Cheat Engine

blurryfacce · How do I cheat? Reputation: 0 Joined: 28 Jun 2022 Posts: 2

I originally started with ArtMoney, mostly just modifying values on the fly and not saving anything. I have used OllyDbg at times when trying to determine what Malware is doing to a system, but assembly as a whole is quite confusing to me.

I like CheatEngine, and pointerscanning is somewhat new to me, but I'm trying to learn. So far, I'm pretty sure that I can find the base address of some values (such as character stats like HP/Mana/Stamina, meaning integers, floats and unknown values), and even between reloading the game, my table seems to work OK on my, my wifes, and my kiddos systems.

What I cannot seem to do, is locate inventory items between instances. In this case, it's the same item in the same slot, and I'm trying to lock the quantity (unlimited ammo, essentially). I can find the value in that particular instance, but its a completely different offset the next run. For example, the gold value always ends in 1A0, but inventory slot #1 has ended in BB8 and C28. I've measured the distance between the 1A0 value and each instance, and it's always a different distance, so I know the memory mapping clearly changes.

For example, two run instances:
Inventory slot 1 - Gold value = Distance
19A4C9CBBB8 – 199B66331A0 = 96398A18
1E349D18C28 – 1E3468641A0 = 34B4A88

Every time I try to do a pointer scan and close/reload the game, the list ends up empty. When I look for character stats, it's always within the module "UnityPlayer.dll"+offset, but when I try to look into inventory items, I get "mono-2.0-bdwgc.dll"+offset.

The game is Craftopia (boss rush update, something like 05-19-2022 version), and I'm just not sure what I'm doing wrong, or what particularly it is that I'm missing/not understanding. Thanks in advance!

ParkourPenguin · Posted: Tue Jun 28, 2022 10:38 am Post subject:

Containers (e.g. lists, vectors, trees, hash maps, etc.) can make pointer paths weird.

One explanation might be that the inventory is managed using a more modern hash map with DoS-resistant features such as a randomly seeded algorithm. This would obviously change the offset each time the hash map gets created with a different seed.
Or maybe the container isn't using a PRNG and it's just a race condition which item gets put in first. I don't know.

You'd have to reverse engineer the container used to manage the items, which is far easier said than done for a beginner. Maybe you could go about this a different way.

If you want infinite ammo, you might be able to remove the code that reduces your ammo. This might be more difficult if that instruction also accesses other addresses (see step 9 of the CE tutorial).

I've seen games use pointers to the item currently under the mouse. Maybe you could do something with that.

blurryfacce · How do I cheat? Reputation: 0 Joined: 28 Jun 2022 Posts: 2

Thank you for the generalized explanation, that makes somewhat sense. Patching out the instruction to actually subtract (arrows in this case), would be a potential solution, though slightly above my experience level currently.

So, let me pose this question then. Is there a way to define a pattern for CE to look for? Such as, that I can predict these specific values location, but not based of the module+offset but rather the distance from each other.

Example of memory locations between two different instances:
Venom Arrow (66 qty) - Frost Arrow (50 qty) = offset
234B3680C28 – 234B3680A68 = 1C0
15854D14C28 – 15854D14A68 = 1C0

Is there a way to ask CE to look for the values 66 and 50 in 2 byte with an offset of 1C0 between them?

ParkourPenguin · Posted: Tue Jun 28, 2022 2:46 pm Post subject: