Cheat Engine

dark3h · How do I cheat? Reputation: 0 Joined: 29 Sep 2010 Posts: 4

Hey guys just looking for some help.

What I want to be able to do is essentially given the name of a character, find out their (x,y) location on map alternatively to give the name + location of every character within range.

By experimenting with two characters (one on my desktop and one and my laptop), I've found the memory addresses where the location data for the second character is stored as well as a list of memory addresses containing the name of the second character. I also discovered that their location information is only updated when the character is within a certain range.

I would like some advice on how to use this information to create an automated/semi-automated way of finding this information.

noko_112 · Posted: Wed Sep 29, 2010 9:46 am Post subject:

Might be possible, but it depends on the game having both values in the same structure ("block" of values).

dark3h · How do I cheat? Reputation: 0 Joined: 29 Sep 2010 Posts: 4

I think they are contained within the same data structure. Probably some sort of array with name, (x,y,z) co-ords amongst other things.

How would I go about getting to the root of such a structure to scan through it for people nearby?

Dark Byte · Posted: Wed Sep 29, 2010 1:18 pm Post subject:

You can debug it to find out what accesses it, and that way find the base address of the structure.

if it's a class object the first 4 bytes tend to contain a pointer to a static address that only objects of that specific class have.
you can then do a scan for that value and you'll end up with a list of all classes of that type (and a few bogus hits, but you can filter them out by checking for common stuff (e.g x,y z coordinates have to be normal)

dark3h · How do I cheat? Reputation: 0 Joined: 29 Sep 2010 Posts: 4

I tried to follow your advice but I've come to a little impasse.

This is what I've done so far:

I found the two addresses that contain the name of the second character.

I found several x/y co-ordinates of the second character.

I narrowed down those co-ordinates to the only pair that affects how the character is displayed on the first character.

I used the debugger to find out what accesses the x co-ordinate of that pair and found a good number of subtract commands with EAX/ECX + 50.

Does that mean that the base address for the entry is simply the x co-ordinate address - 50? Or is that the base address of the structure?

So if the address after having 50 subtracted is 13D6E7A0. Should I search for that hex value and that'll give me the base addresses of every other entry in the data structure?

If so, to find their x co-ord I'd just have to read from those addresses +50 right?

I also scanned for what writes to the x co-ordinate address and got one entry along the lines of 004546d3 - 89 10 - move [eax],edx. Does that mean anything?

Thanks for all your help. Sorry I'm a bit new to all this.

Dark Byte · Posted: Wed Sep 29, 2010 3:54 pm Post subject:

justa_dude · Posted: Wed Sep 29, 2010 4:51 pm Post subject:

dark3h · How do I cheat? Reputation: 0 Joined: 29 Sep 2010 Posts: 4

OK so looking at the those 4bytes gets me an address 0x005xxxx.

If I search for that I'm guessing I'll get the base addresses all of objects of that type (as well as some junk).

How do I go from that to finding the names/addresses of those objects?

Or is the best way to find out what's accessing a known x-coordinate and finding all the other addresses that it's accessing through the advanced menu. I'm guessing that'll give me all the x-coordinates and I could something similar with the ys. If so, how would I go about linking them to the name?