Cheat Engine

[Jett]

I'm probably doing something wrong.

K well basically, there's a game that is easy to cheat on that is online. Your health is all stored localy.

The game uses DMA so the address of the health varies.

Basically, here's what I did:

My health is 320, I did a scan and found a bunch of addresses.
I hurt myself down to 160 and did a scan for 160, only 1 address (note that if I freeze this at 1000, I'm invincible. I know that this isn't simply a string)

Now, I right click on it after I add it to the cheat list and do "find out what writes to this address"

Nothing pops up after attatching the debugger until I get hurt. 2 things show up:

300269c1 - c7 06 02 00 00 00 - mov [esi],00000002
3004ec8c - 89 06 - mov [esi],eax

Now, after I closed out and opened it up again, those 2 lines up there stay the same. Basically, I have no idea where to go from here. I want to be able to freeze my health.

Yup, there's my question, I appreciate any help.

[Jett]

Here's a post that I made at another forum regarding this matter:

I'm using Cheat Engine 4.4

My friend tried helping me and I was so close.

He told me to hit More Info and look at the pointer value or whatever. I did.

I searched for it in hex mode on 4 byte and I found it. He told me that this was the base address. I added in the base address manualy and checked off "Pointer."

Since there's no + sign after the [esi], he said that the offset is 0. I set the offset as 0 and put the base address in the box.

It said something like:

Currently pointing at ????????

but as I typed it in, the ?'s turned into the heatlh address. I knew that I was right after this.

I added the pointer to the cheat list and it said "P->Health Address Here" and then right as I changed the value to 480 and hit freeze to test, it changed into "P->????????" with value "??" and the game froze.

After repeating this method, I couldn't find the base address ever again. I think it was possibly a coincidence that the base address even showed up like that...


edit:

Oh and I just tried TSearch and I enabled Auto-Hack and it gives me those same 2 lines that I posted above (well, except instead of saying 00000002 it says 0x2...but they're still the same thing)

Nothing happends when I NOP the first one (ie: I still get hurt, nothing in the game changes) but when I NOP the second one, the game freezes (and I can unfreeze it by un-NOP'ing it until I get an access violation and the game completely freezes)

So yeah..I don't know what I'm doing right or wrong.

[jess123]

You said in the other topic this is stick arena, so how did you know you got your health down to 160 if its just a health bar?

[Jett]

[jess123]

I dont get what your trying to figure out

[Jett]

[jess123]

Well this:

[Jett]

[burnz]

Hi Jett,

300269c1 - c7 06 02 00 00 00 - mov [esi],00000002
3004ec8c - 89 06 - mov [esi],eax


Try to find out what "eax" is. My guess is that the register holds the value of the new health amount. What you can do is trying to either NOP that pointer or make a JMP to a codecave where you change eax to whatever you want.

You could also try changing that line like

mov [esi], 0x64

which you should lock your Health at 100. (64h)

- I.

[Jett]

[burnz]

Well you could use the TMK (Trainer Maker Kit), i'm not sure if CE has something similar.

Get TSearch, disassamble 3004ec8c and look if it's a static pointer (if it's still "mov [esi],eax" it is.

You can NOP the pointer or change it, then let TSearch generate pokes which you then can insert your Trainer Buttons when using TMK

- B.