Cheat Engine

frenchiveruti · Cheater Reputation: 0 Joined: 07 Jun 2009 Posts: 35

Hello Hitler that was kind enough at least to enter and read this, I'm going to keep it rather simple, but also it's going to be a kind of long post to fully explain my problem.
So, first of all, I'm playing Mount & Blade, and in the game you have a "leveling" system, with lots of different characters using the very same leveling up screen.

(As I can't post URLS, please refer to the first attachment)

So, I scanned for the value of for example "skill points", narrowed to one, searched what writes to them and I found the pointers for those, it's very easy and I have them indeed, but! I found out that the very same pointer for each character varies only on an... well, those things called EAX, EDX, etc. (what are those?)

As you can see here:
(As I can't post URLS, please refer to the second attachment)
So, my question is...
It's there a way for making cheat engine automatically change the "EAX" value every time I access a character skill sheet?
So, that way, I don't have to search for the values of each character and also wait them to level up in order to do so.

Thanks in advance, please try to be nice with the explanation, I'm not a genius in CE and it's functions.

ParkourPenguin · Posted: Sat Aug 27, 2016 8:43 am Post subject:

frenchiveruti · Cheater Reputation: 0 Joined: 07 Jun 2009 Posts: 35

ParkourPenguin · Posted: Sat Aug 27, 2016 10:37 am Post subject:

frenchiveruti · Cheater Reputation: 0 Joined: 07 Jun 2009 Posts: 35

ParkourPenguin · Posted: Sat Aug 27, 2016 11:26 am Post subject:

So, with regards to the skill points of the same character, its eax offset can change when the game is restarted?

Most of the stuff I'm seeing (the addressing mode, the imul instruction, changing displacement from edx, etc.) makes me believe that character is stored in some array-like data type of structures. There's probably some value somewhere in memory that specifies the offset into that array of the character you're currently viewing, but that would be complicated to work with.

I'm pretty sure there should be many other references to that structure stored somewhere else in memory. You can find some of these manually by searching for edx+eax instead of just edx like CE suggests (with regards to the instruction dec [edx+eax+2BC]); however, again, I would recommend using the pointer scanner since it is much faster and easier for beginners to use (and you don't have to know any assembly). If you do use the pointer scanner and it's taking too long, try setting the last offset to 2BC.

frenchiveruti · Cheater Reputation: 0 Joined: 07 Jun 2009 Posts: 35

Hi Again, so yes, I started reading the instructions that play around the game and I'll try to show what I've done so far BY THE WAY, NEITHER EAX EDX or 2BC change between game restarts, solid pointers.
First, I found the "green address" for the game, called so far

"mb_warband.exe+4B8298" (So, the game itself with an offset (I think It's an offset what's called?)).
To reach a "character skill points", this Pointer needs a first offset that's the same for all the characters and it's 140f0.
Then the second offset (that's driving me nuts) comes from the operation under EDX+EAX+2BC, the good news is that EDX and 2BC it's The same for every character in game and the game just varies the EAX for each individual one under a different HEX. So, for Sir Rayne (the guy in the first picture) it's EAX It's 1AF068 And for Bulloks (another character, lets call it B) it's 1B2F88. So, in the case of Sir Rayne, this Second Offset it's just the sum of EAX (variable) and 2BC (constant), and that gives me the address for the skill points for him.

Now, I have this (please refer to 1st attachment)
As you can see, there's a shitton of stuff happening, and I was lurking around each one of the stuff that happends when I click on the "show me your skills" button, and this is the one that I found that has the same EAX that the character:

ParkourPenguin · Posted: Sat Aug 27, 2016 12:19 pm Post subject:

frenchiveruti · Cheater Reputation: 0 Joined: 07 Jun 2009 Posts: 35

ParkourPenguin · Posted: Sat Aug 27, 2016 12:44 pm Post subject:

Who cares if EAX varies between characters? It has to do that; it's how the game chooses to handle those structures.

From this question in your first post:

frenchiveruti · Cheater Reputation: 0 Joined: 07 Jun 2009 Posts: 35

ParkourPenguin · Posted: Sat Aug 27, 2016 1:42 pm Post subject:

Find an instruction that accesses the address of any character's skill points when you view it in the character skill sheet menu. Right click on that instruction and select "Find out what addresses this instruction accesses". Go to whatever character you want and do whatever you need to do to make that section of asm run. The address of that character's skill points should pop up in the window without you needing to search for it.

Just make sure you choose an instruction that accesses all the address in the same manner and that you can make run whenever desired. The first instruction you posted (dec [edx+eax+2BC]) I'd assume is only run when you change the skill points, which may not be possible for every character as you said.

frenchiveruti · Cheater Reputation: 0 Joined: 07 Jun 2009 Posts: 35

ParkourPenguin · Posted: Sat Aug 27, 2016 3:23 pm Post subject:

Look at the "injection copies" section of this topic. It explains how to get EAX, store it in a registered symbol, and use that registered symbol in your table; however, you won't be able to use it in the offset field directly.

CE, in its current state, does not parse the offset in a pointer as anything except a literal hexadecimal value. You can use the fact that CE will look up symbols and dereference pointers in the address field. For example, if you store it in the registered symbol "character", the address would be "[[mb_warband.exe+4B8298]+140F0]+character+2BC".

frenchiveruti · Cheater Reputation: 0 Joined: 07 Jun 2009 Posts: 35