Cheat Engine

virusinfektion · How do I cheat? Reputation: 0 Joined: 06 May 2008 Posts: 8

can yall gimme some help get thru part 6 on the cheat engine tutorial?
Ive read a few tuts on the forum but they are nothing more than a repeat of whats on the tutorial itself..

dreu · How do I cheat? Reputation: 0 Joined: 07 May 2008 Posts: 5

I forgot what #6 is but I completed the tutorial.

Gimme the password for it and I'll help you.

virusinfektion · How do I cheat? Reputation: 0 Joined: 06 May 2008 Posts: 8

Slugsnack · Posted: Thu May 08, 2008 9:53 am Post subject:

Okay, so this part introduces you to pointers and dynamic memory allocation.

I'm gonna tell you a bit about them both now so you'll understand exactly what you're doing.

A pointer is a memory address that holds the value of another memory address.

For example, let's say I had a pointer at 87F124. If I added that address manually to a CT, I would find it pointed to another address. Let's say this address pointed to is 6312F. So 87F124 is a pointer to 6312F.

The value pointed to will often change at each game restart due to dynamic memory allocation. To defeat this, you find the dynamic address' pointer and the value held by the pointer will update at each game restart.

Looking at the situation above, let's look at offsets. So at the moment we have just a memory address 87F124 that is a pointer to 6312F. So 87F124 has the value 6312F. But what happens if we want to find the pointer instead of the address 6313F ? It is 0x10 past the address pointed to by the pointer. Therefore the offset is 0x10. So to clarify:

Dynamic address = Value held by pointer + offset

The value held by the pointer must always be a 4 byte value.

So back to CE step 6. I assume you can find the dynamic address. I just did it and found it to be at 8F242C.

So to find the pointer of it, right-click it and find what writes to this address. What this does is find the instruction that writes to the address 8F242C (instruction that changes it).

The instruction is "mov [eax],edx". That means move the value of edx into the address of the value of eax. There are two options here. First off, you know pointer is EAX at that point with no offset because EDX (value of new "HP" or whatever) is moved to the address of the value of EAX. So EAX must hold the current dynamic address (8F242C).

The two options you have here:
1) Scroll up a little bit in the memory view after going to that address and see how EAX comes to have that value
2) Since you know offset is 0, you know that there is a 4 byte address in memory that holds the dynamic address (ie. 8F242C)

For the first option, after scrolling up (should be virtual address 45720F), you will find there is the instruction "mov eax,[0045cc34]". That tells you how EAX got its value. The value at 45cc34 was moved into it. Hence 45cc34 holds the dynamic address and therefore is the pointer. So you can just add that as the address of the pointer.

Second method is even easier. Just scan in 4 bytes for 8F242C (dynamic address) now that you know there must be another address in memory that holds that value.

You should find the same address (0045CC34).

So what happens when CE changes the pointer ? It changes the dynamic address to something else. But the pointer address you found still points to the new dynamic address. So 8F242C will be different but your pointer address (0045CC34) will still hold the value of the new dynamic address.

Pointers can be confusing at the start so it's not a big deal if you don't get them but it is a useful thing to know about.

virusinfektion · How do I cheat? Reputation: 0 Joined: 06 May 2008 Posts: 8

thanx man i really appreciate that. It helped a lot ^^