How to create..SpeedHack with cheat engine..

05/03/2020 11:23 kuma96#1
Hi everyone i am looking for a guide for a speedhack in bdo ..
I have searched for many places but never a jus .. and the post is too old ..
or maybe something similar to understand I have to find the right values.
05/03/2020 12:31 __chkstk#2
Hello, here is a simple tutorial for you.

First, scan this:
Code:
*LocalPlayer: 48 8B 0D ?? ?? ?? ?? 48 ?? ?? 0F 84 ?? ?? ?? ?? 80 ?? ?? ?? ?? ?? ?? 0F 85 ?? ?? ?? ?? 48 8B ??
Code:
BlackDesert64.exe+2BE95E - 48 8B 0D 53A78803     - mov rcx,[BlackDesert64.exe+3B490B8] { (0) }
BlackDesert64.exe+2BE965 - 48 85 C9              - test rcx,rcx
BlackDesert64.exe+2BE968 - 0F84 23010000         - je BlackDesert64.exe+2BEA91
BlackDesert64.exe+2BE96E - 80 3D B8FB8303 00     - cmp byte ptr [BlackDesert64.exe+3AFE52D],00 { (0),0 }
BlackDesert64.exe+2BE975 - 0F85 16010000         - jne BlackDesert64.exe+2BEA91
So, as you can understand, [BlackDesert64.exe + 3B490B8] gonna give my local. (It seems 0 because Im not in the game.)

So, now you need to find movespeed offsets. For this, your brother took a signature for automatically find these necs offsets...

Code:
Offsetmain_Adr: 89 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 45 84 FF 74 ?? 83 E9 01 74 ?? 83 F9 01 75 6D 41 8D 0C 1E 33 CE ?? ?? ?? ?? ?? ?? ?? ?? 8D 0C 1A 33 CE 33 DE 89 ?? ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? ?? EB 48
When you scan it you will have this result:
Code:
BlackDesert64.exe+77A599 - 89 B4 87 580B0000     - mov [rdi+rax*4+00000B58],esi
BlackDesert64.exe+77A5A0 - 44 89 A4 87 640B0000  - mov [rdi+rax*4+00000B64],r12d
BlackDesert64.exe+77A5A8 - 45 84 FF              - test r15l,r15l
BlackDesert64.exe+77A5AB - 74 54                 - je BlackDesert64.exe+77A601
BlackDesert64.exe+77A5AD - 83 E9 01              - sub ecx,01 { 1 }
BlackDesert64.exe+77A5B0 - 74 2A                 - je BlackDesert64.exe+77A5DC
So,
Code:
movespeedoffset = 0x0B58
attackspeedspeedoffset = movespeedoffset + 0x4 = 0x0B5C
castspeedoffset = movespeedoffset + 0x8 = 0x0B60
Have a nice day :)
05/03/2020 15:43 calipso888#3
Quote:
Originally Posted by nader11ndeu View Post
Hello, here is a simple tutorial for you.

First, scan this:
Code:
*LocalPlayer: 48 8B 0D ?? ?? ?? ?? 48 ?? ?? 0F 84 ?? ?? ?? ?? 80 ?? ?? ?? ?? ?? ?? 0F 85 ?? ?? ?? ?? 48 8B ??
Code:
BlackDesert64.exe+2BE95E - 48 8B 0D 53A78803     - mov rcx,[BlackDesert64.exe+3B490B8] { (0) }
BlackDesert64.exe+2BE965 - 48 85 C9              - test rcx,rcx
BlackDesert64.exe+2BE968 - 0F84 23010000         - je BlackDesert64.exe+2BEA91
BlackDesert64.exe+2BE96E - 80 3D B8FB8303 00     - cmp byte ptr [BlackDesert64.exe+3AFE52D],00 { (0),0 }
BlackDesert64.exe+2BE975 - 0F85 16010000         - jne BlackDesert64.exe+2BEA91
So, as you can understand, [BlackDesert64.exe + 3B490B8] gonna give my local. (It seems 0 because Im not in the game.)

So, now you need to find movespeed offsets. For this, your brother took a signature for automatically find these necs offsets...

Code:
Offsetmain_Adr: 89 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 45 84 FF 74 ?? 83 E9 01 74 ?? 83 F9 01 75 6D 41 8D 0C 1E 33 CE ?? ?? ?? ?? ?? ?? ?? ?? 8D 0C 1A 33 CE 33 DE 89 ?? ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? ?? EB 48
When you scan it you will have this result:
Code:
BlackDesert64.exe+77A599 - 89 B4 87 580B0000     - mov [rdi+rax*4+00000B58],esi
BlackDesert64.exe+77A5A0 - 44 89 A4 87 640B0000  - mov [rdi+rax*4+00000B64],r12d
BlackDesert64.exe+77A5A8 - 45 84 FF              - test r15l,r15l
BlackDesert64.exe+77A5AB - 74 54                 - je BlackDesert64.exe+77A601
BlackDesert64.exe+77A5AD - 83 E9 01              - sub ecx,01 { 1 }
BlackDesert64.exe+77A5B0 - 74 2A                 - je BlackDesert64.exe+77A5DC
So,
Code:
movespeedoffset = 0x0B58
attackspeedspeedoffset = movespeedoffset + 0x4 = 0x0B5C
castspeedoffset = movespeedoffset + 0x8 = 0x0B60
Have a nice day :)
kek :D
05/03/2020 22:53 kuma96#4
Thanks
05/04/2020 01:54 Farolly#5
Don't forget patch isClean flag in few packets :kappa:
05/09/2020 14:56 Epiral#6
Quote:
Originally Posted by nader11ndeu View Post
Hello, here is a simple tutorial for you.

First, scan this:
Code:
*LocalPlayer: 48 8B 0D ?? ?? ?? ?? 48 ?? ?? 0F 84 ?? ?? ?? ?? 80 ?? ?? ?? ?? ?? ?? 0F 85 ?? ?? ?? ?? 48 8B ??
Code:
BlackDesert64.exe+2BE95E - 48 8B 0D 53A78803     - mov rcx,[BlackDesert64.exe+3B490B8] { (0) }
BlackDesert64.exe+2BE965 - 48 85 C9              - test rcx,rcx
BlackDesert64.exe+2BE968 - 0F84 23010000         - je BlackDesert64.exe+2BEA91
BlackDesert64.exe+2BE96E - 80 3D B8FB8303 00     - cmp byte ptr [BlackDesert64.exe+3AFE52D],00 { (0),0 }
BlackDesert64.exe+2BE975 - 0F85 16010000         - jne BlackDesert64.exe+2BEA91
So, as you can understand, [BlackDesert64.exe + 3B490B8] gonna give my local. (It seems 0 because Im not in the game.)

So, now you need to find movespeed offsets. For this, your brother took a signature for automatically find these necs offsets...

Code:
Offsetmain_Adr: 89 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 45 84 FF 74 ?? 83 E9 01 74 ?? 83 F9 01 75 6D 41 8D 0C 1E 33 CE ?? ?? ?? ?? ?? ?? ?? ?? 8D 0C 1A 33 CE 33 DE 89 ?? ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? ?? EB 48
When you scan it you will have this result:
Code:
BlackDesert64.exe+77A599 - 89 B4 87 580B0000     - mov [rdi+rax*4+00000B58],esi
BlackDesert64.exe+77A5A0 - 44 89 A4 87 640B0000  - mov [rdi+rax*4+00000B64],r12d
BlackDesert64.exe+77A5A8 - 45 84 FF              - test r15l,r15l
BlackDesert64.exe+77A5AB - 74 54                 - je BlackDesert64.exe+77A601
BlackDesert64.exe+77A5AD - 83 E9 01              - sub ecx,01 { 1 }
BlackDesert64.exe+77A5B0 - 74 2A                 - je BlackDesert64.exe+77A5DC
So,
Code:
movespeedoffset = 0x0B58
attackspeedspeedoffset = movespeedoffset + 0x4 = 0x0B5C
castspeedoffset = movespeedoffset + 0x8 = 0x0B60
Have a nice day :)
Im really sorry but i want to ask you how do you "scan it"? is there a tutorial / guide i can follow ? ( i jus got started into game hacking with guidedhacks.com , so i only know basic but i really wanna know how you can scan

Code:
*LocalPlayer: 48 8B 0D ?? ?? ?? ?? 48 ?? ?? 0F 84 ?? ?? ?? ?? 80 ?? ?? ?? ?? ?? ?? 0F 85 ?? ?? ?? ?? 48 8B ??
thanks!


Also one more question do I have to learn assembly if I want to "understand" more some stuff? ( I only know C, i'm a freshman at university )
05/11/2020 17:43 killzone#7
Quote:
Originally Posted by Epiral View Post
Im really sorry but i want to ask you how do you "scan it"? is there a tutorial / guide i can follow ? ( i jus got started into game hacking with guidedhacks.com , so i only know basic but i really wanna know how you can scan

Code:
*LocalPlayer: 48 8B 0D ?? ?? ?? ?? 48 ?? ?? 0F 84 ?? ?? ?? ?? 80 ?? ?? ?? ?? ?? ?? 0F 85 ?? ?? ?? ?? 48 8B ??
thanks!


Also one more question do I have to learn assembly if I want to "understand" more some stuff? ( I only know C, i'm a freshman at university )
05/11/2020 20:27 Epiral#8
Quote:
Originally Posted by killzone View Post
[Only registered and activated users can see links. Click Here To Register...]
Thank you alot, I just started learning stuff at guidedhacking and was about to watch this video :)

Quote:
Originally Posted by killzone View Post
[Only registered and activated users can see links. Click Here To Register...]
I have a quick question, now that I have the offset for movement speed ( ive followed the steps on the vid and managed to get localplayer, now after scanning this

Code:
89 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 45 84 FF 74 ?? 83 E9 01 74 ?? 83 F9 01 75 6D 41 8D 0C 1E 33 CE ?? ?? ?? ?? ?? ?? ?? ?? 8D 0C 1A 33 CE 33 DE 89 ?? ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? ?? EB 48
I found this

Code:
BlackDesert64.exe+744979 - 89 B4 87 580B0000     - mov [rdi+rax*4+00000B58],esi

BlackDesert64.exe+744980 - 44 89 A4 87 640B0000  - mov [rdi+rax*4+00000B64],r12d

BlackDesert64.exe+744988 - 45 84 FF        - test r15l,r15l

BlackDesert64.exe+74498B - 74 54  - je BlackDesert64.exe+7449E1


BlackDesert64.exe+74498D - 83 E9 01       - sub ecx,01 { 1 }

BlackDesert64.exe+744990 - 74 2A   - je BlackDesert64.exe+7449BC
Thanks to @[Only registered and activated users can see links. Click Here To Register...] i know that the movement speed offset is 0x0B58

now I'd like to know, what should I do with the offset ? ik that its how far my address is from its base but, I've done a pointer scan and the value of the address is "5000", when trying to change it / freeze it It just goes back to 5000, does it have to do with multi-level pointers by any chance? ( srry i might be talking rubbish but i'm kinda confused )

what should I do ?

any answer would be appreciated :D

EDIT -- initial value was 5000, i changed it and freezed it to 1000000000 and I could move like 2x faster than usual ( only ), and it was kinda laggy / weird ex : when moving to the left it takes 1 sec to start moving faster , same for all the directions, is there any specific way to find the correct value or idk
05/12/2020 14:54 __chkstk#9
Quote:
Originally Posted by Epiral View Post
Thank you alot, I just started learning stuff at guidedhacking and was about to watch this video :)



I have a quick question, now that I have the offset for movement speed ( ive followed the steps on the vid and managed to get localplayer, now after scanning this

Code:
89 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 45 84 FF 74 ?? 83 E9 01 74 ?? 83 F9 01 75 6D 41 8D 0C 1E 33 CE ?? ?? ?? ?? ?? ?? ?? ?? 8D 0C 1A 33 CE 33 DE 89 ?? ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? ?? EB 48
I found this

Code:
BlackDesert64.exe+744979 - 89 B4 87 580B0000     - mov [rdi+rax*4+00000B58],esi

BlackDesert64.exe+744980 - 44 89 A4 87 640B0000  - mov [rdi+rax*4+00000B64],r12d

BlackDesert64.exe+744988 - 45 84 FF        - test r15l,r15l

BlackDesert64.exe+74498B - 74 54  - je BlackDesert64.exe+7449E1


BlackDesert64.exe+74498D - 83 E9 01       - sub ecx,01 { 1 }

BlackDesert64.exe+744990 - 74 2A   - je BlackDesert64.exe+7449BC
Thanks to @[Only registered and activated users can see links. Click Here To Register...] i know that the movement speed offset is 0x0B58

now I'd like to know, what should I do with the offset ? ik that its how far my address is from its base but, I've done a pointer scan and the value of the address is "5000", when trying to change it / freeze it It just goes back to 5000, does it have to do with multi-level pointers by any chance? ( srry i might be talking rubbish but i'm kinda confused )

what should I do ?

any answer would be appreciated :D

EDIT -- initial value was 5000, i changed it and freezed it to 1000000000 and I could move like 2x faster than usual ( only ), and it was kinda laggy / weird ex : when moving to the left it takes 1 sec to start moving faster , same for all the directions, is there any specific way to find the correct value or idk
Because game has clientsided protection for these cheats. You need to use debugger for find their protection and then reverse it. But they added a lot of new things so at the end you will get ban.
05/12/2020 15:25 Epiral#10
Quote:
Originally Posted by nader11ndeu View Post
Because game has clientsided protection for these cheats. You need to use debugger for find their protection and then reverse it. But they added a lot of new things so at the end you will get ban.
I see, also I'm trying it on acharnes pserver ( they have ngameguard and is really easy to bypass )
05/12/2020 22:46 FallenEdge#11
Quote:
Originally Posted by nader11ndeu View Post
Hello, here is a simple tutorial for you.

First, scan this:
Code:
*LocalPlayer: 48 8B 0D ?? ?? ?? ?? 48 ?? ?? 0F 84 ?? ?? ?? ?? 80 ?? ?? ?? ?? ?? ?? 0F 85 ?? ?? ?? ?? 48 8B ??
Code:
BlackDesert64.exe+2BE95E - 48 8B 0D 53A78803     - mov rcx,[BlackDesert64.exe+3B490B8] { (0) }
BlackDesert64.exe+2BE965 - 48 85 C9              - test rcx,rcx
BlackDesert64.exe+2BE968 - 0F84 23010000         - je BlackDesert64.exe+2BEA91
BlackDesert64.exe+2BE96E - 80 3D B8FB8303 00     - cmp byte ptr [BlackDesert64.exe+3AFE52D],00 { (0),0 }
BlackDesert64.exe+2BE975 - 0F85 16010000         - jne BlackDesert64.exe+2BEA91
So, as you can understand, [BlackDesert64.exe + 3B490B8] gonna give my local. (It seems 0 because Im not in the game.)

So, now you need to find movespeed offsets. For this, your brother took a signature for automatically find these necs offsets...

Code:
Offsetmain_Adr: 89 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 45 84 FF 74 ?? 83 E9 01 74 ?? 83 F9 01 75 6D 41 8D 0C 1E 33 CE ?? ?? ?? ?? ?? ?? ?? ?? 8D 0C 1A 33 CE 33 DE 89 ?? ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? ?? EB 48
When you scan it you will have this result:
Code:
BlackDesert64.exe+77A599 - 89 B4 87 580B0000     - mov [rdi+rax*4+00000B58],esi
BlackDesert64.exe+77A5A0 - 44 89 A4 87 640B0000  - mov [rdi+rax*4+00000B64],r12d
BlackDesert64.exe+77A5A8 - 45 84 FF              - test r15l,r15l
BlackDesert64.exe+77A5AB - 74 54                 - je BlackDesert64.exe+77A601
BlackDesert64.exe+77A5AD - 83 E9 01              - sub ecx,01 { 1 }
BlackDesert64.exe+77A5B0 - 74 2A                 - je BlackDesert64.exe+77A5DC
So,
Code:
movespeedoffset = 0x0B58
attackspeedspeedoffset = movespeedoffset + 0x4 = 0x0B5C
castspeedoffset = movespeedoffset + 0x8 = 0x0B60
Have a nice day :)

Help getting mount speed, accel, speed, turn, stop, offsets, please :)
05/29/2020 22:08 Cotec#12
How are you guys using cheat engine with xigncode? I recompiled it with different titles, texts, ... but it still was detected. From the short time i invested in reversing how they detect it, it seemed like they detect it from kernel (NtUserBuildHwndList, ...) but reversing further did not make sense due to vmprotect :/
09/03/2020 06:36 she55668tw#13
How No falling with a high movement speed..?

use Cheatengine