Cheat Engine

shakib187 · Posted: Sun Aug 18, 2013 9:13 pm Post subject: avoiding graphic addresses?

Is there anyway to dodge these addys? Recently in many games I have found myself freezing the wrong addresses which leads into a crash, this actually causes an address that you are searching for to be almost impossible to find because you cant test out which values dont work and which do, so I am asking CE forums if any advanced cheater has methods to avoid these addys or generally find a needle in a haystack

++METHOS · Posted: Mon Aug 19, 2013 1:17 am Post subject:

It depends on what kind of address I am looking for. One way to reduce your results is by selecting a specific data type - such as 'Float' or '4 bytes'. Only select 'All' value types when necessary. Another way to reduce results is by using common sense, and filtering out results that are greater than/less than, changed/unchanged, increased/decreased etc..

For most addresses, the results can be narrowed down to the point that it doesn't matter...even if the game crashes...because you can quickly find them again and test the next one on the list etc.. For results that involve just guessing, one way to avoid crashing is by changing the values in small groups (such as 10-20 at a time), or, by changing them one-by-one (if you are patient and your time has little value). Another way to avoid crashing is by changing values instead of freezing them, and vice versa. For example, let's say you are searching for addresses that hold a value of 3f800000 (float 1.0). You can try changing these values to 0, or, 40000000 (float 2.0). Most of the trouble comes from freezing values that you are simply guessing at. If you see a float value in your results list, for example, that is constantly changing even though it shouldn't (such as vehicle health), common sense says that you should not add it to your list and freeze it.

Other methods include searching data blocks that fall within a specific memory range. Since most of the addresses that cover your 'system' or game settings values (such as graphics options, controller, camera etc.) are going to have a low value, you can restrict your search results by changing your memory scan options (start and stop addresses). For most games, the same can be said for addresses with a high value (such as 73A8F110); you typically do not want to alter these addresses.

Sometimes, simple things, such as pausing the game and performing a search (e.g. for game time/clock) to eliminate addresses that shouldn't change during pause etc. can help.

If you can tell me what kind of address(es) you are looking for, perhaps I can give you better advice about how to avoid crashing. Or, maybe not...it really depends on the game, as usual. Sometimes, you just have to weigh it...even if that means giving up.

shakib187 · Posted: Mon Aug 19, 2013 10:27 pm Post subject:

I was looking for a build anywhere on an RTS game, I found it, so to speak. Basically it works for certain races and it doesn't work for others, I am not sure if its the address, maybe there is a terrain check? but I can sometimes build on an area or stack 3-4 barracks but with other races I cant stack powerplants etc. The funny thing is I tried changing the instruction playing around with it but it had no effect, the only way to build on a certain area was to change the EIP register to avoid crashes, even on code injection it would blow up and crash.

je Game.exe+85C37
mov ecx,[esp+3C]
mov edx,[ecx+00000084]
cmp [esp+14],ebp
je Game.exe+85C33
or [eax],edx
jmp Game.exe+85C37
not edx
and [eax],edx<--- This right here sets the option to disable the cursor so we cant build and the only way to make build work with certain structures is to EIP it, cant inject code
mov ecx,[esp+2C]
mov fs:[00000000],ecx
pop ecx
pop edi
pop esi
pop ebp
pop ebx
add esp,24
ret 0008

and [eax],edx<- is only active when the cursor is red and cannot build but this instruction stops as soon as the cursor turns green.

Another interesting thing I noticed is that it only works with structures that can be rotated, if I found a way to rotate the things I cant build maybe it might work I haven't tried it yet though

I have more fun cheatengining the game than actually playing it ^^"

++METHOS · Posted: Mon Aug 19, 2013 10:57 pm Post subject:

Yeah, with that, it's hard to say. Some games may have certain restrictions or limits, based on certain game settings, environmental or other. Sometimes you have to alter these values before or after, depending on what it is, for your cheat to even work.

If you are trying to freeze a timer for buildings, for example, and the game is freezing/crashing, it could be that other things are accessing that timer. You could try freezing the value at 1, instead of 0.

If I were doing this, I would narrow down my results by finding the value that holds the timer. If I couldn't find it by increased/decreased searching, I would use changed/unchanged. Once found, I would try to nop the instruction that writes to the value after ensuring that the instruction did not access any other addresses...if it did, I would find an ID to filter. After NOP'ing the timer for build, you can manually change the timer clock to make extra sure you have the proper address. From there, you may have to make further adjustments and additional code injections to be able to 'instantly build'. Also, as mentioned before, you may have to cycle between 0 and some other number for certain things to register.

Kavvman · Posted: Thu Aug 22, 2013 10:54 pm Post subject:

There should be a compare and conditional jump above that decides if the code should be executed or not. Modifying that is the easiest way to achieve the desired outcome.

Try fiddling the conditional jumps above to see if you can achieve the desired effect. Shouldn't be too hard provided you are in the right area.