Cheat Engine

Dournbrood

First thing's first: Yes, i have searched for countless hours (On the forums and otherwise) on how to do this.
I am fully aware of the pointer scanner, and the "find out what is xxxxing this address" functions. But i want to know if i'm doing anything wrong or if this issue is due to the game being relatively new... (From around 2015)

I am attempting to create a basic cheat table for a 2-D Platformer action game called "Wings of Vi".

(There was a screenshot here. Can't post URL's yet.)

Something about the game forces the addresses to be changed every time you die, but they are still relatively quick to find with a few scans, for instance:

I've managed to locate the value (4 bytes) for the remaining number of "jumps" the player has left many times. When the player is on the ground, this value is 2, and jumping any amount of times decreases it until it's 0, at which point, you can no longer jump. We don't want that. So, adding the value to the address list and freezing (setting it as active) it at two does exactly as logic would suggest; you can jump indefinitely.

Example for consistency:
(There was a screenshot here. Can't post URL's yet.)

However, there are other values that are a lot more complicated to find due to the resetting of the addresses on the player's death, such as the death state itself. I have managed to find this value a handful of times, and would love to be able to automate this process via pointer scanning or any other means.

What i've been doing is precisely this: I find the address, add it to the list. I right click and pick "Find out what accesses this address" and change it around in game by jumping around a lot. Obviously, if i jump 15 times, i'll want to check the opcode that has accessed it that many times. I pull up the "More information" tab and find the "The value of the pointer needed to find this addres is probably XXXXXXXX", right click and copy that, and change the value type in the CE scanner to 4 bytes, set the scan type to exact value, and search for the probable address. It never yields any results.

Hex Scan:
(There was a screenshot here. Can't post URL's yet.)

I've tried repeating this same process, but using the probable address and the regular address in the pointer scanner with the normal settings, and i end up getting no results unless i raise the max level and offset to something absolutely rediculous, at which point i get hundreds of millions of results, yet restarting the game, finding the same value, and searching for that new value yields no results either.

Pointer Scan:
(There was a screenshot here. Can't post URL's yet.)
(^^I promise the settings for this were fine, i read up on it :P)

(There are also no public decompilers for this game, so that's not an option either. :/)

Extra info: I'm not running this on an emulator, and i'm using CE 6.6 and am running the 64-bit version of Windows 10 Pro. Any other relevant specs that are needed, feel free to ask and I'll send them in a reply.

So, what is something else i could try to do to find out what exactly is pointing to these dynamic addresses? Is there a setting i could change? Or, is there another method and an accompanying in-depth tutorial? (After all, this is literally the first time i've tried to automate this process. If i'm doing something wrong, please tell me about it. Any relevant feedback is helpful here.)

Thanks!

Cake-san · Posted: Wed Mar 22, 2017 7:19 pm Post subject:

Script from my old table:

Main script:

Dournbrood · Posted: Thu Mar 23, 2017 3:40 pm Post subject:

@Cake-San

Cake-san · Posted: Fri Mar 24, 2017 1:15 am Post subject:

Dournbrood · Posted: Sat Mar 25, 2017 3:17 pm Post subject:

I'm on version 1.12, and the script can't find the base address because it changed or smth. Tried to rewrite but failed :/

Cake-san · Posted: Sat Mar 25, 2017 8:12 pm Post subject:

Here's a messy asm script for 1.12
Not fully test though... Rolling Eyes