 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Enferno33
Newbie cheater
![]() Reputation: 0
Joined: 20 Dec 2019
Posts: 17
|
 Posted: Mon Dec 23, 2019 11:40 pm Post subject: Can anyone point me in the right direction, please? |
 |
|
I will try to explain this in the best detail that I know how:
I have been trying to write a cheat table / make a trainer for Uncharted Ocean. However, every time I restart the game it changes addresses. Now, I have been searching the forums / google for days trying to find a solution and most point me in the direction of "Find out what accesses this address" into "Pointer Scans" etc.
I figured out my problem and it starts with the initial .exe launch. Let me explain:
I start up Uncharted Ocean, open up cheat engine and click on:
1. Select a process to open
2. Click on "Processes" tab.
3. There are 3 processes for the game. I have to choose the 3rd one each time or I won't see any codes.
Now this is where it changes each time the game is restarted.
1st start: 00002358-hanghai.exe
2nd start:00008778-hanghai.exe
3rd start: 00005A0C-hanghai.exe
etc etc.
My question is: Is there ANY possible way to make the game launch the exact .exe each time? If so, can I PLEASE be pointed in the right direction?
I can change the codes inside the game and give myself money, sailors, hull, items, etc etc, but they change each time the game restarts due to the .exe changing each time.
Thank you in advance!!
I.E. I found this on the forum back in 2012, so I am quiet sure no one would answer me on it today:
| Gniarf wrote: | | Abystus wrote: | | why the instructions move in the first place (when in other PC games the instructions remain in a static location). |
Which of those cases describes what happens to you?
1-Some code that was at address MyGame.exe+0x1234 moved to MyGame.exe+0x4321 when you restarted the game.
2-Some code that was at 0x412000 moved to 0x512000 when you restarted the game, but was always accessible through MyGame.exe+12000.
3-Your code was at address 0x12345678, then after restarting the game it was at 0x01010101. It was not referenced through a symbol (ei: MyGame.exe+xxxxxxxx) and if you go to your code's address in the hex dump (lower pane) of the memory viewer, all numbers appear in black (not green). |
The 1st one would apply to my case here.
|
|
| Back to top |
|
 |
Csimbi
I post too much
 Reputation: 97
Joined: 14 Jul 2007
Posts: 3329
|
| Posted: Tue Dec 24, 2019 3:29 am Post subject: |
|
|
That's just CE adding the process ID in front, the process is hanghai.exe in all cases.
This is by design in order to distinguish different instances of an application in CE.
The process ID itself is assigned by the OS. You can check it in the task manager yourself.
|
|
| Back to top |
|
|
Enferno33
Newbie cheater
![]() Reputation: 0
Joined: 20 Dec 2019
Posts: 17
|
| Posted: Tue Dec 24, 2019 7:56 pm Post subject: |
|
|
| Csimbi wrote: | That's just CE adding the process ID in front, the process is hanghai.exe in all cases.
This is by design in order to distinguish different instances of an application in CE.
The process ID itself is assigned by the OS. You can check it in the task manager yourself. |
Ok great! Any idea how I stop CE from changing the process ID each launch or open the exact same process ID?
The game has 3 process ID's each time it launches and ONLY the 3rd (bottom one) will work when CE is attached to it. So, being that all 3 ID's change each launch it changes the addresses for the codes each time I relaunch the game. I am trying to make it so it has the exact same addresses for the codes each launch, if that makes sense.
I tried making a generic trainer, but obviously it won't work because of it changing the process ID resorting to different addresses each time the game restarts.
|
|
| Back to top |
|
|
Banjo Patterson
Cheater
![]() Reputation: 1
Joined: 15 May 2018
Posts: 36
|
| Posted: Tue Dec 24, 2019 8:20 pm Post subject: |
|
|
| CE has an auto-attach option. It works by process name, so you can try that and see if the auto attach attaches to the correct process.
|
|
| Back to top |
|
|
Enferno33
Newbie cheater
![]() Reputation: 0
Joined: 20 Dec 2019
Posts: 17
|
| Posted: Tue Dec 24, 2019 9:23 pm Post subject: |
|
|
| Banjo Patterson wrote: | | CE has an auto-attach option. It works by process name, so you can try that and see if the auto attach attaches to the correct process. |
Ok, I tried that and here is what happens:
I click "Execute Script" and it attaches to: 00006140-hanghai.exe
I click on my first scan to search for: 120800
It pops up with the address: 6EE7857BE30C
I then close out of the game and relaunch it .....
I click on "Execute Script" and it attaches to: 00005B34-hanghai.exe
I click on my first scan to search for: 120800
It pops up with the address: 20EC6361082C
See the problem? It always changes the Process ID therefore resulting in completely different addresses for the exact same code each time.
Here is the script that I used:
PROCESS_NAME = 'hanghai.exe'
--------
-------- Auto Attach
--------
local autoAttachTimer = nil ---- variable to hold timer object
local autoAttachTimerInterval = 1000 ---- Timer intervals are in milliseconds
local autoAttachTimerTicks = 0 ---- variable to count number of times the timer has run
local autoAttachTimerTickMax = 5000 ---- Set to zero to disable ticks max
local function autoAttachTimer_tick(timer) ---- Timer tick call back
---- Destroy timer if max ticks is reached
if autoAttachTimerTickMax > 0 and autoAttachTimerTicks >= autoAttachTimerTickMax then
timer.destroy()
end
---- Check if process is running
if getProcessIDFromProcessName(PROCESS_NAME) ~= nil then
timer.destroy() ---- Destroy timer
openProcess(PROCESS_NAME) ---- Open the process
end
autoAttachTimerTicks = autoAttachTimerTicks + 1 ---- Increase ticks
end
autoAttachTimer = createTimer(getMainForm()) ---- Create timer with the main form as it's parent
autoAttachTimer.Interval = autoAttachTimerInterval ---- Set timer interval
autoAttachTimer.OnTimer = autoAttachTimer_tick ---- Set timer tick call back
IF I try to put "PROCESS_NAME = '00006140-hanghai.exe' (or any 000051BC, etc) it will NOT find that Process ID being that it generated 3 completely different Process ID's than the last time I launched the game.
This is the part that screws me over for finding the same addresses for the code(s) that I am searching for each time, unless there is another way and I have tried to use pointers scans / multi-pointer scans and I CANNOT find a static base what-so-ever (Probably because I am doing it wrong).
I've been researching this for 5 days straight (16-20 hour days) and I cannot figure it out. I've found tons of tutorials both written and video, but they don't seem to point me in the right direction of my problem. The closest that I have found so far was a written guide back in 2012 that I listed in the start of this post and the guy was referring to step 2 and not step 1 that I needed help with.
|
|
| Back to top |
|
|
Banjo Patterson
Cheater
![]() Reputation: 1
Joined: 15 May 2018
Posts: 36
|
| Posted: Wed Dec 25, 2019 8:19 pm Post subject: |
|
|
I’ll have a think about it and get back to you. I think it’s going to involve writing a small program to run quick checks on each of the processes to identify which one is the valid one. Does anyone know if CE has command line options?
If it did, we could detect the correct process in a program then launch CE providing the correct PID.
|
|
| Back to top |
|
|
Enferno33
Newbie cheater
![]() Reputation: 0
Joined: 20 Dec 2019
Posts: 17
|
| Posted: Wed Dec 25, 2019 11:27 pm Post subject: |
|
|
| Banjo Patterson wrote: | I’ll have a think about it and get back to you. I think it’s going to involve writing a small program to run quick checks on each of the processes to identify which one is the valid one. Does anyone know if CE has command line options?
If it did, we could detect the correct process in a program then launch CE providing the correct PID. |
I would greatly appreciate the help and your time. Like I said, I am stuck and confused.
Thanks a lot!
|
|
| Back to top |
|
|
AylinCE
Grandmaster Cheater Supreme
 Reputation: 37
Joined: 16 Feb 2017
Posts: 1532
|
| Posted: Fri Dec 27, 2019 2:16 am Post subject: |
|
|
The right game process should always be the most memory consuming.
Below is an example in the forum.
https://forum.cheatengine.org/viewtopic.php?t=612970
All you have to do is write the game name (without .exe) and write the memory range that it approaches. (Simply open and view PC Task Manager.)
Here is the sample code: Copy the code CE: >> Table, >> Show Cheat Table Lua Script, paste it into and click >> "Execute Script".
Open the game and click on the Trainer button.
| Code: | if f then f.destroy() end --(thanks DB)
local f = createForm(true)
f.Position = poDesktopCenter
f.Width = 320
f.Height = 120
f.caption = "Game Process Memory Select"
local l1 = createLabel(f)
l1.Left = 120
l1.Top = 21
l1.Font.Style = "fsBold"
l1.Font.Size = 10
l1.caption = "Process..."
local b1 = createButton(f)
b1.Left = 10
b1.Top = 15
b1.caption = "Open Trainer"
local b2 = createButton(f)
b2.Left = 10
b2.Top = 80
b2.caption = "Hack1"
b2.Enabled = false
local b3 = createButton(f)
b3.Left = 120
b3.Top = 80
b3.caption = "Hack2"
b3.Enabled = false
local game = "hanghai" --no .exe
local mmry = "100000" --(example, process memory: 200000 or 500000 etc. Open PC Task Manager: hanghai.exe max "Momory" ?)
function onProcess()
local p = io.popen('tasklist /fi "IMAGENAME eq '..game..'.exe" /fi "MEMUSAGE gt '..mmry..'" /nh', 'r'); --300000
local procInfo = p:read('*a');
p:close();
local pid = procInfo:match('%d+');
pid = tonumber(pid);
if(pid == nil)then
messageDialog("Oyun bulunamadı, ilk önce oyunu başlatın!\nYou must start the game first!", mtWarning, mbOK)
else
openProcess(pid)
l1.Caption = (pid..' - '..game..' - ON!')
b2.Enabled = true
b3.Enabled = true
end
end
b1.OnClick = onProcess |
Enjoy it!
_________________
|
|
| Back to top |
|
|
Enferno33
Newbie cheater
![]() Reputation: 0
Joined: 20 Dec 2019
Posts: 17
|
| Posted: Fri Dec 27, 2019 3:20 am Post subject: |
|
|
| Aylin wrote: | The right game process should always be the most memory consuming.
Below is an example in the forum.
All you have to do is write the game name (without .exe) and write the memory range that it approaches. (Simply open and view PC Task Manager.)
Here is the sample code: Copy the code CE: >> Table, >> Show Cheat Table Lua Script, paste it into and click >> "Execute Script".
Open the game and click on the Trainer button.
| Code: | if f then f.destroy() end --(thanks DB)
local f = createForm(true)
f.Position = poDesktopCenter
f.Width = 320
f.Height = 120
f.caption = "Game Process Memory Select"
local l1 = createLabel(f)
l1.Left = 120
l1.Top = 21
l1.Font.Style = "fsBold"
l1.Font.Size = 10
l1.caption = "Process..."
local b1 = createButton(f)
b1.Left = 10
b1.Top = 15
b1.caption = "Open Trainer"
local b2 = createButton(f)
b2.Left = 10
b2.Top = 80
b2.caption = "Hack1"
b2.Enabled = false
local b3 = createButton(f)
b3.Left = 120
b3.Top = 80
b3.caption = "Hack2"
b3.Enabled = false
local game = "hanghai" --no .exe
local mmry = "100000" --(example, process memory: 200000 or 500000 etc. Open PC Task Manager: hanghai.exe max "Momory" ?)
function onProcess()
local p = io.popen('tasklist /fi "IMAGENAME eq '..game..'.exe" /fi "MEMUSAGE gt '..mmry..'" /nh', 'r'); --300000
local procInfo = p:read('*a');
p:close();
local pid = procInfo:match('%d+');
pid = tonumber(pid);
if(pid == nil)then
messageDialog("Oyun bulunamadı, ilk önce oyunu başlatın!\nYou must start the game first!", mtWarning, mbOK)
else
openProcess(pid)
l1.Caption = (pid..' - '..game..' - ON!')
b2.Enabled = true
b3.Enabled = true
end
end
b1.OnClick = onProcess |
Enjoy it! |
First of all, thank you for taking the time to try and help me resolve this issue, I appreciate it very much!
I did all the steps (I had a basic auto-attach script that worked for finding the process ID that worked) however this script will choose the 2nd process ID in the list which resorts in not being able to use CE to find any addresses inside the game. You must have the 3rd process ID selected.
With that said, that isn't the issue - the issue that I have is even though I select the 3rd process ID each time I start up the game, it changes process ID numbers, therefore resorting in having different addresses per code each time I restart the game.
I.E. I start the game. Then start CE. It lists 3 process ID's for hanghai.exe. You must choose the 3rd one each time or you cannot use CE to find anything. However, the first time I start it up would be:
000071BE-hanghai.exe
I close out the game and restart it and then it would be (3rd process ID)
00002660-hanghai.exe
I close out the game and restart it again, choose the 3rd process ID:
00002C5C-hanghai.exe
If I close it and do it agian, it's a different process ID.
I don't think there is a way to make it choose the exact same process ID code each time - I.E.
I start up the game, choose the 3rd process ID which would be:
00007394-hanghai.exe
Close out the game and restart it, choose the 3rd process ID again:
00007394-hanghai.exe
Close it out again and restart it, choose the 3rd process ID:
00007394-hanghai.exe
Now, perhaps I don't know enough to write a cheat table or trainer to select the same cheat each time or if that is even possible. I mean for all I know the different process ID's may not even matter?
I.E.
Right now the cheat address for food is:
1DEF95F7C1D4
I closed out the game and restarted it. The food cheat address is now:
4B9741500794
I closed out the game again and searched for the food cheat:
756863306B8C
Each time it had a different process ID for the 3rd choice.
I don't know, I have been watching youtube tutorials / reading guides on pointer scans, pointermaps, and memory regions and I cannot figure out how to point to one specific address to make it work due to the game changing it each time.
Again, I see what your script is trying to do and again I appreciate it VERY much (More than you know considering not many people reply), but I am not sure that would help my problem. Again, thank you for your time and effort!
|
|
| Back to top |
|
|
Banjo Patterson
Cheater
![]() Reputation: 1
Joined: 15 May 2018
Posts: 36
|
| Posted: Fri Dec 27, 2019 4:27 am Post subject: |
|
|
It sounds like your top priority is finding a base pointer for the addresses in-game you're after? As far as I know we won't be able to set a static process ID because that's something Windows takes care of itself.
In this case, feel free to follow these steps below to get the base pointer for e.g. your food address.
1. Go to memory view -> tools -> pointer scan -> scan for pointer
2. Scan for pointers to the current known food address (e.g. 1DEF95F7C1D4). If it gives a warning about the size of the scan, first generate a pointermap in the pointerscan scanoptions dialog, then scan for pointers to that address.
3. Now you can restart the game, find the food address once more then choose rescan memory in the pointer scan dialog, using the new address pointing to food (e.g. 2DEF95F7C1D4)
Repeat step 3 several times until you're left with a reasonable amount of pointer paths. Then add one of those entries to your cheat table and you'll have an address list entry that will always be pointing to your food.
|
|
| Back to top |
|
|
panraven
Grandmaster Cheater
![]() Reputation: 62
Joined: 01 Oct 2008
Posts: 958
|
| Posted: Fri Dec 27, 2019 4:43 am Post subject: |
|
|
I'm not 100% sure, it seems calling getProcesslist with a ce string object will fill the string object with PIDs in the processes launching ORDER.
If that's right, I guess the problem is to find LAST process matching the target name, instead of the default case that openProcess(name) may open a process of earlier order.
Here a sample function to get the pid of last (with nth optional parameter) process of matching name.
| Code: |
function lastPidOfName(name, nth)
nth, name = type(nth)~='number'and 1 or nth, name:gsub("(%W)","%%%1") -- re pattern
local sl = createStringlist()
getProcessList(sl)
local sn = sl.Count
for i=1,sn do
local pid,pname = sl[sn-i]:match("(%x+)%-("..name..")")
if pid and nth>1 then
nth = nth - 1
elseif pid and nth<=1 then
sl.Destroy()
return tonumber(pid,16), pname
end
end
sl.Destroy()
return nil
end
|
_________________
- Retarded. |
|
| Back to top |
|
|
AylinCE
Grandmaster Cheater Supreme
Reputation: 37
Joined: 16 Feb 2017
Posts: 1532
|
| Posted: Fri Dec 27, 2019 3:08 pm Post subject: |
|
|
I get it now. But you're obsessed with unnecessary detail.
Important factors for hacking:
Game Process: (This will be the most memory consuming "hanghai.exe". 1..2..3 .. whichever has more memory, the codes you are looking for will be in that process.
Unique codes: You just get unique codes from the right process, regardless of the "PID", the right process will host those codes. (Until the game updates. )
I repeat: Hack codes will be the most memory consuming process of "hanghai.exe". This process (PID) 1, 2, 3, whichever.
The code I gave above will link the most memory consuming process.
One more detail: if you can't get unique code from the game, you might think this problem is in the PID.  Not like that.
CE has a lot of functions in this regard, research and use.
Because even if the PID changes, the codes will remain the same. (until the game updates.)
Good luck
_________________
|
|
| Back to top |
|
|
Enferno33
Newbie cheater
![]() Reputation: 0
Joined: 20 Dec 2019
Posts: 17
|
| Posted: Mon Dec 30, 2019 8:32 pm Post subject: |
|
|
| Aylin wrote: | I get it now. But you're obsessed with unnecessary detail.
Important factors for hacking:
Game Process: (This will be the most memory consuming "hanghai.exe". 1..2..3 .. whichever has more memory, the codes you are looking for will be in that process.
Unique codes: You just get unique codes from the right process, regardless of the "PID", the right process will host those codes. (Until the game updates.)
I repeat: Hack codes will be the most memory consuming process of "hanghai.exe". This process (PID) 1, 2, 3, whichever.
The code I gave above will link the most memory consuming process.
One more detail: if you can't get unique code from the game, you might think this problem is in the PID. Not like that.
CE has a lot of functions in this regard, research and use.
Because even if the PID changes, the codes will remain the same. (until the game updates.)
Good luck |
Obsessed huh?! Your first language isn't English is it?
I have tried your code and YES it does attach itself to the process ID with the most memory. However, it doesn't always attach itself to the one needed.
ONLY the 3rd process ID will work. Your code sometimes attaches to that one, sometimes the 2nd process ID, sometimes the 1st process ID. Therefore, it will NOT work.
The process ID isn't the problem, the problem is the addresses for the codes change each time you restart the game (Look at the forums, everyone has this problem with this game). This is why we can't figure out how to create a cheat table or trainer.
For you stating that I'm obsessed with unnecessary detail, you're obsessed with being right and you are very wrong. The process ID changes every time you restart the game and so does ALL the addresses for the codes. It has nothing to do with being patched. The codes change every time the game is restarted. Hell, go to skidrow and download it for free and see for yourself.
I can find and freeze the food / water , fatigue, money, sailors, durability, item count (every item in the game), etc. It will work fine until I restart the game. Then the exact same addresses for ALL of the above will be completely different. I don't know how else to dumb this down honestly. I am sure everyone who knows how to use CE understands what I am trying to say here, but perhaps there isn't a solution to this type of problem yet as I have no idea how many games does this.
I have tried every suggestion, even the ones on Fearless cheat engine forums and none seem to work. Great ideas, but nothing seems to solve this problem as the addresses change each restart.
I have been using cheat engine since 2004 and I have NEVER ran into this issue before.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25820
Location: The netherlands
|
| Posted: Tue Dec 31, 2019 2:49 am Post subject: |
|
|
I think panraven is correct, the last process in the processlist tends to be the correct one, also
| Code: |
openProcess('hanghai.exe')
|
should always open the last process
This code will find and open correct process for you
| Code: |
function getParameters()
--usually called after OpenProcess so the symbols might not be there yet
local GetCommandLineA=getAddressSafe("GetCommandLineA")
while GetCommandLineA==nil do
sleep(10)
checkSynchronize()
GetCommandLineA=getAddressSafe("GetCommandLineA")
end
return readString(executeCodeEx(0, nil, GetCommandLineA),1000)
end
pl={}
for pid,name in pairs(getProcessList()) do
if name=='hanghai.exe' then
OpenProcess(pid)
if getParameters():find('app%-path') then
--print("found the correct process")
return
end
end
end
|
anyhow,m good luck with this game, it's running inside an emulator
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
AylinCE
Grandmaster Cheater Supreme
Reputation: 37
Joined: 16 Feb 2017
Posts: 1532
|
| Posted: Tue Dec 31, 2019 12:23 pm Post subject: |
|
|
| Enferno33 wrote: |
Obsessed huh?! Your first language isn't English is it? |
You're right, the original language is not English.
I thought you were stuck with the difference in the process.
But the code difference that is encountered with each boot, this is of course strange.
I'm interested in browser games.
Every time I open the game: PID is different, codes are different.
I don't use AA Script. Instead, I create "Aob" codes.
For different loaded values; "??" I use.
So:
| Code: | --Code: A0 32 C1 DA FE 07 00 00 5D 33 04 08 00 00 00 00 AA 05 00 00 00 00 00 00
codescan1 = '?? ?? ?? ?? FE 07 00 00 ?? ?? ?? ?? 00 00 00 00 AA 05 00 00 00 00 00 00'
Aobswap(codescan1,('?? ?? ?? ?? FE 07 00 00 ?? ?? ?? ?? 00 00 00 00 88 13 00 00 00 00 00 00')) |
Maybe you should use different coding.
Maybe wildcards etc.
Or you can write the current value in the game and it may be easy to try to change it.
so:
| Code: | function byteTableToAobString(t)
for k,v in ipairs(t) do
t[k] = ('%02X'):format(v)
end
return table.concat(t, ' ')
end
--------------------------------------------------
function Hack1()
newvalue = UDF1.CEEdit1.Text
newvalue = tonumber(newvalue)
if not newvalue then return end
newvalue = dwordToByteTable(newvalue)
newvalue = byteTableToAobString(newvalue)
codescan1 = ('?? ?? ?? ?? FE 07 00 00 ?? ?? ?? ?? 00 00 00 00 %s 00 00 00 00'):format(newvalue, newvalue)
Aobswap(codescan1,('?? ?? ?? ?? FE 07 00 00 ?? ?? ?? ?? 00 00 00 00 88 13 00 00'))
end |
-----------------------------------------
Apologizing is virtue.
If I'm misunderstood, I apologize.
Good luck.
Happy New Year to all.
_________________
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
