Cheat Engine

overlordmanny · How do I cheat? Reputation: 0 Joined: 24 Aug 2013 Posts: 6

I've been trying to find a health cheat for this game, not because I need one but because I want to learn how to overcome this problem. I have tried searching with many different type options, and though I find addresses that seem to be valid logically, changing the value does nothing. I know this has been done because I found an assembly key here in these forums that does lock the health. But I want to learn how to find it myself.

I can narrow the addresses down to about 14 using 'unknown initial value' and 'changed/unchanged value' while using 'all' as my type. Of those 14 there are actually only 3 or 4 different actual addresses since they are repeated due to different types. Changing any of these values nor locking them has had any effect on my health.

I know that they likely require pointers but shouldn't I see some change to the health on screen before looking for pointers and such?

As I said this is purely for learning experience, to overcome this hurdle. So I'm not asking anyone to hack it for me, just help in understanding what I'm missing.

Dark Byte · Posted: Sat Aug 24, 2013 11:31 am Post subject:

I don't remember dark athena having a difficult to find health address.

Try scanning without fast scan with either float or 4 byte (or double)

And check that auto assembler script. Set a "Find out what addresses this code accesses" on the unmodified code there and see if you can then find out how it is stored when you have the address

overlordmanny · How do I cheat? Reputation: 0 Joined: 24 Aug 2013 Posts: 6

Ok I'll try it without fast scan. What does exactly does fast scan do that could be hindering my progress?

Edit- Ok I've run into the same problems with fast scan disabled.
It seems like I'm getting good addresses or at least they are consistent with the change of my health. With each type, float, double, and 4 byte, I narrow down to only 2 to 4 addresses. Making changes to these addresses do nothing though.

Maybe I don't understand totally about how pointers work. Should changing the values of these found addresses make an actual change in the game or do I need to find the base address before I get a result?

I was pretty good at finding cheat addresses with my old PS1 and a gameshark back in the day so hex editing is not something new to me, but I have often found I had issues like this one that I've not been able to solve.

Maybe I should look at the opposite of what I'm expecting, maybe a decrease in health is an increase in an address value. I'll try that next.

Dark Byte · Posted: Sat Aug 24, 2013 12:00 pm Post subject:

It could be it's an old game which isn't optimized to make use of aligned memory (aligned memory access is faster)

If fastscan is enabled, only aligned memory is scanned

overlordmanny · How do I cheat? Reputation: 0 Joined: 24 Aug 2013 Posts: 6

Same luck, I just can't seem to find an address that will alter the health when enabled. It's not so important to me for the game. I just want to find it to say I can, to learn.

This is the auto assembler code I got from here in the forums, not sure what to search for as an address. Would it be the 'gameclasses_win32_x86.dll+270ADD'?

Dark Byte · Posted: Sat Aug 24, 2013 1:42 pm Post subject:

Does that script work?
If so, go to gameclasses_win32_x86.dll+270ADD in the memory view and check the code

then find where the value EDI is written to memory and set a "find what addresses this code accesses" breakpoint there

It looks like a 4 byte value

overlordmanny · How do I cheat? Reputation: 0 Joined: 24 Aug 2013 Posts: 6

It worked perfectly in the Butcher Bay portion of the game. I haven't used it in the Dark Athena portion because I wanted to find it myself.

I used it because I could not find the address while playing Butcher Bay, but I would very much like to understand how to get to this thing myself.

I have figured out that gameclasses_win32_x86.dll = 06a10000 by using 'Enumerate dll's and Symbols' from the View menu. If I add 270add I get 06C80ADD. The bytes match in the hex editor portion of the memory viewer so I assume I've done this correctly.

I've added 06C80ADD to my code list and opened a trace for 'Find out what accesses this address' I take damage in game and the trace stays blank. It looks as if it's not accessed. I've also traced 06C80AE0 since it seems to have the sub edi,ebp opcodes that the script seems to be getting rid of. It also shows nothing accessing it when I take damage in game.

Am I doing this correctly?

I also want to state that I'm trying this again in the Butcher Bay portion just because I'm positive that the script worked for it.

Here is the what I see in the Memory Viewer:

Dark Byte · Posted: Sat Aug 24, 2013 5:17 pm Post subject:

First check if it actually work in the current game. (different game uses different code. I thought escape from butcher bay and dark athene where two separate games)

anyhow, based on the mov [edx],di it looks like it's stored as a 2 byte value (assuming that code address is correct)

overlordmanny · How do I cheat? Reputation: 0 Joined: 24 Aug 2013 Posts: 6

Yes it does work in Dark Athena, both games are in the same exe, same engine, looks like they share health code addresses too. An upgraded version of Butcher Bay is included with Dark Athena. So this one script works for both campaigns.