Cheat Engine

atzmo · Posted: Wed Dec 26, 2007 8:09 am Post subject: settler 6 help

//sorry for the doublepost//

hi guys,

i´m noob in cheating and i´ve a question.

i started the game blabla and drop a little wood.
i search to the new value an found 2 adresses.
if i write the first value it happens nothing so i change the second value and then it works.
problem: restart and all the good adresses are empty.
i try to make it better *g*

ok.ok. ( why 2 adresses ? )

i try "find out what writes to this adress" and i drop a little wood again.
ok.

now i see:

0052ad4b - 8b 04 88 - mov [eax,[eax+ecx*4]
0052ad78 - 29 38 - sub [eax],edi

i try "find out what writes to this adress" by the 2. value

0054eab7 - 89 54 07 04 - mov[edi+eax+04],edx

i try "find out what access this adress"

0052ad4b - 8b 04 88 - mov [eax,[eax+ecx*4]
0052ad78 - 29 38 - sub [eax],edi

mmh, ok

i take a look at the more information page but i don´t it understand the operations ( no adresses only operations etc ) so i try a scan for the probably pointer adress.

ok.

i´ve a adress 02f7dfac but i don´t see what is todo.

is it possible that i can´t get any pointer by this game and only codeinjection works by the game and HOW ?

if anybody has a little time to download settler 6 - rise of the empire in demo version or full game to try it out.

www .ubi. com/UK/Downloads/Info.aspx?dlId=2331 (i can´t post url please remove the spaces)

big thx for help (i´m learning)

gr33tz
atzmo

Labyrnth · Moderator Reputation: 10 Joined: 28 Nov 2006 Posts: 6301

0052ad78 - 29 38 - sub [eax],edi

This instruction looks like it would be the one that handles you losing some wood.
edi is the amount dropped, subtracted from the address [eax]

atzmo · Posted: Thu Dec 27, 2007 5:19 am Post subject:

ah ok thx.
i update the game and did the same again.

now i´ve found the right an edit the adresses an they works fine.

Poke 5504AA 90 90 90 90
Poke 52C2DF 90 90

Poke 5504AA 89 54 07 04
Poke 52C2DF 29 38

how can i change the value at trainestartup. the injection code here is only for freez the value but i want 1000 or 1000 at start up.

//edit i have big trouble to find the right one for the 2. adress..
any idea ?

52C2DF: sub [eax],edi is ok but the rest Sad

???

52C2B2: mov eax,[eax+ecx*4]
52C2DF: sub [eax],edi
550411: mov ecx,[esi+0x4]
550222: mov eax,[eax+0x4]
55062D: mov ecx,[ecx+0x4]
55063E: mov eax,[eax+ebx*8+0x4]
55049E: mov ecx,[ecx+eax+0x4]
5504AA: mov [edi+eax+0x4],edx
5504B6: push dword ptr [eax+0x4]
550E2F: mov esi,[ecx+ebx+0x4]
550E6A: push dword ptr [eax+0x4]

Crying or Very sad

thx for help
atzmo

Labyrnth · Moderator Reputation: 10 Joined: 28 Nov 2006 Posts: 6301

You only need what works,

atzmo · Posted: Fri Dec 28, 2007 6:03 am Post subject:

it seems that the adresses are in client-server method.
1. adress (that u can see)
2. adress (the real value)

i can´t catch the 2.adress. that´s to hard for me.
i need first muuuuch better XP in debugging and asm-coding Sad

( (or good tut for this Razz

)