Cheat Engine

Varstal · Newbie cheater Reputation: 0 Joined: 14 Jun 2014 Posts: 20

Hello,

I'm trying to find a static offset, and I was wondering what the procedure is for offsets under a pointer. So let's say that at offset 08 there is a pointer and I go into that pointer and find a static value at 0010, how do I put that on paper for a cmp?

++METHOS · Posted: Thu Jun 19, 2014 1:00 am Post subject:

Varstal · Newbie cheater Reputation: 0 Joined: 14 Jun 2014 Posts: 20

Appreciate the response, I've just got one more question for you. In my other point you said that I should compare registers as well, which I did, but the problem I'm having is learning to put that in code. I've scoured over different tutorials and seem to be struggling with it. So this is my process.

1. Find address
2. Find what accesses it
3. Find what addresses have been changed by said code.
4. Look at the register and realize that ALL other addresses (not my characters) is 000010, or 16 in decimal at the register rbx.
5. Can't figure out how to put that into a cmp without crashing the program.

I know my code works because I've found offsets that work through a couple reboots before the number at that offset changes, so I've got to be doing something wrong with rbx.

I've tried cmp [rbx+24],000010
cmp rbx, 000010

++METHOS · Posted: Thu Jun 19, 2014 1:24 am Post subject:

Show the whole script.

Varstal · Newbie cheater Reputation: 0 Joined: 14 Jun 2014 Posts: 20

label(aob)
label(zombie)
label(friendly)
registersymbol(aob)
aobscan(aob1,F3 0F10 40 24 F3 0F 5A C0 F2 44 0F5A F8 F3 44 0F11 3C 24)

newmem:
cmp [rbx+24],000010
jne friendly
jmp zombie

friendly:
mov [rax+24],(float)100.0
movss xmm0,[rax+24]
jmp exit

zombie:
movss xmm0,[rax+24]
jmp exit

exit:
jmp returnhere

aob1:
aob:
jmp newmem
returnhere:

[DISABLE]
dealloc(newmem)
aob:
db F3 0F 10 40 24
unregistersymbol(aob)

++METHOS · Posted: Thu Jun 19, 2014 1:49 am Post subject:

Make sure you are running CE 6.3 or newer.

++METHOS · Posted: Sat Jun 21, 2014 10:21 pm Post subject:

Well?

Varstal · Newbie cheater Reputation: 0 Joined: 14 Jun 2014 Posts: 20

Hey,

I meant to respond earlier but for the life of me I couldn't find my own post. I found it and the info you gave me helped. It's been stable so thank you a ton! How do I up your rep for helping me?

++METHOS · Posted: Sun Jun 22, 2014 10:27 pm Post subject:

Thank you for letting me know.

FYI, I think you have to post more before you can give rep points. 'Thanks' is good enough for me.

Rissorr · Posted: Mon Jun 23, 2014 1:14 am Post subject:

Hey METHOS , just want to ask you why you used LEA and not just MOV (in your last post with the script)

++METHOS · Posted: Mon Jun 23, 2014 1:04 pm Post subject:

I don't normally do it this way. I just compare...

cmp edi,14EA50F4

lea is used for load effective address. We can compare both, addresses and values at address, as in this example for ammo:

edi = base address of ammo
+30 = offset from base address
edi+30 = address of ammo
[edi+30] = value of ammo