Cheat Engine

[Alsigard]

Hello people, I am new to mono hacking, and I could not find any beginner to intermediate tutorials on it on forum, so I figured I register and ask a thing or two from more experienced CE users. Therefore, for a little training I took the table made by tfigment “The Long Dark” table v200. He uses structure of “Gamemanager” to find most of the player values, for example Fatigue is [GameManager.Static]+60 with offset 74, to find it I opened mono dissector found this structure, dissected its address through “data dissect structures” and got the m_Fatigue with offset 60 inside it. So next, I have to dissect m_Fatigue to find offset of 74 inside it that points to current fatigue, but I cannot figure out how to find its address. If I dissect tfigments address ([GameManager.Static]+60 with offset 74) for fatigue, I get fatigue structure and current fatigue on offset 74.
For example, gamemanager is cb80eb0
0060 - m_Fatigue cb80f10 P -> 000023ed
English is not my native language so if you not sure what I meant, ask away.

[Zanzer]

You need to JIT one of the methods attached to that class.
They often have a ctor or getInstance method, but any method will do.
Somewhere within that method block is the code which has the base address.

It just so happens that in this game, the Fatigue object is a static variable.
So when you go to GetFatigueComponent within GameManager it is hardcoded with the exact address of m_Fatigue.
If it were an instance variable, you likely would've seen some code similar to the following: mov eax,[ebp+60]
EBP would be the base address of the GameManager instance, while +60 would point it to m_Fatigue.

Similarly, the Fatigue class has a method called AddFatigue
JIT and go to that address and you will find the following all over the place: fld dword ptr [edi+74]
That is loading the current fatigue value as the code checks various conditions on it before/after updating.

[Alsigard]

I understood almost everything, thanks
Please clarify action order.
Find method\jit it\go to that address in memory viewer\to the right in the comment section is the base address\dissect it in “Dissect data/structures”.
What I failed to understand, where to view methods for Fatigue class?

[Zanzer]

So if you look at m_Fatigue in the fields list you'll see (type: Fatigue).

Go back to the top of Assembly-CSharp and do a search for :Fatigue.

You are now at the Fatigue class and since you already have the pointer, you don't need to worry about the methods.

You can go down and see that 74 is m_CurrentFatigue.

If all you wanted was to hack your fatigue value, you could skip the whole GameManager stuff.

Go straight for the Fatigue class to find the address through a method.

Since the NPCs aren't likely to share the same Fatigue class, it's safe to hack this code directly.

(Like I did in the table I posted to that thread.)

[Alsigard]

I got it, thanks.
Last question, what is the best way to get address from register, or which one you use?

[Zanzer]

You can simply right-click it and find out what addresses this instruction accesses.

Go in game and change your fatigue. The address will pop up for you.
You can view register states on that address to see the value of EDI for the current play through.

Of course, the value will change when you load a save or reload the game.

So that is where you want to inject your own code.
You could simply set the value to zero, like in my hack.
Or you could save the value of EDI into your custom variable for later use, or as a pointer.

[Alsigard]

Works like a charm, thanks for the help.