Cheat Engine

[satanrules666]

Hi there all

just messing around with postal 2 trying to make a godmode cheat but the health is shared and i still dont get how the data dissector works or how you even make compares work

this is the code that comes up when i look what writes to my health

mov [eax],edx
pop esi
pop ecx
ret 0008

the problem is well there seems to be no offset so thats rather annoying

am sorta stuck as to what to do

if i see what the address
core.dll+3e146:
the one that writes to my players health writes to

i get the address for my character then alot of others and one that looks like a ai

do you put them side by side

im guessing in data dissector that the offset is at the left side

and then i guess that the under mines and the ai address is the value

but if i do this it doesnt work

so i use the offset 70 and there im 11 and the ai is 8 but if i use this it doesnt work

[Enable]
alloc(newmem,2048) //2kb should be enough
label(returnhere)
alloc(dothis,2048)
alloc(orthis,2048)
label(exit)

core.dll+3e146:
jmp newmem
nop
nop
returnhere:

newmem: //this is allocated memory, you have read,write,execute access
cmp [eax+1b4],1
je dothis
jne orthis//place your code here


dothis:
mov [eax],179
pop esi
pop ecx
ret 0008

orthis:
mov [eax],edx
pop esi
pop ecx
ret 0008

exit:
jmp returnhere

[Disable]
core.dll+3e146:
mov [eax],edx
pop esi
pop ecx
ret 0008

when i look back to data dessector i notice the number has changed there since i used the auto script

ive looked around the forum but for me im slow and nothing really goes into hardout detail for me so i find it really hard to understand

[Dark Byte]

First off, look up. See if you can find out how eax get's the value. I'm sure that your health isn't the first element of the structure you're in

Once you have found the real base address you can use dissect data on it. (I'd pick the first 2 bytes in the structure as the value to compare against)

[satanrules666]

what do you mean by look up what am i ment to look up

above the code that write to my health i have

Memory viewer
>>1013E126(con)
1013E138 mov eax,[esp+0C]
1013E13C mov edx,[esp+04]
1013E140 sub edx,eax
1013e142 mov eax,[esp+10]

also if i try to find out what addresses this instruction accesses
sub edx,eax

then the game freezes

this is on cheat engine 5.6.1

and i dont really get what you mean by first element of the structure you are in

[Dark Byte]

Looks like a function. It would be useful if you looked at the stack and find out what the caller is (usually located at ebp+4) and find there how esp+10 gets it's value.
Anyhow, an alternative method is just use the memoryview on the address of health and scroll up there.

See if you can manually 'see' where the structure starts (It usually starts on an address ending with a 0 and the first entry is a pointer to a static address)


And option 2:
Find the codes that accesses your health and see if there is a code that is only accessed for your own health (e.g used to render the healthvalue on the screen)
Then place a hook there, save the address, or just write it there

[satanrules666]

sweet just did it

i looked at more addresses this time and grouped them in data dissector

and alot of trial and error in the end i have this to share with everyone because hay sharing is caring and have made my first table to get around shared health

[Enable]
alloc(newmem,2048) //2kb should be enough
label(returnhere)
alloc(dothis,2048)
alloc(orthis,2048)
label(exit)

core.dll+3E146:
jmp newmem
nop
nop
returnhere:

newmem: //this is allocated memory, you have read,write,execute access
cmp [eax+1B4],1
je dothis
jne orthis//place your code here


dothis:
mov [eax],64
pop esi
pop ecx
ret 0008

orthis:
mov [eax],edx
pop esi
pop ecx
ret 0008

exit:
jmp returnhere

[Disable]
core.dll+3E146:
mov [eax],edx
pop esi
pop ecx
ret 0008

Thanks for all the help dark bite your the man and the new cheat engine looks more powerfull than ever

i also had a look at geris tutorials for data dissector and learnt a bit about it and groups which lead to this

however apon testing this more i found that as soon as you change area the game crashes

its a strange game as i also tried to make unlimited ammo and the code for ammo also works for dogs health which is strange

darkbyte i have what is hopefully the stack just needed to find out how to get it ive read that you can either place a breakpoint or break and trace instructions

since when ever i toggle a breakpoint the game goes so slow it basicly crashes even when you press F9 to tell it to run so i had to use break and trace

ill attach as a photo sorry that it is so massive for some reason paint in windows 7 likes to add a massive white background behind every screenshot

but atleast now you can see what i can

also can anyone tell me how do i set up a hook for my code to check against another addresses

[satanrules666]

So i got my code semi working yea it only gives me godmode but whenever i go to a different area in the game i get this

CopBlack estates.CopBlack0 (Function Engine.Actor.GetItemName:004E) Runaway loop detected (over 1000000 iterations)

History: FFrame::Serialize <- UObject::ProcessEvent <- (CopBlack estates.CopBlack0, Function Postal2Game.P2MoCapPawn.PreBeginPlay) <- ULevel::SpawnActor <- (CopBlack) <- AActor::ProcessState <- Object GameSinglePlayer estates.GameSinglePlayer1, Old State State Postal2Game.P2GameInfoSingle.Startup, New State State Postal2Game.P2GameInfoSingle.Startup <- AActor::Tick <- TickAllActors <- ULevel::Tick <- (NetMode=0) <- TickLevel <- UGameEngine::Tick <- UpdateWorld <- MainLoop

and the game crashes

i have no idea what this is ment to mean

[satanrules666]

Ok people have worked out the problem

some weird reason the original code rights to

[eax],0

had to do a compare to see if it was doing that while loading and make cheat engine disable the cheat while the game is loading the new area and re enable it when in the new area

[Enable]
alloc(newmem,2048) //2kb should be enough
label(returnhere)
alloc(dothis,2048)
alloc(orthis,2048)
label(exit)



newmem: //this is allocated memory, you have read,write,execute access
or eax,eax
jz orthis
cmp [eax],0
je orthis
cmp [eax+1B4],1 //place your code here
je dothis
jne orthis


dothis:
mov [eax],3e7
pop esi
pop ecx
ret 0008

orthis:
mov [eax],edx
pop esi
pop ecx
ret 0008

exit:
jmp returnhere

"Core.dll"+3E146:
jmp newmem
nop
nop
returnhere:

[Disable]
"Core.dll"+3E146:
mov [eax],edx
pop esi
pop ecx
ret 0008

sharing is good

ild like to say a massive thankyou to Darkbyte and to Geri who helped me aswell you guys both rule

[pumba]

[Dark Byte]

and all enemies in the game as well

[satanrules666]

yea i tried just noping the address that decreases health and it would give everyone godmode this script makes it so that godmode only goes to the player

ive tested it throughout the whole game and it works fine
and i know theres cheats for the game that do the same thing but i made this just for pure understanding of how the game works

[JohnT]

well what version do you use ??
if you found your health try doing what accesses and then go back to the game without moving and then go back and see the best one you actually dont have to use the data dissector i found an instruction that it is not shared

[danny96]

is it possible to turn this script to one hit cheat ? tested your code.When changing mov [eax],edx under the orthis is to something else for example 12C instead of edx , menu of the game starts to be invisible and some problem with doors.That is why I can not just put zero for edx.

[danny96]

I directly found adress of weapon damage .I wrote little script that everytime I shot game writes 999 in that adress .If anyone still looking this I can help.