Cheat Engine

[brisingr]

Hi all,
I'me new, and I've some problem in creating my first cheat table.
I've found the instruction and created the structures. unfortunately, when I use the script the game crashe .

the original code is: "Starcraft.exe"+798B9: mov [ebx+08],eax
in the structure i found the value +1b44 where 0 is for player units and different value for enemy units.
When executed the game crashes. What's wrong?
Here is my script:


[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(player)

newmem:
cmp [ebx+1b44],0
je originalcode
jmp player

originalcode:
mov [ebx+08],eax
jmp returnhere

player:
nop
nop
mov [ebx+08],eax
jmp returnhere

"Starcraft.exe"+798B9:
jmp newmem
nop
nop
returnhere:



[DISABLE]
dealloc(newmem)

"Starcraft.exe"+798B9:
mov [ebx+08],eax

[ParkourPenguin]

It's unlikely, but if there's something that checks EFLAGS just after "Starcraft.exe"+798B9 (e.g. Jcc, CMOVcc), then it would probably crash the game since you're changing the EFLAGS register in your script.

The more likely scenario is that the game has some kind of a memory integrity check that makes sure its instructions aren't modified. If they have been modified, it'll crash the game. You can try disabling this yourself, or you could try the stealthedit plugin.

[brisingr]

how can I find this address by myself?
I don't know if this can help, but, after the crash i found a new opcode writing for the life value, this: 00C80012 - 89 43 08 - mov [ebx+08],eax

[hhhuut]

Click on "Add address manually", type "Starcraft.exe"+798B9 as address (it's the address from your script), save, rightclick on the new entry and choose "Find out what access this address".

Then continue the game for a while (some minutes should do), but do not activate any script.

If something pop's up in the debugger window, then it's probably a memory integrity check ...

[ParkourPenguin]

[brisingr]

thank you both for the help.

@ParkourPenguin: Sorry for the misunderstanding, I meant the instruction for the memory integrity check.

@hhhuut: in the debugger i found:
StarCraft.exe+798B7 - 2B C7 - sub eax,edi.
When replaced with the code that does nothing, the god mode affects player units and enemy units. Is it the memory check? How can I make god mode?

[hhhuut]

I don't think that's the integrity check since it's the instruction directly before the one you've used for your godmode (as you should have noticed).
Are you sure you've done all the steps I suggested in my previous post correctly?

And besides, what astonishes me about your godmode script (the one from your very first post) is, that the unit's life seems to be stored at offset "+08", but your ID is at "+1B44" which is a pretty huge offset ... Are you sure the unit sturcture really is that big?
Becuase if not, you maybe try to read from memory that is not always initialized and therefore your game can crash ...

[ParkourPenguin]

[brisingr]

[++METHOS]

It's likely one of two things...

1. As previously mentioned, your offset is too big.
2. You didn't let CE build your script for you.

[brisingr]

update:
meanwhile I've tried with another game (TA Kingdoms) and I've use the same procedure, the script works fine.

I've done a new structure dissect for starcraft.
the difference between the 2 games, in the structure dissect, concern the opset of the units health.
In the other game I found exactly the health value, in starcraft instead, at the +08 I found a pointer.
Is this difference important?

[brisingr]

Hi again,
I think I found the right address for comparison. I think I had the appcrash for the wrong address used before (I'm not sure but maybe the reason is 'cause I've also used the address of some friendly units with different colors in the same structuregroup)
Now I've not getting any crash... But unfortunately I don't know how to write the code to freeze friendly units health's.

[hhhuut]

From now on it's pretty simple (when you know where the maximum health is):

[++METHOS]

[brisingr]

Great! It works perfect.
Thank you so much.
Can you explain me why the command "push 00"?