Cheat Engine

steelblob · Newbie cheater Reputation: 0 Joined: 13 Dec 2006 Posts: 10

I have been trying to make a hack for the past 3 days. I have my pointer value and I know what to patch it by numerically, I am just wondering how people are actually getting these poke values e.g.

POKE 923499 90 90 90

Shouldn't it be a single value?

My address is a single pointer, how would I incorporate that into a trainer?
It makes no sense...

Labyrnth · Moderator Reputation: 9 Joined: 28 Nov 2006 Posts: 6285

POKE 923499 90 90 90

This is from T-Search using Poke, also With TMK. "Trainer Maker Kit."

Poke is just the command TMK uses to make it write to a address.

923499 is the address.

90 90 90 <-- this is the bytes it is writing. to the above address.

90 = 1 byte
90 = 1 byte
90 = 1 byte

1+1+1=3 <-- Three bytes total.

90 = NOP <--- No Operation. Disabling some code.

Example: [ Say this is lives in a game ]

923499 2b ef dec ebp,edi

Ok to stop losing lives you can NOP this instruction.

Poke 923499 90 90
Or
Poke 923499 90
Poke 92349A 90
==============================================
The above 2 are the same thing. The First 90 is address 923499 and the second 90 is 92349A.
==============================================
923499 2b ef

2b is the address of 923499 and ef is the address of 92349A
==============================================
In the assembly instruction you will see..... Instead of this:
923499 2b ef dec ebp,edi

You see..................This:
923499 90 NOP
92349A 90 NOP

==============================================
If you use Nops it will freeze the lives.
How about if you wanted to add lives?
You can do it several ways i will show you one.
==============================================
How about reversing the lives. Gain a life when killed.

dec ebp,edi
To reverse this we simply make it increase instead of decrease.
923499 inc ebp,edi
Pretty simple huh ?
==============================================
You need to learn the diffrence between hex and dec.

Quick Example: " Use windows calculator and click "view" and select "scientific". Next click "DEC" Hit the number 99.
Then click Hex, You will see it change to 63.

99 lives in a game is DEC, In hex it is 63

So if you see a address shows
923499 63 <---- This is 99 lives in a Game.
==============================================
Let do a real example now.
Game has 15 lives.
You lose 5 lives trying to find the address.
You find this address:
923499 0A
Open up your calculator, and click HEX, And hit 0A then click DEC
You will see it change to 10. The amount of lives you have.
==============================================
So to sum it all up this is What you see.
Address HEX Assembly
923499 2b ef dec ebp,edi
923499 63
923499 0A
==============================================

i hope you understood all my jabbering Smile

.

steelblob · Newbie cheater Reputation: 0 Joined: 13 Dec 2006 Posts: 10

I got what you mean.

So if an address needs to be "poked" by an value thats 2 bytes long...

E.G. 007B39D3 needs to be changed to 42, we simply and 2A 2 times?

POKE 007B39D3 2A 2A

I am trying to get to a point at which I understand how to write a trainer by myself. I am not using TMK. I am using C++, basically I am trying to write to a pointer.

So... I read the address by the pointer, then write to that DMA pointer correct? I would have to write {0x2A, 0x2A} correct?

Labyrnth · Moderator Reputation: 9 Joined: 28 Nov 2006 Posts: 6285

steelblob · Newbie cheater Reputation: 0 Joined: 13 Dec 2006 Posts: 10

Ugh... Thats what I don't get...

In CE, I have a pointer of with static = 007B39D3 = BASE + offset and thats all byte 2.

In order to patch it properly in my trainer I would have to make it so that "BYTE lab = {0x00, 0x2A}

and...

WriteProcessMemory(hand, (void*)0x7B39D3, &lab, 2, &bytes);

Right?

Does that mean I have to read the pointer address (Base + Offset) and get the DMA address or can I patch it directly?