Cheat Engine

[weirdo2]

Hey I'm a noob at cheating and I'm trying to learn some asm through practice. So anyway I'm practicing on this game called monsters den: book of dread. I'm trying to make it so that the hp never decreases. I find the adreess for the hp, then I find what access it When I do so I get these 3 codes

[Slugsnack]

You could see where it is deciding who to damage and do a little codecave to compare whether it is you. If true, do not damage, else, damage.

Also your current method is not very smart. You don't know what [ecx+a0] holds. You're basically telling EAX to move somewhere else. You could end up fucking everything up if you're not careful.

If you're gonna do that, just NOP it out. Otherwise the safest way to do it is usually to codecave then add an instruction like "mov eax,50" or whatever. That way if EAX is used again later, it will hold a "good" value as will [ecx+e0].

To avoid having to re-find the location, just use an AA script. The virtual address of that instruction shouldn't change. If it does, try referencing it as an offset from a module.

[weirdo2]

I managed to follow all that until I hit

[Slugsnack]

Okay, it sounds like a dynamic address.

Look at this post I made here:
http://forum.cheatengine.org/viewtopic.php?p=2364407&highlight=#2364407

First thing to note is that those 3 instructions you have listed up there is 3 separate instances of an instruction writing to your address.

Since you singled out this one, I assume it is the important one:
mov eax,[eax+000000e0]

So your offset is e0. So let's say you searched and got dynamic address as:
0CBA9876

Well this means the pointer will point to 0CBA9876-E0 which is 0CBA9796. So do a 4 byte scan for that and if all goes well you should come up with a green address with the value as 0CBA9796. This will therefore be your pointer.

If that still doesn't work, post back.

//edit : Did you mean the address of the instruction (mov eax,[eax+000000e0]) changed ? Or the address of the value you were scanning ?

[weirdo2]

Well both the instruction and the value addresses changes. I searched both with no luck the instruction has nothing and the value has a regular one(not green) that when also searched had nothing. Though even the code adress when searced was only temporary searching a 2nd time had nothing. Perhaps its not staying the same since it load through the web browser?
The value adress was 0611f7bo so i searched that and the instrctuction was 0734075b. I searched both these with no luck.

Also incase your wondering the esi code seems to be somthing to do with accessing the inventory or somting, nothing to do with hp just the fact that I use a pot to find the hp value. >.> and the mov instruct when changed makes all my party ko'ed.

I also tried it with the adress - e0 the adrees + e0 the adress - e0 00 00 00 the adress + e0 00 00 00, and the same deal with 89 81 e0 00 00 00, no luck at all. -.-'

[Slugsnack]

The instruction changes ?! It sorta sounds like you might be doing something wrong. Most of the time it will be same instruction/s writing to a memory address. Unless the circumstances are different. eg. losing health via falling might be different to being hit by a monster

Btw, don't search the value address, search [value address - offset]. That will be the address being pointed to by the pointer.

Try to keep experimenting until you get down to 1 address that you are sure is the one that is decreasing your HP.

[weirdo2]

So I should search it for the value address and not the instruction one?

Well I tried searching the value address, not sure on what the offset for it would be so I just guessed. Here What I did with it After finding that the adress was 0ADBB628 for hp, I then took the value within hp which was 236 and subtracted that from the address. So: [0ADBB628-EC] which gave me ADBB53C. Search Results =0 Tryed searching [ADBB6-28] which gave me ADB8E, with no results. Also tried [ADBB628-28]=ADBB600 which also had 0 results.

After those poor results I figured you mite of just meant the instruction address or I just didn't do that part rite, but anyway I moved onto the instruction address which I found to be. 0b73075b also note that I've noticed that the last 4 digits 075b have always been the same. So after finding the address i did [0b73075b-e0]=B73067B, 0 results. I also tried [0B73065B - 89 81 e0 00 00 00]=FFFF767E2B73065B and [0B73065B - 89 81 e0]=AE9847B with no results. Incase your wondering what the 8981 is about in the disassem they were to right of the address with the e0 so I thought it worth trying. :S

I must be doing something wrong, I'm just too noob to notice what. -.-'

[tombana]

Try this:
In Cheat Engine's memory view, go to the menu view>Enumerate DLL's and Symbols.
It will show you a list.
Let's say you're instruction address is at 500D14B8. Now you need to find the base address of the module, so search the list of DLL's for an address just below you're address. That could be 500D0000 for example. Now copy the name of the dll, so let's say it's called Game.dll. Then you substract the base address from you're instruction address to get the offset. 14B8 in this example. Now you can always find the address by doing Game.dll+14B8 (or whatever you're dll is called). You can use this in auto-assemble scripts as well as in you're cheat table.

As for the other address (not the instruction one), you might try a pointer scan. (Right click it in you're cheat table and click on Pointer scan for this address)

[weirdo2]

K tom I did the enumerate had the list pop up look at the process the game opens in, it was 00400000 I click the + icon to show what in it and bam a ton of things I don't know what to with pop up, I searched my instruction at the time which was 0B47075B but the process only contains a range of 00400000 - 00AB4DD8, nothing even near my address, what am I suppose to do with this?

Edit: Did pointer scan found 2 things, Firefox.exe+002D3C24 Firefox.exe+0052F9D8, so i reloaded and plugged them into cheatengine and they gave me the data's. Firefox.exe+0052F9D8 has a value of 82634752 and Firefox.exe+002D3C24 has value of 91570176. Also it doesn't seem to be a pointer? and shouldn't they have the same values. o.0 Did I put it into the cheatengine wrong?

[Labyrnth]