Cheat Engine

Vman11120 · How do I cheat? Reputation: 0 Joined: 23 Dec 2023 Posts: 4

Hi I just started with cheat engine I did the tutorial on how to find pointers manually and it was pretty straight forward. When I was trying same method for tekken I was getting something like this "mov [rdx+rcx+10],r8d" where it has both rdx and rcx and an offset.

So my question is how do I find the pointer for this?

ParkourPenguin · Posted: Sat Dec 23, 2023 1:09 pm Post subject:

One of them is probably significantly smaller than the other. The smaller one is part of the offset (don't forget the `+10`) and the larger one is the base address.

You can try the pointer scanner:
https://www.youtube.com/watch?v=3dyIrcx8Z8g

If you're running the game on an emulator, you might have a bad time. The pointer scanner would need a very big max offset corresponding to the emulated architecture's memory size (e.g. original playstation = 2 MiB), and even then it might not work depending on how close the emulator is to the original architecture.

Vman11120 · How do I cheat? Reputation: 0 Joined: 23 Dec 2023 Posts: 4

I attached result im getting. So in this example im assuming 84 is the offset and 22EC1770000 is the base address?

In that case how will calculate the offset do I use the programming calculator to calculate both like 84 hex would be 132 so 132+10 = 142 being the offset?

Im not trying it on an emulator im actually trying it on TEKKEN demo. Trying to find value for player 2 so I can change the character for him.

I tried the pointer scanner method and its just giving me no values. Its working for player 1 but player 2 is not for some reason.

ParkourPenguin · Posted: Sat Dec 23, 2023 2:59 pm Post subject:

Use hexadecimal for addresses and offsets.
The base address is probably 22EC1770000 as CE says. The offset would be the address being accessed (i.e. 22EC177094) minus the base address, or 94. This corresponds to rdx (84) + 10 too.

Vman11120 · How do I cheat? Reputation: 0 Joined: 23 Dec 2023 Posts: 4

Thanks to you managed to get first pointer working! Very Happy

Although I reached a dead end at the 3rd lvl pointer. What I noticed is when checking for base addresses it is always pointing to previous address but the cheat engine guess gives me "correct" one I have attached an example from pointer 1 debug. So im not sure if this is the correct approach or not. If I follow the cheat engine guess I cant get past 3rd pointer because its showing no addresses are found when I try to search.

I have a working version for player 1 (got from internet) that I want to make it work for player 2 so im trying to reverse engineer player 1 to test but also getting stuck at the same place although pointers/offsets are the same until I reach the dead end.

ParkourPenguin · Posted: Sun Dec 24, 2023 1:40 pm Post subject:

See the text at the bottom that says "The registers shown here are AFTER the instruction has been executed"

The instruction `mov rax,[rax+08]` reads the 8-byte pointer value at `rax+08` and writes it to `rax`. Logically, the value of rax shown in the window is not the same value rax had before the instruction was executed.