 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
errorVEVO
How do I cheat?
![]() Reputation: 0
Joined: 03 Feb 2022
Posts: 1
|
 Posted: Thu Feb 03, 2022 1:08 pm Post subject: Find a number(x) to multiply (y) to get as close to (z) |
 |
|
Hello, I'm trying to help out a community I'm in by creating a cheat table. So far so good when it comes to creating it. But the issue now I'm having is that the player's HP and MP aren't filling up their respective bars all the way. The max value for these bars are 180(z) each. And the values of the player's health are always below or at times higher.
So as an example that I've been doing to get as close to 180 is multiply the max value of my mp being 50(y), I multiply that by 4(x) to get to 200.
But since every player has different stats, this process has to be automated. I just need it to run the calculation once for it to work. So I thought it can have a hotkey to toggle the script.
All that being said, all I need is (x) calculated so that the player's HP/MP bar (z) accurately reflects their current health (y).
If anyone can direct me towards a resource where I can learn how to do this, it'd be much appreciated! |
|
| Back to top |
|
 |
LeFiXER
Grandmaster Cheater Supreme
![]() Reputation: 20
Joined: 02 Sep 2011
Posts: 1066
Location: 0x90
|
| Posted: Thu Feb 03, 2022 1:37 pm Post subject: |
|
|
Your best bet would be to pull the pointer of the player struct with an AOB injection, locate the offset of HP/MP, then writing that value to the offset.
You can find the right location to use AOB injection by right-clicking the character's health address > click find out what writes to this address. A new window will popup which you'll want to keep an eye on. Then change the health in game.
Select the instruction that shows in the window and click show disassembler — do note, it can matter which instruction you navigate to. Set a breakpoint on that line (button with big red circle on it) then go change your health in-game. If the breakpoint triggers, the game will appear frozen. Switch to Cheat Engine and look at the registers. The one you will want to check is the one that was listed in the window which popped up after clicking find out what writes to this address.
Open up the dissect data/structure by navigating to the tools menu on the memory viewer window. In the address field enter the address that was held in the register then click structures > new struct in the menu.
If it's correct you will see values pertaining to your character. From there you will need to select the line in the memory viewer window that you initially viewed after clicking show disassembler. With the line selected, click tools in the menu followed by auto assemble. In the auto assembler window click template > AOB injection > click ok when prompted to enter an address > enter a name you will recognise for the AOB injection symbol. It should look something like this:
| Code: |
[ENABLE]
aobscan([name_you_entered],[array_of_bytes])
alloc(newmem,$1000,[name_you_entered])
label(code)
label(return)
newmem:
code:
// original instructions
jmp return
[name_you_entered]:
jmp newmem
return:
registersymbol([name_you_entered])
[DISABLE]
[name_you_entered]:
db [array_of_bytes]
unregistersymbol([name_you_entered])
dealloc(newmem)
|
Now, if the instruction/pointer was correct you can do something like this:
| Code: |
[ENABLE]
aobscan([name_you_entered],[array_of_bytes])
alloc(newmem,$1000,[name_you_entered])
alloc(player,8) // allocate 8-bytes of memory to store our pointer and give it a name for reference
label(code)
label(return)
newmem:
mov [player],rax // it may not be rax, select the register which holds the address
code:
// original instructions
jmp return
[name_you_entered]:
jmp newmem
return:
registersymbol([name_you_entered])
registersymbol(player) // we need to register the symbol so we can access it from within the cheat table
[DISABLE]
[name_you_entered]:
db [array_of_bytes]
unregistersymbol([name_you_entered])
unregistersymbol(player) // now we need to unregister it because we no longer need it
dealloc(newmem)
dealloc(player) // and last but least, we deallocate the memory we allocated to store the pointer
|
Armed with the information from the dissect window you can move the values you wish into the corresponding address by referencing the pointer+offset like so — note: it does depend on the data type on how to achieve this:
| Code: |
...
label(my_float)
my_float:
dq (float)180
newmem:
mov [player],rax
// Float
// when the breakpoint has triggered, click the ">" button on the right-hand side to check the xmm registers. Use the one that doesn't hold a value.
// For example. Say xmm0 was empty and the offset for HP was 10 (hex) you can do this:
movss xmm0,[my_float]
movss [rax+10],xmm0
// Note: movss is for single float values, if the value is a double you can use movsd instead.
// Integer (whole number)
mov [rax+10],(int)180
...
|
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
