Cheat Engine

[gabarito]

Hi.

I'm trying to find out the system process or memory address to change values of Candy Crush inside BlueStacks.

I've searched about it, but only got results about the game running with Crome or Firefox, not an emulation, like BlueStacks.

I've tried searching Physical Memory, using New and Next Scan, as described in Tutorial, but no address worked.

I've tried changing settings to search inside memory region types, like MEM_MAPPED, using Windows and Kernel Mode Debugger and also using Query Memory Region Routines and Read/Write Process Memory.

I've also tried opening BlueStacks processes, like HD-Agent, HD-Frontend, HD-Sharedolder, HD-BlockDevice, HD-Network, HD-Service and HD-Adb.

None of above worked, unfortunately.

So, someone could point the right direction to me and warning what I'm doing wrong?

Thx.

----------------------


Updating:

After more tries, I could find two address, one for number of moves and the other, for points.

They are:

[SF]

Candy crush stores its data server sided. You're editing client-sided data, then the server is forcing the game to change back to the data it has on its end.

[gabarito]

[gabarito]

Updating...

I closed Internet connection, but the behaviour is the same: value in the game blinks, but do not change...

I guess that the reason is not because server is keeping the old value. If so, new value would be visible for just fraction of seconds, but only the old value blinks. And Internet connection is completely closed. No way.

Also:
I'm keeping the previous levels and lifes by saving these two files:
C:\Documents and Settings\All Users\Application Data\BlueStacks\Android\Data.sparsefs\Store
and
C:\Documents and Settings\All Users\Application Data\BlueStacks\Android\SDCard.sparsefs\Store

I found out that levels, waiting time for next life and lives are stored there.

Any suggestion about how to change, for real, the values in the game using CE?

[gabarito]

Following the track at how to hack Candy Crush, standalone (offline) style, using BlueStacks.

Yes, I have the address. It's possible by enabling MEM_MAPPED, Kernel Mode Debugger, Query Memory Region Routines and Read/Write Process Memory checkboxes, at program settings. Also, clearing Fast Scan checkbox, at Main window.

When I try to change the value, it just blink at the game screen, without change. Almost there...

I also tried to monitor "Find out what accesses this address" and "Find out what writes to this address", with context menu, but none results.

It's very frustrating because it looks like it's very close... but not yet.

So, I would appreciate very much some advice from an experienced user.


.

[Zaladine]

Try to hack it the other way around...

For example:
- Stage 1, Available moves is 20 ........ then search for 20 (4 bytes integer)
- Stage 2, Available moves is 50 ........ then filter for 50
- Stage 3, Available moves is 25 ........ then filter for 25
- Stage 4, Available moves is 80 ........ then filter for 80

You'll likely find 1 or 2 addresses... Just freeze them to, let's say, 250. Then for the next stages you'll have 250 moves available...

Then, maybe, we could find other hacks from here...

I am hacking it also on BlueStacks recently, so it should be works well for everyone...



: EDIT :

There's another way to hack it: Search how many move we've made, instead of how many moves left.
I just try it, and it works... Once you found the address, just reset it to ZERO...

[gabarito]

Zaladine, my friend, you're a genious! .

I was trying all kinds of ways to change the number of moves, without success. And here, just SF said some tip, but it didn't work.

First, I tried your tip to freeze the number of the moves and go to next level. It doesn't work. The same behaviour happens: the value keeps blinking all the time, but don't change...

So, I was hopeless about your next tip: freeze the number of moves made.

But wait! It works! It works like a charm!

We have to remember that, when the level is complete, quickly we must to unfreeze the memory, so the game can decrease the moves to zero and go ahead, finishing the level.

Zaladine, many thanks!
If you find out another way to deal with that, please feel free to share the tip, mate.

[Zaladine]

Don't freeze the address then. Instead, use CE Hotkey on it so we can reset its value to 0 in a single combo-key-pressed...
In the screen shot below, i used ALT+0 to reset it to 0...

Also, please notice that i use GroupScan Command to find the address immediately...

More info about both CE features (groupscan command and hotkey) are within CE helpfile...

[gabarito]

Good to know about CE hotkeys. I'll use them, so.
And I'll read and learn more about GroupScan command and use it too.

Wonderful tool, this CheatEngine.
How could I live until now without know about it???







EDIT:

In your example, you put 4 bytes for 2, 4 bytes for 16 and float value to -1.
May you explain that?
2 and 16 are moves/moves made?
What is -1?

Hotkey is fine. I do know how to set it.



.

[Zaladine]

Sorry for late reply... It was 4AM already here in Indonesia...

[gabarito]

[Zaladine]

[gabarito]

Hi, Zaladine.

I got a new challenge: some levels of the game requires a given time to do the tasks. I'm stuck in a level, 121, and can't go further.

How to cheat that level? It gives 90 seconds and display 1:30. How to increase this amount? Is this a float value? Or Double? How to get it, as it changes all the time?

[Zaladine]

I thought you'd never ask... This was done right after i post the 2nd screenshot...

Timer is in float data-type, stored as seconds...























SPOILER CLUE

Please re-observe my 2nd screen shot (the one with hotkeys window), and focus on the table:
- n moves = 0x59D9D2B4
- movement limit = 0x59D9D2B8
- constant = 0x59D9D2BC

TRUTH #1: constant in the table WAS actually time limit (float)...

TRUTH #2:
- In movement limited stages, time limit = -1
- In time limited stages, movement limit = -1

TRUTH #3:
- Player time elapsed timer value stored RIGHT AFTER time limit...

So in conclusion, assume that the table in the picture is actual address:
- 0x59D9D2B4 = n moves (4 bytes)
- 0x59D9D2B8 = movement limit (4 bytes)
- 0x59D9D2BC = time limit (float)
- 0x59D9D2C0 = elapsed time (float)

Then in regard of timer, we'll have 2 options:
- Increase the time limit value (e.g.: 3600 float = 1 hour)
- Place hotkey in elapsed time address so we can reset it to zero anytime...

Hope this helps...




Edit:
Sorry... Forgot to answer a question...

[gabarito]

Almost there.

Some questions:
1 - What do you mean with Player time elapsed timer value stored RIGHT AFTER time limit? 0x59D9D2C0 is not the right after 0x59D9D2BC. I thought it was 0x59D9D2BD.
And, if so, you mean I have to add address manually, pressing corresponding button?

2 - At present stage, I have no moves limit nor moves made. How to use GroupScan? I have just Time Limit.

3 - What do you mean about Memory Dump? Is it Memovy View button? If so, the window shows just "????" values.

4 - Do I have to press First Scan and Next (filtering) using wich values?

Thx for patience.