Cheat Engine

kjmarket

The game is Land of the Dead: Road to Fiddler's Green, and I'm trying to get a health hack. I got an ammo hack already, but the health one is giving me problems, even if pretty damn funny. See I found two different addy's that take care of decreasing health. The problem is, it does it for the player and the zombies, so if I nop either one, the zombies won't die, and neither will I. I need it so it only affects me.

10136E9C - 2B C2 - sub eax,edx
10136E9E - 89 03 - mov [ebx], edx

The second addy I got from finding the addy for health then seeing what writes to this address. The 1st was obtained by browsing memory viewer.

To get the address, I searched for a 4 byte unknown initial value. I went through float and double, as thats usually used for health, but I tried 4 byte as a last resort,a nd after a while I ha done address left. It wasnt my health in the address, but a 10 digit number. I checked it in memory viewer and it was the first addy. I tried to see what writes, reads and accesses this address, but nothing pops up when I kill or shoot a zombie, but the same address ( address 2) shows up when Im damaged. Is there a way to only make it affect the player? Some sort of auto-assemble code maybe?

Labyrnth · Moderator Reputation: 10 Joined: 28 Nov 2006 Posts: 6301

YO i had this game!

You are going to have to look at the assembly, also in the lower memory view window for player ID.
The code will do a cmp or something so it knows if it is you or the zombie.

I wanted Sunbeam do this in a game once through VNC.
It showed 1 difference in the hex and ASCII code between the aliens and commando.

C for commando
A for aliens

He used this to do his code so he could get god mode to work for himself only.
He had to use a cmp in the script to let it know if it was him or enemy, If it was C it jumped to a nop, if it was A it jumped to the original code so the Alien would lose health.

setekh · Cheater Reputation: 0 Joined: 16 Feb 2006 Posts: 43

Try to get a pointer ..
If not you can see if the game is stupid enough to set a register to 1 or 0 or whatever if it is you and to something else for an enemy ... If the game is not stupid enough Smile

then find a bar or somewhere on the screen a label that holds your health like when you search for the value you will find more than one address but only one will be the actual address and the others will be values that are read from your address and used just for displaying , so if you find one of those then you can check if the value that you get is the value that is in that address and then you will know if thats you or not ...

if The_value_from_the_dual_instruction = Bar_value then Player=true <- get it !!!

so you must get that value as well and store it somewhere and then when you get the value from the instruction that decreases both yours and the enemy's health you will compare it to the stored value to be sure that this is you ...

Sorry but my English sux, but i hope you got the idea ... You can also search for routines that are only for your character and try to inject in there, or get the address from there - almost always there is at least one but it's pain in the ass to find it Wink

CZ3R0C · Posted: Wed May 16, 2007 9:19 am Post subject:

sub eax,edx ....change to
add eax,edx ?

It looks like values are stored in 2 different registers, eax and ebx...try changing the value of ebx(debug reg)@
10136E9E - 89 03 - mov [ebx], edx

setekh · Cheater Reputation: 0 Joined: 16 Feb 2006 Posts: 43

"sub eax,edx ....change to
add eax,edx ? "

and do what ? Crash the game Smile

or in the best case make both you and your enemy health go up, but i think that instructions are representing pointers to a struct ...

And when you have sub eax,edx then you substract edx from eax and write the result to eax ... in other words EAX=EAX-EDX

mov [ebx], edx :: [ebx] - is the address of that , and the other is the value that edx holds ...

so probably in EAX is a pointer to a struct and EDX will change for the enemy and player and every time will be the same for the player ...
It's like a - offset ... like if eax = 100 and the player health is at addr: 80 then edx will be 20 / all in dec / get the idea ...

Or it may be something else Wink

but for just that 2 lines of code it looks like that

kjmarket · Posted: Sat May 26, 2007 9:20 pm Post subject:

A few lines above these lines in Memory Viewer is a cmp instruction..is this the instruction I am looking for? If it is, whats my next step? I've never done a hack like this, so its all pretty newbish to me, sorry. I've tried tracing the cmp instruction, and when I get hit it shows a few values of 1 ina few different registers...is this what I'm looking for?

Labyrnth · Moderator Reputation: 10 Joined: 28 Nov 2006 Posts: 6301

The cmp or a test is seeing if the health belongs to you or enemy possibly.

In the lower memory window you need to look at the ascii on the right and find a difference between yours and enemy.

Or you can look around the net for a tutorial on doing structured health.
Or using player ID.

kjmarket · Posted: Mon May 28, 2007 11:19 pm Post subject:

I've been messing with this and I cant figure out how to determine player ID from enemy ID....must be stupid I guess. I have an addy for my health, and the addy that writes to it that I posted before, and I have no clue where to go from there. I can find no tuts on structured health, and it's driving me crazy. The address I've gotten to, nothing comes up when I check what accesses, reads or writes to this addy, so I dont get to a cmp instruction that way...only by scrolling up in memory viewer. Once again..no clue where to go, and no clue how to determine player ID from Enemy ID. This isnt even a hack I NEEDly..this is for educational purposes..to further my knowledge. Thats why I want to figure it out so bad.

**EDIT**

I was able to find an addy for my health only, but I dont want to just freeze it. I got it by clicking on find out what address this code writes to to in advanced options. When I find out what writes to it or accesses, its the same address that controls health for both..if that helps at all.

Labyrnth · Moderator Reputation: 10 Joined: 28 Nov 2006 Posts: 6301

Have you tried looking at what access's it ?

Also this is a thread about what your wanting to do maybe you can find what you need after reading it.
http://www.extalia.com/forum/viewtopic.php?t=1999

kjmarket · Posted: Mon May 28, 2007 11:32 pm Post subject:

Yes I have tried that,a nd thats wy Im about to bang my head against the wall. Thanks for the link. I'll look at the link in the AM..its in my favs now...too late to get into it right now. Thanks again, sir. Appreciate all the help.