Cheat Engine

[16-Bit]

I'm trying to filter out these values for item unlocks in a game. The items are very annoying to get, so finding even one code that generated the unlock was very difficult for me to do. In other words it would be VERY annoying to re-find the addresses for each item and unlock them.

Using the address, I found the data structure. I know it follows a certain pattern like the one below and simply changing these values to 10 (max item level) will unlock it in the game for me permanently.

However this game has ALOT of items in it. is there a way to filter out the junk or a way to code them all together in one fell swoop?

Thanks

[++METHOS]

Use code injection.

Add one to your cheat table and right-click on it to see which instructions access the address.

When you find a proper injection point, you can write a script to alter each value, at each offset, to whatever you want.

For example:

[16-Bit]

So I followed your advice and I'm a bit stuck. I am trying to understand assembly, so a little guidance would be a huge help.

To my horror this morning, the addresses that I thought were static, turned out to be pointers and moved. I managed to find them again and found the address that controls when an item is essentially updated.

[Gniarf]

Just find a pointer to THE FIRST item then make a copy of this cheat entry and add 0x14 to the topmost offset.

Now I understand that making 100s ctrl+c/ctrl+v and manual offset adjustment might be annoying. So once you have a pointer to the first 1-2 items save your table, open it with notepad and see how each cheat entry is represented. You can then use excel/open office to generate the rest of the entries.

Tip: When you know that the first item has level 0, the second 10, the third 7, etc... you can use the "grouped" datatype to quickly locate you item data array.

Given your screenshot it'll be something like:
4 bytes: (level of one item)
skip nr of bytes: 16 (it's in decimal, 16(dec)=0x12c-0x118-4)
4 bytes: (level of the next item)
skip nr of bytes: 16
...

The "add" checkboxes represent whether of not to add this line when you transfer one result onto the cheat list.

[16-Bit]

[Gniarf]

[16-Bit]

I did not know the structure dissect could do that. This will be really helpful.

As for RNG, basically you buy these "packs" from a store and they will contain 1-2 random weapons that can be unlocked. The weapons that you get are entirely random (hence why I said its based on RNG - random number generated) and therefore finding the pointer becomes very difficult as each weapon has its own address. There is no way I can manipulate the system in some way to know what I get before I buy it so trying to find the new address becomes literally guess work.

Your advice in going about finding the pointers could work. I'll give it a whirl and let you know how I go.

Update: THANK YOU!

I actually understand how Pointer Scanner works now in finding pointers. I always just knew how to use it basically, but now I get what it is actually doing.

Thanks to that I realised i didn't even need to do what you suggested in using that 4294967295 number and instead just go straight for the address that holds the weapon level. Using that feature you told me about the dissector I was able to go back and find where the first item is. From there I knew the address to do the pointer scan and from then onwards I would just have to have the pointer scanner find the level of that weapon.

Long story short, I did it! I would give rep but I am apparently not at that post count, but just know I am so grateful for your advice. Now that I know what I am doing, I feel I can do a lot more now.

[++METHOS]

Take one of your addresses...it doesn't matter which one it is...and right-click on it to see which instructions access it. When the debugger window pops up, it might show multiple instructions but that's okay. If one of your instructions is like above:

mov [eax+08],ecx

...highlight it and click on 'add to the code list', that way, every time you open the game, even if the address is dynamic, you can find it easily by clicking on the 'advanced options' button at the bottom-left of your main interface, viewing in dissassembler, and right-clicking on the instruction to see which addresses it accesses. In the new window, you can easily find your address when it gets accessed again.

Now, stop the debugger if you haven't already done so. Highlight the instruction and click on 'show disassembler'. In the Memory Viewer window, with the instruction highlighted, select 'tools' from the drop-down menu, and click on 'auto assemble'. In the auto assemble window, select 'template' from the drop-down menu, and click on 'cheat table framework code'. Select 'template' again, this time, click on 'code injection'. Click okay. Select 'file' from the drop-down menu, and click on 'assign to current cheat table'.

Before you get started, there are some things to note. Remember the address that you originally used to bring up the debugger window? Also, remember the offset that was used in the instruction?

For example, lets say that it is the address that holds the gold value, and the offset in the debugger window was +08 (for [eax+08]). Remember that.

Now, right-click on the address again, in your cheat table, only this time, select 'browse memory region'. Now, in memory viewer, select 'tools', 'dissect data structures'. In your structure window, the address should already be filled in...now we just have to add the offset.

So, let's say our address for gold is 01B35F80.

In the text box, we will write this:

01B35F80+8

So, we are essentially adding +8 on the end of it.

Now, click on 'structure', 'define new structure' and okay/yes/okay.

You will see, at offset +08, is our gold address and the value. From here, you can see what the proper offset is for all of your other values.

Now, when you open up your script in the cheat table, you can customize it to alter all of the values at once: