Cheat Engine

[kjmarket]

I can find the addresses and find out what writes to them, but it all changes everytime, so I need help, or a tut on defeating DMA....and not one saying the only way is with softice. It's an older game...Shadowflare...that I've had forever...btw...


EDIT


Ok, I'm gonna try and post some info hoping someone can help me. Seems like this forum is overrunw ith newbs that know nothing and only a few knowledgeable people that know their stuff. Guess I really have no room to talk as I don't know how to figure this out....

Anyway..the game is ShadowFlare, and for my example I
ll show you health. It shows HP(health) as health left/max health. Mine is currently 310/310. So I go and get hit and drop down, search for the new value, find one, change ti back to 310, and bam..its the right one. As newbish as newbish gets. The address is 05C243BC, though this changes everytime the game is run...obviously. I find out what writes to this address, and find the following:

00443edc - 29 be a4 01 00 00 - sub [esi+000001a4],edi

No I'm not asking what this does...I know some assembly, and I know this is subtracting the amount of damage, and that theres a pointer. I can replace this with code that does nothing and ti works great, which is ultimately what I want to do, but this addy changes too, so that is my dilemma. I go further by searching for the value it says is probably the value of the pointer, and I get a bunch of results. 13 addy's that stay the same and a bunch that change constantly. All 13 point to the address I found for health once I add em to the list. Add manually, click pointer, add address that I found, then add the offset and it points to my addy. Dandy. This value is black, and changes as well...so where do you go from here? I've done pointer scans on every one of them with no results, and on the original addy...all nothing. Finding out what reads from the addy that the pointer points to is worthless, as its the same thing as finding out what writes to the original addy. I tried finding out what writes to the pointer and I get hits on a bunch of them..as soon as I goto what writes tot hem..dont even have to go into game..and th epointer begins pointing at all different places. A few give results when i get hit, but point to a different address. Where do I go from here? I want to eventually nop the original sub command so I just dont lose health, not freeze the original value. Suggestions? Auto Assemble stuff maybe? Thanks.

[Labyrnth]

If this address is changing, Your are getting code shifting.
Most likely it maybe finding this address in a dll file.
There are some tutorials around the net on how to deal with code shifting and it is not going to be a fun trip.

00443edc - 29 be a4 01 00 00 - sub [esi+000001a4],edi


Here is one such post about it.
http://www.extalia.com/forum/viewtopic.php?t=2048

[kjmarket]

What I mean is that the addy's change everytime the game is run, not while the game is running.

[Labyrnth]

And that is code shifting.......

Another game i have seen that does this is Navy Seals.
Except it does it every time you reinstall it.

[Dark Byte]

thats just normal DMA, dynamic memory allocation
Stuff that can affect the location of the memory can be the position of your mouse, other programs that may have loaded in a different order, etc...

Try the pointer tutorial, or code injection, they teach you the basics needed to fix this.

[kjmarket]

I am trying tuts, but how do I do code injection that works everytime I play, rather than have to redo the code to inject everytime I start the game.

[Dark Byte]

sorry, just read it again, you're saying that the location of the code that decreases the address as well changes too?
e.g one time is's
00443edc - 29 be a4 01 00 00 - sub [esi+000001a4],edi
next time it's
00667edc - 29 be a4 01 00 00 - sub [esi+000001a4],edi
3th time it's
22abcedc - 29 be a4 01 00 00 - sub [esi+000001a4],edi
?

if so, then if you've found the instruction again, check in which module that code is. (e.g gamex.dll) You can find that out by looking in the memoryview and choose the option to show modules, and then use the notation of modulename.bla+offset to get to that address.

Also, if you do replace with code that does nothing, the codelist will also use that method to find the address