Cheat Engine

[pirateninja]

i read tutorials and this seemed like what i was supposed to be doing, and it worked for other games, but it isnt working for GunZ.

i found my adress, which was : 1B6AEA30

i found what wrote to it, the asm code was :

0047b2b4 - 89 41 08 - mov [ecx+08],eax

and the registeres where :

ecx = 1B6AeA28 eax = 44170007

so, the pointer is 1B6AeA28 + 8 so i added them and got 1B6AEA30, which is my first adress. i then searched that in hex mode, 4 byte, and found no hits. i tried searching for many things, what am i doing wrong? and is it more than a coincidence that my pointer + offset = was the same as my origonal adress?

[bitterbanana]

don't search for 1B6AeA28 + 08, just search for 1B6AeA28. You want to search for the base pointer since the game is not going to create a pointer for every value in the memory block.

mov [base pointer+offset],eax

base pointer + offset = your address. No coincidence there.

good luck

[pirateninja]

ok well i tried that and STILL no adresses found. >.< i dont get what i could possibly be doing wrong.

[bitterbanana]

Does the address stay the same everytime you open the game? Might be a stupid question, but if it does, then you won't need a pointer.

[pirateninja]

lol i wouldn't be doing it if the game didn't use DMA, this strat works for other games ( i've done it on pinball and minesweeper ) but yes this game does use DMA.

[bitterbanana]

yeah, haha, sorry. uh, you could try code-cave injection. write the eax register to a static address maybe. mov [400100],eax. then the value at 400100 would store the base pointer.

[pirateninja]

that seems like alot of work for something so simple, there has to be a way just doing it with pointers that im not doing. someone here must know.

[bitterbanana]

if you can't find the pointer, then it's not stored in the memory. it's stored in a register, so the only way to get the value of that register is through code injection. Code-injecting is SIMPLE. replace the function with a call command to some empty space in the memory that does this:

ASM code:
<original command>
mov [900100],eax
retn

Then your register is stored in 900100. I'm the only one in this forum who's willing to help you, so take the advice. If you can't figure it out, just tell me and I'll try to walk you through it.

[pirateninja]

i really dont know much about code injection, if it would be possible threw a CE trainer alone, or a CE trainer / Hacked Gunz exe combination, whenever you have free time if you could hit me up at ohnoitsaninja on AIM, i would be very thankfull

[bitterbanana]

I've never tried to make a trainer with cheat engine, but I'll try my best to explain code-injection.

This is your original command:
0047b2b4 - 89 41 08 - mov [ecx+08],eax

Since you want the value of ecx, you want to be able to write the value of ecx in another address. So you have to create a call command to jump to an empty space in the memory where you can write your code to do this.

You have to replace the original command with this call command. A call command is larger than a move command, so if you wrote a call command on top of a move command, it would spill into the next command, corrupting the bytes. So you need to replace the next command with nops (hex 90) if the call command spilled into it.

Now just find an empty space in the memory, and replace the original commands with a call to its address. Then find another place that you can write the ecx register to. Go to your actual code cave address and write this:

mov [400100],ecx
<original commands that the call command replaced>
retn

After that injection is made, your ecx register should be in 400100. I'd try it myself, but all the gunz servers were full.

Good luck.