Solved Finding a way to access a specific value

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Yothri

Jr.Coder
Full Member
Nobleman
Sep 12, 2013
107
823
4
Hi,

i am currently trying to create some basic hack tool for the game Trove from TrionGames.
My problem is depending the players gravity.

I know the following:
If the player is not in water, its gravity is -29f
If the player is in water, its gravity is -4f

With only 2 scans i can find the correct address for the players gravity.
But as you guys know, this address is not static, so i need a method to access this address without searching it with cheat engine everytime.
Tried a pointer scan from cheat engine.
First pt scan worked, got a bunch of million pointers,
next pt scan found 0 pointers.

So i dont know why it found only 0 pointers then but i guess its because there is no pointer pointing to this address right?
Well i never had this issue before in other games so i only know a second method: Signature Scanning, but is there any other method than signature scanning ?

It would be awesome if someone could help me, the game has not even 1GB of download so it would be an afford but not too big.

Thanks in advance.
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,149
78,998
2,395
Hey, thank you for your answer. I am going to try this out, i also found out that the Health Pointer's offset added by 0x14 is the Energy of the player.
Is it possible to find out what the other values are only by watching them and recognizing what is happening ingame or is it also possible to reverse the variable names with IDA for example?
Wow cool it also seemed the player location is there. When i move there are some values moving, and when looking detailed at it, they are the same as the game shows ingame. But the memory contains those values multiple times. Why is a game holding the players location multiple times in memory? I also tried changing them, most values will instantly reset to their old value, but there are 3 values (x,y,z) that will move the player to the position i set it to but instantly set it back to their old value. It behaves like the values are instantly resetted because server tells location. Is it possible to teleport the player? What informations of teleporting can you give me?

Edit: Found also the gravity value there, but gravity and the 3 values for position are not valid when i changed map (allthough accessed trhough pointer).
alright you've just learned the most crucial step, everything will start to make more sense now.

Are you playing ONLINE? If so than it makes sense that values revert back to their old values, because the server has authority over those variables. But if those 3 coordinate variables moved your player temoporarily, you should use those in your hack. As for a teleport that may not be possible, you have to test.

You are inside the player object now. This is the most fun part of reversing, look at the variables and just play the game, watch as things change and try to discover what they are. The method you used to get your player object that I described you should apply to a bot/other player. Compare and contrast his and your player object and see what is the same and what is different using struct dissector. Start defining one variable at a time and don't stop until you get 90% of them. Then start to think, how can changing these variables give you an unfair advantage over the enemy? Get creative and push the limit

How to Hack Any Game pt 2 Rake

Pointer Scanning Like a Boss
 
Last edited:

Solaire

Respected Hacker
Dank Tier VIP
Dec 15, 2013
1,051
16,353
62
Hi,

i am currently trying to create some basic hack tool for the game Trove from TrionGames.
My problem is depending the players gravity.

I know the following:
If the player is not in water, its gravity is -29f
If the player is in water, its gravity is -4f

With only 2 scans i can find the correct address for the players gravity.
But as you guys know, this address is not static, so i need a method to access this address without searching it with cheat engine everytime.
Tried a pointer scan from cheat engine.
First pt scan worked, got a bunch of million pointers,
next pt scan found 0 pointers.

So i dont know why it found only 0 pointers then but i guess its because there is no pointer pointing to this address right?
Well i never had this issue before in other games so i only know a second method: Signature Scanning, but is there any other method than signature scanning ?

It would be awesome if someone could help me, the game has not even 1GB of download so it would be an afford but not too big.

Thanks in advance.
Pointer scan, find one where the address is being referenced by address in asm (i.e. mov ebx, [0050F4F4]), and pattern scan for it. Then after you've pat scanned, just rip the addy out every time you play. Either that or keep looking for a pointer that sticks (Try manually pattern scanning).
 

Yothri

Jr.Coder
Full Member
Nobleman
Sep 12, 2013
107
823
4
Hi, thanks for fast answer.
Well manually pattern scanning i fail everytime and the problem is i dont know why.

I would try it with OllyDbg and the SigMaker plugin but Trove doesnt let me attach ollydbg to it. Olly says could not attach, and also dunno why.
Well only the first pt. scan works with million addresses. So you say i need to find one of them that references like this mov ebx, [DEADBEEF]. Well i dont have much knowledge in assembly but i will give it a try.

Cant i simply right click the address -> browse memory region and copy some bytes, restart game, lookup same value address and look what bytes changed from the ones before and make a signature by that?
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,149
78,998
2,395
Pointer scanner has never ever ever ever failed me, every single time it failed it was user error :( Keep trying.

Did you find a health pointer? How many pointers in your cheat engine career have you properly located?
 

Yothri

Jr.Coder
Full Member
Nobleman
Sep 12, 2013
107
823
4
Rake;37058 said:
Pointer scanner has never ever ever ever failed me, every single time it failed it was user error :( Keep trying.

Did you find a health pointer? How many pointers in your cheat engine career have you properly located?
Actually very much, i am providing a Guild Wars 2 Multihack on my site which requires me to find a pointer every update of the GW2.exe
Everytime i am successful using the pointer scanner but not for Trove. I dont know why.

I mean if i am in water i scan -4f, if above water i scan -29f -> doing 2 scans will give me only one address which is the correct one because when changing to +200 i am flying in the air (its gravity address).
So i double clicked the address -> rightclick -> Pointer scan -> million addresses.
Restart Trove ->reattach CE -> search the value again -> found it -> copied the address -> pointer scan -> pasted address into rescan of pointer scan -> it scans -> 0 pointers.

Edit: I tried the same with Health Points now, and on second pointer scan it found 141 Pointer Addresses. So i guess with Health it works as expected.
But gravity address is still a mystery for me.
 
Last edited:

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,149
78,998
2,395
Actually very much, i am providing a Guild Wars 2 Multihack on my site

I tried the same with Health Points now, and on second pointer scan it found 141 Pointer Addresses. So i guess with Health it works as expected.
Ok so from those 141 pointers you should find only a few that are 100% reliable on reload of the game. Now take those pointers and remove the last offset. This is probably the address of the player object, in which health is a class variable. Most likely gravity is also a variable of that class object. Not 100% guaranteed but a 90% most likely possibility.

The other possibility is that gravity is only calculated when necesary and is not stored anywhere. In this case you will have to find the instructions that calculates it.
 

Yothri

Jr.Coder
Full Member
Nobleman
Sep 12, 2013
107
823
4
Rake;37090 said:
The other possibility is that gravity is only calculated when necesary and is not stored anywhere. In this case you will have to find the instructions that calculates it.
Hey, thank you for your answer. I am going to try this out, i also found out that the Health Pointer's offset added by 0x14 is the Energy of the player.
Is it possible to find out what the other values are only by watching them and recognizing what is happening ingame or is it also possible to reverse the variable names with IDA for example?
Wow cool it also seemed the player location is there. When i move there are some values moving, and when looking detailed at it, they are the same as the game shows ingame. But the memory contains those values multiple times. Why is a game holding the players location multiple times in memory? I also tried changing them, most values will instantly reset to their old value, but there are 3 values (x,y,z) that will move the player to the position i set it to but instantly set it back to their old value. It behaves like the values are instantly resetted because server tells location. Is it possible to teleport the player? What informations of teleporting can you give me?

Edit: Found also the gravity value there, but gravity and the 3 values for position are not valid when i changed map (allthough accessed trhough pointer).
 
Last edited:

Yothri

Jr.Coder
Full Member
Nobleman
Sep 12, 2013
107
823
4
Wow, thank you so much, yes i am playing online, so next step would be to find the player array or something like that. I already got a first idea on what to create. A player radar which represents as an overlay. Because the game has no mini map included and its nice to have feature if there is a mini map where you can see all your friends wihtout accessing the game map everytime.

Depending teleporting, the server has control only about this 3 variables. I mean somehow the server is told that my character moves, so the coordinates are told to server somehow, so it must be possible somehow to send "fake" coordinates? Like hooking into the packet encryption method and take a look at the move packet and send it just faked? Do you have knowledge about that? First problem will be the packet encryption i guess and most problem is, Trove is not debuggable with OllyDbg. It blocks it some kind of Anti-Debug system or so.

And another question, an offset mostly is a new locatation to an object of a class. But how do i know where the class ends?
 
Last edited:

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,149
78,998
2,395
Wow, thank you so much, yes i am playing online, so next step would be to find the player array or something like that. I already got a first idea on what to create. A player radar which represents as an overlay. Because the game has no mini map included and its nice to have feature if there is a mini map where you can see all your friends wihtout accessing the game map everytime.

Depending teleporting, the server has control only about this 3 variables. I mean somehow the server is told that my character moves, so the coordinates are told to server somehow, so it must be possible somehow to send "fake" coordinates? Like hooking into the packet encryption method and take a look at the move packet and send it just faked? Do you have knowledge about that? First problem will be the packet encryption i guess and most problem is, Trove is not debuggable with OllyDbg. It blocks it some kind of Anti-Debug system or so.
Don't get ahead of yourself, you haven't written your first trainer yet and you're jumping straight to packet modification. regarding Trove's anti-debug technique, we have an anticheat section and a search function, this question has been asked many times
 

Yothri

Jr.Coder
Full Member
Nobleman
Sep 12, 2013
107
823
4
Allright, i am just going to research some things now first and write my first small trainer for this game. Whatever it will be doing then xD
Thank you.

Edit: So i found one other player's health and position and such and i have some trouble getting other players.
For now, this is the other player i found:
Cheat Engine Pointer Image (Sorry for hyperlink, but image doesnt work somehow).

The third offset (0x2c) indexes the player as far as i realized that, i know that because i increased this value and some bytes later there was another value that could be the HP of another player. Problem is, the amount between those increasings are different which seems to me that the object's size differs. Is this possible? How do i find out when the next player comes?
 
Last edited:
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Similar threads

Community Mods