Cheat Engine

[careca777]

Hey there, i am trying to play this game that has something called skull coins aka lives, and i am playing with my daughter, she's young and doesn't know how to play very well yet, her caracter dies often, so i am trying to increase the ammount of lives we can have, so we can move on instead of restarting the level constantly.
I tried the usual methods, pointer search 7, 8 levels, big offsets, many pointers, but when i restart the game and filter the results, nothing.
Then i searched for "what accesses this.." so i could do code injection, but every opcode gives out thousands of addresses very quick, and they keep increasing!
Tried to get a AOB signature with the value of lives, but eventually i was forced to introduce too many wildcards and the line just retrieves way too many results, the line had around 80 bytes.

At this point i am out of ideas, i turn to you experts for guideance, is there anything else i can try?

Thanks in advance.

[LeFiXER]

Do you fully restart the game, as in exit the game entirely before starting it up again, when rescanning for pointers?

It's normal behaviour for the instructions in the "what accesses this..." window to show large values. It just means that particular instruction is accessed a lot.

Also, what is the name of the game?

[careca777]

Yes, i fully restart the game, search for the value again, filter the results.

Game is Gauntlet.

[LeFiXER]

Ah, I can imagine it's a shared value at least. You will have to scan for commonalities and then apply comparison logic based on that.

[careca777]

I did went on to try that, but curiously, the address that i got that is in type "double", will not show up as one of the addresses read by the opcode, but one does come up that's similar to it / close. The sheer ammount of addresses doesn't help to find the commonalities, it basically locks up CE if it doesn't throw up an error. Is your opinion that a pointer should come up, or in some games they never show up?

[LeFiXER]

A pointer is just an address that is relative to another address by a specific offset. I would recommend watching this https://www.youtube.com/watch?v=fFHrJPnAY_g

[careca777]

Update: Had the idea of adding a second condition to the code, since there seems to exist too many addresses with the same value at the same offset, finally got this to show up for an instant the correct address, the one i needed, but as soon as it did, the game crashed.
What am i messing up?

[gir489]

[careca777]

Thank you, i appreciate that.
But there was a problem, it seems like the value is only for the visual, it doesn't stick when the character dies.
I was looking into your suggestions and i set a breakpoint on

"gauntlet.exe"+19B8D3
89 69 04 89 01 8B 06
mov [ecx+04],ebp

and at some point i noticed XMM0 had the value for lives that i set, which was a bit specific, 247.
But i don't know enough to know what to do with it.
I think i need to learn some debug techniques.

[++METHOS]

I am not familiar with this game, and it looks like there may be many variations of it. However, if any portion of this game uses online components, then it could be that the value that you are trying to manipulate is being handled remotely.

[careca777]

Well, im not sure what you mean, i can change it, although it only shows up on the screen after it calculates, so if i set the value in CE to 5, and then i die, when i respawn that value that shows up on screen is 4 and also 4 on CE.
I can search for it and manipulate it every time, but pointer search doesn't seem to work, comes up with zero in the second filtering, and the write opcode is shared by thousands making the compare option much harder.

[++METHOS]

I see. If using the pointer scanner (and the game is old), then you may consider experimenting by increasing the offset size (while decreasing level), and changing the option so that the results do not have to be 4 byte aligned.

Alternatively, when you right-click on the address in your cheat table, and check to see what accesses, in the new window that pops up, try right-clicking on the open white space and choosing the option that checks to see if the opcodes access any other addresses.

If you get any results with (1) next to them, then you can use that as your filter. Just be sure to return to game and let it run for a second before deciding on a result.

If you are familiar with the data structure dissection tool, then you can use that to find a value that might have an instruction that is exclusive, and use that for your filter.

[gir489]

I actually have been playing the game a lot, and noticed the reason you can’t find the true address is that it’s in Lua’s memory. All the coins for life and the gold for unlocks are all Doubles stored in the Lua cache. I don’t know of a way of attacking Lua games without injecting directly into the Lua engine itself.

[careca777]

Thank you, lots of ideas for me to try, i am familiar with the dissection tool, never used the "does it accesses any other addresses" option. Will look into it.

@gir489 could Lua, and what you mentioned, be a reason why the pointer scanner failed?

[careca777]

After many hours of searching for values and editing an AOB, i got a massive line with many many wildcards, and i exhausted this option, AOB is not viable, things just change too much.
It was suggested that i hook Lua, and i went over this, even compiled a dll as the page instructed, but then got stuck when finding the offsets for the entry point and lua instructions, i guess it just goes over my head.
As far as the rest of the suggestions, it seems like i couldn't get any of them going. I guess that's it, i stand defeated.