Cheat Engine

Bryce1113 · How do I cheat? Reputation: 0 Joined: 15 Feb 2024 Posts: 2

Hey there,
I've got an instruction here that compares eax+08 against 1.
imgur. com/hfzxNp6. png
Eax gets addresses of monsters as soon they're loaded in by the game, if eax+08 is 1 they're activated if it's 0 they're frozen. I'd like to find where these addresses are coming from to make a script that would set 0 in their addresses from the get go.
The issue is it loads a new address every time and I can't really use the Find out what reads/writes to the address since after they're loaded they are only accessed by this comparison.

I've been trying to break & trace but can't seem to find a clear path from where the eax gets its value. What is even [ecx+ebx]? So far I've just found that the ecx register doesn't change its address, pictured below.
imgur. com/SCP82jI. png

Been struggling to make sense of it for a bit, appreciate if you can point me in the right direction

ParkourPenguin · Posted: Thu Feb 15, 2024 12:02 pm Post subject:

ecx is a pointer, and ebx is an offset from the pointed-to address. That's probably an array access.

ecx is the value at [edi+5C], and ebx is edx*4 (from `lea ebx,[edx*4+0]`). edx is the loop value (second image, `mov edx,[esp+14]` / `inc edx` / `mov [esp+14],edx`). It's mostly one big loop, starting at Engine.dll+1CFE60 (the `lea`) and ending at Engine.dll+1CFFC5.

The values [edi+5C] and [edi+60] seem to be pointers to the beginning / end of valid values in the array. If you really want to track this down, you could try to watch those values and see when a new pointer gets added to the array (probably when [edi+60] increases, maybe when the other decreases).
Of course, the object the pointer points to was probably constructed before the pointer to it was added to the array. There's no guarantee the byte at [eax+08] is initialized anywhere near when the pointer gets added to the array. You might end up repeating this process again: analyze the code there to find out where the object came from.

Can you just use a code injection to set it to 0? If that's too intrusive, maybe leave it alone but always take the jump? Inject code at `cmp byte ptr[eax+08],1` and use this:

Bryce1113 · How do I cheat? Reputation: 0 Joined: 15 Feb 2024 Posts: 2

Thanks for your thorough reply.
I've tried to track it down further but there seems to be lots of layers to go through so I decided to put a pin in it for the time being since I was able to find an easier solution. Will be back to get to the bottom of it some day!
So the crux of the problem for me was that I wanted it to disable enemies just once and then not touch them again so I could manually disable/enable them. Turns out there were some unused offsets that could be used as flags for that so here's what I got. Oh and also eax+08 turned out to be a 4 byte value and there's a difference between player and enemies. (P.S. saw in a Sneaky Mofo's video that you need to pushf before compare)
Smooth sailing so far!

ParkourPenguin · Posted: Mon Feb 19, 2024 2:00 pm Post subject: