Cheat Engine

[D1g1Byt3]

There seems to be no Tutorials or anything describing how to use cheat engine with 64-Bit Games. Iv'e been looking everywhere to find one and there seems to be nothing.

The game I'm currently trying to work on is Factorio. There is a Table currently, but I'm trying to find out a few more things. Like the Inventory, I'm trying to find the Base address, and Add all the slots so I can modify the amounts and each slot. It'd be nice eventually to find a way to modify the "Item" in each slot as well. But that is way beyond me I think. My problem is when I try and find the Base address I'm running into the issue of finding it.



Is all I get, there seems to be no Offset, at least from what I gather, I'm still sorta noobish so maybe I'm missing something entirely.

Also keep in mind this is Search "What Accesses the Address" and this is the address for the 1st Slot.[/img]

[SunBeam]

Hi there.

Looking at what you're describing and the screenshot (not sure if I'll be accurate, but here we go):

1. You have the base right there in your screenshot: it's "rcx" on the first line, at 7FF698E10E69. The offset is calculated via "rdx*8" (slot 0: rdx = 0; slot 1: rdx = 1; etc.). Each slot address is 8 bytes apart (that's because x64 addresses in this game - and OS - occupy 8 bytes).

2. You will have to backtrace or debug your code to find where "rcx" is obtained by (perhaps you have a static pointer already in the code; else you may want to backtrace or use Pointer Scan to find it/one).

3. Your problem will begin once you've finished mapping the slots, as you don't actually know what kind of item is stored in the slot. You may want to investigate item IDs or some sort of static based on which you know an item is - for example - gold. Similarly, even if you don't know which item is stored in which slot, you'll have to figure a way to get from the appointed slot address to the offset where quantity is stored. But you can debug that easily and calculate the path afterwards.

Hope these helped.

BR,
Sun

[D1g1Byt3]

I honestly wish I understood you completely, you honestly went waaaaaay over my head. It's not your fault, I'm just to stupid to figure out what you are talking about XD. Anyways, is there a chance you may be able to "Dumb it Down" a bit for me, because like I said, I'm still a bit noobish. I'm having trouble with number 2, doing the backtrace and debugging.

[SunBeam]

The "base address" is stored in RCX register at 7FF698E10E69. You will have to check the code above this address (or backtrace) to see if RCX is obtained by a static pointer. If so, then use that as your base address:

Example:

mov rcx,[7FF020000000]
mov eax,[rcx+rdx*8]

No one said the offset should be a static value (like you'd see in x32 games -> mov eax,[ecx+1F0]). In your case, the offset represents the slot number - 1. Slot 1 = 0, slot 2 = 1, slot 3 = 2, etc. Then to calculate the offset you just multiply by 8. So: slot 1 = 0*8 = 0; slot 2 = 1*8 = 8; slot 3 = 2*8, etc. The slot number is stored in RDX register.

Why slot number - 1? Because mov rax,[rcx+rdx*8] reads slot addresses from that base address ( rcx ) + offset ( rdx*8 ).

So when you wanted to "find out what accesses this address" on first slot, that popped up, where RCX = an address and RDX = 0. Correct? Click the line in the debug window and see the registers description.

BR,
Sun

[D1g1Byt3]

Ok what I am getting so far is this. I think i found the Base Address. I know that Slot 2 is +18 from Slot 1, and Slot 3 is +18 from Slot 2 and so on. Is there a way I can Populate that in a Cheat table or something using a script?

Edit: Turns out RDX for slot 1 is 0, RDX for slot 2 is 3, and slot 3 is 6. RDX seems to increase by 3 per slot so far, hence the + 18 Offsets. But I still can't find a way to Make a script to Automatically put all those addresses base on those offsets :/


Edit 2:Also Base Address keeps changing, and pointer scan is coming up with nothing after a while.