|
You last visited: Today at 05:25
Advertisement
How to create..SpeedHack with cheat engine..
Discussion on How to create..SpeedHack with cheat engine.. within the Black Desert forum part of the MMORPGs category.
05/03/2020, 11:23
|
#1
|
elite*gold: 0 
Join Date: Apr 2013
Posts: 21
Received Thanks: 0
|
How to create..SpeedHack with cheat engine..
Hi everyone i am looking for a guide for a speedhack in bdo ..
I have searched for many places but never a jus .. and the post is too old ..
or maybe something similar to understand I have to find the right values.
|
|
|
|
05/03/2020, 12:31
|
#2
|
elite*gold: 902
Join Date: Jul 2012
Posts: 1,390
Received Thanks: 952
|
Hello, here is a simple tutorial for you.
First, scan this:
Code:
*LocalPlayer: 48 8B 0D ?? ?? ?? ?? 48 ?? ?? 0F 84 ?? ?? ?? ?? 80 ?? ?? ?? ?? ?? ?? 0F 85 ?? ?? ?? ?? 48 8B ??
Code:
BlackDesert64.exe+2BE95E - 48 8B 0D 53A78803 - mov rcx,[BlackDesert64.exe+3B490B8] { (0) }
BlackDesert64.exe+2BE965 - 48 85 C9 - test rcx,rcx
BlackDesert64.exe+2BE968 - 0F84 23010000 - je BlackDesert64.exe+2BEA91
BlackDesert64.exe+2BE96E - 80 3D B8FB8303 00 - cmp byte ptr [BlackDesert64.exe+3AFE52D],00 { (0),0 }
BlackDesert64.exe+2BE975 - 0F85 16010000 - jne BlackDesert64.exe+2BEA91
So, as you can understand, [BlackDesert64.exe + 3B490B8] gonna give my local. (It seems 0 because Im not in the game.)
So, now you need to find movespeed offsets. For this, your brother took a signature for automatically find these necs offsets...
Code:
Offsetmain_Adr: 89 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 45 84 FF 74 ?? 83 E9 01 74 ?? 83 F9 01 75 6D 41 8D 0C 1E 33 CE ?? ?? ?? ?? ?? ?? ?? ?? 8D 0C 1A 33 CE 33 DE 89 ?? ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? ?? EB 48
When you scan it you will have this result:
Code:
BlackDesert64.exe+77A599 - 89 B4 87 580B0000 - mov [rdi+rax*4+00000B58],esi
BlackDesert64.exe+77A5A0 - 44 89 A4 87 640B0000 - mov [rdi+rax*4+00000B64],r12d
BlackDesert64.exe+77A5A8 - 45 84 FF - test r15l,r15l
BlackDesert64.exe+77A5AB - 74 54 - je BlackDesert64.exe+77A601
BlackDesert64.exe+77A5AD - 83 E9 01 - sub ecx,01 { 1 }
BlackDesert64.exe+77A5B0 - 74 2A - je BlackDesert64.exe+77A5DC
So,
Code:
movespeedoffset = 0x0B58
attackspeedspeedoffset = movespeedoffset + 0x4 = 0x0B5C
castspeedoffset = movespeedoffset + 0x8 = 0x0B60
Have a nice day 
|
|
|
|
|
05/03/2020, 15:43
|
#3
|
elite*gold: 0
Join Date: Mar 2016
Posts: 50
Received Thanks: 7
|
Quote:
Originally Posted by nader11ndeu
Hello, here is a simple tutorial for you.
First, scan this:
Code:
*LocalPlayer: 48 8B 0D ?? ?? ?? ?? 48 ?? ?? 0F 84 ?? ?? ?? ?? 80 ?? ?? ?? ?? ?? ?? 0F 85 ?? ?? ?? ?? 48 8B ??
Code:
BlackDesert64.exe+2BE95E - 48 8B 0D 53A78803 - mov rcx,[BlackDesert64.exe+3B490B8] { (0) }
BlackDesert64.exe+2BE965 - 48 85 C9 - test rcx,rcx
BlackDesert64.exe+2BE968 - 0F84 23010000 - je BlackDesert64.exe+2BEA91
BlackDesert64.exe+2BE96E - 80 3D B8FB8303 00 - cmp byte ptr [BlackDesert64.exe+3AFE52D],00 { (0),0 }
BlackDesert64.exe+2BE975 - 0F85 16010000 - jne BlackDesert64.exe+2BEA91
So, as you can understand, [BlackDesert64.exe + 3B490B8] gonna give my local. (It seems 0 because Im not in the game.)
So, now you need to find movespeed offsets. For this, your brother took a signature for automatically find these necs offsets...
Code:
Offsetmain_Adr: 89 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 45 84 FF 74 ?? 83 E9 01 74 ?? 83 F9 01 75 6D 41 8D 0C 1E 33 CE ?? ?? ?? ?? ?? ?? ?? ?? 8D 0C 1A 33 CE 33 DE 89 ?? ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? ?? EB 48
When you scan it you will have this result:
Code:
BlackDesert64.exe+77A599 - 89 B4 87 580B0000 - mov [rdi+rax*4+00000B58],esi
BlackDesert64.exe+77A5A0 - 44 89 A4 87 640B0000 - mov [rdi+rax*4+00000B64],r12d
BlackDesert64.exe+77A5A8 - 45 84 FF - test r15l,r15l
BlackDesert64.exe+77A5AB - 74 54 - je BlackDesert64.exe+77A601
BlackDesert64.exe+77A5AD - 83 E9 01 - sub ecx,01 { 1 }
BlackDesert64.exe+77A5B0 - 74 2A - je BlackDesert64.exe+77A5DC
So,
Code:
movespeedoffset = 0x0B58
attackspeedspeedoffset = movespeedoffset + 0x4 = 0x0B5C
castspeedoffset = movespeedoffset + 0x8 = 0x0B60
Have a nice day |
kek 
|
|
|
|
|
05/03/2020, 22:53
|
#4
|
elite*gold: 0
Join Date: Apr 2013
Posts: 21
Received Thanks: 0
|
Thanks
|
|
|
|
|
05/04/2020, 01:54
|
#5
|
elite*gold: 0
Join Date: Sep 2015
Posts: 54
Received Thanks: 3
|
Don't forget patch isClean flag in few packets 
|
|
|
|
|
05/09/2020, 14:56
|
#6
|
elite*gold: 0
Join Date: Nov 2018
Posts: 55
Received Thanks: 4
|
Quote:
Originally Posted by nader11ndeu
Hello, here is a simple tutorial for you.
First, scan this:
Code:
*LocalPlayer: 48 8B 0D ?? ?? ?? ?? 48 ?? ?? 0F 84 ?? ?? ?? ?? 80 ?? ?? ?? ?? ?? ?? 0F 85 ?? ?? ?? ?? 48 8B ??
Code:
BlackDesert64.exe+2BE95E - 48 8B 0D 53A78803 - mov rcx,[BlackDesert64.exe+3B490B8] { (0) }
BlackDesert64.exe+2BE965 - 48 85 C9 - test rcx,rcx
BlackDesert64.exe+2BE968 - 0F84 23010000 - je BlackDesert64.exe+2BEA91
BlackDesert64.exe+2BE96E - 80 3D B8FB8303 00 - cmp byte ptr [BlackDesert64.exe+3AFE52D],00 { (0),0 }
BlackDesert64.exe+2BE975 - 0F85 16010000 - jne BlackDesert64.exe+2BEA91
So, as you can understand, [BlackDesert64.exe + 3B490B8] gonna give my local. (It seems 0 because Im not in the game.)
So, now you need to find movespeed offsets. For this, your brother took a signature for automatically find these necs offsets...
Code:
Offsetmain_Adr: 89 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 45 84 FF 74 ?? 83 E9 01 74 ?? 83 F9 01 75 6D 41 8D 0C 1E 33 CE ?? ?? ?? ?? ?? ?? ?? ?? 8D 0C 1A 33 CE 33 DE 89 ?? ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? ?? EB 48
When you scan it you will have this result:
Code:
BlackDesert64.exe+77A599 - 89 B4 87 580B0000 - mov [rdi+rax*4+00000B58],esi
BlackDesert64.exe+77A5A0 - 44 89 A4 87 640B0000 - mov [rdi+rax*4+00000B64],r12d
BlackDesert64.exe+77A5A8 - 45 84 FF - test r15l,r15l
BlackDesert64.exe+77A5AB - 74 54 - je BlackDesert64.exe+77A601
BlackDesert64.exe+77A5AD - 83 E9 01 - sub ecx,01 { 1 }
BlackDesert64.exe+77A5B0 - 74 2A - je BlackDesert64.exe+77A5DC
So,
Code:
movespeedoffset = 0x0B58
attackspeedspeedoffset = movespeedoffset + 0x4 = 0x0B5C
castspeedoffset = movespeedoffset + 0x8 = 0x0B60
Have a nice day |
Im really sorry but i want to ask you how do you "scan it"? is there a tutorial / guide i can follow ? ( i jus got started into game hacking with guidedhacks.com , so i only know basic but i really wanna know how you can scan
Code:
*LocalPlayer: 48 8B 0D ?? ?? ?? ?? 48 ?? ?? 0F 84 ?? ?? ?? ?? 80 ?? ?? ?? ?? ?? ?? 0F 85 ?? ?? ?? ?? 48 8B ??
thanks!
Also one more question do I have to learn assembly if I want to "understand" more some stuff? ( I only know C, i'm a freshman at university )
|
|
|
|
|
05/11/2020, 17:43
|
#7
|
elite*gold: 100
Join Date: Mar 2006
Posts: 1,826
Received Thanks: 429
|
Quote:
Originally Posted by Epiral
Im really sorry but i want to ask you how do you "scan it"? is there a tutorial / guide i can follow ? ( i jus got started into game hacking with guidedhacks.com , so i only know basic but i really wanna know how you can scan
Code:
*LocalPlayer: 48 8B 0D ?? ?? ?? ?? 48 ?? ?? 0F 84 ?? ?? ?? ?? 80 ?? ?? ?? ?? ?? ?? 0F 85 ?? ?? ?? ?? 48 8B ??
thanks!
Also one more question do I have to learn assembly if I want to "understand" more some stuff? ( I only know C, i'm a freshman at university ) |
|
|
|
|
|
05/11/2020, 20:27
|
#8
|
elite*gold: 0
Join Date: Nov 2018
Posts: 55
Received Thanks: 4
|
Quote:
Originally Posted by killzone
|
Thank you alot, I just started learning stuff at guidedhacking and was about to watch this video
Quote:
Originally Posted by killzone
|
I have a quick question, now that I have the offset for movement speed ( ive followed the steps on the vid and managed to get localplayer, now after scanning this
Code:
89 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 45 84 FF 74 ?? 83 E9 01 74 ?? 83 F9 01 75 6D 41 8D 0C 1E 33 CE ?? ?? ?? ?? ?? ?? ?? ?? 8D 0C 1A 33 CE 33 DE 89 ?? ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? ?? EB 48
I found this
Code:
BlackDesert64.exe+744979 - 89 B4 87 580B0000 - mov [rdi+rax*4+00000B58],esi
BlackDesert64.exe+744980 - 44 89 A4 87 640B0000 - mov [rdi+rax*4+00000B64],r12d
BlackDesert64.exe+744988 - 45 84 FF - test r15l,r15l
BlackDesert64.exe+74498B - 74 54 - je BlackDesert64.exe+7449E1
BlackDesert64.exe+74498D - 83 E9 01 - sub ecx,01 { 1 }
BlackDesert64.exe+744990 - 74 2A - je BlackDesert64.exe+7449BC
Thanks to @  i know that the movement speed offset is 0x0B58
now I'd like to know, what should I do with the offset ? ik that its how far my address is from its base but, I've done a pointer scan and the value of the address is "5000", when trying to change it / freeze it It just goes back to 5000, does it have to do with multi-level pointers by any chance? ( srry i might be talking rubbish but i'm kinda confused )
what should I do ?
any answer would be appreciated
EDIT -- initial value was 5000, i changed it and freezed it to 1000000000 and I could move like 2x faster than usual ( only ), and it was kinda laggy / weird ex : when moving to the left it takes 1 sec to start moving faster , same for all the directions, is there any specific way to find the correct value or idk
|
|
|
|
|
05/12/2020, 14:54
|
#9
|
elite*gold: 902
Join Date: Jul 2012
Posts: 1,390
Received Thanks: 952
|
Quote:
Originally Posted by Epiral
Thank you alot, I just started learning stuff at guidedhacking and was about to watch this video
I have a quick question, now that I have the offset for movement speed ( ive followed the steps on the vid and managed to get localplayer, now after scanning this
Code:
89 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 45 84 FF 74 ?? 83 E9 01 74 ?? 83 F9 01 75 6D 41 8D 0C 1E 33 CE ?? ?? ?? ?? ?? ?? ?? ?? 8D 0C 1A 33 CE 33 DE 89 ?? ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? ?? EB 48
I found this
Code:
BlackDesert64.exe+744979 - 89 B4 87 580B0000 - mov [rdi+rax*4+00000B58],esi
BlackDesert64.exe+744980 - 44 89 A4 87 640B0000 - mov [rdi+rax*4+00000B64],r12d
BlackDesert64.exe+744988 - 45 84 FF - test r15l,r15l
BlackDesert64.exe+74498B - 74 54 - je BlackDesert64.exe+7449E1
BlackDesert64.exe+74498D - 83 E9 01 - sub ecx,01 { 1 }
BlackDesert64.exe+744990 - 74 2A - je BlackDesert64.exe+7449BC
Thanks to @ i know that the movement speed offset is 0x0B58
now I'd like to know, what should I do with the offset ? ik that its how far my address is from its base but, I've done a pointer scan and the value of the address is "5000", when trying to change it / freeze it It just goes back to 5000, does it have to do with multi-level pointers by any chance? ( srry i might be talking rubbish but i'm kinda confused )
what should I do ?
any answer would be appreciated
EDIT -- initial value was 5000, i changed it and freezed it to 1000000000 and I could move like 2x faster than usual ( only ), and it was kinda laggy / weird ex : when moving to the left it takes 1 sec to start moving faster , same for all the directions, is there any specific way to find the correct value or idk |
Because game has clientsided protection for these cheats. You need to use debugger for find their protection and then reverse it. But they added a lot of new things so at the end you will get ban.
|
|
|
|
|
05/12/2020, 15:25
|
#10
|
elite*gold: 0
Join Date: Nov 2018
Posts: 55
Received Thanks: 4
|
Quote:
Originally Posted by nader11ndeu
Because game has clientsided protection for these cheats. You need to use debugger for find their protection and then reverse it. But they added a lot of new things so at the end you will get ban.
|
I see, also I'm trying it on acharnes pserver ( they have ngameguard and is really easy to bypass )
|
|
|
|
|
05/12/2020, 22:46
|
#11
|
elite*gold: 0
Join Date: Nov 2009
Posts: 270
Received Thanks: 65
|
Quote:
Originally Posted by nader11ndeu
Hello, here is a simple tutorial for you.
First, scan this:
Code:
*LocalPlayer: 48 8B 0D ?? ?? ?? ?? 48 ?? ?? 0F 84 ?? ?? ?? ?? 80 ?? ?? ?? ?? ?? ?? 0F 85 ?? ?? ?? ?? 48 8B ??
Code:
BlackDesert64.exe+2BE95E - 48 8B 0D 53A78803 - mov rcx,[BlackDesert64.exe+3B490B8] { (0) }
BlackDesert64.exe+2BE965 - 48 85 C9 - test rcx,rcx
BlackDesert64.exe+2BE968 - 0F84 23010000 - je BlackDesert64.exe+2BEA91
BlackDesert64.exe+2BE96E - 80 3D B8FB8303 00 - cmp byte ptr [BlackDesert64.exe+3AFE52D],00 { (0),0 }
BlackDesert64.exe+2BE975 - 0F85 16010000 - jne BlackDesert64.exe+2BEA91
So, as you can understand, [BlackDesert64.exe + 3B490B8] gonna give my local. (It seems 0 because Im not in the game.)
So, now you need to find movespeed offsets. For this, your brother took a signature for automatically find these necs offsets...
Code:
Offsetmain_Adr: 89 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 45 84 FF 74 ?? 83 E9 01 74 ?? 83 F9 01 75 6D 41 8D 0C 1E 33 CE ?? ?? ?? ?? ?? ?? ?? ?? 8D 0C 1A 33 CE 33 DE 89 ?? ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? ?? EB 48
When you scan it you will have this result:
Code:
BlackDesert64.exe+77A599 - 89 B4 87 580B0000 - mov [rdi+rax*4+00000B58],esi
BlackDesert64.exe+77A5A0 - 44 89 A4 87 640B0000 - mov [rdi+rax*4+00000B64],r12d
BlackDesert64.exe+77A5A8 - 45 84 FF - test r15l,r15l
BlackDesert64.exe+77A5AB - 74 54 - je BlackDesert64.exe+77A601
BlackDesert64.exe+77A5AD - 83 E9 01 - sub ecx,01 { 1 }
BlackDesert64.exe+77A5B0 - 74 2A - je BlackDesert64.exe+77A5DC
So,
Code:
movespeedoffset = 0x0B58
attackspeedspeedoffset = movespeedoffset + 0x4 = 0x0B5C
castspeedoffset = movespeedoffset + 0x8 = 0x0B60
Have a nice day |
Help getting mount speed, accel, speed, turn, stop, offsets, please
|
|
|
|
|
05/29/2020, 22:08
|
#12
|
elite*gold: 0
Join Date: Nov 2011
Posts: 3
Received Thanks: 0
|
How are you guys using cheat engine with xigncode? I recompiled it with different titles, texts, ... but it still was detected. From the short time i invested in reversing how they detect it, it seemed like they detect it from kernel (NtUserBuildHwndList, ...) but reversing further did not make sense due to vmprotect :/
|
|
|
|
|
09/03/2020, 06:36
|
#13
|
elite*gold: 0
Join Date: Feb 2018
Posts: 46
Received Thanks: 0
|
How No falling with a high movement speed..?
use Cheatengine
|
|
|
|
All times are GMT +1. The time now is 05:25.
|
|
