3 03 ?0 ?? ?? ?? 98 B7 43 03 88 A0 A3 03 01 00 ?? ?? ?? ?? ?? ?? 3? 3? 3? 3? 3? ?? ?? 4? 4? 4? ?? 20 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
AOB:

Code: Select all

[ENABLE]
aobscanmodule(health,The_Swords_of_Ditto.exe,?0 ?? ?? ?? 60 C6 A3 03 ?4 ?? ?? 00 88 A0 A3 03 ?0 ?? ?? ?? 98 B7 43 03 88 A0 A3 03 01 00 ?? ?? ?? ?? ?? ?? 3? 3? 3? 3? 3? ?? ?? 4? 4? 4? ?? 20 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??)
label(dittohealth)
registersymbol(dittohealth)

health:
dittohealth:

[DISABLE]
unregistersymbol(dittohealth)
I have 2 questions:
1-I have obtained the line of bytes, which if placed in the search engine (after receiving a hit), gives the pointer of life. (While you are in that map or game)
But adding it to an AOB, it does not locate it.
How can i solve this?

2-How could you solve the issue that they have to hit you to be able to look for the pointer?

Can you giev a hand with that?
Thank you very much to all.

Twistedself
Noobzor
Noobzor
Posts: 12
Joined: Sat Jun 30, 2018 12:38 am
Reputation: 12

Re: Can help with multilevel pointers find?

Post by Twistedself » Thu May 09, 2019 11:33 pm

chusski wrote:
Tue May 07, 2019 5:19 pm

What i need do next? compare the hundreds of addresses that come out?
In the tutorial Step 9 only 4 and it is easy to find the differences, more or less ....
If i compare the 3 address that have 1 counter, really dont know what i am looking for...

thx again
In the tutorial on step 9,(I recommend watching a video) it will have you build data structs from each player and then look at the code to find a constant to cmp. In the tutorial it ended up being really simple if I remember it was just a switch 01 represented first player or something. then just did a
cmp Me, 1
jne End

just an easy cmp. But you can compare the stucts and usually find many things that are unique to the player.
And any of these will do just fine.

I am almost sure Tim is correct and this is a shared instruction that acts on the health of all players. Without a cmp it won't work right. You could just test it by nopping the instruction and seeing if it allows enemy health to drop.


Didn't see the new page of post! Sounds like you might have a bolean that starts the "health" code. If you could find the switch that happens when you first take damage by scanning 0 before 1 after? Maybe you could find the switch and then add that to the code.

Twistedself
Noobzor
Noobzor
Posts: 12
Joined: Sat Jun 30, 2018 12:38 am
Reputation: 12

Re: Can help with multilevel pointers find?

Post by Twistedself » Thu May 09, 2019 11:57 pm

Code: Select all

[ENABLE]
aobscanmodule(health,The_Swords_of_Ditto.exe,?0 ?? ?? ?? 60 C6 A3 03 ?4 ?? ?? 00 88 A0 A3 03 ?0 ?? ?? ?? 98 B7 43 03 88 A0 A3 03 01 00 ?? ?? ?? ?? ?? ?? 3? 3? 3? 3? 3? ?? ?? 4? 4? 4? ?? 20 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??)
label(health)
label(healthOrig)
alloc(healthCode, 2048)
registersymbol(healthOrig)
registersymbol(wantedHealth)

healthCode:
cmp ?????,1      //make your compare to make sure it is your turn. or that you are not enemy- if needed
jne healthReturn     //jump not equal to healthReturn
mov ? , [wantedHealth]                // move the wanted health into You, where ever it's being stored in your orig code
//instructions from your orig code to finish it goes here

wantedHealth:
dd (float) 38274            //If its a float value make sure you say it is. Then the number you want to be plugged in
(You could also add this in your move instruction if you don't want the option for user input health) 

healthReturn:
[DISABLE]
jmp healthOrig


unregistersymbol(healthOrig)
unregistersymbol(wantedHealth)
dealloc(healthCode)
I can't afford to buy any games atm, so all I can do.

chusski
Cheater
Cheater
Posts: 39
Joined: Sat Sep 08, 2018 8:25 pm
Reputation: 6

Re: Can help with multilevel pointers find?

Post by chusski » Fri May 10, 2019 4:56 am

;) Thx very much for help Twistedself . i will try this.

User avatar
VampTY
Table Makers
Table Makers
Posts: 100
Joined: Tue Mar 05, 2019 10:52 am
Reputation: 64

Re: Can help with multilevel pointers find?

Post by VampTY » Fri May 10, 2019 3:18 pm

I've updated to 1.16.01.202 ..now, i have an incredible lag in the game while trying to find the enemies health.Making compares is easy.There's 4 nops for it by the way, so for a full injection script or aob, those from bellow will be added in the newmem, i'll give some example :

cmp movsd xmm1,[esi+...]
jne code
nop
nop
nop
nop
jmp return


What to add in esi+...? Well that's the thing, when i want to see what's the thing, it adds an insane amount of values, the only static value is the double value from the health address, the other values change with an insane speed and duplicate fast.Try and let me know if it's only on me, if so, i'll change this CE version (using 6.8.3).

So, in that esi+... you need to add only some offset, no address though, like 32 or whatever it will be, you need to find a difference on the same line, example with 3 enemies and you (4 in total), meaning you in a single group and the rest in a different group:

3 0 0 0
or
1 0 0 0
or
100 15 15 15


Something like that, the values on the left are your life (3/1/100), so you add the offset from left.

Here's an example with a movsd, how i deal with them and worked for me...this code works for others , for all double values, in here it crashed the thing, no error no nothing, so this code is the real thing, not for this though.


-----
alloc(myval,4) or 8 .........you add this to allocate your new value, that "myval" is a just a name

myval:
dq (double) 100
... dq is for double and for 64, dd is for 32 and 4 byte, dw for 2 byte, db for byte..that 100, a value. it can be also 0 like dq 0


------
newmem:
fld qword ptr [myval] ........ that code fld qword ptr will replace movsd/addsd/subsd etc and that [myval] adds that value 100 (or whatever the value is) replacing esi
....
dealloc(myval) ....... it's a must to add it at the end



Other way i do them and i repeat it works for others, the code is good, not in here, perhaps it will help you or help others who will encounter for example :
These are double values by the way, the worst thing ever!

fstp qword ptr [esi+1]
fld qword ptr [esi+1]



you do them like this:

newmem:
fstp st(0)
fld qword ptr [esi+1]

code:
fstp qword ptr
fld qword ptr [esi+1]


You can use it even for dword, add instead of q add d, meaning dword.That was an example, this is for those when your life isn't shared, so you don't need to do any compares and instead add those simple codes and it will work.

After all this, if i won't experience that lag while trying to see the enemies health, again, i'll do it, so far no luck!If you're lucky without any lag, post a screen with them , with that dissect.Also the health will be near 0, since the offset is 0, so enemies will have their health around that number, look for differences.

V.

Post Reply

Who is online

Users browsing this forum: No registered users