Cheat Engine

[zonemikel]

I'm new, Great program. I used to just use it for searching for text but i just realized today all the great features it has.

game: Shadowbane MMORPG

Im pretty good at gamehacking with just a debugger and a memory searching program. I make bots not hacks though. I have already found the entire player structure and the targeted objects structure(hp/mana/stam name etc. etc.) I make full use of them in my program.

I have recently been trying to reliably find certain text that is continuously written to the screen so i can slam my own string into it and generate my own menu. I went through the pain of using GDI to overwrite the game but it flickers. Anyway this is where im trying to reliably find a pointer to the string "nothing selected" which is in a box that just shows the currently selected object/npc name.



I can easily find the text (its unicode) and edit it in cheat engine. I see that in game the text is instantly modified and displayed.

Just recently i found the text to be at this address
0C9CD0B0 <- Nothing selected text (or whatever is selected
then if i do a search for that address i always find it in two places
0A89AA90 & 0A8F4538 (they are two different places each restart

So i click the first address 0C9CD0B0 and hit "see what writes to this"
then i go and click on something and this pops up in the "see what writes to this window"

mov [esi],ecx

Im not the greatest at assembly but this i think this is moving ecx into esi.

So i move on to the pointer to the address 0A8F4538 and i click find out what is accessing this and i get

mov edi,[edi]

I just dont get it ? move edi into edi ?

Can someone explain the difference in [] type stuff ?
Also what does "pointer scan for this address" actually do ? Ive run it several times and it never seems to find anything
[/img]

[Labyrnth]

To make things a little simpler, Just right click your address you find> select > pointer scan for this address.
If you see nothing, you need to raise the max level from 1 to like 5.
*The higher you go, the longer it takes to find.

You will find a pointer to the text address your wanting to use.

Yes this moves value of ecx to esi.
mov [esi],ecx

The [esi] is an address. So, value of eax is getting moved in to the address [esi].

[zonemikel]

[Labyrnth]

Thats allocated memory default is 1024.
You can scan for your own cave. And not use that if you want.

[zonemikel]

First of all thanks for your help.
I did a scan as i said above with the size of structure set to 2048, is this the memory it uses in bytes ? like INT or something. Not sure if i should have left it at 1024?

Not sure what you mean about "my own cave" Im not doing code caving i inject a .dll that is c++. Ive written a few caves on the fly just do do simple things, but thats just for experimenting. I once hijacked the function that decrements your health and made it so if you're health is being decremented it works normal but if a targeted "monster" is being decremented it makes it 0 so the monster instantly dies, it had weird effects.

N E way its still scanning but it says it has found 372 matches which is new, before it never found matches ( but i didnt do a search like this )

Still got maybe half a hour to go b4 it finishes.

thanks again ill post my results

EDIT : Um maybe that means 12 hours its found 451 matches. I just hope once it finishes ill have something i can use. If this thing can actually find a static pointer to the address thats gold ! Dont know why i never looked at this b4 ive spent so much time tracing addresses back to a offset and static by hand(ollydbg).

[Labyrnth]

You can click stop after it finds some pointers mate, No need to really let it finish.

[zonemikel]

Ok so it found 800+ by the time i read your post (and stopped it)

and i have something like this

game.exe + 12C5004 (then i hit plus)

- 4
- 44
- 5DC
- 48
- 430
- 1D4

So if my thinking is right thats a 6 level pointer ? so do i have to
- dereference game.exe + 12C5004 then add 4
- dereference that and add 44
- dereference that add 5DC
- dereference that add 48
- dereference that add 430
- dereference that add 1D4

And i will have the location of my string ? That would be a whopper but i could do it.
Like a horrendous one liner (i think the game.exe is 400000)
((int*)(*(int*)(0x400000)+0x12C5004) + 0x44) omg what a mess

I double clicked the pointer and added it to my address, after a while it changed to
P->???????? value ??
Whats up with that ?

[Labyrnth]

The code is shifting.
----------------------
Try another pointer,

[zonemikel]

Oh yeah i see thats what the "rescan pointer addresses" thing is for, sorry im dumb.

I did another scan this time only for level 3 and it found like 90 pointers. guess ill start from there and if i dont find reliable ones ill go for level 4 etc.

Thanks for your help, great program. You will see a lot more of me around

update
Well i successfully found 34 pointers (3level) ive restarted the game a few times and "rescanned pointers" for the new address .. now i just gotta restart and do it one more time to be sure!

This will save me so much time, i dont even have to open up olly anymore(least not for this type stuff). And it was right under my nose all this time !

You know what would be great ? It would be great if once you have a muti level pointer in your address you could just right click it and generate the c/c++ code to dereference it !

eg.
*(int*)(game.exe + 0xCAC);
for a lvl 1 its not that hard but if you had like a five level pointer it would be really useful

EDIT AGAIN

I wrote this so it will return the address you are looking for use it like this

[Chonkie]

Alright. I'm a complete noob when it come to gamehacking, so much so that I have no clue what you just said.

And yeah, I know I'll probably get responded to like a bunch of bikers would respond to a gay-guy dressed in leather from wal-mart, as he walked into their bar.

"Get on back to the city, Pretty-boy."

Just curious about what exactly you are doing? Obviously what you are doing gives you some advantages as far as gameplay is concerned, but what exactly? In layman's terms?

I realize I'll never be able to learn how to do it, Just curious as to what "IT" is.

Thanks for any reply...