Cheat Engine

Ma3X · How do I cheat? Reputation: 0 Joined: 12 May 2007 Posts: 7

Hi
i'm new to this but i try with some small freeware games but now i'm stuck
i found in a game named "Zelda forever" that the code for the bombs is a double and when i look at it in memory...well then i'm stuck....lol

is there anyone that could maybe give a hint how to handle this?
i'm not shure if it's possible to make a poke of it so i can create a trainer in TMK.

i add a pictures of what i talk about...

thanks

Labyrnth · Moderator Reputation: 10 Joined: 28 Nov 2006 Posts: 6301

This is a horribly programmed game, It is a serious resource hog.

It is too slow to run on my machine.
Pentium 4 2.66 Ghz
512 Ram

Thats not to good for the application to run bad on this.

But to help you out, maybe that address with the value of 4 is the same one each time?

If so just use it,

Dark Byte · Posted: Thu Nov 06, 2008 6:38 pm Post subject:

Try to find another instructions that writes to that address (or make sure it is a correct address and not a display only address)
a repmovsd is usually just a copy command

Ma3X · How do I cheat? Reputation: 0 Joined: 12 May 2007 Posts: 7

Thanks Labyrnth i will check and try use the 4
i will try that Dark Byte

well as so far..if i change value on the adress i found it change in the game to...and if i freeze it it stops at that number...
the problem is that the adress change every time i start so i guess i need to find the pointer, is there 2 pointer when it's double value?

there is no diffrence if i add a bomb or use a bomd...to bad it's the same adress.

Hmm.. then i guess i need to find the adress that the game compare if it should increse or decrese the value and there i will do the change for my trainer..

thanks for all help

Labyrnth · Moderator Reputation: 10 Joined: 28 Nov 2006 Posts: 6301

You will have to do like DarkByte said then if it changes.
Then you can see if it has a sub in the assembly.
Scroll up a bit once you see the instruction and see what you see ahead of it.

Psy · Posted: Fri Nov 07, 2008 2:45 am Post subject:

Check those lea commands. The first is loading that pointer into esi, to use as the source for the copy. The second is loading the destination address into edi. The repe movsd command will move the content from the source to destination until the counter register (ecx) is 0 (decreasing every 4-bytes). I would find out what those registers hold...

~Psy

Ma3X · How do I cheat? Reputation: 0 Joined: 12 May 2007 Posts: 7

found maybe something to use
i found
0058429A - c7 06 35 20 63 00 - mov [esi],00632035
and the extra info had a pointeradress...
1B357CA4

i looked it up and it gave me 6 new adresses the three first is zero value
until i get some bombs then they get another value...the value is the same as a jmp adress

it's change when new game so it's not right pointer...lol digging deeper

found these when i tryed know a little more about repe movsd

00584289 - a7 - cmpsd
0058428A - 0b e8 - or ebp,eax
0058428C - ff 8d 40 00 00 00 - dec [ebp+00000040]
00584292 - 81 3e 43 92 4e 01 - cmp [esi],014e9243
00584298 - 75 06 - jne 005842a0
0058429A - c7 06 35 20 63 00 - mov [esi],00632035
005842A0 - f3 a5 - repe movsd
005842A2 - 89 c1 - mov ecx,eax
005842A4 - 83 e1 03 - and ecx,03
005842A7 - e9 fe e7 e7 ff - jmp 00402aaa
005842AC - 03 e4 - add esp,esp
005842AE - b8 99 13 8f 0a - mov eax,0a8f1399

Labyrnth · Moderator Reputation: 10 Joined: 28 Nov 2006 Posts: 6301

0058428C - ff 8d 40 00 00 00 - dec [ebp+00000040]

maybe reverse this and see what happens

Ma3X · How do I cheat? Reputation: 0 Joined: 12 May 2007 Posts: 7

Thanks labyrnth, i will try that
and thanks 2 u2 psy