Cheat Engine

[Ezequiel18]

Hello first of all i want to introduce myself to this community and tell you my story of why im here and why im here posting for help.

I recently get stalker call of pripyat and translated it to english so i could play it. What happened next.? well i always felt the weight limit in this game was CRAP and since in this new version of the game you cannot use corpses as containers and move them around the ZONE. this time i had to use a trainer. but oh , when i searched on the internet i found pure infinite health ammo and lots of stuff but none with unlimited weight feature. What was next then ? I googled and i reached to this forum. i downloaded CE which i found it so great and so helpful and decided to develop my own CHEAT TABLE.

The Value im trying to HAX is the actual weight value in order to make the game always read a 0.00 KG so that would make unlimited carry weight.
The weight value is in FLOAT type thats why im using float. its the number with decimals behind the commas.

And so here starts the story about me trying to get cheats working more than once after being restarted the game. so i got into the CE tutorial which was great , and i reached STEP 8 woala , it was so hard it spent me 2 days to get it working and when i realized on how to do it , i came up with a new problem. Actually the tutorial had an easy to follow example contrary to a real game.

While trying to do the same thing about the Multilevel pointers with Stalker , something was different. Indeed , The instructions were impossible for me to resolve so i was unable to get the offsets and i came up into a non-stop cycle of NOT-UNDERSTANDING.
(See Screenshots 1 and 2)

So actually the help of someone who is already experimented with this and could tell me how to solve those instructions and why im getting the same pointer value instead of a new one , reason why i cannot find the static pointer. And im doing it the slow way because i dont know how to do it the fast way some people do. which implies to show the assembler code and resolve the offsets in one step. instead of searching EACH address separated.

Finally i would be very happy to get help into resolve this issues im having , because if i can finish this table , i will post my first ever made cheat table for Stalker call of Pripyat with unlimited weight cheat and few more to share here with you people.

PS : I ATTACHED BOTH Screenshots since the forum wont let me post Imageshack.us url for some reason

Thats all and thanks in advance. Greetings[/b][img]

[Dark Byte]

you might want replace that "mov eax,[esi+eax+4]" with a "xor eax,eax" (and let it fill the rest with nops) so it always reads 0

but if you insist on doing pointer's here's a tip:
"mov eax,[esi+eax+4]" means place the value stored at [esi+eax+4] into eax

and the register values you see are those AFTER the instruction has been executed
that means that eax is an unknown value
[esi+x+4]

luckily you do know what it points to
esi+x+4=358b6fc4

esi is known so the calculation becomes:
6c+x+4=358b6fc4
6c+x=358b6fc0
x=358B6F54

[Ezequiel18]

First i would like to use this post , to thanks you dark byte for creating cheat engine and for giving us support for free and for the will to teach us. That has no Price that is simply awsome .

----------------------------------------------------------------------------------------

I want to show you exactly STEP by STEP how i am facing this trouble myself , i pretty suck at mats , and i have 0 codding / assambler skills.

This was the Starting Address "35987B74" (the address where the Weight Value Was initially Stored.)

So Left click and choose What accesss to this address. and i got these results:

1- 04446CAC - F3 0f 11 47 54 - movss [edi+54],xmm0
More info buttom showed : the value of the pointer needed to find this address is probably "35987B20"

2- 044469e0 - d9 41 54 - fld dword ptr [ecx+54]
More info buttom Showed : the value of the pointer needed to find this address is probably "35987B20"

in this situation , i didn't know which one was best to choose since both are sugesting to Search for the "35987B20" value to find the address of the pointer and both have the same offset , so i chose one ramdomly , which was the First one.
So i did a Hex Search with the "35987B20" value in which led in a 1 hundred new addresses , so as suggested in your tutorial dark byte i choose the smaller one which was "0F1D623C"

So the pointer line looked like this :

This Pointer points to address 35987B20
Address of pointer "0F1D623C" - offset "54" Offset brings it to 35987B74

The value was exactly the same of the Main Address so that meant it was going good.

At this point i did Left click and choose What accesss to this address. and i got these results:

1- 0444a713 - 8b 81 8c 00 00 00 - mov eax,[ecx+0000008c]
More info buttom Showed : the value of the pointer needed to find this address is probably "0F1D61B0"

Right , This time i was happy because there was only 1 code accesing to the pointer so this time was easy to search.
I hex searched "0F1D61B0" And the result of the search were about 6 addresses exactly . Again i chose the smaller one which was "02621BA0".
So i added a second pointer and the line looked like this :

This Pointer points to address 35987B20
Address of pointer "0F1D623C" - offset "54" Offset brings it to 35987B74
This Pointer Points to address 0F1D61B0
Address of pointer "02621BA0" - offset "8C" Offset brings it to 0F1D623C

The value was exactly the same of the Main Address so that meant it was going good.

But That was the end of my happyness

When i went again into find out what access the adress of the pointer the result were these little dirty sluts :

1- 04446F83 - 8b 44 06 04 - mov eax,[esi+eax+04]
More info buttom Showed : the value of the pointer needed to find is probably "0F1D6B0"

2- 04446f5B - 8b 44 81 04 - mov eax,[ecx+eax*4+04]
More info buttom Showed: the value of the pointer needed to find is probably "0F1D6B0"

Since there are two lines with the same recommended value for searching the address here i chose the one with the easier instruction in this case its the First one

I analyzed this carefully and this leads to a self Question : Wtf i just used this Hex Value to find the 2nd pointer Why this is appearing again? . and i could never answer me that.

and well that pwned me bad because that was the place where i got stuck so hard and started to run in circles like an idiot.

And thats the part when you told me :

""you might want replace that "mov eax,[esi+eax+4]" with a "xor eax,eax" (and let it fill the rest with nops) so it always reads 0 ""

And i will apologize because my high level of ignorance wont let me understand what you meant there. Maybe the advice is too far acknowledged for me.

and then you tell me how to solve the intruction so i proceeded like this :

Third pointer getting to the chosen instruction
[ESI+EAX+04]

ESI = 0000006C
EAX = Xç

So...

6C+X+04= 35987B74

6C+X = 35987B74 - 4

X = 35987B70 - 6C

X = 35987B04

Thats great i solved the instruction but why i did solved it , i mean , i dont understand the reason why i had to solve it , and i dont seem to realize which one is the Final offset and which one is the value that i will then search in hex to get the next address in order to continue the pointer search until i reach the holy static address.

And in the end i hope i'm not bothering you all with this issues im having , or if i am too idiot to understand this , i do apologize once again since its been only 2 days i'm dealing with this stuff and its being a very hard time for me , but still i'm very anxious to learn and to resolve the problems im having and im doing my best to get this working.

I hope my text is understandable for you all and if its not plz make me know it.

Always Thanks in advance , Greetings.

[Ezequiel18]

help ?

i know that you may think i suck so hard and probably is right but , never think about everyone had to learn from the beginning? We were all noobs at the beginning .

[Ezequiel18]

im hopeless