Cheat Engine

infam0usne0 · How do I cheat? Reputation: 0 Joined: 10 Feb 2012 Posts: 4

Ok so i found an address for infinite mana in a game. The problem is every match the address changes
I found the pointer, but that changes too as it seems

Once i found the pointer i tried to scan for what was writing to it, and then left the game

I found another address which was writing to the pointer when i quit the match. But the address doesn't exist when i search for it. Again after the match or in a new one.

Essentially i need to find the pointer of a pointer and i'm not sure how to go about it. I suppose i'm doing something wrong but i can't work out what, it's alot different than the tutorial where you can't trigger the thing that writes to the pointer yourself.
Could anyone help me?

Dark Byte · Posted: Fri Feb 10, 2012 5:03 am Post subject:

1: Use find what accesses, not find what writes

2: If all else fails, try the pointerscan

infam0usne0 · How do I cheat? Reputation: 0 Joined: 10 Feb 2012 Posts: 4

do i use find out what accesses the pointer or what accesses addresses pointed to by the pointer?
also what do i need to do to get the right pointer for the pointer, do i just keep doing my mana or do i need to changed the pointer?

Dark Byte · Posted: Fri Feb 10, 2012 7:23 am Post subject:

accesses the pointer (instead of making it a pointer you can skip those intermediate steps and just use find what accesses on the result you found with the hexscan

As for getting the right pointer: Experiment. If there are multiple options, see which ones are accesses while you're playing the game

infam0usne0 · How do I cheat? Reputation: 0 Joined: 10 Feb 2012 Posts: 4

i've hit a bit of a dead end with this one. I found the pointer of the pointer
and made a new pointer leading down throught he two pointers and it came out as the result of the mana, but when i try to find the pointer of THAT pointer the only thing accessing it is the previous pointer

Dark Byte · Posted: Fri Feb 10, 2012 9:53 pm Post subject:

First: Check the instruction and never make use of the "probably" address. Calculate it yourself (address you used find what access on minus the offset)
The "probably" value is wrong if the register is written to that also occurs in the bracket part

Second: Do not mistake value from address
e.g: You do a find what accesses on a address which returns "mov eax,[edi]"
so then you do a hexadecimal scan for the value of edi.
What a lot of people get confused about is that EDI contains the exact value you did the previous "find what accesses" on. Just ignore that as you're now looking for an address with that value instead

---
Also, you could also do a code injection at the spot that accesses the address and use that to store the address someplace known

infam0usne0 · How do I cheat? Reputation: 0 Joined: 10 Feb 2012 Posts: 4

ok so here is what i've done in more detail so you can maybe help me where i'm going wrong

1) i have found the value the address of the value is 2290F63C
2) i find out what accesses 2290F63C and come up with two possibles. One is
mov eax, [esi+04] the other mov [esi+04],eax
3)I calculate that 2290F63C - 04 = 2290F638, so i check both and see that ESI on both is 2290F638 that must be the address with the value 2290F63C
4) I do a hex search for 2290F638 and find that the address with the value 2290F638 is 2219AAD8
5) I find out what accesses 2219AAD8 next. I find that 4 things access it.
they are
cmp dword ptr [EBX+10],00
mov edx, [ebx+10]
cmp dword ptr [esi+10],00
and move ecx,[eax]
6) i calculate that 2219AAD8 - 10 = 2219AAC8 for the top 3
7) i do a search for 2219AAC8 and find the address with that value is 2219AB08
Cool

I find out what accesses 2219AB08 and nothing access it.
9) I do a search for 2219AAD8 and find that the address with that value is 088AF868 so i find out what accesses it. and nothing accesses it.

This is my problem, please tell me if i am doing something wrong

Corruptor · Posted: Sat Feb 11, 2012 1:31 pm Post subject:

ok, i cant see any kind of mistake you could have possibly made.

Here's what you could check:
Did the pointers you found still point at the right adress? The easiest way to find out is adding the pointers to the cheat engine list. When you click on "Add address manually" and check the "pointer" checkbox, the "add Pointer" button will appear. On this way you can add a multi level pointers to your list.

Are the values of esi,eax etc (lol, looks as if etc would be a register) near the value of esp? If so, you found a value on the stack, with is worthless and will be erased soon.

Were one of the values you found green? that means that it was a static variable which will not change it's position. And that means that you found the pointer you were searching for.

Additionall things if you just want to have infinit mana:
1: 88AF868 looks like a static one. If so, you could simply use it, no matter if it's actually accessed or not.
2: dissasembler is your friend. If you really really simply want to have infinite mana, you could use code injection. In your first search, "[esi+04],eax" is the code that writes to your mana, where [esi+04] is the adress of your mana and eax is the new value. noping this code will freeze your mana. If you decide to use code injection, tell us. We gonna help you.
3: use the dissassembler and scroll up, use break points etc to find out where the register got its value from. You need to know some assembler commands, so this is rather complicated.

Dark Byte · Posted: Sat Feb 11, 2012 3:12 pm Post subject:

Looks to be the correct approach yes.
If this method does not work, then try the pointerscan method (needs a lot of ram and time, but seeing the time you've already spent on it it's about the same)

And really, try looking up some auto assembler scripts for code injection, it's not that difficult once you understand it