|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
thundercat How do I cheat? Reputation: 0
Joined: 07 Sep 2017 Posts: 2
|
Posted: Thu Sep 14, 2017 1:45 pm Post subject: beginner - so close to finding the pointer |
|
|
Hi,
I'm still pretty new to cheat engine. I've done the tutorial. Understood mostly everything.. i think.
I'm now trying to change my life points in a little free game. I've posted about this before, but now i'm stuck. I've been messing around for a few days and can't find the solution. I'm very close to it, but i miss some knowledge.
I can consistently find the address where my life points are. But now i need to find a pointer to that address so i dont have to redo the scan every time.
So i did find something when i do search for writes, but there is no immediate useful offsets. Here's what i get :
00402AB7 - C1 F9 02 - sar ecx,02
00402ABA - 78 11 - js DD.exe+2ACD
00402ABC - FD - std << // CE gives this std opcode as result
00402ABD - F3 A5 - repe movsd
00402ABF - 89 C1 - mov ecx,eax
EAX=00000010
EBX=0535953C
ECX=00000003
EDX=0535953C
ESI=0018FABC
EDI=05359544
ESP=0018F92C
EBP=00000001
EIP=00402ABD
EDI has the address of the life point.
EAX has the lifepoint value.
Here is my thought process for how to solve this. Please tell me if i'm wrong.
1. These opcodes don't help me directly like in tutorials.
2. EDI, EAX have interesting values.
Solutions :
A. I could try to see how EDI gets that value. ( I dont know how)
B. I could inject code so that EAX always have the value i want. ( but i wont learn how to manipulate pointers)
C. I could try to find if there is a relation between DD.exe , DD.exe+2ACD and my 05359544.
D. I could use pointer scanner. ( i tried it with 4 restarts and got down to 10 pointers, but none of them seems to work / i dont know what to do from there.)
P.S: I changed the name of the process to respect forum rules etc etc.
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1586
|
Posted: Fri Sep 15, 2017 7:40 am Post subject: |
|
|
remember '0' is an offset, so something like mov edx[ebx] means first offset is '0'
try to change pointer scan options.
you might want to change via AA script.
you can also load the address into a register.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|