|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
peace How do I cheat? Reputation: 0
Joined: 13 Apr 2013 Posts: 3 Location: United Kingdom
|
Posted: Sat Apr 13, 2013 3:55 pm Post subject: Please help with candy crush cheat |
|
|
I downloaded cheat engine, watched the tutorial and then tried it. I could not find which process to use so I went through all of them. On some of them after several scans I was still getting 2 adresses coming up and I kept doing more scans but still it came up with 2.
So I decided to try and change one of them and the first one didnt work so I changed the other one and it changed the number of moves i had left.
I was really pleased until my game ended as normal and did not let me use my extra moves. WHy is this?
What have i done wrong?
|
|
Back to top |
|
|
DaSpamer Grandmaster Cheater Supreme Reputation: 52
Joined: 13 Sep 2011 Posts: 1578
|
Posted: Sat Apr 13, 2013 4:19 pm Post subject: |
|
|
You need to change 2 of them.
1 of them is the moves that game is relay on and ends game if its reachs 0.
the other one is the visual display which you changed.
_________________
|
|
Back to top |
|
|
Rectangle Advanced Cheater Reputation: 1
Joined: 23 Feb 2013 Posts: 73
|
Posted: Sat Apr 13, 2013 5:03 pm Post subject: |
|
|
peace wrote: | I could not find which process to use so I went through all of them. |
IF you are using firefox...
You need to open whichever process has the highest peak working set.
Download this tool: www[dot]4shared[dot]com/file/gKTZuTNH/pws[dot]html
Place it somewhere easy to remember (I placed mine in my root C:\ drive).
Open up cheat engine and press CTRL + ALT + L to open the Lua window.
Copy/paste the following code:
Code: | handle = io.popen("C:\\pws.exe FlashPlayerPlugin")
pid = tonumber(handle:read("*a"))
handle:close()
if(pid == nil) then
print("[ERROR] - Failed to retrieve process ID!")
exit()
end
openProcess(pid) |
Save your script.
Now whenever you want to attach to a flash game, simply load and execute the script.
This will automatically search through any process which has "FlashPlayerPlugin" in it's name, return the PID of whichever one has the highest peak working set, and attach to that process.
I made this tool and script explicitly for Candy Crush Saga using Firefox, and can confirm that it works not only for Candy Crush but for most flash games in Firefox.
IF you are using chrome...
Unfortunately, I haven't taken the time to automate this one yet.
You'll need to load up your flash game and press SHIFT + ESC to bring up chrome's task manager.
Then look for an entry called "Plugin: Shockwave Flash" and check it's PID.
Then either use it temporarily in a Lua script (via openProcess), or convert it to hex to see which entry to choose in CE's process list dialog.
peace wrote: | On some of them after several scans I was still getting 2 adresses coming up and I kept doing more scans but still it came up with 2.
So I decided to try and change one of them and the first one didnt work so I changed the other one and it changed the number of moves i had left.
I was really pleased until my game ended as normal and did not let me use my extra moves |
Just as Flash hacker said, the one which seemingly works is just a graphical counter for the GUI. The one which doesn't seem to work is in fact the game's internal counter for the actual number of moves remaining.
I have made an auto-assemble script for the GUI part, but I haven't been successful in making one for the actual # of moves yet. If you get to the part in the game where you encounter timed bombs, I do have a working AA script for that if you'd like it.
Also, in my research I've found the following tile values to be used by the game:
- 0 = ??? (inbetween/changing/chocolate)
- 1 = blue
- 2 = green
- 3 = orange
- 4 = purple
- 5 = red
- 6 = yellow
Good luck! Let me know if you have any more trouble.
|
|
Back to top |
|
|
peace How do I cheat? Reputation: 0
Joined: 13 Apr 2013 Posts: 3 Location: United Kingdom
|
Posted: Sun Apr 14, 2013 3:49 am Post subject: |
|
|
Thankyou. I will try changing both of them. Btw do I have to go through the whole process everytime I try this cheat stuff?
|
|
Back to top |
|
|
DaSpamer Grandmaster Cheater Supreme Reputation: 52
Joined: 13 Sep 2011 Posts: 1578
|
Posted: Sun Apr 14, 2013 7:52 am Post subject: |
|
|
Rectangle wrote: | peace wrote: | I could not find which process to use so I went through all of them. |
IF you are using firefox...
You need to open whichever process has the highest peak working set.
Download this tool: www[dot]4shared[dot]com/file/gKTZuTNH/pws[dot]html
Place it somewhere easy to remember (I placed mine in my root C:\ drive).
Open up cheat engine and press CTRL + ALT + L to open the Lua window.
Copy/paste the following code:
Code: | handle = io.popen("C:\\pws.exe FlashPlayerPlugin")
pid = tonumber(handle:read("*a"))
handle:close()
if(pid == nil) then
print("[ERROR] - Failed to retrieve process ID!")
exit()
end
openProcess(pid) |
Save your script.
Now whenever you want to attach to a flash game, simply load and execute the script.
This will automatically search through any process which has "FlashPlayerPlugin" in it's name, return the PID of whichever one has the highest peak working set, and attach to that process.
I made this tool and script explicitly for Candy Crush Saga using Firefox, and can confirm that it works not only for Candy Crush but for most flash games in Firefox. |
It sounds very useful that pws.exe
Couldn't test it, It don't return me the PID.
If I try to enable it manually, it says that MSVCR110.dll is missing, but I do have it .-.
So strange!
_________________
|
|
Back to top |
|
|
Rectangle Advanced Cheater Reputation: 1
Joined: 23 Feb 2013 Posts: 73
|
Posted: Sun Apr 14, 2013 2:54 pm Post subject: |
|
|
peace wrote: | Thankyou. I will try changing both of them. Btw do I have to go through the whole process everytime I try this cheat stuff? |
Nope. Once you save the script and save the cheat table, you just need to load the table or script, press CTRL + ALT + L and hit the execute button again.
I wanted to create a trainer to make it even easier, but like I said I was having trouble with some of the AA scripts so a trainer would be useless at this point (since I only have a bomb cheat and GUI cheat working automatically).
Flash hacker wrote: | Couldn't test it, It don't return me the PID.
If I try to enable it manually, it says that MSVCR110.dll is missing, but I do have it .-. |
Try reinstalling the VC redistributable (x86 and x64) at:
www[dot]microsoft[dot]com/en-us/download/details[dot]aspx?id=30679
You can also pass the /L switch to find the lowest instead of the highest working set.
|
|
Back to top |
|
|
DaSpamer Grandmaster Cheater Supreme Reputation: 52
Joined: 13 Sep 2011 Posts: 1578
|
Posted: Sun Apr 14, 2013 3:10 pm Post subject: |
|
|
Rectangle wrote: | peace wrote: | Thankyou. I will try changing both of them. Btw do I have to go through the whole process everytime I try this cheat stuff? |
Nope. Once you save the script and save the cheat table, you just need to load the table or script, press CTRL + ALT + L and hit the execute button again.
I wanted to create a trainer to make it even easier, but like I said I was having trouble with some of the AA scripts so a trainer would be useless at this point (since I only have a bomb cheat and GUI cheat working automatically).
Flash hacker wrote: | Couldn't test it, It don't return me the PID.
If I try to enable it manually, it says that MSVCR110.dll is missing, but I do have it .-. |
Try reinstalling the VC redistributable (x86 and x64) at:
www[dot]microsoft[dot]com/en-us/download/details[dot]aspx?id=30679
You can also pass the /L switch to find the lowest instead of the highest working set. |
Thanks its working .
Wondering if it possible to implement it into a trainer, and the VC redistributable so it will work even if user won't have it.
Anyway,
About the auto assembler scripts, tell me I'll help you.
Also tell me in which stages theres timers.
_________________
|
|
Back to top |
|
|
Rectangle Advanced Cheater Reputation: 1
Joined: 23 Feb 2013 Posts: 73
|
Posted: Sun Apr 14, 2013 3:29 pm Post subject: |
|
|
Flash hacker wrote: | Anyway,
About the auto assembler scripts, tell me I'll help you.
Also tell me in which stages theres timers. |
I was trying to get an AA script working for the # of moves left.
The think the problem is that the AOBScan doesn't always work (may be finding duplicate addresses).
Meanwhile, here's what I DO have working, so far...
Moves (GUI only! Works in every level):
Code: | [ENABLE]
alloc(newmem,2048)
label(memjump)
label(returnhere)
registersymbol(memjump)
aobscan(aobaddy,8B 48 78 8D 49 FF 89 48 78 8B 50 08 8B 8A 10 03 00 00)
newmem:
mov ecx,[eax+78]
lea ecx,[ecx-01]
mov [eax+78],ecx
mov edx,[eax+08]
mov ecx,[edx+00000310]
jmp returnhere
aobaddy:
memjump:
jmp returnhere
nop
nop
nop
nop
returnhere:
[DISABLE]
memjump:
dealloc(newmem)
mov ecx,[eax+78]
lea ecx,[ecx-01]
mov [eax+78],ecx //*
mov edx,[eax+08]
mov ecx,[edx+00000310]
unregistersymbol(memjump) |
Freeze Bomb Timers (Starts at level 96, sometimes requires a slight pattern change):
Code: | [ENABLE]
alloc(newmem,2048)
label(memjump)
label(returnhere)
registersymbol(memjump)
aobscan(aobaddy,8B 8A C4 00 00 00 8D 49 FF 89 8A C4 00 00 00 8B 4D F0 89 0D 40 ?? ?? ?? ??)
newmem:
mov ecx,[edx+000000C4]
lea ecx,[ecx-01]
mov [edx+000000C4],ecx
mov ecx,[ebp-10]
mov [04E92840],ecx
jmp returnhere
aobaddy:
memjump:
jmp returnhere
nop
nop
nop
nop
returnhere:
[DISABLE]
memjump:
dealloc(newmem)
mov ecx,[edx+000000C4]
lea ecx,[ecx-01]
mov [edx+000000C4],ecx
mov ecx,[ebp-10]
mov [04E92840],ecx
unregistersymbol(memjump) |
Freeze Chocolate Machines (NOTE: Still a bit BUGGY! Starts at level 156)
Code: | [ENABLE]
alloc(newmem,1024)
label(memjump)
label(returnhere)
registersymbol(memjump)
aobscan(aobaddy,8B 51 48 8D 52 FF 89 51 48 8B 51 48 83 FA FF)
newmem:
mov edx,[ecx+48]
lea edx,[edx-01]
mov [ecx+48],edx
mov edx,[ecx+48]
cmp edx,FF
jmp returnhere
aobaddy:
memjump:
jmp returnhere
nop
nop
nop
nop
returnhere:
[DISABLE]
memjump:
dealloc(newmem)
mov edx,[ecx+48]
lea edx,[edx-01]
mov [ecx+48],edx
mov edx,[ecx+48]
cmp edx,FF
unregistersymbol(memjump) |
Another idea I had involved freezing timed levels (there's usually one per episode, typically near the end of each), but I eventually gave up on getting this one to work.
Besides, I found out you could just as easily modify the player's score to the minimum requirement and wait for the timer to expire in order to beat the level.
I also believe it's possible to fool the client into thinking it has infinite Crush lollipops, but I could be wrong and you get them so rarely (unless you pay for extras) that It's hardly worth the effort.
Flash hacker wrote: | Wondering if it possible to implement it into a trainer, and the VC redistributable so it will work even if user won't have it. |
It may be possible with a little extra effort, but the only way I could see this working would be if you embedded them as a resource and somehow extracted them somewhere on the user's machine, editing the script as needed to point to the correct location.
Perhaps Dark Byte could shed a little more light on this subject, if you wish to create a new thread on it.
|
|
Back to top |
|
|
DaSpamer Grandmaster Cheater Supreme Reputation: 52
Joined: 13 Sep 2011 Posts: 1578
|
Posted: Sun Apr 14, 2013 3:42 pm Post subject: |
|
|
Luckly I let my mom play that game in my fb account, she reached level 98.
Heres 2 simple scripts for unlimited moves.
first
Code: | [ENABLE]
//Tip: add address newmem1+3 to set the visual moves value
alloc(newmem1,2048)
label(returnhere)
label(originalcode)
label(exit)
label(restore1)
registersymbol(restore1)
registersymbol(newmem1)
aobscan(moves1,8B 4D CC E8 ?? ?? ?? ?? 8B 43 78 83 EC 0C 50)
newmem1:
originalcode:
mov [ebx+78],#10 //Sets the visual moves into 10, you may edit it.
mov eax,[ebx+78]
sub esp,0C
exit:
jmp returnhere
moves1+8:
restore1:
jmp newmem1
nop
returnhere:
[DISABLE]
dealloc(newmem1)
restore1:
mov eax,[ebx+78]
sub esp,0C
//Alt: db 8B 43 78 83 EC 0C
unregistersymbol(restore1)
unregistersymbol(newmem1) |
second
Code: | [ENABLE]
//Tip: add address newmem2+3 to set the other moves value :)
alloc(newmem2,2048)
label(returnhere)
label(originalcode)
label(exit)
label(restore2)
registersymbol(restore2)
registersymbol(newmem2)
aobscan(moves2,8B 41 10 83 F8 00 0F 9E C0 0F B6 C0 8B 4D F0)
newmem2:
originalcode:
mov [ecx+10],#10
mov eax,[ecx+10]
cmp eax,00
exit:
jmp returnhere
moves2:
restore2:
jmp newmem2
nop
returnhere:
[DISABLE]
dealloc(newmem2)
restore2:
mov eax,[ecx+10]
cmp eax,00
//Alt: db 8B 41 10 83 F8 00
unregistersymbol(restore2)
unregistersymbol(newmem2) |
Put the first script in auto assembler > File > Assign to current table
And then switch scripts and do the same, and then you can save it, and enable/disable whenever you want.
(Enable as soon as you enter a game.)
_________________
|
|
Back to top |
|
|
Rectangle Advanced Cheater Reputation: 1
Joined: 23 Feb 2013 Posts: 73
|
Posted: Sun Apr 14, 2013 3:51 pm Post subject: |
|
|
Flash hacker wrote: | Put the first script in auto assembler > File > Assign to current table
And then switch scripts and do the same, and then you can save it, and enable/disable whenever you want.
(Enable as soon as you enter a game.) |
Are you saying I should add both scripts, enable the first, then enable the second if the first one works?
Or do you mean enable and disable the first, then enable the second?
Flash hacker wrote: | I let my mom play that game in my fb account, she reached level 98 |
lol the funny thing here is my mom wouldn't stop sending me requests for the damn thing, even after I told her I wouldn't play it, and eventually caved in just so I could kick her butt in it. Without cheating, it only took me a few days. By then I was already hooked.
|
|
Back to top |
|
|
DaSpamer Grandmaster Cheater Supreme Reputation: 52
Joined: 13 Sep 2011 Posts: 1578
|
Posted: Sun Apr 14, 2013 3:55 pm Post subject: |
|
|
Rectangle wrote: | Flash hacker wrote: | Put the first script in auto assembler > File > Assign to current table
And then switch scripts and do the same, and then you can save it, and enable/disable whenever you want.
(Enable as soon as you enter a game.) |
Are you saying I should add both scripts, enable the first, then enable the second if the first one works?
Or do you mean enable and disable the first, then enable the second?
Flash hacker wrote: | I let my mom play that game in my fb account, she reached level 98 |
lol the funny thing here is my mom wouldn't stop sending me requests for the damn thing, even after I told her I wouldn't play it, and eventually caved in just so I could kick her butt in it. Without cheating, it only took me a few days. By then I was already hooked. |
No no I meant,
Assign them both after Scripts entries.
Enable Both of them (Freeze them, or press on Active boxes).
And whenever you want to disable (turn off the cheat), just unfreeze/uncheck the Active boxes.
P.S
You can do it by your own by checking what accesses* the addresses
_________________
|
|
Back to top |
|
|
Rectangle Advanced Cheater Reputation: 1
Joined: 23 Feb 2013 Posts: 73
|
Posted: Sun Apr 14, 2013 3:57 pm Post subject: |
|
|
Oh btw, if you'd like the source code for pws, I've uploaded it here:
www[dot]4shared.com/zip/aezm77Dl/pws_src[dot]html
Compiled using VS 2012. Maybe that could help you find a way to embed it into a trainer.
|
|
Back to top |
|
|
DaSpamer Grandmaster Cheater Supreme Reputation: 52
Joined: 13 Sep 2011 Posts: 1578
|
Posted: Sun Apr 14, 2013 4:06 pm Post subject: |
|
|
That pws is very useful.
And will be VERY useful for Chrome!.
you can make attach to each chrome and chrome process and make it look for pepflashplayer.dll (string).
And if it returns anything then its the right process.
_________________
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Sun Apr 14, 2013 4:11 pm Post subject: |
|
|
About PID list, and PPID (Parent PID). I made some time ago modified SFX lvl2. It creates txt file, inside extracted trainer folder X:\temp\cetrainers\CETEC.tmp\, this file contains all running processes, PIDs and PPIDs.
But I have to recreate this SFX lvl2 (standalonephase2.dat).
pros:
- simple txt file
- we can parse with simple string:sub
cons:
- it gather processes while launching trainer.
_________________
Last edited by mgr.inz.Player on Sun Apr 14, 2013 4:13 pm; edited 1 time in total |
|
Back to top |
|
|
DaSpamer Grandmaster Cheater Supreme Reputation: 52
Joined: 13 Sep 2011 Posts: 1578
|
Posted: Sun Apr 14, 2013 4:12 pm Post subject: |
|
|
@cons:
It cannot gather processes while trainer working?
_________________
Last edited by DaSpamer on Sun Apr 14, 2013 4:20 pm; edited 2 times in total |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|