Cheat Engine

wicked357 · How do I cheat? Reputation: 0 Joined: 04 Jan 2011 Posts: 7

In learning I am using Torchlight for this, I found the base pointer using CE. So when I restart my comp or game I can use this same address to change the value anytime since it doesn't change. Here is what CE gives me:

Example.png has the image to save time typing it all.
NOTE** The last pointer is "Torchlight.exe+009885E8"

I now have this code:

Dark Byte · Posted: Fri Jan 14, 2011 9:18 pm Post subject:

You'll need to find the module address of Torchlight.exe and add 0x009885E8 to get to the static address

easiest is using toolhelp32snapshot and then module32first/module32next to find it (module32first will most likely already contain what you need)

wicked357 · How do I cheat? Reputation: 0 Joined: 04 Jan 2011 Posts: 7

I am not familiar with your recommendations, could you provide an example or a link to something I can read a little more about it exactly?

I found some information about this method you mention only thing is I don't see how it is different than what I have for finding the process. I am not seeing how I turn this into an address and use it like my other address to add to each other.

Here is the link I found,

deathsoft[dot]com/forum/index.php?showtopic=20

EDIT** I tried something like,

DWORD Mod_Add = Process32First(snapshot, &pe32);

but that didn't work, so right now I am shooting with a blindfold on, but ill keep searching while I wait for a response. I did some research and found that Process32First returns a boolean so that makes sense why it dodn't work...

hcavolsdsadgadsg · Posted: Fri Jan 14, 2011 10:59 pm Post subject:

you're right, randomly guessing and putting things in isn't going to work.

http://msdn.microsoft.com/en-us/library/ms684218(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/ms684225(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/ms684221(v=vs.85).aspx

there is an example for looping through it, pretty simple.

wicked357 · How do I cheat? Reputation: 0 Joined: 04 Jan 2011 Posts: 7

I noticed while messing around using Module32 only shows my DLL's when it is listing. My address shows this "Torchlight.exe+0098...." wouldn't I use processentry? if so, I see there are many variables to it, the only one that catches my eye is szExeFile, because it appears to be HEX. My only issue here is before I go along and rebuild this proram I have a mess right now, wouldn't that not be the address but the name in HEX? If so I am obviously at a deadend unless one of those weird numbers is the process address. I see moduleentry has an address member, but again this isn't a dll.

atom0s · Posted: Sat Jan 15, 2011 12:15 am Post subject:

Torchlight.exe is just a symbol. CE just displays it as the name for convenience to you to understand what the offsets are based from. Module32First / Module32Next will return each of the module names and their base address.

wicked357 · How do I cheat? Reputation: 0 Joined: 04 Jan 2011 Posts: 7

EDIT** My problem was my actual base pointer, I found choose another pointer out of pointer scanner that was a DLL and it had 5 offsets and I got it all to work good. I had to tweak the crap out of my code still it was a mess as it was. But I will be doing more test with it tomorrow to make sure it is working ok. Thank you for your assistance.