Cheat Engine

soulx` · Cheater Reputation: 0 Joined: 06 Jun 2006 Posts: 25

First of all ive seen a load of people posting topics saying "why are my values ??? or blank they worked the last time i opend the game".

No rebooting wont fix this problem (heard some1 say that lol) , this is DMA in action, DMA stands for dynamic memory allocation.

What does DMA do? to cut it short , lets say you make a life hack, youve got the address froze the value and never running out of lives.. the next day you boot up the game and go to use your life hack to find out the value has gone or has changed to something thats got nothing to do with your lives.. this is because DMA has re-allocated the memory.. meaning you have to repeat the whole process over again to get the correct address again..

How can you defeat DMA? its extremly simple these days with the tools available. Once you find your lives address and the value, we set a breakpoint on the address / Auto Hack( Tsearch option) for CE user's you can use Find Out what writes to this address.
Once you have done this, go in game and die Smile

, you will see the debug events pop up..

will be something like this :

1013C98 mov eax,[edi] <- the number of lives we already had is read from edi and placed into eax
101757C dec eax <- our value of lives is decreased by 1

As youve probably noticed already DEC EAX is what is decreasing our little characters life span Sad

so we need to get this the fuck out of there we can do this by NOP 'ing it since NOP = 90 we simply write the values 90 90 to the address 101757C , so we would poke/write the following:
101757C 90 90 you maybe asking yourself why did i use 2 90's? well thats because the original instruction used 2 OP codes, if you fail to do this when making a hack your game will most likely crash or do some fucked up shit.

Thats all there is to it! your hack will work everytime now.
For those asking yourself wtf is poke? well i use TMK ( trainer making kit ) for creating trainers and Poke is basically what you type before the address in TMK when wanting to write it to the memory. If i was using TMK i would write it like this in TMK.

Poke 101757C 90 90

i hope this has been of some help..ive probably made a sht load of typos and errors been up for like 30 hrs Rolling Eyes

pirateninja · Newbie cheater Reputation: 0 Joined: 20 Aug 2005 Posts: 10

Sorry but I don't think that is going to help noobs very much. You should of went into detail on what a pointer is and how pointers work. This is not how I would go about defeating dynamic memory allocation.

You address is moved, but where it is moved is not completely random, nor is it impossible to find out where it went. After finding your address, you can find out what writes to that address using a debugger, CE works. Look at the line that writes to it, and it should be something similar to move value, offset+address

The offset will never change, but that address will. That address is what you have to find. copy the address and go into CE, set search type to 4byte and check the hex check box, the first address that shows up will most likely be the one you want. So, if you set up your program to read from that address, add the value read from that address to the offset, then read from that value, you will have your value.

example using your code
1013C98 mov eax,[edi]
This code doesn't use an offset, most of the time programs will use offsets, to reduce the number of pointers. Most of the time, the X, Y, and Z coordinates of your character will share the same pointer, ex.
[edi]+4 = X coord address
[edi]+6 = Y coord address
[edi]+8 = Z coord address

In this example, you would look at the registers, look at the value stored in edi, copy that into notepad. Go back into CE's main window and do a 4byte hex search for that address. The first address on the list would be your pointer address. You can use pointers in CE by clicking the manual add address button and checking the pointer check box.

It would also be nice to explain to them what that code means. The Mov opcode takes the value in the second parameter and stores it in the first parameter. If a register is used, and it is in [ ], it reads the value from that address, else, it just uses the value stored in the register.

Xblade Of Heaven · Posted: Tue Jun 06, 2006 7:13 pm Post subject:

nops does not work with most of games of nowadays, since if it beams are possible that if you apply it to the life then the enemies do not moriran either, I no longer that to do, but the only thing which I need by knowing is as noses are made pointer of level 2. 3 or 4, and that I do not believe either that serves for the static directions, so I cannot advance since in English I do not find out to me much

Xblade Of Heaven · Posted: Tue Jun 06, 2006 7:42 pm Post subject:

soulx` · Cheater Reputation: 0 Joined: 06 Jun 2006 Posts: 25

NOP's dont work with most games nowdays? blade i think you need your brain examined lol... and pirate i didnt go into details because its not a tut on OP codes and ASM its a tut on how to defeat DMA and thats what it explains, i do not use CE.. maybe you have different method's than myself

Xblade Of Heaven · Posted: Wed Jun 07, 2006 3:44 pm Post subject:

to that the one comes from the brain? too much I do in making an effort to me using translators, like so that days even above tontadas, if you do not use CE that you use then? , in order to deceive one mov [esi], eax without offset since beams?

Future_Shock · Newbie cheater Reputation: 0 Joined: 28 May 2006 Posts: 13

soulx` · Cheater Reputation: 0 Joined: 06 Jun 2006 Posts: 25