 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Mahi
How do I cheat?
![]() Reputation: 0
Joined: 30 Jul 2013
Posts: 1
|
 Posted: Tue Jul 30, 2013 7:55 am Post subject: Finding static pointers for Byte or 2 Byte types? |
 |
|
I'm trying to create a trainer for Duke Nukem: Manhattan Project, but I ran into a problem: some of the values/addresses (f.e. ammo) appear to be both Byte and 2 Bytes? I'm really new to CE and memory hacking etc. so try and bare with me.
If I do a search with "Value Type: All" and keep rescanning with different ammo values, I will find the following addresses:
| Code: | 02A6C4CC : 1
02A6C4CC : 2
0E601A04 : 1
0E601A04 : 2 |
By adding these to my address table, I can see that the bottom 2 addresses are not the correct ones: they change when my ammo changes, but if I change their value, it just quickly changes back.
I'm left with the top two addresses: 02A6C4CC:1 and 02A6C4CC:2. First of all, how can I have same address in two different types? Also, changing one changes the other.
Now then when I right click on either one of the two addresses and choose "Find out what writes to this address" I will get the following instruction (after shooting few times in the game):
| Code: | 09F6D71E - 48 - dec eax
09F6D71F - 23 C2 - and eax,edx
09F6D721 - 66 89 01 - mov [ecx],ax <<
09F6D724 - 8B C6 - mov eax,esi
09F6D726 - 5E - pop esi
EAX=00000068
EBX=1002D201
ECX=02A6C4CC
EDX=00000068
ESI=00000001
EDI=00000000
ESP=0010F004
EBP=0E61BEB8
EIP=09F6D724 |
Hex scan for ecx 02A6C4CC with 4 Bytes gives me 0 addresses. If I choose Byte or 2 Bytes I will get something from 500 to 200 000 addresses, each with value equal to CC.
Here's a picture: oi44.tinypic . com/27wt0s8.jpg (sorry, can't post urls yet..)
What am I doing wrong, how can I find the static pointer for these addresses?
|
|
| Back to top |
|
 |
vergilganesh
Expert Cheater
 Reputation: 0
Joined: 01 Jul 2013
Posts: 134
Location: India
|
| Posted: Wed Jul 31, 2013 6:11 am Post subject: |
|
|
| Try using pointerscan. Make a google search about pointerscan.
|
|
| Back to top |
|
|
smx
Newbie cheater
![]() Reputation: 0
Joined: 02 Sep 2012
Posts: 13
|
| Posted: Mon Aug 05, 2013 10:53 am Post subject: |
|
|
02A6C4CC is both 1 and 2 bytes, because the size of the address is 2 bytes, but it can also contain a byte.
CE's is telling you that because at
09F6D721 - 66 89 01 - mov [ecx],ax <<
ax is involved.
ax is a 16 bits register, which means it can contain 2 bytes (16/8 -- 8 bits = 1 byte)
In this case, it's holding the value 68 (EAX=00000068), and 68 is 1 byte (here's why the double address)
68 in hex == 104 in dec
About the Hex Scanning, i don't think you need it in this moment, because there is no offset.
Pointer scanner use is when you have, instead of your instruction:
mov [eax*4+esi],ax or something similar, so you want to know where is [eax*4+esi], and you do a pointer scan to find the address.
The instruction mov [ecx],ax means:
Take the value that is stored in the ax register (our ammo), and copy that value to the address contained in ecx.
This means that this instruction updates ammo at 02A6C4CC (and you already have it in your table).
If you want to change ammo without auto-assembler, you should backtrace ax (your ammo), to see where some value is put into it. You could click on Show Disassembler, then Tools, Dissect Code, and then scroll up to find where an opcode like this:
mov ax,[something]
occurs
You should be able to find the piece of code which loads ammo from an address into memory. Then you can see if it that address is static or a pointer (which needs pointer scanning).
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
