Cheat Engine

Chazza · How do I cheat? Reputation: 0 Joined: 23 Mar 2016 Posts: 4

Hi there,

I am trying to make a free camera mode for a game where the developers have explicitly locked out this functionality using a console.

I have found the base addresses (there were still thousands of results from the pointer scan but they still work correctly even if computer rebooted etc) of the following variables:

X Coordinate
Y Coordinate
Z Coordinate
Camera Vertical Rotation: [Values of approx -0.885 (looking as far down as possible) to 0.63 (looking as far up as possible)].

All values are floats

I am trying to inject code which depending on how far up/down the camera is looking, changes the value of the address containing the Z Coordinate variable, hence moving the camera up and down with mouse movement.
I am guessing this should be injected around the instruction that increases the X Coordinate when the W key is pressed, so that both horizontal and vertical movement occurs at the same time.

I have never used assembly before (only know C++) and looked at an online tutorial into AOB scanning and found the instruction which moves the new value into the X coordinate variable, but am unsure how to proceed from here.

I know you can't simply say "Copy the value of this address into this address" which is essentially what I want to do (albeit with some maths involved).

Here is the code for the instruction which changes the X coordinate when W is pressed on the keyboard:

ParkourPenguin · Posted: Wed Mar 23, 2016 2:09 pm Post subject:

Check out this topic to help get started.

Chazza · How do I cheat? Reputation: 0 Joined: 23 Mar 2016 Posts: 4

Thanks I actually stumbled upon that thread myself but couldn't really work out what was going on.

In this line:
alloc(newmem,$1000,"Darksiders2.exe"+9A4A50)

Is this just specifying the location you want the memory to be allocated? In the template code there is no third argument to alloc which I assume just means it will put it wherever it finds space which should be ok for my purposes?

ParkourPenguin · Posted: Wed Mar 23, 2016 2:32 pm Post subject:

That third parameter is only relevant for 64-bit processes AFAIK. It specifies the 2GB region of memory it should allocate memory around so that it can simply use a 5-byte jmp instead of a significantly longer one.

Chazza · How do I cheat? Reputation: 0 Joined: 23 Mar 2016 Posts: 4

Ah OK thanks, my process is 32-bit so should be fine without.

I'll see if I can cobble something together that works.

UPDATE:

OK I've got it working, it's not the best implementation but it will do.

The problem is it seems that the way the game records the direction of the camera changes from level to level.

On the level I started with, there are 4 different addresses with an offset of 04 from each other which all contained the same value between -0.885 and 0.63.

On another level from a different episode of the game (released later), there is only one address containing a value which seems to correspond to the camera's vertical direction, but this time it goes from -12743 to 8192!

I'll check the other episodes to see if they follow either of the same patterns. Makes this much harder than I first thought!

UPDATE 2:

Yep it seems only episode 1 uses the first method for the camera direction.
Episodes 2-5 all use the second method.

Guess I'll just have to have 2 different scripts, I am sure you guys could combine them no problem but I only started playing around with CheatEngine today and don't really know enough about assembly to do anything that useful.

UPDATE 3:

I was wrong, all episodes use the same method, for some reason I couldn't find the correct addresses when I did the original scans, but after scanning again I found it and it happened to be a base address which was nice!