Cheat Engine

DarkDolphin · Newbie cheater Reputation: 1 Joined: 30 Jan 2014 Posts: 22

Lets say that the game has this function called "get_Invincibility" , and we know for sure that it links to a boolean value (0 or 1).

Since this invincibility value is only used for debugging purposes, we have no way to activate that in game. Therefore, we can't do search / next search to find it.

If we search for the strings "get_Invincibility", it is found.

Question: Is there a way to trace from this "get_Invincibility" strings to the right location storing 0 or 1?

SunBeam · Posted: Mon Feb 20, 2017 5:31 am Post subject:

If you'd tell us the name of the game or post code snippets, we'd further advise. It totally depends how the game is built: I found strings often used as parameters to functions (push string, push etc., call func), while the magic happened in side the function; of course, there are situations where the string is just a string added to a list of initializations and never used as a reference in game code. In short, find the string location and study the code around it. There's no obvious indication how its effect is compiled (can be a bool, can be a test value, etc.).

DarkDolphin · Newbie cheater Reputation: 1 Joined: 30 Jan 2014 Posts: 22

Take this picture for example Smile

Tell me if I need to show any other parts.

Dark Byte · Posted: Mon Feb 20, 2017 7:26 am Post subject:

try the referenced string window (and let it run)

++METHOS · Posted: Mon Feb 20, 2017 9:17 am Post subject:

If dev console/debugger features are actually intact (and you are not just seeing remnants of what was stripped prior to shipping), you can typically determine which strings are valuable by using Ollydbg or similar, and doing as SunBeam has suggested - which is examine the code that handles that string as well as the code around it. You can set a breakpoint at the start of the sub-routine to see if it is anything useful and just work your way from there. Sometimes, you have to work your way back, even further, to determine where adjustments need to be made in order to fulfill your dreams.

SunBeam · Posted: Mon Feb 20, 2017 10:53 am Post subject:

https://pastehistory.com/paste/tVcfnc1Jw_CN Smile

Quick Google. RWBY: Grimm Eclipse?

DarkDolphin · Newbie cheater Reputation: 1 Joined: 30 Jan 2014 Posts: 22

@Dark Byte
________________________________

Very interesting! I never tried the Referenced Strings before. I'll mess around and see how it goes.

(For someone else who reads this and wanna know where it is: Memory Viewer --> View --> Referenced Strings.)
________________________________

@Methos
________________________________

Thank you. I've been using .NET Reflector. It's a unity game.
________________________________

@SunBeam
________________________________

Yeah! You got it right.

If we look at a table Cake-san made for the earlier game version:
/viewtopic.php?t=532837 (No longer works for the current version)

The first script is an AoB scan for the base pointer address. For each jump of the pointer, the description (ex. CharacterStats, m_hitstate) is similar to the string inside the game (but that string is not near the memory address). I really want to figure out how he managed to do that. Not only to do as he did, but to figure out other things like GlobalSettings.GodMode, etc.