Cheat Engine

[hellman]

i have a correct pointer but when i freeze the pointer for example 200 is my money but when i used it the 200 is back to 100 and after seeing 100 it backs to 200 in a speed of flash..i though that when you freeze this value it should already be freezing. can i fix this,do you think this needs a script?

[DamiPL]

the address u have might be just for the counter/text and not the true value of the money itself or maybe its server sided(if its an online game, if so u cant rly freeze that). Try using what writes to the address and nop the addy that shows up.

[hellman]

[Polynomial]

If you freeze the value you got from the scan and it doesn't work, it's not going to work if you use a pointer either. My guess is you are either locking the displayed value (or a stored value which is written to by a master variable somewhere) or you're trying to modify something on an online game, which is server side.

It's only a real issue if it's working for the scanned address but not the pointer.

[hellman]

[Dark Byte]

Go to settings and change the freezetime to a much lower value (e.g 1)

[hellman]

[Polynomial]

It may be that there is some sort of checksum algorithm that's checking the value and replacing it from a backup. However, I've never really seen this used in a production game. If I remember rightly, RA2 is an old 16bit application (RA1 most certainly is), so this might be a compatibility issue.

What I think is more likely the problem is that you have a bad pointer. It may work when you start the game but it's probably being cleared after a while. It might be related to loading the level, and when the loader code frees its resources the pointer disappears. Try doing another pointer scan for the address and testing out a few. I generally test 4 or 5.

[hellman]

[quote="Burningmace"]

[Polynomial]

If there were multiple results, you may be trying to modify the wrong address. Often there are 3 or 4 addresses which represent a single real value in game, but only one is the "master" address - the rest just have their values copied from it. You also might be using a calulcated display value.

For example, I wrote a game where the number of skill points was stored as a float so that I could have them count up slowly. The value displayed was read as Math.Floor(fPoints) and converted to text to be displayed on screen. So the value had three addresses - the unicode string on screen, the 32-bit integer that stored the whole value and the float that stored the real value. Most people would scan for a 4-byte integer, and find the floor'ed representation. Whilst this would change the displayed value (since the text updates from that integer) briefly, as soon as the original float changed it would change back to what it should be, not the hacked value.

The problem is going to be one of the following:
1) You're using the wrong address. Solution: find the right one.
2) A bad pointer path. Solution: try other paths, one will work.
3) There's a checksum or backup in place. Whilst this is unlikely, it is possible. Solution: if there is one, nop/jmp over the check.
4) There's a problem with CE's freeze code. No idea how you'd test for this or fix it.

That's all I can really say.

[Dark Byte]

If you found the pointer with the pointerscan it could be the pointer is only valid during specific times (e.g when alt tabbed out of the game, or when standing still)

You can do a rescan on the pointerlist with a delayed rescan (e.g 10 seconds)
and then constantly move and do stuff for 20 seconds

anyhow, my guess is that burningmace's option nr 1 is the case.
When you change the value and it changes back quickly, it means you only found the visual representation of the money (perhaps ity's not stored as a 4 byte but as a float or double, or actually stored encrypted)

And just to be sure you didn't miss it: if it's a online game, you can't and never will change the money no matter if you use pointers or code injection

[hellman]

thanks i'll do that later after this.
this is the exact problem why i need this help.
when i searched the hex i found nothing how do you read this dissasembler?
is it possible to solve this blank hex search?and get the static pointer without using pointer scanner.
the reason why i used pointerscanner is because of this problem.


pointerscanner result.

[Dark Byte]

as I said, rescan is useful... Do a delayed rescan on the pointerscan results for the current address and stay in the game and do stuff during that delay and scan. (but make sure the address doesn't change, so no dieing, loading, changing maps, whatever)

That way you'll filter out pointers that go bad when inside the game


anyhow, I suggest scrolling up in the disassembly there
41b42c : test ebx,ebx is a check to see if EBX is a valid register or not
so before that ebx gets assigned a value

check what that is and use that instead

also, that "and dword ptr [ebx],0" sets that address to 0
So try nopping it (or if you want to make it stay 1: "and dword ptr [ebx],1"

[hellman]

[Dark Byte]

this is an easy one:
Just write the byte 1 to address 41b436 and it's done (don't forget to make the memory writable first, and restore back to the original protection when done)

autoassemble method: