Cheat Engine

shingouki · Newbie cheater Reputation: 0 Joined: 23 Aug 2021 Posts: 14

Hello people,

I am new here and i don't have much experience with game hacking although i did some hacks myself using pointer scanners and for some games it works and some games it doesn't work so have to use other tricks.

Now i am messing around with AOB injections and all udemy courses and youtube they all use shooting games and assault cube as example. For sure this works, but i want to hack my own games.

I got stuck with a fighting game i spent over 40+ hours on it and cant seem to solve it.

I can fix infinity health in many ways, but then its for both players. Me and the enemy.

I have seen tutorials where you can use Commonalities in Cheat Engine so that you can tell the script to do a cmp on two offsets and then the script knows which one is you and which one is your enemy.

However ... what should i do if i use Commonalities scan and there is only 1 offset available and only one address that use this health bar?

I tried everything and i appriciate really you help.

Example code:

aobscanmodule(INJECT,SFTK.exe,29 4B 20 29 43 2C)
alloc(newmem,$1000)

label(code)
label(return)

newmem:

code:
sub [ebx+20],ecx
sub [ebx+2C],eax
jmp return

INJECT:
jmp newmem
nop
return:
registersymbol(INJECT)

[DISABLE]

INJECT:
db 29 4B 20 29 43 2C

unregistersymbol(INJECT)
dealloc(newmem)

You can see here on the substraction address (array of bytes) it shows ebx+20 and ebx+2C ... those are both to do with the graphics and values of the healthbar and nothing to do with the enemy.

Then when i check Commonalities they all refer to one offset that is: 20

So what should i fill in by:

newmem: ?

For another game like assault cube you can do something like this:

mov rax,[rbx+1C]
movzx rax,[rax+38]
cmp rax,0
je return
jmp code

But in my case i only have one offset so there is nothing to compare.

Appriciate your time guys.

Thanks.

Birdi · Posted: Mon Aug 23, 2021 2:16 am Post subject:

The idea in comparing offsets through sharedcode is that your health's base address, or nearby addresses, will often contain a constant that only the player has, and will always be there. This gets more complicated for games that use expansive sharedcode, but this shouldn't be impossible for you.

There's a few ways to easily get the health address for quick restarts, but assuming you can easily find those:

1) Find both your Health address and your enemy's Health address and add them to your table.
2) Open the Memory Viewer (CTRL+B)
3) Open the Structure Dissect tool (CTRL+D in Mem. Viewer)
4) Create a new group so you have two of them (CTRL+G in Struct. Tool)
5) Put your Health address in the first group, and your enemy's in the second group.
6) Under the Structures menu, define a new structure. Let it fill in the blanks for you.

Alternatively you can just regularly browse memory and find nearby values to your health that are always the same, but not for the enemy. This is more manual but can catch things the structure dissector may not automatically get due to how it fills in offsets/types, etc.

In your example, the health address is at [ebx+20] so your base address will start at your health address-20 (ex "0F18A69B-20"). You can use that to help find other possibly unique values between the health offset and the base.

With that, you can see the differences near the addresses.
You'll want to look for purple rows by default, as it means there's a difference in every group (unique values).
Take a screenshot or just note down the offsets to these purple values, reset your game and repeat these steps. Keep doing it until you're certain that with any combination of factors, you find the same value in the same offset from your health. This same value should just apply to your health address, and never the enemy.

When you have that unique value, you're pretty much done.
Let's say you found the Unique value at your Health Address+38.

Here, you would want:

shingouki · Newbie cheater Reputation: 0 Joined: 23 Aug 2021 Posts: 14

Thank you for your fast reply!

I appriciate your answer, although i am still stuck.

I dont understand where i can find this or understand this:

6) Under the Structures menu, define a new structure. Let it fill in the blanks for you.

All the others from your points 1 to 5 i understand and i done that.

Meanwhile i am still busy playing around.

Birdi · Posted: Mon Aug 23, 2021 3:44 am Post subject:

Here:

shingouki · Newbie cheater Reputation: 0 Joined: 23 Aug 2021 Posts: 14

I am back again.

I tried your suggestions and instructors and from what i understand about it it doesn't work for me.

The pruple part in your exploanation refers to me as offset 0 ... we know the global offset for both players is 20 and 2C so logically for me it means ebx+20+0, but no luck.

I am not sure if i can include a link here, but i created a YouTube video where you can track down my work and what i am trying.

/watch?v=03-QjnLWp-w

The reason i use 20+0 and 20+0+C is, because i think i see those paterns from the purple guidelines.

Also i tried different array bytes such as sub, because those are the substractions, but when i use your code it still doesn't work.

Please check my video and guide me ... i am really exhausted after so many hours, but i can't let it go that i am unable to hack such a simple game from almost 10 years old!

Birdi · Posted: Mon Aug 23, 2021 8:08 pm Post subject:

If your offset is +0 I can only assume you're checking against the current health or the base address, both of which will change during gameplay.

You need to look for addresses near your health that is always a specific value no matter how many times you restart the game, change character, etc.
I can't work on that game myself but for example assume the address +8 from your health is always 1 for you but 0 for enemies. You cmp against that:

shingouki · Newbie cheater Reputation: 0 Joined: 23 Aug 2021 Posts: 14

Thank you so much for your explanation!

I think i understand it now.

The biggest problem i have now is the following:

The game i want to hack have 2 life bars for each players.

So i need to make a comparision of 1 offset with 4 addresses and make sure the values are for my player different then the enemy. Very hard to find the correct value. Most of the time one of the player is in sync with the offset/addresses but then also one of the enemy have infinity life, because they share the same address of that offset for some reason.

Going to analyse further! But i got the idea and thank you very much for your code and explaning. I might add you soon on discord when needed, but i dont want to bother you too much since your help is good enough on this forum.

Birdi · Posted: Tue Aug 24, 2021 5:52 am Post subject:

It's no issue, I love helping people out.
If you need help don't be afraid to ask. It's a great way to learn!

--Solved externally

hexcypher · How do I cheat? Reputation: 0 Joined: 25 Jun 2021 Posts: 4

The comp operator might be returning one offset because its a multilevel pointer. It might be the offset for your next pointer. Does the DEC have MOV or JMP near it?

+2C could be an index and +20 could be a pointer. Did you follow those offsets in memory to see whats there?

Birdi · Posted: Wed Aug 25, 2021 9:44 pm Post subject:

As far as this case went, the game edits 4byte values 2 bytes behind, probably to deter cheating.. otherwise I'm not sure.
+C was the team's secondary character HP.