 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
macaroana
How do I cheat?
![]() Reputation: 0
Joined: 05 May 2012
Posts: 3
|
 Posted: Sat May 05, 2012 3:10 am Post subject: Help on some general questions |
 |
|
I
First of all, I did the tutorial and I kind of understood it, except for some things:
-At one point, it says that if an adress keeps changing, putting a code that does nothing (after I have seen what writes to that adress) will make it stop randomizing. Well, in the game I'm working with, I did that, and it worked, but there was a problem, it didn't "stay" after I restarted the game, or after I went to the lobby and started it again.
Also it would be great if I could get an explanation of what these things actually do. The tutorial was good, but it didn't say what that code that does nothing actually does (except for doing nothing xD) and in what situations it is usable.
-Pointers and the offsets. Well, there's really quite a lot that I don't understand here, so you might as well give me something to read about it xD, but something I'd like to know right now is, after I press "what writes to this adress" on an adress, and then double click the thing, it opens that window with "the adress that is most probably etc...", what are all those "ESI, EDX, etc" stuff there?
Now another thing about those that I'd like to clarify is, if on the red line it says [ESI+0000330], which one is the offset? Now I usually looked at the adress I was watching, and if ESI was the same adress, I'd only put 330 as the offset, but idk if I did it right, since I never actually found a stable adress using these pointer things 
-This doesn't really have anything to do with the tutorial, but, most of the times when I'm trying to find the adress for something, I come up with 2 or 3 results, each somehow linked to the other, where if I edit one, let's say from "3" to "5", it quickly goes back to "3", but when I edit the other one from "3" to "5", it stays "5" and it edits the other one to be "5" too. What's the deal with that? I've seen this even in nes rom games o_O
-Now about addresses. If I keep using pointers (like in the last tutorial), will I eventually find an address that is "stable"? By stable I mean, an address that will remain the same even after I restarted the game? For example, for the amounts of grenades I have, that way I could make a trainer out of it.
II
Okay this is the harder part (maybe for some of you pros there, this is piece of cake xD but I'm just a noob D: ). How can I find out the addresses to constants? Like, how do I find out the address for my character's speed, if there is really no way to change it ingame?
Also, in the game I'm working with, you have a weapon which can also fire grenades, but with a delay (like, 1 grenade, then 2 or 3 seconds delay before you can shoot another one). Now this delay is also constant and it cannot be changed ingame. Is there any way I can find the address and modify that delay value, so that I can "machinegun" with grenades? xD
III
Now the last thing I need help with is the memory view and the code injection. I kind of understood that, but what I want to do, is learn what that code means. I'm guessing "mov" moves something, but I really need a big tutorial on this 
Thank you for your help
_________________
Of course  |
|
| Back to top |
|
 |
661089799107
Expert Cheater
![]() Reputation: 3
Joined: 25 Jan 2009
Posts: 186
|
| Posted: Sat May 05, 2012 4:45 am Post subject: |
|
|
| Quote: |
-At one point, it says that if an adress keeps changing, putting a code that does nothing (after I have seen what writes to that adress) will make it stop randomizing. Well, in the game I'm working with, I did that, and it worked, but there was a problem, it didn't "stay" after I restarted the game, or after I went to the lobby and started it again.
|
Make sure that you are saving your cheat table, and that you are loading it when you attach to the game process.
What you may want to do is find the static pointer. This is covered in step 6 of the tutorial, and step 8 for multi level pointers.
Or you could also use pointer scan. To use pointer scan you do:
1). Find the dynamic address (black) that you want to find the static pointer of.
2). Right click that address in the address table and do "Pointer scan for this address", and then press "Ok". It will then prompt you where you want to save the pointer scan results. Then it will begin scanning.
3). It will most likely find several "static pointers", however most of them will not point to the address you want after restarting the game/your pc. So you'll want to either restart the game or your pc, and rescan (memory view->tools->pointer scan. Make sure you open your last results first)
| Quote: |
The tutorial was good, but it didn't say what that code that does nothing actually does (except for doing nothing xD) and in what situations it is usable.
|
"In computer science, NOP or NOOP (short for No Operation or No Operation Performed) is an assembly language instruction, sequence of programming language statements, or computer protocol command that effectively does nothing at all."
-- http://en.wikipedia.org/wiki/NOP
For example: (note SUB=subtract)
Let's say eax has the address of your health.
Note the below instruction is 3 bytes in length. (83 28 05)
| Code: |
SUB [eax], 10 // Decreasing health by 10
|
Well if we don't want to take damage we must replace this instruction with something else. We can't just delete the instruction
As the instruction is 3 bytes in length we must use the same amount of bytes to replace it. NOP is 1 byte (0x90) - so we can replace the instruction with 3 NOP's.
| Quote: |
-Pointers and the offsets. Well, there's really quite a lot that I don't understand here, so you might as well give me something to read about it xD, but something I'd like to know right now is, after I press "what writes to this adress" on an adress, and then double click the thing, it opens that window with "the adress that is most probably etc...", what are all those "ESI, EDX, etc" stuff there?
|
They are the values of the registers after the instruction (red) gets executed.
More information on the registers here.
| Quote: |
Now another thing about those that I'd like to clarify is, if on the red line it says [ESI+0000330], which one is the offset? Now I usually looked at the adress I was watching, and if ESI was the same adress, I'd only put 330 as the offset, but idk if I did it right, since I never actually found a stable adress using these pointer things Sad
|
0x330 is the offset.
What you would do is:
1). Take the value of ESI ("The value of the pointer needed to find this address if probably")
2). New scan: 4 bytes, check the 'hex' box and then type in the value you got (ESI).
3). You then take the address (though often times there are several) from results.
4). "Add address manually": check 'pointer', enter address (result from scan) and the offset (0x330 in your case).
| Quote: |
-Now about addresses. If I keep using pointers (like in the last tutorial), will I eventually find an address that is "stable"? By stable I mean, an address that will remain the same even after I restarted the game? For example, for the amounts of grenades I have, that way I could make a trainer out of it.
|
Yes
| Quote: |
Also, in the game I'm working with, you have a weapon which can also fire grenades, but with a delay (like, 1 grenade, then 2 or 3 seconds delay before you can shoot another one). Now this delay is also constant and it cannot be changed ingame. Is there any way I can find the address and modify that delay value, so that I can "machinegun" with grenades? xD
|
What is probably happening is when you fire a grenade it stores the current time in an address using a function like GetTickCount
Then when you attempt to fire another grenade it checks if the required time has elapsed.
So what you would do to find this address would be to scan using a 8 byte, as the time function would be an unsigned long. Using "unknown initial value" as the first scan.
Then you would throw a grenade, and search for an increased value, and repeat this process.
| Quote: |
III
Now the last thing I need help with is the memory view and the code injection. I kind of understood that, but what I want to do, is learn what that code means. I'm guessing "mov" moves something, but I really need a big tutorial on this
|
Indeed the MOV instruction "moves something": mov dest, src
For example:
| Code: |
MOV EAX, 1 // EAX register is now set to 1
|
More information on the MOV instruction here.
You can find a list of instructions here.
Didn't answer all questions, as I don't have time.
|
|
| Back to top |
|
|
macaroana
How do I cheat?
![]() Reputation: 0
Joined: 05 May 2012
Posts: 3
|
| Posted: Sat May 05, 2012 5:26 am Post subject: |
|
|
| Blacknight wrote: | Make sure that you are saving your cheat table, and that you are loading it when you attach to the game process.
What you may want to do is find the static pointer. This is covered in step 6 of the tutorial, and step 8 for multi level pointers.
I can't seem to find one, I don't know how to find another pointer after the first one, all my tries led me to addresses that didn't have the same value
Or you could also use pointer scan. To use pointer scan you do:
1). Find the dynamic address (black) that you want to find the static pointer of.
2). Right click that address in the address table and do "Pointer scan for this address", and then press "Ok". It will then prompt you where you want to save the pointer scan results. Then it will begin scanning.
3). It will most likely find several "static pointers", however most of them will not point to the address you want after restarting the game/your pc. So you'll want to either restart the game or your pc, and rescan (memory view->tools->pointer scan. Make sure you open your last results first)
Do I really need to restart the whole game? Or is it enough just to have the old address not work? Because when I die, the old addresses don't work, and I tried with pointer scan, but every time, at the second scan, it gave me 0 results
"In computer science, NOP or NOOP (short for No Operation or No Operation Performed) is an assembly language instruction, sequence of programming language statements, or computer protocol command that effectively does nothing at all."
For example: (note SUB=subtract)
Let's say eax has the address of your health.
Note the below instruction is 3 bytes in length. (83 28 05)
| Code: |
SUB [eax], 10 // Decreasing health by 10
|
Well if we don't want to take damage we must replace this instruction with something else. We can't just delete the instruction
As the instruction is 3 bytes in length we must use the same amount of bytes to replace it. NOP is 1 byte (0x90) - so we can replace the instruction with 3 NOP's.
So I need to replace with code that does nothing 3 times?
They are the values of the registers after the instruction (red) gets executed.
More information on the registers .
| Quote: |
Now another thing about those that I'd like to clarify is, if on the red line it says [ESI+0000330], which one is the offset? Now I usually looked at the adress I was watching, and if ESI was the same adress, I'd only put 330 as the offset, but idk if I did it right, since I never actually found a stable adress using these pointer things Sad
|
0x330 is the offset.
What you would do is:
1). Take the value of ESI ("The value of the pointer needed to find this address if probably")
2). New scan: 4 bytes, check the 'hex' box and then type in the value you got (ESI).
3). You then take the address (though often times there are several) from results.
4). "Add address manually": check 'pointer', enter address (result from scan) and the offset (0x330 in your case).
i've done this and found a pointer with the same value, that was good, but then I have to find a pointer to that pointer right? I did the same thing (with what writes to this address) and it gave me a more complicated calculation this time, I don't really remember it, but it was something like [EAX+ESI*4] and EAX was the address from the "probably is" thing. Now I searched the "probably is" value in hex, and it gave me about 8 results (one was in green), I picked the first one and added it manually with the offset only ESI*4 (calculated in hex, it gave me like 1cf44 if I remember correctly). Then it gave me an address that didn't have the value of the original address
| Quote: |
Also, in the game I'm working with, you have a weapon which can also fire grenades, but with a delay (like, 1 grenade, then 2 or 3 seconds delay before you can shoot another one). Now this delay is also constant and it cannot be changed ingame. Is there any way I can find the address and modify that delay value, so that I can "machinegun" with grenades? xD
|
What is probably happening is when you fire a grenade it stores the current time in an address using a function like
Then when you attempt to fire another grenade it checks if the required time has elapsed.
So what you would do to find this address would be to scan using a 8 byte, as the time function would be an unsigned long. Using "unknown initial value" as the first scan.
Then you would throw a grenade, and search for an increased value, and repeat this process.
I did this and it didn't work D:
| Quote: |
III
Now the last thing I need help with is the memory view and the code injection. I kind of understood that, but what I want to do, is learn what that code means. I'm guessing "mov" moves something, but I really need a big tutorial on this
|
Indeed the MOV instruction "moves something": mov dest, src
For example:
| Code: |
MOV EAX, 1 // EAX register is now set to 1
|
More information on the MOV instruction.
You can find a list of instructions .
Didn't answer all questions, as I don't have time. |
Thanks for all the help so far
Oh btw, what about the character speed or the jump height, that can't be modified ingame? How do I find an address for them?
_________________
Of course |
|
| Back to top |
|
|
macaroana
How do I cheat?
![]() Reputation: 0
Joined: 05 May 2012
Posts: 3
|
| Posted: Thu May 10, 2012 10:53 am Post subject: |
|
|
I could use some help here D:
_________________
Of course |
|
| Back to top |
|
|
661089799107
Expert Cheater
![]() Reputation: 3
Joined: 25 Jan 2009
Posts: 186
|
| Posted: Thu May 10, 2012 3:32 pm Post subject: |
|
|
| Quote: | | Oh btw, what about the character speed or the jump height, that can't be modified ingame? How do I find an address for them? |
For character speed you could try searching for an increased/decreased value depending on whether you are moving or stopped. (May need to use hotkeys, if there is no auto run)
For jump height you would need to find the address for your characters UpDown axis. Then do find out what writes to this address, and jump.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
