Difference between revisions of "Tutorials:Create cheat table full:Finding player base"
m |
m |
||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
[[Category:Tutorial]] | [[Category:Tutorial]] | ||
− | <!-- Tutorials:Create_cheat_table_full: | + | <!-- Tutorials:Create_cheat_table_full:Finding_player_base --> |
− | {{DISPLAYTITLE:Creating a cheat table - | + | {{DISPLAYTITLE:Creating a cheat table - Player Base}} |
This page is a sub page of: [[Tutorials:Create_cheat_table_full|Creating a cheat table - Full guide]] | This page is a sub page of: [[Tutorials:Create_cheat_table_full|Creating a cheat table - Full guide]] | ||
Line 9: | Line 9: | ||
[[File:Tutorials.Dishonored.PlayerBase.01.png|border]] | [[File:Tutorials.Dishonored.PlayerBase.01.png|border]] | ||
+ | |||
+ | |||
+ | === Step 1 === | ||
Let's scan for the base address. | Let's scan for the base address. | ||
Line 64: | Line 67: | ||
Then at this point I will restart the game a few times and see if it still works. | Then at this point I will restart the game a few times and see if it still works. | ||
+ | |||
+ | |||
+ | === Step 2 === | ||
So after some restarts my pointer is still good. | So after some restarts my pointer is still good. | ||
Line 85: | Line 91: | ||
− | + | ||
− | + | {{Tutorials:Create_cheat_table_full:links}} | |
− | |||
− | |||
− | |||
− |
Latest revision as of 20:55, 30 December 2017
This page is a sub page of: Creating a cheat table - Full guide
So now after a restart this is my table, I'm using a script to quickly find the coordinates base.
Step 1[edit]
Let's scan for the base address.
On the first scan I got a static address but then I move around in game just to see if I can get any values to change.
Now I find it's best to save as much information as possible, so in a text file save the debugger outputs.
Here is the code of the first level's instruction.
Dishonored.AK::SoundEngine::StartOutputCapture+2040C8 - F3 0F5C 8E C8000000 - subss xmm1,[esi+000000C8] Dishonored.AK::SoundEngine::StartOutputCapture+2040D0 - F3 0F10 83 C4000000 - movss xmm0,[ebx+000000C4] <<<< Dishonored.AK::SoundEngine::StartOutputCapture+2040D8 - F3 0F5C 86 C4000000 - subss xmm0,[esi+000000C4] Dishonored.AK::SoundEngine::StartOutputCapture+2040E0 - 0F28 DA - movaps xmm3,xmm2
Here is the debugger output for the 2nd level.
0056A09B - 0B C2 - or eax,edx 0056A09D - 75 22 - jne Dishonored.AK::MemoryMgr::GetPoolName+917B1 0056A09F - 8B 41 24 - mov eax,[ecx+24] <<<< 0056A0A2 - 8B 49 48 - mov ecx,[ecx+48] 0056A0A5 - 3B C8 - cmp ecx,eax EAX=30557800 EBX=01B8FCC8 ECX=0C851AC0 EDX=00000000 ESI=0C851AC0 EDI=0FDAFC20 ESP=01B8FB3C EBP=01B8FBB0 EIP=0056A0A2
I managed to find a static address with the first try, all i can do is set it up and keep an eye on it to see if it keeps working.
So let's setup our pointer we found, it only has one offset of +24.
- X Coord.
- float
[Dishonored.exe+1052DE8]+C4
- Z Coord.
- float
[Dishonored.exe+1052DE8]+C8
- Y Coord.
- float
[Dishonored.exe+1052DE8]+CC
Then at this point I will restart the game a few times and see if it still works.
Step 2[edit]
So after some restarts my pointer is still good.
But this may not be the real player base the only way to know is to find more values and connect then as best we can, and we can also use the dissect data structure tool (in the memory view form press Ctrl+D.
I prefer to do some basic checking with the dissect data structure tool, but count on finding other values and connecting them to the base address.
You could also use the pointer scanner for a base address, if you keep hitting dead ends, but these my only point to dead ends and have no results after a few rescans.
So now let's find the player health: Finding the player health