 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
hex_cold
How do I cheat?
![]() Reputation: 0
Joined: 06 Jun 2017
Posts: 3
|
 Posted: Tue Jan 09, 2018 11:31 am Post subject: Tutorial Help Step 6 'Pointers' |
 |
|
Step 6: Pointers: (PW=098712)
Hello. I'm working through the pointer Tutorial. But i'm stuck on this point:
abload[.]de/img/tut6_cheatengine_80prbmspq.jpg
"First find the address of the value. When you've found it use the function to find out what accesses this address."
The 'instruction' say 10002CADC - 89 02 - mov[rdx],eax Which address acces this address? Oo I know the instruction is assembler code. But what it mean ? Should i calculate 10002CADC - 8902 ? Or 035CC4F0 + 10002CADC ?
If the assembler instruction doesn't have anything between a '[' and ']' then use another item in the list.
If it does it will say what it think will be the value of the pointer you need.
??? Where is the value of pointer? 'rdx' or '2CAA40' ? Or mean he: RAX (0000017E) + 2CAA40 = 2CABBE ?
i can't get further until i know which HEX 4Byte scan i should do.
Go back to the main cheat engine window (you can keep this extra info window open if you want, but if you close it, remember what is between the [ and ] ) and do a 4 byte scan in hexadecimal for the value the extra info told you.
hex_cold
|
|
| Back to top |
|
 |
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Tue Jan 09, 2018 12:29 pm Post subject: |
|
|
step 6:
single-level pointer:
starting value = 100
- search for 100 as a 4 byte value
- change it then search for the new value
- right click and see whats writing/accessing the address
in your case (and for everyone using latest tutorial version) the instruction that pops up is:
- double click the instruction or select it and click on more info
notes to take:
when searching for pointer manually, you need two things:
- the base address of the memory location:
The value of the pointer needed to find this address is probably xxxxxxxx
you need that address, right-click it and copy it.
- the offset of the memory location from base address:
in most cases you will find something like:
110 is the offset to that memory location, and its counted from the base address.
when there is no offset between square-brackets, means the offset is equal to '0'
- check the "hex" box and paste the address you copied from that window then hit new scan
- luckily in this step you will find one static address "green address" double-click it to be added to address-list
- now double-click the static address from address-list and copy the address then close the window
- click on add-address-manually and check "pointer" box
note:
there will be two text-input fields, the long one is for the address and the short one for the offset.
- paste the address you copied (the static address "green") last time in the long text-input field
- remember the instruction had no offset, which means its '0' so put '0' in the short text-input field
- click ok, and you should get something like P->xxxxxxxx
- freeze the value by mashing space-bar key or check the box on the left of the address and change the value to 5000
alternatively you can use pointer-scanner which will do it automatically for you, with few exceptions for 64-bit processes where you have to uncheck 32-bit alignment under advanced options.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
TheyCallMeTim13
Wiki Contributor
 Reputation: 50
Joined: 24 Feb 2017
Posts: 976
Location: Pluto
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
