Cheat Engine

[The_MAZZTer]

Hello, this is my first post here, and I recently downloaded Cheat Engine and used it to find a number of cheats for the game Cave Story, a nice little game you should all play. (If you have trouble with the LZH or the patch, you can grab a prepatched version here. Please try the official site first.)

In the process of finding some cheat codes I was able to draw on my programming knowledge, and so I thought I'd share some the little bits that were useful for me in finding cheats.

First, you can download the Cheat Table which I've attached which has the cheats I've discovered.

Before I start I need to explain the concept of C structures, or structs for short. If you are already familiar with them you can skip this next paragraph.

Structures are used in object-oriented games to allow the programmer to group related data in order to keep everything neat and tidy and easily accessable, and allows us to, once we have found one value, to find many.

Run the DoConfig included with Cave Story and select windowed mode, so we can quickly switch between Cave Story and CE.

Now start Cave Story, start Cheat Engine and hook it into Cave Story, and start a new game. After the intro secqence ends, go over to the little disk icon (Z to jump) and press down to save, so you don't have to view the intro sequence every time you restart the game.

Now the first value you'll want to hack right away is the health. If you walk around this room long enough you'll fall into the water, and find another value (air). Get back out, and press Q. We have "arms" (weapons) and inventory which we will also fill with codes by the end of this tutorial.

First let's keep it easy, health. Search for the single byte 3. Go through the door with down, go left, (try to avoid spikes, if you die restore your game and try again) and dodge the bats. Get hit once by a bat and move over to the left. Once the health bar stops animating, do a scan for 2. You'll also notice you're invincible for a little time after you're hit, another code I found that you are welcome to try and find on your own.

On the far left you'll see a heart on a chest. Walk up to it and press down to get a health powerup. After the text box disappears, scan for 5. You should find two values (if not, get hit by the bats again and look for 4). Both values are health values... one works fine on it's own, but the health bar animation breaks, so add them both and give them whatever description you like. Freeze them at 6 or some value and see if they work.

Now, the game keeps a struct of some player info in a spot in memory, including... you guessed it... the health. So right click one of the addresses and click browse this memory region.

This screen might be confusing, so just note we don't care about the top panes, just the hex viewer on the bottom. Scroll up a few lines until we have a nice view of 0049E5A0 or so to 0049E700.

One thing I must note before we continue, or some of my instructions might be confusing: Windows stores multi-byte values differently than the helpfile tutorial included in CE indicates.

For example, if I have a 4 byte value in memory and I assign it 5, it will show as 05 00 00 00 in the hex viewer, NOT 00 00 00 05. Bytes are stored "backwards" you could say. This is advantageous in C and C++ because the programmer can tell C "This value that I said is a 4 byte, treat it like a 2 byte". Now C is looking at 05 00. If it had been stored the other way it would be looking at 00 00 and we lost the data! If you didn't get this last bit, it's not terribly important, don't worry.

Go back to the game and watch values changes as you walk back and forth and move. Looks useless on first glance...

But now let's show the power of this little spying technique.

Let's say we want to look for the air code now. Let's try the traditional way first. Minimze the Memory Viewer (or else it may spoil the answer! ), go into water, switch to CE, and search for one byte of the value you see in the AIR meter. Switching back and forth and searching will quickly show we are doing something wrong, as we won't find anything.

We could try and look for floats and doubles, but instead we're going to assume that the air is stored in the same struct as the health for the player... a reasonable assumption. Now restore the Memory Viewer and go into the water and stand still. You should see two byte values counting down in the memory viewer.

On closer examination we find the air is a two byte value from 0-1000, not 0-100 as it shows. (Reason for this is probably because doubles/floats are much more processor intensive than whole numbers, so the programmer chose to multiply the value by 10 and keep it a whole number.)

So you can add the address (right click the E8 of the E8 03) add it as two bytes, and freeze it at 1000. Ta da!

You may also notice an adjacent value changing as you leave the water. Congrats, you found the value that holds the display time for the flashing AIR 100. (Labelled Air Counter Leave Time in my CT file.) Not very useful in itself, but it's cool to see how these things work internally.

OK that was alot I know, but now we have one last big thing to tackle, and that's the inventory screen. I'll save you the trial and error I did and just tell you how it's laid out in memory.

If you want to stop here and come back later for the rest, it'd be a great time to do it.

First we have the five "arms". In memory, each is it's own struct, and each one follows the other in memory.

If you're familiar with C notation it looks like this (a DWORD is four bytes, FYI).

arms[5] {
DWORD weaponType; // Value from 0-13, 0 for no weapon here
DWORD energyLevel; // Value from 1-3 usually, 0 before you get a gun
DWORD energyMeter; // 0 to 200, 0 is none, 200 is maxed out, the minor level for the gun
DWORD maxAmmo; // 0 if the weapon has infinite ammo
DWORD ammo; // !
};

Before I explain this, it's probably better if you get a weapon first. Go through the game for a couple minutes (you should be already almost there) until you get the "Polar Star" gun. It will fit into your slot 1, as you can see when you press Q.

You will see ammo and maxAmmo values too (they are blanked if maxAmmo is 0, that is if it doesn't use ammo). Checking your HUD you'll notice the orange bar has a 1 next to it instead of 0. This is the energyLevel value, each weapon has it's own. Now go through the cave and shoot things, some things will give you orange shards that cause the meter to fill. This is the energyMeter value.

So each gun in your inventory has these properties. Let's fool with them so I can better show you this stuff (the table above should start to make more sense as we do so).

Jump to 00499BC8 in the viewer. You should see 02 00 00 00 in that spot and the following three, which is the code for the Polar Star. Change that to a 00 00 00 00 and switch back to the game. Hey, my gun is gone!

Change it back to 2 (or experiment with other values... most between 0 and 13 decimal work). Now move the cursor over four bytes to the right (since it's a DWORD/four byte value). This is the energyLevel value for the gun, which is 01 00 00 00. Up it to three and check out your super pistol ingame . The next value is the energyMeter four bytes over, which isn't terribly interesting. So skip that and move over four MORE bytes. Here we have 00 00 00 00. Change it to something like 05 00 00 00, and you'll notice your gun now has an maxAmmo value of 5. You can fiddle with this and the next code four bytes over for the ammo.

Now we know all the addresses of the values for gun 1. What happens if we move over four more bytes? Well, change the value there from 00 00 00 00 to 01 00 00 00... switch back to the game and you should have a new gun! And you can repeat, moving over four bytes (since these are all DWORDs) and changing values as you please until you've done all 5 guns.

One last thing we want to look for is inventory. It starts at 00499B40, each value is a DWORD, there are 24 of them, and values can be from 0-40something decimal. Feel free to experiment, and remember my CT file has these codes so you can cross-check your work with mine. And there are also Max Health, Infinite Jetpack (once you get it, which you can do with the item codes), and Invincibility codes too. All these codes lie within the same structs we've looked at (player info, gun info, inventory info).

Well that's all for now, hope this was informative.

[wobuffet3]

dat was not very helpful, sorry.
can you just post the .ct file?

[Innovation]

[TechX]

i dont care how old this is, its a useful post