Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


3D PINBALL FOR WINDOWS ///// POINTERS & CODE
Goto page 1, 2  Next
 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Cheat Engine Forum Index -> Cheat Engine Tutorials
View previous topic :: View next topic  
Author Message
me
Grandmaster Cheater
Reputation: 2

Joined: 24 Jun 2004
Posts: 733
Location: location location

PostPosted: Mon Aug 23, 2004 9:57 pm    Post subject: 3D PINBALL FOR WINDOWS ///// POINTERS & CODE Reply with quote

this is to try answer the most common questions from people new to cheat engine

using 3d pinball for windows space cadet as an example,,,
it might be an idea to print this and other tuts so its easier to work through them,,,


( this game gives you some free balls so be on the look out for that during this tut )


start 3D PINBALL FOR WINDOWS ,, and wait for the first ball to deploy

start cheat engine

click on the flashing icon in the top left of cheat engine

in the bottom of process list window

double click on PINBALL.EXE to attache the game to cheat engine

in the value box type in 3

go into the pinball game and lose a ball

wait for the next ball to be deployed

go back into cheat engine

type 2 into the value box

click on the next scan button

I got the address A9FEE6 yours may be different

ok

I'll double click on the found address A9FEE6 to add it to the bottom pane

click on the checkbox to freeze this address

go back into the PINBALL GAME

lose some balls to see if its the right address

if you have got it right you'll have infinite balls

-------------------------------------------------------------------------------
now to find the code that changes the number of balls
-------------------------------------------------------------------------------

go back into cheat engine

(if you want you can double click on the value part of the address in the bottom pane and change it back to 3 or 4 balls)

In the bottom pane again right click on the address A9FEE6 and choose
FIND OUT WHAT WRITES TO THIS ADDRESS

you will then get the debugger window

go back into pinball and lose another ball

in the debugger window you should see the address of the code that changes the number of balls

I got 01015f02 - 89 86 46 01 00 00 - mov [esi+00000146],eax

click on this to highlight the code,, and click on the ADD TO CODELIST button

a box called CHEAT ENGINE CODE will pop up

name balls

and hit the OK button

a window called ADVANCED OPTIONS WILL pop up with balls in it

you can right click it and choose REPLACE WITH CODE THAT DOES NOTHING

to show that the code has been nopped out the name will turn red

you can hit the ok button to close the advanced options window then the stop and close button to exit the debugger

then save your table,,,, but for now
just hit the ok button to close the advanced options window

in the debugger window look at the code 01015f02 - 89 86 46 01 00 00 - mov [esi+00000146],eax

now with the code highlighted click on the MORE INFORMATION button

the EXTRA INFO box will pop up

in this box under copy memory you will see the sentance

THE VALUE OF THE POINTER NEEDED TO FIND THIS ADDRESS IS PROBABLY 00A9FDA0

this is the address held in the ESI register below this you can see all the values that the registers held at the instant you lost a ball,,

as you can see ESI=00A9FDA0

and highlighted in red you can see

01015F02 - mov [ esi + 00000146 ],eax

this is all in hexadecimal

so the ESI register holds 00A9FDA0 therefore

[esi + 00000146] = [ 00A9FDA0 + 00000146 ]

00A9FDA0 + 146 = 00A9EEF6

the first address I found when I started scanning at the start of the game

so note down the address 00A9FDA0
and the offset 146

close the EXTRA INFO window

in the main cheat engine window ,,,hit the new scan button

next to the value box theres a hex checkbox ,, check it so you can enter a hex value

put in our address without the zeros in front of it A9FDAO

and hit the first scan button

you will get a couple of hundred results

i'll try the first address on the list 009A4356

click on the add address manually button

click on the poiter checkbox and you will see the ADD ADDRESS window change

where it says ADDRESS OF POINTER type in our address 9A4356
and in the OFFSET [HEX] box type in 146 ,,,,,,,,, remember [esi + 00000146]

and hit the ok button

hopefully a new address with should look like this in the bottom pane

No description P->00A9FEE6 4 bytes 0x00000003

or how ever many balls you got left

you can freeze the number of balls from this pointer now,,,,,

in games that use Dynamic Memory Allocation ,,, DMA

and use the same code to change things for you and the enemies,,

pointers are usfull
------------------------------------
ok a couple of things

1) this game don't use dma ,, but its an easy game to practice on

2) Its free and most people have it

3) so for newcomers it gives an idea of how to use the basic search / pointer / and advanced options


well as they say thats my two cents
Back to top
View user's profile Send private message
the_brilliance
Advanced Cheater
Reputation: 0

Joined: 15 Nov 2003
Posts: 82

PostPosted: Tue Sep 21, 2004 4:52 pm    Post subject: Reply with quote

Or you could just change the score.
Back to top
View user's profile Send private message
Snow1337
Catastrophic Cheatah
Reputation: 1

Joined: 12 Oct 2004
Posts: 183
Location: Your, Computer

PostPosted: Wed Oct 27, 2004 9:41 am    Post subject: Reply with quote

umm.. that added nothing to this tutorial o.0

Nice tutorial, should help some people :p

_________________
Back to top
View user's profile Send private message Visit poster's website
Voa
How do I cheat?
Reputation: 0

Joined: 06 Nov 2004
Posts: 0
Location: Your, Computer

PostPosted: Sun Nov 07, 2004 4:05 am    Post subject: Reply with quote

Hahaha, thanks man this really helped me=p

I'm proud of myself Shocked Wink
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
Davethewave
Expert Cheater
Reputation: 0

Joined: 06 Mar 2005
Posts: 210

PostPosted: Sun Mar 06, 2005 5:35 pm    Post subject: Reply with quote

3d pinball space cadet doesn't count how many balls I have, just how many I've used, so I tried this with mine sweeper's timer, I got as far as "in the debugger window look at the code 01015f02 - 89 86 46 01 00 00 - mov [esi+00000146],eax

now with the code highlighted click on the MORE INFORMATION button

the EXTRA INFO box will pop up "
I don't know what the debugger window is, couldn't find that code in the memory viewer so I'm assuming that isn't the debugger window, plus I can't find the Extra info box Surprised I am an ULTRA newb to this stuff so go easy on me Smile so I didn't go any further because I got lost at this point. Thanks though! It showed me some stuff I didn't know existed
Back to top
View user's profile Send private message
me
Grandmaster Cheater
Reputation: 2

Joined: 24 Jun 2004
Posts: 733
Location: location location

PostPosted: Thu Mar 10, 2005 11:57 pm    Post subject: Reply with quote

ok for minesweeper the addresses for the timer and number of mines seems to be static... ok they stay the same on mine..... Twisted Evil

you can do a byte search for the number of mines, that just speeds up the search and gives more accuracy,,

a little bit more on searching.... for known numbers

1) for numbers from 1 to 255 , use BYTE search

2) for numbers from 256 to 65535 , use 2 BYTE search

3) for numbers from 65535 up use 4 BYTES

then you get into double words ect ,

try to use the simplest method first then build up the compexity of your search if it is needed,

-----------------------

minesweeper is a simple byte search from what I see,,,,,,,,,,,,,,

to find the number of mines .. just start the game ...
and you have 10 mines....


ok you know how to start cheat engine ane select the minesweeper proccess. so next..


on the beginner level you have ten mines..

so here we go....................

1) ENTER 10 ... for your first search value

2) SCAN TYPE >>>>> choose >>>>> EXACT VALUE

3) VALUE TYPE>>>>>>choose >>>>> BYTE

-----

4) in minesweeper clock on the game menu and select INTERMEDIATE

this will change the number of mines to 40........


5) in cheat engine change the value to 40 .... and click on the NEXT SCAN button ...

6) ok this gave me 3 results.. next change minesweeper to expert..

this gives 99 mines in the game...


7) well I still had 3 results.. Question Question Question Question

8) ok change minesweeper back to BEGINNER so you got ten mines...

9)hmmm all 3 addresses in the cheat engine window still change back to

10 mines ....

OK DOUBLE CLICK ON EACH ADDRESS TO ADD THEM TO THE BOTTOM PANE..so you can change the values of each address....


10) here's an old trick... change all the values in your address list by 1 or more

ok for example... here's my addresses

01005194 10

01005330 10

010056a4 10

......

SOOO if we change 01005194 to 20


AND .................. 01005330 to 30

AND .................. 010056a4 to 40


click on the smiley to start a new game ...


hmmm we have got 40 mines to play with...... so the address we need to play around with is

10056a4


change the value at this address to 1 ,, click on the smiley to start a new game ...and hoho only 1 mine....

----------

the timer you can find by using the byte search as well,,,and you get away with an "exact value scan type in this game"

the trick here is to set up the pause hotkey in settings ( the button just under the cheat engine logo in the main cheat engine window)

for timers its always a good idea to try to freeze the game..
-----------------------------------------------------

here is the code address for the timer

1002ff5 inc [0100579c]
------------------------------

just right click it in the memory view window and change it to code that does nothing..

oh and a good habit is to save it to code list and save it any code you find to a table

then you just have to right click the code line you found and disable it anytime you want....

hope that helped
keep at it we are all begginers when we are learning something new :wink:

here's a table to start you off

_________________
Back to top
View user's profile Send private message
Davethewave
Expert Cheater
Reputation: 0

Joined: 06 Mar 2005
Posts: 210

PostPosted: Fri Mar 11, 2005 3:11 am    Post subject: Reply with quote

Thanks! I messed around with it, I should have posted before, I figured all this out but still need to try to understand ASM more. Sometimes NOPing stuff has side effects, I wish I could better understand so I can manipulate it Very Happy Thanks again.
Back to top
View user's profile Send private message
The light tower
Newbie cheater
Reputation: 0

Joined: 26 Jun 2005
Posts: 11
Location: Canada, BC, Vacouver

PostPosted: Sun Jun 26, 2005 11:31 am    Post subject: i've got a question. Reply with quote

Every time when i finnish hacking something on the internet and reopen cheat engine, all the address in my cheat engine dosn't work, how do u make them work? Exclamation
Back to top
View user's profile Send private message
me
Grandmaster Cheater
Reputation: 2

Joined: 24 Jun 2004
Posts: 733
Location: location location

PostPosted: Mon Jun 27, 2005 10:09 am    Post subject: Reply with quote

when you find your addresses
you need to breakpoint them to find the code thats changing them, then either code inject or find the pointer to the address (like in the pinball tut above),

quite often the first pointer you find is a general pointer,
and not the base pointer,

in a internet game it just about certain that the first pointer you find is a general pointer, (lots of typing pointer there)

so you can try

putting a breakpoint on the 1st pointer you find

then putting a breakpoint on the 2nd pointer you find , that points to the
1st pointer,

you may have to try this several times before you get to the base pointer,

---------
you might try doing a text search , and recalculate your addresses from that, how to recalculate addresses is here on the forum somewhere,

for instance you might do a text search for your characters name in the game,

and recalculate your ammo address from that,

sometimes this will work, depends on the game,
---------
then there's code injection, plenty of tutorials on that all over the web,
---------
if the game folder has an unencrypted save game file , you might be able to hex edit it,
--------
just mess around till you find what works,
don't get too stuck on any one method of game fix...
---------
if all else fails just search for the address each time lol,,
---------
lots of multiplayer games have cyclic redundancy checks,
and your lives ,health ammo items are server based, so you change an item and the servers pc says thats wrong
you have not got 999999 million grenades
and trys to reset your ammo/ or kick you,

also many punkbuster like programs that do check's every few cycles,

I tend to just mess with single player games, and just play online,
to save getting ip banned from servers lol...

<<cough>> the directX mess can come in handy sometimes though<<cough>>

_________________
Back to top
View user's profile Send private message
Extremest
How do I cheat?
Reputation: 0

Joined: 04 Jul 2005
Posts: 3

PostPosted: Mon Jul 04, 2005 8:19 pm    Post subject: Reply with quote

I did the pinball one that you did and it worked the pointer and all, but when I restart the game it doesn't work. How can I make something that will always work?
Back to top
View user's profile Send private message
me
Grandmaster Cheater
Reputation: 2

Joined: 24 Jun 2004
Posts: 733
Location: location location

PostPosted: Tue Jul 05, 2005 12:11 am    Post subject: Reply with quote

just decided to simplify things here
_________________


Last edited by me on Fri Jul 08, 2005 6:53 pm; edited 2 times in total
Back to top
View user's profile Send private message
me
Grandmaster Cheater
Reputation: 2

Joined: 24 Jun 2004
Posts: 733
Location: location location

PostPosted: Tue Jul 05, 2005 12:12 am    Post subject: Reply with quote

and leave just the static pointer to base address in bits in...

maybe a seperate debugger explanation is needed at a later time, >>>

_________________


Last edited by me on Fri Jul 08, 2005 7:12 pm; edited 2 times in total
Back to top
View user's profile Send private message
me
Grandmaster Cheater
Reputation: 2

Joined: 24 Jun 2004
Posts: 733
Location: location location

PostPosted: Tue Jul 05, 2005 12:44 am    Post subject: Reply with quote

when you do the first hex search for the balls pointer,
and you get your 346 possible addresses, if you have got the pinball game in windowed mode and not full screen,,
while in the game just press F2 lots of times and you will see that it is the first pointer address that changes while the rest stay the same,,

so try the using the second and third addresses in the list with the 146 offset,

I kept getting all the pointer addresses that held 00AB0C10

while the first pointer in the list kept changing

_________________


Last edited by me on Fri Jul 08, 2005 7:04 pm; edited 1 time in total
Back to top
View user's profile Send private message
me
Grandmaster Cheater
Reputation: 2

Joined: 24 Jun 2004
Posts: 733
Location: location location

PostPosted: Tue Jul 05, 2005 2:30 pm    Post subject: Reply with quote

put a breakpoint on AB0C10 and you get to the static address that holds your pointer address,,,

010140CC - mov ecx,[01023638]

if you look at the registers in the extra info pic you see ecx is holding AB0C10 from the contents of 01023638,,

if you goto this address in the hex window of the memory viewer you will see the base pointer address , written backwards of course , low bytes first,

_________________


Last edited by me on Wed Sep 07, 2005 1:57 pm; edited 1 time in total
Back to top
View user's profile Send private message
me
Grandmaster Cheater
Reputation: 2

Joined: 24 Jun 2004
Posts: 733
Location: location location

PostPosted: Thu Jul 07, 2005 5:59 pm    Post subject: static addresses to pointers Reply with quote

so ----->>>>>

010140cc - move ecx,[01023638]

is the static address that holds the pointer to my balls... [tee hee]

00AB0C10 <<< ---- in my case

and the offset for balls is 146 Confused

so if we ADD ADDRESS MANUALLY, and tick the pointer checkbox,

and put in 146 as the offset you should get something like this



static balls.jpg
 Description:
 Filesize:  11.74 KB
 Viewed:  50992 Time(s)

static balls.jpg



_________________


Last edited by me on Wed Sep 07, 2005 1:58 pm; edited 2 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Cheat Engine Forum Index -> Cheat Engine Tutorials All times are GMT - 6 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites