Cheat Engine

[frubam]

Noob to CE here =03. I was looking at a value that prorates damage based on the number of hits. It starts off at 100(its a %) and decreases by 10(if I use a normal attack) or 20(special attack). I want to just keep it at 100. I found the value in a particular area of the game, did "Find out what writes to this address" got the opcode that writes to it (30D51AD7). Shows that it takes the value of 100 that's in dx and moves it to the location in memory where I found it(highlighed in blue). The disassembler shows the value written to edx in an earlier opcode(orange box: mov edx,00000064). However, the values around it change depending on the area I am in, as well as the area in memory the prorate value is placed. So I am at a loss as how to what I should be doing to even find how the instructions are placed in memory or keeping track of the prorate memory location.

[PinPoint]

What is the game?
did you try changing the opcode to mov [ecx],64 or noping it to see if it works first?

use the template for AOB scan on the instruction and you can search the memory viewer for what ever you called it when its active.

If this set of instructions is inside a call You can break and trace and find out where it is called from.

[frubam]

Sorry for the late reply even though you replied so fast =02; I didn't know WHAT the heck you were talking about as far as templates and b&t was concerned, so I had to educate myself using some topics around here(Rydian's guide was especially helpful).

Messing around with Tales of the Abyss on the ps2 emu still. Using nop worked just fine and I did as you said and it worked =03! I took it one step farther than just keeping it at 100 and altered the prorate rate of decline from 20(bottom Tracer) to 10(top Tracer) per special attack. B&T definitely helped; it let me see that the game adds the prorate value to a max value DWORD minus 20(FFFFFFEC), instead of subtracting 20.

I appreciate pointing me in the right direction =03. Thanks \(*,*\)!

[frubam]

I have a question if someone doesn't mind answering. Is there any downside/detrimental effect of having a super long signature? For example, looking at a script for Tales of Zestiria, they had only 5~8 byte signatures, but I'm using signatures for Tales of the Abyss that are, like, 100 or so bytes long, with appropriate wildcards, and still can't find anything unique =01. Is there some fundamental strategy I'm not utilizing?

[Zanzer]

The downside of using a long signature is simply that it is more likely to break when the game updates.
Since your AOB is covering so many instructions, it's more likely something could change when they recompile the game.

Often times the cause is simply because the game seems to store multiple copies of the same function.
You can manually perform an AOB scan with a smaller set of bytes and find out where your instruction appears.

If you're lucky, it will be the first address returned by the search, in which case you can use the standard aobscan().
CE will simply stop when it encounters the first result and inject your code there.

If your instruction isn't the first result, there are various posts on these forums for using a Lua AOBScan().
This way you would be able to pick one of the subsequent results as your injection site.

Chances are if your result is the second one found, it will always be the second one found even after the game reloads.

[frubam]

Okay, super late, but I knew nothing about Lua, so I a smidgen bit of reading. Still pretty much a beginner, but how do I use the Lua aobscan return values inside the AA script? I've looked around, but can't seem to find the correct topics on the matter =0(.