Cheat Engine

liledition · Cheater Reputation: 0 Joined: 12 Sep 2014 Posts: 49

Hello

I want to ask if there is a way in cheat engine to do table that will search game for variable and not base addresses because game is still in development and code changes a lot. Game use QSP engine (game is file loaded into QSP player) so I can find fixed base pointers just fine (when hex search address there is already base address for pointer) but when developers changes code (when first time is variable mentioned in code has changed place for example) I need to find address and pointer again.

So I wonder if there is way to go around pointers and somehow go after variable names or whatever...

++METHOS · Posted: Wed Jan 11, 2017 3:23 pm Post subject:

AOB injection?

liledition · Cheater Reputation: 0 Joined: 12 Sep 2014 Posts: 49

I dont think aob will work. Function for every address is same. Only difference is in registers.

++METHOS · Posted: Wed Jan 11, 2017 4:10 pm Post subject:

That has nothing to do with AOB injection or how CE determines where to inject. If all available instructions access multiple addresses, then you'll need to filter them out. In your case, a proper identifier might be stored in one of the registers.

AOB injection is exactly what you need, as it will scan for hex data to determine where to inject (or what to manipulate). You can incorporate wildcard variables for bytes that are dynamic and are prone to change during updates/patches.

liledition · Cheater Reputation: 0 Joined: 12 Sep 2014 Posts: 49

Well I still dont know how to make it work. I have different versions of that game and same variable have different registers in same function. ECX register is same as address (example - variable "minute" have address "01234567" and that address access code "mov [ecx+ebp*8],edx" where ECX is "01234567" (same as address) EBP is always 0 and EDX in old is 2 and in new is 3...)

And I should probably tell that I am not too good with assembly yet... Embarassed

++METHOS · Posted: Wed Jan 11, 2017 5:24 pm Post subject:

If EBP is always 0 for the address of the value that you are trying to manipulate, and only that address, then you can use that as your identifier to filter out unwanted addresses.

Having different versions of the game doesn't matter - that's what the AOB signature is for. You find a solid signature that can be used across all versions. You can incorporate wildcard entries as needed.

You don't have to be good at assembly, since CE can auto-generate the script for you. All you have to do is know what to change and how to filter out what you don't want to change.

If you haven't done so already, I would recommend completing the CE tutorial. You can follow guides and videos that will help you understand along the way.

liledition · Cheater Reputation: 0 Joined: 12 Sep 2014 Posts: 49

EBP is always 0 for all addresses.

Auto generated script for AOB injection is same every for version I have because all addresses use same code.

I did do tutorial long time ago. It help greatly at start of using CE but it info is rarely useful for new games/java games/emulated games...

Problem with this game is that it is emulated. Program that runs game only reading values from game file and it loads values in order they are used in game... So when variables have different addresses when they are listed in different order (variable A done first is address X but when variable B is done first (before A) then variable B is address X...)

++METHOS · Posted: Wed Jan 11, 2017 6:02 pm Post subject:

AOB injection is probably your best bet. You can use an LUA script or AOBScanRegion if finding a unique and reliable AOB signature is not possible. Finding reliable identifiers for your filters can be daunting at first, but are usually necessary for emulated code.

Some methods for finding a unique identifier for filtering purposes: