Jump to content
Sign in to follow this  
UnknownWarrior

Making your own CheatEngine....

Recommended Posts

UnknownWarrior

Could this be done? I would assume CE uses some what of a bruteforce method by just searching from 0x0000000 to 0x999999..... But it is done SO fast.....

Does anyone have any ideas on HOW they did it... And if my theory is right, how could one go about making his own AutoIt script scan that fast?

What I have done so far is like:

While 1
$hey = _MemoryRead(0x000005, **)
If $hey = *Search* Then
   YAY
Else
   $hey += 1
Endif
WEnd

Of course that isn't quite a valid script, but you get the point. My friend said he did test it increasing in 4's (4-byte or somethin his address was on thats why he increased in 4's...).... He said it could get 1000-2000 addresses in 1 second with a constant loop.... But we did the math and to get from like 0x1000 to 0x4000 it would take over an hour... (Or something close to that)

Anyways, any theories/help would be great :)

Share this post


Link to post
Share on other sites
jebus495

Could this be done? I would assume CE uses some what of a bruteforce method by just searching from 0x0000000 to 0x999999..... But it is done SO fast.....

Does anyone have any ideas on HOW they did it... And if my theory is right, how could one go about making his own AutoIt script scan that fast?

What I have done so far is like:

While 1
$hey = _MemoryRead(0x000005, **)
If $hey = *Search* Then
   YAY
Else
   $hey += 1
Endif
WEnd

Of course that isn't quite a valid script, but you get the point. My friend said he did test it increasing in 4's (4-byte or somethin his address was on thats why he increased in 4's...).... He said it could get 1000-2000 addresses in 1 second with a constant loop.... But we did the math and to get from like 0x1000 to 0x4000 it would take over an hour... (Or something close to that)

Anyways, any theories/help would be great :)

I think you'll find that the attitude towards using AutoIt to cheat at any game is fairly negative. It isn't likely you'll find much assistance.

Share this post


Link to post
Share on other sites
UnknownWarrior

I realize that... I'm not going to find a way to lie and say its for another use, because, it isn't. I kind of look at it this way... Think of a murderer... No one likes them, but there are councilors out there that will help them no matter what they have done... If that makes any sense xD

I just hope someone can help out :S

Share this post


Link to post
Share on other sites
Inverted

What math did you do, man ? Seriously, I've made a memory searcher in autoit and I haven't timed it, but it can search kinda quickly.

(Of course to do it properly I'm making a dll in asm)

My autoit script is using a MemoryRead loop to search for the first dword of the search pattern. I just tested it now, it took about a minute to search from 400000h to 6E9E4Ah.

I can't believe you thought (calculated!) it would take over an hour to search 3000h bytes, I can search faster than that by looking at the hex dump in a debugger, lol :)

EDIT: Also, jebus is a little confused. Cheating is pefectly fine, but only in single player games.

Edited by Inverted

Share this post


Link to post
Share on other sites
jebus495

EDIT: Also, jebus is a little confused. Cheating is pefectly fine, but only in single player games.

I'm a bit tired I guess. What I meant by that was if you use the word "cheat" in the topic and don't clarify that it's being used for mostly benign purposes (single player cheats for AutoIt practice is a fun way to learn.) then most people will likely pay little attention to your needs.

Share this post


Link to post
Share on other sites
JRowe

It's probably fine to create a cheat engine clone using only AutoIt. You can do some pretty snazzy things using only the UDF's available in the example forum, just start out by searching the threads in the example forums containing links to nomad's memory functions.

Cheat engine functionality is not only useful for cheating, but creating game interfaces and various other things.

Share this post


Link to post
Share on other sites
UnknownWarrior

Like I said, me and my friend did the calculations... He gave me how many need to be searched from 0x0 to 0x4 and I did the calculations basd off of his test of 1000-2000 searches in a second.

And I'm not going to lie, this IS for a multiplayer game. Maybe you can respect my honesty, idk :S. I not personally using this program though, I'll be giving it to a friend or two of mine that play the game that I once played. (And I'll make sure they use it reasonably, not overdoing it).

Thanks for anymore help? :)

Share this post


Link to post
Share on other sites
Inverted

Well, go ahead. Open the target process and do a for loop to search for the bytes using MemoryRead.

Share this post


Link to post
Share on other sites
UnknownWarrior

Well, go ahead. Open the target process and do a for loop to search for the bytes using MemoryRead.

My while loop example from first post.... Would that be capable of working?

Share this post


Link to post
Share on other sites
UnknownWarrior

My while loop example from first post.... Would that be capable of working?

.... :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×