Cheat Engine

aochagavia · How do I cheat? Reputation: 0 Joined: 07 Nov 2019 Posts: 2

I am practicing my Cheat Engine skills around pointers and came across something confusing. I am practicing with notepad and my goal was to find a pointer to the first letter of the text. I have already managed to find the pointer I need, which is "notepad.exe" + 2C470 (see picture). For instance, in the picture I have notepad open with a text that starts with B, so the pointer points to the value 66 (the ASCII code for B).

However, if I manually add up the address returned by "notepad.exe" to 0x2C470 I get an address that points to nowhere. In fact, "notepad.exe" returns the address 0x7FF64C160000, which after adding it to 0x2C470 yields 0x7FF64C18C470 (see picture). This is different than the address you get when you type "notepad.exe" + 0x2C470 in the "Add Address Manually" dialog. What magic is Cheat Engine doing here that I am missing?

ParkourPenguin · Posted: Thu Nov 07, 2019 9:53 am Post subject:

"notepad.exe"+2C470 -> 24825A30008

The -> means the value 24825A30008 is stored at the address "notepad.exe"+2C470.

If you uncheck the pointer box, change the value type to 8 bytes, and set the address to "notepad.exe"+2C470, you should see the value is 24825A30008.

DanyDollaro · Posted: Thu Nov 07, 2019 12:34 pm Post subject:

When entering an address via the "Add Address Manually" button, remember to remove all space characters.
Because if I write something like:
"7FF64C18C470" will point to a memory region

but if I write something like:
"7FF6 4C18 C470" CE will interpret it as a symbol and not being registered will point to an unallocated memory region

aochagavia · How do I cheat? Reputation: 0 Joined: 07 Nov 2019 Posts: 2

Thanks ParkourPenguin and DanyDollaro for your replies. I now realize I didn't explain myself as well as I thought. Let me try it again in clearer terms.

EDIT: now I see that 7FF64C18C470 is a valid address that contains the value 24825A30008. Now everything is clear. Thanks!

I am keeping the rest of the post in case someone is interested, but you might as well skip it as it is wrong Smile

When adding an address using the "Add Address Manually" button, it is possible to either write the address directly (e.g. 24825A30008) or let Cheat Engine compute it using the "+" operator (e.g. 7FF64C160000 + 2C470). The latter case is the one that confuses me.

My expectation is that the "+" operator adds the operands, just as in ordinary math. Therefore, I expected 7FF64C160000 + 2C470 to yield 7FF64C18C470. This is not the case, however. Cheat Engine calculates a different value, namely 24825A30008.

In summary: if I type 7FF64C160000 + 2C470 in my calculator I get 7FF64C18C470. If I type exactly the same in the address field of Cheat Engine I get 24825A30008. What does the "+" operator do in Cheat Engine, since it clearly is doing something different than adding two numbers?

DanyDollaro · Posted: Fri Nov 08, 2019 9:52 am Post subject:

I think you got confused, the + operator returns the addition between the two opernades as value, so the expression "1 + 1" returns "2" which if added to the cheat table as it is not a valid address Consequently it will point to an invalid memory region.
And I say that you got confused because maybe you interpreted the value pointed by "7FF64C160000 + 2C470" as the value returned by the same expression.