That was a great tut pal. I had no idea how to use the mono feature. Plus the ($lua) ($asm) with parent and child script taught me a bunch..Awesome job!!! Hope you dont mind me sharing it with the group.
Share away! =) Glad you enjoyed it; this fuckin' thing gave me so many headaches to try to learn...lol. I almost feel like a magician who finishes learning a tough-to-perform trick, and then turns right around to show the audience how it's done, lol. But this is the essence of why I love making these videos: I want to help people learn this stuff and see that it's just a matter of understanding some key things to then get the whole picture. I still have a ton to learn, man, but getting the Mono Dissector under my belt enough to teach it in even an introductory fashion...I really consider this video to be one of my biggest personal achievements out of all of my videos, even if the end result is pretty simple stuff in principle. Thanks for watching and for the positive feedback, as always. =)
Stephen Chapman It definitely is in to a whole new realm of deeper understanding, but what is so tremendous about it is that this complicated stuff is being taught at a very understandable level. That is beyond an achievement my friend, this stuff isnt easy to learn and even harder to teach and you pull it off brilliantly. Thank you for the time and effort you put into these tuts, I know what a pain it can be. It really is appreciated pal.
Hi, I got a CE Tutorial suggestion for you! You should make a video about how functions itself works with the "push" at top and "pop" "ret" at end along with what return addresses are and more about the differences between calls and jumps.. Preferably a bit how functions are called and what the return addresses mean and a bit about the stack you name it. Cool video learned a lot! Also does your friends see yourself as glowing? or is it all client-sided, yes I know cheating server-sided games can be tedious and sometimes not possible but there are some times they'll work!
This one will make your ball and everyone else's glow on your screen, but no one else will see it. If you're hosting, others will see your ball glow, but not their own. I'm certain there's a lot that can be done with this game, though. ;) In regards to calls, I'll be doing something on that probably in a few weeks. I understand how it all works, but not well enough to adequately teach it. Soon, though... =)
Yeah I'd like to see this as well, especially since calling functions can be pretty tricky (like knowing the parameters that need to be pushed and determining the calling convention).
hey stephen the tutorial is great i got as far as assembly i look at the opcodes and have no clue as to where unlimited weight would be! im trying to get unlimited weight for frozen state do you have a tutorial for something like that? i went thru the codes and i see get weight and set weight i went into both of them i dont see anything that would make the weight zero maybe its me! can you point me so i can learn please???
Ever since they fully revamped their Compile it seems they added some anti cheat to it, first off values are obfuscated I used to be able to find amount of strokes really easy now its a lot more difficult. And doing mono disect works but after I jit ballGlow I can't see any other ball glow offsets just the games dll offsets
Looks like they don't have this "mono" thing in CE 7.0. I tried attaching CE to unity games running in Firefox via all three tabs in the file open dialog and the menu item just doesn't happen.
hey man I have been playing a game called backyard monsters it's a old facebook game. I learned on youtube how to reduce the time it takes for an upgrade but I can't find the way to reduce the time for the silo. I would appreciate it if you could make a video on it or just send me a message on how to do it.
ok i understood up until the assembly part the-- mov ext push 0 inject assemble------i think it assembly language i dont get that part! i guess cant do mono unless you know assemly language dont know why he said beginner! all i want to do is get unlimited weight in frozen state! ugh!
Hey Stephen, you can also take all these DLL's and drag them into dnSpy , a very powerful .NET Reflector/Reverse engineering software. You can re-code the functions, save it and just re-open the game. Awesome video btw. Cheers
Indeed! I'll get around to doing a dnSpy video one of these days. But you may be interested in a couple of game-hacking-related GitHub repos I run that, at this point, contains quite a massive list of useful tooling (programs, libraries, plugins, etc.). Here's the primary one: github.com/dsasmblr/game-hacking
Awesome, I will definitely look at it. Im coming from Android hacking where we often used dnSpy for C# based games. And there are also games with il2cpp structure. Which uses Arm assembly language. Do you know any good site where I can learn the ASM language ? I want to know what all those registers do when I check the memory view of a method. Thanks for answering Ima huge fan of you ;) Cheers
Will this work on Jack Nicklaus Perfect Parallel Online Golf? There are players using some kind of software or this cheat engine. Shooting unrealistic low scores and winning every tourney, every week at the highest level of play on OGT or PGLS web site. They are 3 click players. How could i detect they are using cheat engine and expose their cheating ass? Heads up play may work i guess?
OK i made some cheats for Clone Drone but it wont work in trainer only in cheat engine Could you please help BTW I have an AOD script in there as well and that one works find Example of mono dissect script define(bowReduceDef,FirstPersonMover:Update+2e0e) [ENABLE] {$lua} LaunchMonoDataCollector() {$asm} label(bowReduce) registersymbol(bowReduce) bowReduceDef: bowReduce: db 90 90 90 [DISABLE] bowReduce: db D9 58 18 unregistersymbol(bowReduce)
You get used to it. I dare say I actually love it now, lol. There are plenty of times where I want to test some Assembly I've written, so I'll just open a process with CE, find an instruction to inject my code in, then break/trace to see how everything flows! Prior to that, I was limited to 32-bit ASM via emu8086, but now with the plethora of amazing tools available thanks to Keystone/Capstone (which, btw, you can specify what you want CE's disassembler to be, if you'd like), writing and debugging Assembly is easier than ever. That got a bit off track, but suffice it to say, once you spend enough time with it, CE's Auto Assembler can be quite nice! =)
Thanks man, really interesting @ Processor Trace and Function Hacker. I wish I had it some years ago, when I had more time and motivation extending/modding my old closed source favorite game.
This is just awesome. Does the parent/child script relationship work in much the same way for all games or is this particular method only for games that use Mono?
Yep, you can do that type of scripting with anything! The trick is registersymbol(), which allows you to reference things outside of any given script. So in this video, I used define(), label(), and registersymbol() such that I defined the address+offset within the function, labeled a point of reference within the parent script, then registered a symbol at the address+offset I defined, which creates a name for you to globally reference from anywhere (whether that's you right-clicking in the Memory Viewer and clicking "Go To Address," then entering the name of your registered symbol, or if you reference that symbol within an entirely different script--provided you've enabled the script that registers the symbol in the first place). Important of note is that this is only parent/child because I made it that way. In other words, I could have had that child script stay independent of the parent script, or I could have nested it under any other script. The only stipulation for it to work in this case is that I first enable the script that says "Enable Me First!" So, as long as your script with the registersymbol() is enabled, any other script in your table that references the name you registered as a symbol will work! I just like to group together related scripts in a parent/child configuration like in this video. =)
That is so awesome. I've been trying to figure that one out for so long now. Would I be right in assuming that I could register a symbol to an array of bytes, find a value+offset that is unique to the player character and then using a different script to reference that array using the symbol I registered, and then everything will relate only to the player character (providing that instruction is being called) so I wouldn't get side effects like infinite ammo also giving NPCs infinite health? (because the comparison was already done beforehand) Or is it really only useful if there's say one instruction that does heaps of different things like adding exp, adding/decreasing health, adding money etc and then only needing 2 scripts to manipulate all of that instead of a separate script for each one?
All of the above! I don't remember which video it is at the moment, but there's one where I created a script similar to what you outlined in the first paragraph. It's pretty awesome when you get script synergy to work like that! There are some people on the CE forum who write absolutely insane scripts--stuff where even to this day, Immot sure what I'm looking at, lol. I'm pretty sure Cielo (or Ceilo) is one of those people, so go look that guy up on the CE forum and check out some of his scripts sometime. Tackling more advanced scripting is definitely going to be my focus in a bunch of my upcoming videos, like in the Let's Hacks!
sweet. it all makes so much sense now. I also came across a game that had scripts that totally isolated the player characters from everything so it eliminated a lot of the pesky compares that sometimes don't work because unique offset value wasn't so unique afterall. Thanks for the input!
I get this error when trying to assign to current cheat table: "Error in line 4 (($lua)):This instruction can't be compiled" I am running cheat engine version 6.5.1 My script looks like so: define(InstaDestroyTreeDef, TreeHealth:DamageTree+17) [ENABLE] ($lua) LaunchMonoDataCollector() ($asm) label(InstaDestroyTree) registersymbol(InstaDestroyTree) InstaDestroyTreeDef: InstaDestroyTree: db 89 47 24 [DISABLE] InstaDestroyTree: db 89 47 24
First I like to say I enjoy your video. I had some problems. 1. I had to use AOB injection instead of code injection because the op code I wanted to change would have the same address when I restarted the game here is what I mean. PuzzleGame:OnUpdate+925 The next time I started the game it was. PuzzleGame:OnUpdate+908 2. The call I want to NOP wouldn't have the same address so I had to Allocate memory to store the call address before I NOP it so I could disable my script. So my script looks like this. [ENABLE] aobscan(NoPointReduction,E8 ?? ?? ?? FF 83 C4 10 8? 45 08 D9 80 80 00 00 00 DE E9) alloc(NPR_SavedCallAddress,$5) //Allocates memory to store call address registersymbol(NoPointReduction) registersymbol(NPR_SavedCallAddress) NPR_SavedCallAddress: readmem(NoPointReduction,5)//Save call address to allocated memory NoPointReduction: db 90 90 90 90 90//NOPs the call [DISABLE] NoPointReduction: readmem(NPR_SavedCallAddress,5)//Restores call address from allocated memory unregistersymbol(NoPointReduction) dealloc(NPR_SavedCallAddress) unregistersymbol(NPR_SavedCallAddress) This is for HuniePop to stop Bonus Puzzle Point Reduction.
@@Fairyslash I thought you meant with a game using the latest release of Unity Engine since this has come up a few times recently, lol. If nothing shows for you when you open the game process, then the implementation probably isn't Mono-based (or not in a way that Cheat Engine understands it, at least).
![How to Use dnSpy to Reverse Engineer Unity Games [ TUNIC ]](http://i.ytimg.com/vi/jZnT__DphzE/mqdefault.jpg)
![How to Use dnSpy to Reverse Engineer Unity Games [ TUNIC ]](/img/tr.png)
![Advanced Cheat Engine Tutorial: Backtracing Shared Instructions from Visual Addresses! [Eldritch]](http://i.ytimg.com/vi/06t_hoWGa5c/mqdefault.jpg)
![Cheat Engine / Assembly Tutorial: CMOVcc Instruction [Example Game: Crea]](http://i.ytimg.com/vi/ag7DAIjBTUI/mqdefault.jpg)
![Seungmin "그렇게, 천천히, 우리(As we are)" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/kAzmhLHePqU/mqdefault.jpg)
![Let's Hack: 1001 Spikes (Cheats and Tutorial) [Cheat Engine]](/img/1.gif)
Thank you for this, you just helped me a lot! Only problem is: How do i get friends? :c
Awesome Video bro! I've been wanting to mess with the mono disassembler but never found a good tut till now! Keep it up!
Where can we learn the lua part of t his video for other scripts?
That was a great tut pal. I had no idea how to use the mono feature. Plus the ($lua) ($asm) with parent and child script taught me a bunch..Awesome job!!! Hope you dont mind me sharing it with the group.
Share away! =) Glad you enjoyed it; this fuckin' thing gave me so many headaches to try to learn...lol. I almost feel like a magician who finishes learning a tough-to-perform trick, and then turns right around to show the audience how it's done, lol.
But this is the essence of why I love making these videos: I want to help people learn this stuff and see that it's just a matter of understanding some key things to then get the whole picture. I still have a ton to learn, man, but getting the Mono Dissector under my belt enough to teach it in even an introductory fashion...I really consider this video to be one of my biggest personal achievements out of all of my videos, even if the end result is pretty simple stuff in principle.
Thanks for watching and for the positive feedback, as always. =)
Stephen Chapman It definitely is in to a whole new realm of deeper understanding, but what is so tremendous about it is that this complicated stuff is being taught at a very understandable level. That is beyond an achievement my friend, this stuff isnt easy to learn and even harder to teach and you pull it off brilliantly. Thank you for the time and effort you put into these tuts, I know what a pain it can be. It really is appreciated pal.
Hi, I got a CE Tutorial suggestion for you!
You should make a video about how functions itself works with the "push" at top and "pop" "ret" at end along with what return addresses are and more about the differences between calls and jumps.. Preferably a bit how functions are called and what the return addresses mean and a bit about the stack you name it.
Cool video learned a lot!
Also does your friends see yourself as glowing? or is it all client-sided, yes I know cheating server-sided games can be tedious and sometimes not possible but there are some times they'll work!
This one will make your ball and everyone else's glow on your screen, but no one else will see it. If you're hosting, others will see your ball glow, but not their own. I'm certain there's a lot that can be done with this game, though. ;)
In regards to calls, I'll be doing something on that probably in a few weeks. I understand how it all works, but not well enough to adequately teach it. Soon, though... =)
Yeah I'd like to see this as well, especially since calling functions can be pretty tricky (like knowing the parameters that need to be pushed and determining the calling convention).
how to install mono function on ce
Very good video! Always wanted to more about the Mono Dissect stuff on CE.
Hi, I don't know if you know anything about this, but the monodissector window dissapeared from Cheat Engine 7.1 forwards. Any information about that?
Mono dissector only appears when you hooked Cheat Engine to mono game
is thare something simular for cry engine or dunio?
hey stephen the tutorial is great i got as far as assembly i look at the opcodes and have no clue as to where unlimited weight would be! im trying to get unlimited weight for frozen state do you have a tutorial for something like that? i went thru the codes and i see get weight and set weight i went into both of them i dont see anything that would make the weight zero maybe its me! can you point me so i can learn please???
what functions or something to unlock animations have in games? i want unlock gallery
Ever since they fully revamped their Compile it seems they added some anti cheat to it, first off values are obfuscated I used to be able to find amount of strokes really easy now its a lot more difficult. And doing mono disect works but after I jit ballGlow I can't see any other ball glow offsets just the games dll offsets
There is no "mono" button for me!
Then the game is not made in Unity or in C#.
I subscribed for being the best CE hacker/Exploiter.
Please include this in your Cheat Engine playlist!
Looks like they don't have this "mono" thing in CE 7.0. I tried attaching CE to unity games running in Firefox via all three tabs in the file open dialog and the menu item just doesn't happen.
Unity builds targeting browsers is significantly different than Unity builds targeting other specific platforms.
@@StephenChapman Same to me. I tried attaching CE 7.0 to one unity game running in steam and that option just doesnt show.
hey man I have been playing a game called backyard monsters it's a old facebook game. I learned on youtube how to reduce the time it takes for an upgrade but I can't find the way to reduce the time for the silo. I would appreciate it if you could make a video on it or just send me a message on how to do it.
Hi mby you can help me, i just have no mono tab in CE. im using the last w10
ty
sorry im dumb! i find it. ty for u video!
ok i understood up until the assembly part the-- mov ext push 0 inject assemble------i think it assembly language i dont get that part! i guess cant do mono unless you know assemly language dont know why he said beginner! all i want to do is get unlimited weight in frozen state! ugh!
A shame it doesn't work with .net framework, only works with mono. I have tried it on stuff compiled with visual studio. correct me if I"m wrong.
Use DLL/Symbol enumeration instead: ruclips.net/video/U8_3lCp1nas/видео.html
Hey Stephen,
you can also take all these DLL's and drag them into dnSpy , a very powerful .NET Reflector/Reverse engineering software.
You can re-code the functions, save it and just re-open the game.
Awesome video btw.
Cheers
Indeed! I'll get around to doing a dnSpy video one of these days. But you may be interested in a couple of game-hacking-related GitHub repos I run that, at this point, contains quite a massive list of useful tooling (programs, libraries, plugins, etc.). Here's the primary one: github.com/dsasmblr/game-hacking
Awesome, I will definitely look at it.
Im coming from Android hacking where we often used dnSpy for C# based games. And there are also games with il2cpp structure. Which uses Arm assembly language.
Do you know any good site where I can learn the ASM language ? I want to know what all those registers do when I check the memory view of a method.
Thanks for answering Ima huge fan of you ;)
Cheers
Will this work on Jack Nicklaus Perfect Parallel Online Golf? There are players using some kind of software or this cheat engine. Shooting unrealistic low scores and winning every tourney, every week at the highest level of play on OGT or PGLS web site. They are 3 click players. How could i detect they are using cheat engine and expose their cheating ass? Heads up play may work i guess?
Hello, Stephen Chapman , can I ask you some questions ?
great work man
can you help me with a game? im quite confused still
OK i made some cheats for Clone Drone but it wont work in trainer only in cheat engine
Could you please help
BTW I have an AOD script in there as well and that one works find
Example of mono dissect script
define(bowReduceDef,FirstPersonMover:Update+2e0e)
[ENABLE]
{$lua}
LaunchMonoDataCollector()
{$asm}
label(bowReduce)
registersymbol(bowReduce)
bowReduceDef:
bowReduce:
db 90 90 90
[DISABLE]
bowReduce:
db D9 58 18
unregistersymbol(bowReduce)
Nice part about Mono, but the Auto Assemble looks like a pain in the ass ^^
You get used to it. I dare say I actually love it now, lol. There are plenty of times where I want to test some Assembly I've written, so I'll just open a process with CE, find an instruction to inject my code in, then break/trace to see how everything flows! Prior to that, I was limited to 32-bit ASM via emu8086, but now with the plethora of amazing tools available thanks to Keystone/Capstone (which, btw, you can specify what you want CE's disassembler to be, if you'd like), writing and debugging Assembly is easier than ever. That got a bit off track, but suffice it to say, once you spend enough time with it, CE's Auto Assembler can be quite nice! =)
Thanks man, really interesting @ Processor Trace and Function Hacker. I wish I had it some years ago, when I had more time and motivation extending/modding my old closed source favorite game.
This is just awesome. Does the parent/child script relationship work in much the same way for all games or is this particular method only for games that use Mono?
Yep, you can do that type of scripting with anything! The trick is registersymbol(), which allows you to reference things outside of any given script. So in this video, I used define(), label(), and registersymbol() such that I defined the address+offset within the function, labeled a point of reference within the parent script, then registered a symbol at the address+offset I defined, which creates a name for you to globally reference from anywhere (whether that's you right-clicking in the Memory Viewer and clicking "Go To Address," then entering the name of your registered symbol, or if you reference that symbol within an entirely different script--provided you've enabled the script that registers the symbol in the first place).
Important of note is that this is only parent/child because I made it that way. In other words, I could have had that child script stay independent of the parent script, or I could have nested it under any other script. The only stipulation for it to work in this case is that I first enable the script that says "Enable Me First!" So, as long as your script with the registersymbol() is enabled, any other script in your table that references the name you registered as a symbol will work! I just like to group together related scripts in a parent/child configuration like in this video. =)
That is so awesome. I've been trying to figure that one out for so long now. Would I be right in assuming that I could register a symbol to an array of bytes, find a value+offset that is unique to the player character and then using a different script to reference that array using the symbol I registered, and then everything will relate only to the player character (providing that instruction is being called) so I wouldn't get side effects like infinite ammo also giving NPCs infinite health? (because the comparison was already done beforehand)
Or is it really only useful if there's say one instruction that does heaps of different things like adding exp, adding/decreasing health, adding money etc and then only needing 2 scripts to manipulate all of that instead of a separate script for each one?
All of the above! I don't remember which video it is at the moment, but there's one where I created a script similar to what you outlined in the first paragraph. It's pretty awesome when you get script synergy to work like that!
There are some people on the CE forum who write absolutely insane scripts--stuff where even to this day, Immot sure what I'm looking at, lol. I'm pretty sure Cielo (or Ceilo) is one of those people, so go look that guy up on the CE forum and check out some of his scripts sometime. Tackling more advanced scripting is definitely going to be my focus in a bunch of my upcoming videos, like in the Let's Hacks!
sweet. it all makes so much sense now. I also came across a game that had scripts that totally isolated the player characters from everything so it eliminated a lot of the pesky compares that sometimes don't work because unique offset value wasn't so unique afterall. Thanks for the input!
I get this error when trying to assign to current cheat table:
"Error in line 4 (($lua)):This instruction can't be compiled"
I am running cheat engine version 6.5.1 My script looks like so:
define(InstaDestroyTreeDef, TreeHealth:DamageTree+17)
[ENABLE]
($lua)
LaunchMonoDataCollector()
($asm)
label(InstaDestroyTree)
registersymbol(InstaDestroyTree)
InstaDestroyTreeDef:
InstaDestroyTree:
db 89 47 24
[DISABLE]
InstaDestroyTree:
db 89 47 24
You have to use curly braces, like this: {$lua} and {$asm}.
Whoops. Thanks
you could do all of that, or you could just push the hotkey (L) to toggle the ball glow in the game :P
I dont have the Mono submenu, what do i do? CE 6.6
It'll only show when you attached to the mono game
wow, amazing tut, thx!
First I like to say I enjoy your video. I had some problems.
1. I had to use AOB injection instead of code injection because the op code I wanted to change would have the same address when I restarted the game here is what I mean.
PuzzleGame:OnUpdate+925
The next time I started the game it was.
PuzzleGame:OnUpdate+908
2. The call I want to NOP wouldn't have the same address so I had to Allocate memory to store the call address before I NOP it so I could disable my script.
So my script looks like this.
[ENABLE]
aobscan(NoPointReduction,E8 ?? ?? ?? FF 83 C4 10 8? 45 08 D9 80 80 00 00 00 DE E9)
alloc(NPR_SavedCallAddress,$5) //Allocates memory to store call address
registersymbol(NoPointReduction)
registersymbol(NPR_SavedCallAddress)
NPR_SavedCallAddress:
readmem(NoPointReduction,5)//Save call address to allocated memory
NoPointReduction:
db 90 90 90 90 90//NOPs the call
[DISABLE]
NoPointReduction:
readmem(NPR_SavedCallAddress,5)//Restores call address from allocated memory
unregistersymbol(NoPointReduction)
dealloc(NPR_SavedCallAddress)
unregistersymbol(NPR_SavedCallAddress)
This is for HuniePop to stop Bonus Puzzle Point Reduction.
ok, but how the heck to find mono in the lastest release, aaa
If IL2CPP is what you're referring to, use the latest version of Cheat Engine.
@@StephenChapman i just said i was using the latest release, bruh
@@Fairyslash I thought you meant with a game using the latest release of Unity Engine since this has come up a few times recently, lol. If nothing shows for you when you open the game process, then the implementation probably isn't Mono-based (or not in a way that Cheat Engine understands it, at least).
@@StephenChapman actually listening to the video helped, whoops
no idea what IL2CPP is tho
thx for da vid
Ничего не понятно, а многое не показано, но очень интересно:)
nice tut...... :)
FIRST AGAIN, HA-HA!