Cheat Engine

[anom7]

Hello, I'm testing with a rpg game were I have different items in the inventory. I can find any address (and value) of any item but I can't see how to add this on a cheat engine entry (a script one?) in order to see the selected value.

Correct me if this is wrong, but I found the addresses of the items following this steps:

1 Find any item address
2 Find wich code access to that address when I hover/select that item
3 In that code, click on "Find out what addresses this instruction accesses" and a popup will show me each address and value (item quantity) each time I hover/select any item

So, al works perfect, but I saw in other Cheat Engine Tables that there is a way to automatically show that address (and value) in a script entry.

I could not find any tutorial showing how to do it, I don't know if I'm searching with the correct words with "hover/selection".


How can I create a entry that automatically shows the address and value of the selected item that shows the pop up of "Find out what addresses this instruction accesses" function?

Thanks!

[ParkourPenguin]

Search "injection copy"

The code injection should copy the address of the value being accessed to some memory CE knows about (e.g. registersymbol or globalalloc).

Post the instruction accessing the addresses if you want more help.

[anom7]

Thanks, that was useful!

I knew "injection copy", I did it sometimes, but I did not know that I could create a variable and assign an address like [rax] to my new variable. So, that new variable is the one I can use as a pointer and see the quantity of the selected item.

I've seen a few videos, but this is the one I saw doing exactly this, and I found it useful: youtu.be/GeDv8_474HI?t=411

Now I can see that when the script is active the new pointer shows the address and value of the current selected item. Also, I can change the value of that address/item and change the item quantity with no problem


BUT I don't know why, If I active the script and enter to the inventory screen, the game crashes. I need to activate the script being on the inventory and then works ok. Even I can go back to the menu or the game. But I can't enter inventory with script activated.

It's not a big deal because the cheat is working, but I can't leave it on all the time (a hotkey should do the work for a easy use).

Even so, I really don't understand why is crashing:

- The aobscanmodule address to search is unique.
- Even if I create a "Template/AOB Injection" with NO modification, the game still crashes even no changes are done on the code. Well, there is a jump to the new code that it's identical, you know what I mean.
- I have also tried with "Template/Cheat Table Framework Code" + "Template/Code Injection" also with NO modification with same results.

About the code, just a simple example to see what is changing:

AOB Injection (scanning 44 8B 40 04 48 89 F1 89 DA wich is unique)

Script code disabled/original code (does not crash):

[ParkourPenguin]

Post the full script.

[anom7]

Yes, this is the full script, I've just recreated from "Template/AOB Injection" just to be sure no modification has been done from my side:

[ParkourPenguin]

The conditional jump instructions above the injection point, `je granblue_fantasy_relink.exe+3356010`, are causing the crash.
The jump to your code (newmem) takes up 5 bytes, but `mov r8d,[rax+04]` only consists of 4 bytes. CE has to pull in the next instruction to have at least 5 bytes. After the jump is assembled, the byte at `granblue_fantasy_relink.exe+3356010` is now in the middle of a `jmp` instruction, and trying to execute code at that address would be nonsense.

Try injecting at `granblue_fantasy_relink.exe+335600A`, and put the code that copies the address after the `je`. I think nothing should jump to `granblue_fantasy_relink.exe+335600C` directly. I'd also change the original `je` instruction to jump to the `jmp return` instruction in the code injection, but it's probably fine.

Also, change INJECT to something else. Registered symbols need to be unique across scripts unless you have a good reason to share them.

Then you can start adding code from that video. Pointers in 64-bit applications are 8 bytes (64 bits), so you need to alloc 8 bytes for the stored address.

In 64-bit code, most instructions can't directly access an address that's far away, so in general, you'd have to refer to that allocated memory indirectly through a register.

[anom7]

[Labyrnth]

Maybe?


[ENABLE]

aobscanmodule(INJECT,granblue_fantasy_relink.exe,44 8B 40 04 48 89 F1 89 DA) // should be unique
alloc(newmem,$1000,INJECT)

label(code)
label(return)

newmem:
; replicate original instructions
mov r8d,[rax+04]
mov rcx,rsi
mov edx,ebx

; then jump back
jmp return

INJECT:
jmp newmem
nop 2
return:

registersymbol(INJECT)

[DISABLE]

INJECT:
db 44 8B 40 04 48 89 F1 89 DA

unregistersymbol(INJECT)
dealloc(newmem)

[ParkourPenguin]

The value's type is a 4-byte value. The address of the value (i.e. the thing you want to store) is 8 bytes.

In the memory record you add, the type can be whatever you want- 4-byte is fine. I'm saying that the alloc should have 8 bytes to store the address properly.

[anom7]

@Labyrnth that code has the same problem as my initial code. ParkourPenguin explained it and proposed a fix: forum.cheatengine.org/viewtopic.php?p=5793659&sid=7822864e3d91b7878fff363d1b65b5fc#5793659

In my next post I wrote the fixed code that worked to me (well, the globalalloc must be 8 bytes instead of 4 as ParkourPenguin explained): forum.cheatengine.org/viewtopic.php?p=5793664&sid=7822864e3d91b7878fff363d1b65b5fc#5793664

Thanks for the help anyway!