Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Cheat Engine Forum Index
PostGo back to topic
Rydian
Grandmaster Cheater Supreme
Reputation: 31
Joined: 17 Sep 2012
Posts: 1358

PostPosted: Wed Feb 26, 2014 3:33 pm    Post subject: Rydian's Value/Address Finding Examples

- Foreword
I get a lot of people asking me how I've found certain values/numbers in games, so this will be a
listing of various situations that have come up, the different approaches games take, and what
I've done to find what I need in those situations.

First, though, run the Cheat Engine Tutorial (it gets installed alongside Cheat Engine) and complete
steps 1 through 4 (just get to step 5, you don't need to beat that for this guide). It's important that
you understand how to search for invisible values and values in other types, and also that you know
how to do changed/unchanged/increased/decreased searches!

Some edits/codes I do are not simple value/address freezes, but actually editing the game code (which
is much more powerful). I made a tutorial here explaining my process for making these scripts/codes.

Also, if you need to search for something in a game that goes away quickly (like a really short timer),
you may need to use Cheat Engine's speed hack settings to freeze the game so you can go back to
Cheat Engine and do your scanning stuff. If you check Cheat Engine's settings, you can set hotkeys
to different speedhack settings. I recommend settings for 0 (frozen time) and 1 (normal time).



- Invincibility
Most games have what's known as "mercy invincibility". That is, when you get hit you start flashing
or go semi-transparent, and during this time period you can't be hit again. What happens in most
cases is that when you get hit, a timer is set, and then the timer counts down (or up), and when it's
done counting down (or up) your invincibility stops. So there's two possible approaches to this.

A - Find the timer, get hit one more time, and then lock the timer right at the beginning so that it
never gets to finish its countdown, so you stay invincible as long as the value is locked.

B - Do an unknown initial value and changed/unchanged search to find the "invincible" flag.
Generally simple flags like this are 0 or 1, but it could be other values. Once you've found the flag
that determines if your character is invincible or not, lock it at the invincible value and enjoy.

Tip: If your player flashes/fades while invincible and continues to do it indefinitely while you have
the cheat on, then flashing may be another variable that you'll need to find and edit/lock too.



- Position/Teleporting
Games are programs and thus built scientifically and follow basic math. This includes the position
of characters/players/objects, they're generally kept track of with coordinates on a grid (think back
to math class and plotting stuff on the X/Y axis).



In almost all cases, to the left is less X (either a smaller number or negative) and to the right is
more X (positive and/or a higher number). However Y can vary depending on if the origin of the
grid (have some more math class flashbacks!) is in the upper-left or the lower-left. Generally, work
on finding your left/right coordinate first because that's the easier one, and once you know one
coordinate, the other one(s) is/are usually very close to it (if not right next to it) in the game's RAM,
which narrows down your search a lot.

For 3D games this is a little tougher to start with because you don't have an obvious plane. Instead
try to look at your surroundings to see if there's any obvious left/right/up/down orientation with
buildings, polygons of land slopes, or even if you always spawn into a map facing a cardinal direction.
Failing that, if the game has some sort of north/south/east/west indicator, these are sometimes
aligned to the map's grid/coordinates so you can figure out how to move left and right or forward
and back and do unknown -> increase/decrease searches to find your coordinates.

Tip: In modern games (that aren't grid-based), positions are most often the float/double format.


- Time of Day
Generally games will reset the "time of day" to 0 either in the morning, or after the in-game midnight.
Then they increase the time of day until it resets again. So you can search for increasing values
through the afternoon, then wait for midnight/morning to pass and search for a decreased value
(since it can be assumed in most cases that the time of day reset then). You may need to try other
value types like 8-byte or float/double.

In other cases, the game may keep track of separate numbers for day and night passing and then
have another address that keeps track of whether it's currently day or night.

Tip: When searching for time, use the "all" type because there's no real way to guess the format.


- Infinite (Air/Double) Jumping
Being able to jump infinitely is pretty useful in most games, but how to do it depends on the game.

A - If the game is one where air jumping is an in-game feature (like metroidvania games), then
once you have the air/double jump ability there's generally an address that keeps track of if you
have used your double jump yet (or how many air jumps you have left).

You can usually jump into the air normally and then search for 1 (since you still have your air jump
ability), then air jump and search for 0 before you hit the ground. Once you've found the address,
lock it at 1 (or whatever value is used to denote that you can do it) and enjoy.

B - If the game does not have air jumping as an in-game feature, then my general approach is to
find the "is the player standing on the ground" address. This could be 0 or 1, but it could also be
more complex things like a check for if "what type of terrain the player is standing on" matches a
value for normal ground you can jump off of (like in Cave Story).

So this is a situation where unknown initial scans and then changed/unchanged searching works best.
Stand on some ground you can jump off of and search, then jump into the air and search changed.
Then get back on the ground and search changed again, move to some different ground you can still
jump off of and search unchanged. Then jump and search changed, etc. Filter it down until you find it.

Tip: Try to avoid searching for "0" as your first search in any scan. It's usually much slower.


- Weapon/Attack Speed
In most games I've messed with, when you swing/attack with a weapon a timer is started. When that
timer is done counting, you can attack again. So you can try to apply some of the same info and ideas
from invincibility to this, since the basic logic is usually the same.

I've read that some games actually set a target time into the future and then allow you to re-fire when
that point in time is reached, so you may want to work off of that logic instead.

Tip: Attack speed is usually pretty quick, so this is a situation where the speedhack hotkeys help,
freezing time in-game so that you can scan multiple times before the attack/swing/reload finishes.



- One Hit Kill
When trying to make one-hit kills, it's tempting to attack monsters, search for the damage numbers that
pop up, then try to edit the addresses that contain those. The problem there is that those numbers are
generally just placeholders or display numbers that happen after the damage has already logically been
dealt, so you need to find what's actually applying the damage to the monster/enemy's health value.

First you should find the monster/enemy health value (doing an unknown scan if it's not displayed), then
once you have that, find and edit the game code that subtracts from the monster's health. Generally for
one-hit kills, the game calculates the damage done, stores the result in a register, and then subtracts that
register's value from the monster's HP. So what I generally do is to edit the register involved so that even
after calculating the right damage, the game instead subtracts something else, usually EBP, which holds
a memory address (which when converted from hex to decimal, equals billions of HP in damage).

Tip: So I basically change things like "sub [eax+123],ecx" into "sub [eax+123],ebp", depending on the game.


- Free Items/Money
When I make codes that let you buy things with no loss or use items without them being depleted, I'm not
actually searching for the cost of the items and then setting it to 0. That would take forever since there's so
many memory addresses to edit. Instead I'm finding the player's money and then checking what code is
writing to it when you buy something. I find the code that subtracts the cost from your money, and then edit
that code so that the cost for the items is never actually removed from your money.

Tip: This method is simple, but usually means that you still need to have enough money to buy the item in
the first place. If you dig around, you can usually find some sort of comparison that checks if you have enough
money to cover the cost of the item in the first place. Try to edit that comparison so that it always tells the
game that you can afford it, so that the game will let you buy anything for free no matter your money amount.

_________________
Intro to AOBs And Scripts
Invincibility Code Fixes
Modern Pointers + AOB/Hooks To Data
Value Searching Examples
Custom Trainers
Back to top
View user's profile Send private message
Post reviews:   Approve 1
Author Review
Geri
Review: Approve
Post reference:
ReviewPosted: Thu Feb 27, 2014 10:31 am

Good tutorial post.
Back to top
View user's profile Send private message
Display:  
Cheat Engine Forum Index


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites