Cheat Engine

[lockdown]

Sup everyone - I have completed all tutorials that CE had to offer and I thought I was on my way to being able to create some nice single player hacks for games I enjoy, but I am running into problems of "KNOWN VALUES" not being found when scanning.

Take my current issue with Civilization V, I am trying to find the memory address for total gold I have and can spend, and while searching the memory the second time I am coming up with 0 results or memory address that are changing all the time.

Sometimes I get a green "static" value which I know is false because it would, one (1) easier to find and not so random and two it should be black meaning a pointer which I think it is. I tried to use "FLOAT" but same problem. Note: I do play around with the green "static" numbers that I sometimes get looking and get, and use the technique named "find address that writes to use" and change the value in game and come back but nothing.

I don't get it, it should be pretty simple. If I have 100 gold and search for 100 gold and get 70,000 hits I should spend gold or increase gold, for example, 102 gold and search for the new value 102 gold to get down to a smaller search result, but nope, after one or two searches it goes to zero.

Can somebody explain what the game is doing and how they designed it to make it difficult to find.

[Geri]

Values are not always stored as You see them. The fact that You have 100 gold does not mean that it is stored as "100" in the memory too. It can be stored in any way that the programmer has seen fit. It can be encrypted too. In Civ 5 for example, You need to multiply the value with 100. When You have 1 gold, You need to search for 100. If You have 2 gold, You need to search for 200 etc.
Any value can be stored in any way. You always need to figure out how.

If You don't find something, start searching for it as it was an unknown value.

[lockdown]

Thanks a bunch for the quick reply. Is there a way I know what memory range are more important than others, so I can shorten the memory range that CE scans? I couldn't imagine that the entire memory range is important...

[Dark Byte]

the region around 70000000 to 7fffffff tends to be used for windows modules so you can often (not always) skip that, for the rest, it can be used and is used, randomly. So yes, easiest is just scan all.

e.g civ5 puts money it at fxxxxxxx when possible (on 64-bit)

If you find scans take a long time try adding more ram, get a faster cpu (multithreading is supported by ce) and fiddly with the scanbuffer. Smaller is sometimes faster depending on the scanresults you tend to work with



talking about civ5, it's not really encryption or anything, it just uses a floating point variable type not supported natively by ce: Currency

and as for civ4 for money, the money is only applied after you LEAVE a diplomacy screen, so don't scan while inside a diplomacy screen after giving someone a few gold coins (I think it was just a dword)

[Geri]

Yeah, it is not an encryption for sure. I meant that some games are using XOR's and other bunch of useless attempts to encrypt the value. I don't even know how should I call this. It isn't really encryption, just some failed attempt to hide their stuff.

[lockdown]

Thanks again for the response - I have a very nice system with plenty of ram. Scans are pretty much instant, but I just wanted to sort out the useless address and only scan the goods ones that are the most important for manipulation.

Here is another question. What is up with address that have values that are always changing?

[Dark Byte]

those are just addresses that get changed a lot.
think of it like the coordinates of the mouse, or the memory of the current sound sample being played back

[lockdown]

Ok, so I tired scanning for different multiplies of 1,10,100 gold, so for example, say I have 10 I would search for 1000 gold or maybe 100 gold, but nothing. It seems that the value after the first scan is being changed to a totally different address that isn't in the scan log and that is why I am getting zero (0) results after 2 or 3 scans. I tried do this for float scan but still no good. Didn't think hacking gold in a single player game could be so tough. Any ideas

Thanks

[Dark Byte]

first off, money is a 4 byte value stored as that same exact value
and remember that changes to the money do not show up in the game immediately (so when found and changed do something that affects money)
and that the address will change when you load a save

and the address containing the money is a black address

[Dark Byte]

I noticed you changed the title to Civ5

in that case make sure you select the ALL region so the ffffffff region is included as well else you won't find it
and use between value scans if you're not at the start of the game (later on fractions get into the value making it harder to find)

if you have 100 gold you scan between 10000 and 10100
if you have 600 gold you scan between 60000 and 60100

[lockdown]

Thanks a bunch Dark. I still have not been able to fine the memory address for gold, but have been able to fine cutler policy and golden age. I was able to apply what I learned in the tutorial and find the true value so each time I load the game the value can be changed without finding the memory address again, so that is hot.

I just read about last reply of yours and will give that a shoot, now. To note and correct me if I am wrong but I think that memory address like gold, cutler, and golden age change if you pick another nation to play. I notice that when I found the memory address for golden age and cutler policy and closed the game and brought it under the same nation (America) it would not be ??? and work, but if I should change to a different nation like Russia it would be different; do you think that is the case?

Lastly, regarding instant or 1 turn tech research, do you think you have to find the value for each tech or is there a way to find the +7 or +8 to science value and increase that. Because I think the more science points you have the faster you can research things.

[Dark Byte]

Of course the addresses change. It's just pure coincidence that most of the time in civ5 the addresses stay the same (probably because it allocates game details from top down memory, where not much changes between runs)

about tech:
There are two arrays
One if the total progress into the tech(uses the same value type as gold), and the other is a 1 byte boolean which is set to 1 when you've got it

[Geri]

I think the research points are calculated like happiness "on the fly". So the value at top is just displaying the research but it isn't really used to calculate research points at the start of Your turn.

Like changing the happiness doesn't have any effect. It is just calculated on the fly anyway from many factors. At least it seems so.

[Dark Byte]

The following script will give you the symbol "goldaddress" which points to the address the last accessed gold is (e.g gui update)

[lockdown]

I was able to find the gold address, thanks Dark Byte. It was a double pointer (could be more pointers). Both of your suggestions work to the letter. Switching the search scan option to "all" (didn't see that it wasn't default) then find the gold value worked, but it couldn't be me searching 98 gold out of 98 gold, it had to be 9800 like you said. Thanks much everyone.

So now I have: gold, golden age, and cutler points.

Wish list:
Unlimited movement
1 turn tech research
Unlimited health for units.

Last night I was able to fine tiles, so with that information I might be able to port units any where on the map wants I can find units. Could I do a text search for like say, "Warriors" and edit warriors heath and strength that way?

I would cheat and look at cheat tables but really want to get my searching abilities down before I learn any new stuff, you know...

Lastly, how does those two scripts above now to find all the pointers that the game is using? And I couldn't use the technique of finding all the pointers and pointing them to the real address (green) or vise versa and create a trainer that way?