Cheat Engine

aikoncwd

Hi guru's

I have one big problem. I tried to hack a game, so I want to avoid my life decrease. The game is like a "pokemon-battle" style, so I start with 30 points of health and my enemy have like 10. In few seconds I found the address where my life is; I can manually-modify the value or freeze (this works very fine).

Well, when I have the address I "Find out what writes to this address", when I get a hit, I get this:

mgr.inz.Player · Posted: Sun Jan 27, 2013 7:34 pm Post subject:

we can start with basic stuff.

Your screenshot. Do this again and click first address, press ctrl+r. For second address too. Make another screenshoot which contain both windows, then post here.

dforell · Newbie cheater Reputation: 2 Joined: 31 Aug 2011 Posts: 14

This is a prime example of CE Tutorial Step 9.

Your working with this code...
fistp dword ptr [eax+38]

eax is the ship's structure
38 is the offset to the ship's hull rating

So you want to take a look at the entire ship structure for the player and enemy.
Put the eax addresses from the player and the enemy into the "Dissect data/structures" window.

You want to find a structure offset that is different between the player and the enemy.
You should note that offset 38 in the "Dissect data/structures" window should match hull values.
If not, your doin' it wrong.

My test suggests that offset 4 is what we are looking for.
eax+4 is 0 for the player, and 1 for the enemy.

Just create an auto assemble table with a check and skip.
That's it.

Example for FTL standard. (not GoG or Steam)
Overcommented.
This example can be modified to use AoB to work with all FTL versions.

CE refuses to accept "fldcw dword ptr [ebp-02]" or "fldcw [ebp-02]" in auto assemble,
So I had to just write the bytes. (The "db D9 6D FE" parts)
I created a thread about this in general.
EDIT: Just reread the post and I misread a response.
"fldcw word ptr [ebp-02]" is acceptable. db workaround not needed.

aikoncwd · Posted: Mon Jan 28, 2013 1:57 am Post subject:

@dforell: Thanks for your reply, that's why I want to do, but I want to know how to do this, instead of use a someone else code. I think this will help me a lot Very Happy

@mgr.inz.Player: Here is the screenshoot

The left window is for 1st address (my health), the right window is for second address (enemy health)

======================================

EDIT:

woow, I'm doing what you say dforell

1. Get the EAX values for my health and enemy health
2. Open the dissect data structure and put the 2 values
3. Offset 38 is the health of player and enemy
4. Offset 4 is diferent, 0 for me, 1 for enemy Very Happy

Well, at this point I think I need to compare the [eax+4] and jump if the result is 0 (me) and do a mov [eax+38],1E, yes?

I will try to do without looking your code Razz

Thanks very much, I'm learning a lot with this game Very Happy

dforell · Newbie cheater Reputation: 2 Joined: 31 Aug 2011 Posts: 14

It shouldn't be necessary to write 30 into the player's hull address. The simplest way would be to just prevent damage to the player's hull in the first place. Also, like you guessed, CE Tutorial Step 9 deals with just this scenario. If you can complete it, you should be able to mimic it exactly here.

aikoncwd · Posted: Mon Jan 28, 2013 3:38 am Post subject:

mgr.inz.Player · Posted: Mon Jan 28, 2013 5:31 am Post subject:

OK. Sometimes registry check is enough. My next suggestion would be structure check. But I see you already did it.

Look here btw. http://forum.cheatengine.org/viewtopic.php?t=550252
There were many attempts to achieve inf HP for Painkiller. After many tries, I finally made it.

aikoncwd · Posted: Mon Jan 28, 2013 5:41 am Post subject: