Cheat Engine

J_Rimmer · How do I cheat? Reputation: 0 Joined: 20 Jun 2012 Posts: 4

Background:

I am relatively new to hacking but I feel I have a firm grasp of the basics. Using Cheat Engines basic tutorial and You Tube videos as my guide, I’ve managed to find the Hp of Shepard in Mass Effect, but I’ve run into a problem. Whenever I reset the game, the value where health is stored, receives a new address. To solve this problem I attached a debugger (Cheat Engine’s Debugger) in VEH mode attempting to find the static address.

Note: Health is stored as a Float.

Problem:

Using the bottom most address I find the pointer address is probably 30EA1448 (same for all three of the bottom). Plugging that into a 2 byte exact value scan I get 2,138 addresses. Looking at the green (what I thought meant static) address’s, which thankfully is only about 8, I plug them into a float pointer. I keep doing it until I get the original value (hp) that I ran the debugger off of in the first place. Once those match, and because the value is green, I assume I’ve found the static address. In addition, if I attempt to find out what access that address that I found was green, nothing comes up again when I take damage.

The problem is when I rest the game, and add the address manually (74CE46D8 float); it doesn’t display the right value. So although when I add the address manually it doesn’t give the right value if I do all this work over again, it leads me right back to 74CE46D8 float. Also if I were to change my original (black) value to let’s say 520, the 74CE46D8 goes to zero, and no longer displays the same value.

I really don’t know what’s going on, and would greatly appreciate anyone’s help.

Thanks!

Extra Information: 5 address's I get when I find out what access's the Health's value address.

114B2FF1 – F3 0F 10 40 48 – movss xmm0, [eax+48] – Health Bar Display (Disappeared when replaced with nop).

114A042E – F3 0F 10 40 48 – movss xmm0, [eax+48] – Low Health Animation turns on when replaced with nop).

10D906DC – D9 00 – fld dword ptr [eax] – “load floating point value” - When replaced with nop screen goes black. If replaced with original code, screen comes back and game is playable.

10D26F39 – D9 07 – fld dword ptr [edi] – “load floating point value” - When replaced with nop, nothing happens initially. But once I take damage it automatically takes me down to 0 health, but doesn’t kill me. I essentially become walking dead, some features of the game think I’m dead (can’t zoom in on sniper, can’t use special abilities). I can still walk around and shoot, although the things I shoot don’t take damage. Also the low health (heart beat sound) plays even when the animation has worn off. Game doesn’t crash but has to be restarted to normalize things again.

10D26F4B – D9 17 – fst dword ptr [edi]- “Store real” - I don’t take any damage when replaced with nop, but the longer I play, it always appears to freeze.

Fresco · Posted: Thu Jun 21, 2012 7:12 pm Post subject:

you have 3 options
1) find the hp pointer manually
2) find the hp pointer using pointerscanner
3) auto assemble
if you complete the tutorial you'll understand how the 3 options work
for the first two:
http://forum.cheatengine.org/viewtopic.php?p=5370193&highlight=#5370193
for the last one:

10D26F4B – D9 17 – fst dword ptr [edi]

auto assemble
create a label
use fld on that label, not on edi
write

J_Rimmer · How do I cheat? Reputation: 0 Joined: 20 Jun 2012 Posts: 4

Update:

Problem 1 – Finding the pointer (value for health) even after the game restarts, has been solved!

Additional Questions -

Option 1 that you listed:

I used this to find the address 10D26F4B but I do have a question about this option. I find the health (stored as a float) and then do, “Find out what accesses this address.” I immediately get 2 options, continuously counting up. Once in the game and I take Damage, I get 3 more options (5 options listed are in my first post under “Extra Information”). As mentioned previously I went through replacing each of these addresses with nop’s trying to see what happened.

Question: How do I tell which one is actually the health? Is it just a process of elimination like I did, replacing them with nop’s and seeing what happened in the game?

Option 2 that you listed:

Address Used:

10D26F4B - D9 17 - fst dword ptr [edi] - “store real”

Just to ensure my procedures are correct I listed them below:

I would go to the address 10D26F4B in the Memory Viewer.
I would then right click it and select, “Find out what addresses this instruction accesses.”
I would take Damage on my character and the list would be populated.
I would then find the float value that matched my characters current health.
I would then use the address associated with that value, and run a re-scan on my previous pointer scanner data.
Rinse and repeat.

Nineteen scans later I believe I narrowed down the pointers as much as I can without literally taking months (or at least it would appear it would take that long). I’ve narrowed my options down to 6,789 different pointers. This is probably still pretty high but it only narrows the pointer count by a few after I restart the process over again.

Question: Is there a different way that I might be able to narrow down those 6,789 pointers?

Question: Is this information useful? (I wrote down the pointers each time I scanned, well toward the end I did)

(1)2A5F3C48 (2) 2D4E3C48 (3) 2F0C3C48

(4) 2F2E3C48 (5) 2F2C3C48 (6) 2F313C48

(7) 2EF53C48 (8) 2D8D3C48 (9) 2F2F3C48

(10) 2F2D3C48 (11) 2F2D3C48 (12) 2A563C48

(13) 2F143C48 (I just noticed they all start with a 2 and end with a 3C48)

Option 3 that you listed:

I watched a video (linked below) of step 9 of cheat engine and 11 minutes into the video he uses the auto assemble tool. I’ve tried editing the code injection template to “create a label”, but I’m honestly don’t know what I’m doing. Is it possible that you might go into a little more detail about the 3 steps you listed below “auto assemble.” (i.e. Edit the template in X manner, or don’t use the template at all)

Final thoughts:

I noticed that when I locked my characters health it still would go down momentarily and go back up when I was taking damage. On that note, I feel I may have been going the wrong way about this health hack; I’m looking to prevent the health from moving at all. (So if I take 540 damage and my characters max hp is 532, I won’t die)

Thanks so much for all your help!

YouTube: can't link it, "Cheat Engine Tutorial STEP 9" is the title.

Fresco · Posted: Fri Jun 22, 2012 8:27 am Post subject: