 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
lockdown
Newbie cheater
![]() Reputation: 0
Joined: 20 Dec 2010
Posts: 12
Location: Anderson, IN
|
 Posted: Sat Sep 29, 2012 3:14 pm Post subject: What to do after you find an address and its value |
 |
|
Hello every one. I need some help with what to do after you have successfully found memory address to values you want to change. I have always got by by just loading up cheat engine every time I want to hack something. But, I want to progress further and start saving my working in trainers, tables or both, so I do not have to continue to find the same old values over and over again.
Here is how I am going to show you where and what part I am stuck on to try to make this very easy to understand. I am going to put the steps I take to find gold in Civ5 and where I stop because I do not know where to go after.
1. With Civ5 load up and a live game going I start up CE and add Civ5 to the process
2. I have 5 gold so I search for 500 gold (civ5 for you) and get a return back of 294 results
3. Go back into Civ5 end turn to get more gold and go back into CE and add the new value and usually get 1 or 2 black address
4. Now at this point I can usually just change this memory address value and it takes effect in Civ5, but of course I'll lose the value and progress if I should kill the game and bring it back up, and also, I continue to go on to find the (green) base address or I think people call it static.
5. Add newly found address in the work area (bottom area)
6. Right-click on the memory address in the work area in choose "Find out what writes to this address" option.
7. Go back into Civ5 and end turn again to get more money
8. In the popup window of CE I get this, "25C6D9F9 - 89 41 08 - mov [ecx+08],eax"
9. I double click on that new found code and write down the number in the [] box which in my case is 08 or 8
10. Then where it says "copy memory, The value of the pointer needed to find this address is probably FE4E3240" I copy FE4E3240
11. I stop and close the popup window in CE I hit "new scan" check "hex" box then do scan for FE4E3240, I get one result, 2643F478
12. In the address box in the top-left of CE I highlight that 1 found memory address 2643F478 then click the button called "Add address Manually", center right of CE
13. In the "Add address" popup box I check "Pointer" box then add 2643F478 with a value of 8
14. Now the value of the pointer I just made matches that of the first address I added, signifying I have made one successful pointer, moving on.
15. Since I have not found the green (static/base) address I am going to keep going until I do.
16. Right click on the pointer I just made and choose option" Find out what writes to this address" option, then a popup box appears and I pick "Find out what writes to this pointer"
17. Again, go back into the game end my turn to gain more money and go back into CE to see if I have another result
18. I did not get a result so I "Stop" button then go back to the pointer and right-click and choose option, "Find out what access this address" option.
19. Go back into the game end turn again, and this time get 10 results back, all this this same code:
Count Instruction
196 25BC8433 - 8B 8E 54F40000 - mov ecx,[esi+0000F454]
196 25BC8440 - 8B 8E 54F40000 - mov ecx,[esi+0000F454]
10 25BCBFDD - 8B 89 54F40000 - mov ecx,[ecx+0000F454]
13 25BBFA60 - 8B 81 54F40000 - mov eax,[ecx+0000F454]
1 25BEFB06 - 8B 8E 54F40000 - mov ecx,[esi+0000F454]
1 25BCD433 - 8B 8D 54F40000 - mov ecx,[ebp+0000F454]
1 25BEC76E - 8B 8E 54F40000 - mov ecx,[esi+0000F454]
1 25BC811C - 8B 89 54F40000 - mov ecx,[ecx+0000F454]
1 25BEBC60 - 8B 8E 54F40000 - mov ecx,[esi+0000F454]
1 25BEC148 - 8B 9E 54F40000 - mov ebx,[esi+0000F454]
20. I do not like the ones with multiple Counts so I pick the first Instruction that has only one: 1 25BEFB06 - 8B 8E 54F40000 - mov ecx,[esi+0000F454]
21. Write down the stuff between [] F454 for the point and then copy what is listed under "copy memory, The value of the pinter needed to find this address is probably 26430024", which is 26430024
22. Stop and close the popup box and hit "New Scan" check Hex box then search for 26430024
23. I scroll down and find a green address: 25DBBA64
24. Highlight the green memory address then hit the button called "add address manually"
25. Check the pointer box add the address I just found, 26430024 and give it a value of F454
26. I hit the "Add Offset" button to add the other pointer from earlier and its value, which is 8.
27. Now I have the 2 level pointer created that leads to the green static address and all three address added in my work area match in value which matches in my game.
28. And here it ends. From this point on I do not know how to save my work in a trainer or table where it will work for later use.
I hope now you guys can tell me what to do next.
Note: If I go back and right click on that green address 25DBBA64 that is the address filed and go to or choose "Browse this memory region" I see the bytes code in the bottom pane next to 25DBBA64: 24 00 43 26 00 00 00 00 40 04 BA FF 01 00 00 00
And Here is the selected function copy of the above pane that it too shows bytes:
CivilizationV_DX11.exe+4DC360 - FF 25 04E79200 - jmp dword ptr [CivilizationV_DX11.exe+52E704]
CivilizationV_DX11.exe+4DC366 - FF 25 F0E69200 - jmp dword ptr [CivilizationV_DX11.exe+52E6F0]
CivilizationV_DX11.exe+4DC36C - FF 25 ECE69200 - jmp dword ptr [CivilizationV_DX11.exe+52E6EC]
CivilizationV_DX11.exe+4DC372 - FF 25 E4E69200 - jmp dword ptr [CivilizationV_DX11.exe+52E6E4]
CivilizationV_DX11.exe+4DC378 - FF 25 E0E69200 - jmp dword ptr [CivilizationV_DX11.exe+52E6E0]
CivilizationV_DX11.exe+4DC37E - FF 25 DCE69200 - jmp dword ptr [CivilizationV_DX11.exe+52E6DC]
CivilizationV_DX11.exe+4DC384 - 8B FF - mov edi,edi
CivilizationV_DX11.exe+4DC386 - 55 - push ebp
CivilizationV_DX11.exe+4DC387 - 8B EC - mov ebp,esp
CivilizationV_DX11.exe+4DC389 - FF 75 14 - push [ebp+14]
CivilizationV_DX11.exe+4DC38C - FF 75 10 - push [ebp+10]
CivilizationV_DX11.exe+4DC38F - FF 75 0C - push [ebp+0C]
CivilizationV_DX11.exe+4DC392 - FF 75 08 - push [ebp+08]
CivilizationV_DX11.exe+4DC395 - 68 17C38D00 - push CivilizationV_DX11.exe+4DC317
CivilizationV_DX11.exe+4DC39A - 68 4075BD00 - push CivilizationV_DX11.exe+7D7540
CivilizationV_DX11.exe+4DC39F - E8 10060000 - call CivilizationV_DX11.exe+4DC9B4
CivilizationV_DX11.exe+4DC3A4 - 83 C4 18 - add esp,18
CivilizationV_DX11.exe+4DC3A7 - 5D - pop ebp
CivilizationV_DX11.exe+4DC3A8 - C3 - ret
What piece of information do I take from here to input into a trainer or table of CE?
|
|
| Back to top |
|
 |
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Sat Sep 29, 2012 7:40 pm Post subject: Re: What to do after you find an address and its value |
|
|
| lockdown wrote: |
28. And here it ends. From this point on I do not know how to save my work in a trainer or table where it will work for later use. |
Lol at first I though you didn't find the save button. Here is a little patch to end your manual pointer search:
24. Do step 241 and following.
241. Open the memory viewer.
242. Click on the upper part of the memory viewer (disassembler), press ctrl+G and go to address 25DBBA64.
243. Cheat engine will highlight a code line (actually some data interpreted as code). Press ctrl+C there and untick bytes and opcode. You should now have something like CivilizationV_DX11.exe+1234 in your clipboard.
244. Hit the button called "add address manually".
245. Check the pointer box add "CivilizationV_DX11.exe"+1234.
246. Set the first offset to F454.
247. Proceed to steps 26-27.
28. Hit the floppy button in the upper/left corner to save a table or trainer. (Choose .exe extension to save as a trainer, though making a working trainer required a bit more doing.)
| lockdown wrote: | [code snippet removed]
What piece of information do I take from here to input into a trainer or table of CE? |
None. When you hit browse this memory region, only the lower part of the memory viewer (the data view) goes to the address you selected. The upper part (the disassembler) is unaffected.
Now manually finding a pointer is a good exercise, but there is no guarantee that [25DBBA64]=26430024=a_part_of_your_pointer_path is not a coincidence. So try your manually found pointer, and if it works, enjoy it, but in the general case you should stop manually finding a pointer path as soon as there are several results in the memory scanner window and use the pointer scanner. So in your case you'd stop at step 21 and fill the pointerscanner window that way:
address to find mode
address to find: your money's address
the 4 options below: ON
address range: 1000 to FFFFFFFF
improve pointercan... OFF
pointers must end... ON
enter 8 in the box that just appeared
click add
enter F454
number of threads and priority: default settings
maximum offset value: 62549 (=F454+1) <- Pick 2048 or your greatest offset+1, whichever is greater.
level: 4*
Of course you'll need to do some rescans (ctrl+R) but use the value to find mode and enter money*100 here.
*Normally I'd say 5, but the deeper the level and the greater the max offset value, the longer the scan (and the more Gb of HDD space you use). Since 62549 is a FRIGGING ENORMOUS offset, so I'd lower the level, at least for a first try.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
| Posted: Sat Sep 29, 2012 8:17 pm Post subject: |
|
|
Slightly off topic, but just wondering.
Am I the only person that can see the symbols of functions in this game?
e.g: CvTreasury::GetGold is a pretty neat function to hook
Also, the *100 will break later in the game when for some reason cents are added to your money. I posted a custom type (money) somewhere in a civ5 topic that does this for you
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
