Cheat Engine

[low_density]

hi, want to ask around, how do you compare between float values? like, for example, i want to compare [eax+10] with [edi+04], both are of float values? also, how do you make a script to do something like: add 1 to [ebx+08] when the script is enabled, and subtract 1 from [ebx+08] when the script is disabled? because i want to modify a value whenever i enable the cheat, but i do not want to set the value, just add or sub only... all help appreciated

[Geri]

To compare a float value:

fld dword ptr [eax+10] //push value in the stack
fcomp dword ptr [edi+04] //compare the value in top of the stack with [edi+04] and pop the stack

If it is a Double value, use qword instead of dword.

As for adding or removing the value only when the script is enabled or disabled, put the inc/dec [ebx+08] code in the general part below the [ENABLE] and [DISABLE] (where You see the alloc instruction, not in the newmem section). That part of the script is executed only when You enable or disable the script.

[low_density]

what do you mean for the general part? ok, let me give an example, in the game Saints Row 2, there is one address, sr2_pc.exe+239b810, that contains the required address i need for setting infinite sprint. This is the line that makes my game character's sprint infinite: or [sr2_pc.exe+239b810],00000080. so, can i write a script to execute this once (when i enable the script) and execute this line: and [sr2_pc.exe+239b810],ffffff7f to remove the infinite sprint (when i disable the code)? an example script will be helpful.

[Geri]

Example:

This code is for Step 2 in the tutorial. It will set Your health to 20 when the script is enabled and set it to 10 when it is disabled. Of course You can use add/sub or inc/dec instead of mov.

[low_density]

hi, thanks for your link, the script by dark byte is good, i only want to increase the value once when i enable the script, and decrease the value once when i disable the script, the script given by dark byte works perfectly thanks again

[Geri]

Yes, but keep in mind that the script which is made by Dark Byte is increasing the value by 1 when it is enabled and also increasing the value by 1 when it is disabled. Thus it doesn't have the same effect that You are looking for. Your code should decrease the number when it is disabled, not increase it in all cases (at least You said You need to achieve that effect).

[low_density]

hi, i'm back again, just wanna ask one more question.... using dark byte's script, how can i increase the value of an address that is stored in ecx register at a certain address (for example, i wan to increase the time in a game, the address of the time changes with every time i restart the game, the address that is changing the time address is deadrising2.exe+19262, the time address is stored in the register ecx+1c)... i wan to increase the time ONCE when i enable and ONCE when i disable the script... is it possible to get the address from the register?

[Geri]

It is possible, but You need to write 2 different scripts for it.

1. You need to inject a code at the place where the game is accessing to the timer that You want to change and save the timer's address. You can allocate 4 bytes to store the address or You can use an unused area in the program to store Your thing.

2. Create the script which is increasing the address that You have saved.

OR

The other method for example, to make a counter (this is probably less problematic). Like I made for the Civ 5 when I made Add x stuff cheats.

Then You need to write Your script like that.
1. Check if counter is 0 or not.
2. If not 0, do things.
3. At some point, make sure to set the counter to 0 again so the value will not be changed unless the counter is changed by the user manually.
The counter can be any allocated or unused memory address again. Up to You.

[low_density]

ok, i don't quite understand the second option, i will go for the easier one, can you gimme an example script on how to make the first option?

[Geri]

Alright, btw. the first option is the harder one, but Your choice.

This example script is for the tutorial.
cmp [Ebx+00000314],000003E8 is the code which is accessing to the value that we want to modify.

Store the address of our value:

[low_density]

ok thanks for the script i would like to ask one more thing, how do you make a script that checks if a hotkey is pressed before it can be enabled? for example, normally, for the trainers that can be found anywhere, there will be some sort of like press F1 to activate trainer, before all the other hotkeys can work... does this depend on a script or?
EDIT: and also, is there any way to multiply a value by a certain number? like for example, i want to multiply the value stored in ebx by 3, how do i do that? i tried using "shl ebx,3", but it did ebx*2*2*2 instead of ebx*3...

[Geri]

[low_density]

thanks geri, you have been a great help! sigh, i need help again... how do you make a script that can keep changing the value of a certain address without hooking onto the game's api? i read a post by darkbyte, but i don't really understand the script... can you gimme and example of an easier script to do a createthread and lock an address at a value as long as the script is enabled?

[Geri]

Probably the easiest way is to make a code injection at a very frequently used code (some screen routine for example) and change Your value there. Most screen routines are used even 100 times per second to update the display so that would pretty much "freeze" the value.

[low_density]

ok you hacked civilization 5 before right? funny thing is, the money address is always stored in Fxxxxxxx addresses for my game, and by using normal search, i can't seem to find it... i need to set the search range from 0 to FFFFFFFF to be able to find the address for the money... and when i tried to use the "find out what addresses this instruction accesses" on the opcode that changes the amount of money, it immediately crashed the game... is it because the address is on Fxxxxxxx address and not below 7FFFFFFF? how do you prevent the crash?

EDIT: and for the direct x 9 version, it seems that when using search for unknown initial value, the search range cannot be more than 40000000, or else cheat engine will show "Scan error:controller:Failure allocating memory for copy"..