Cheat Engine

CodyOebel · How do I cheat? Reputation: 0 Joined: 22 Nov 2009 Posts: 3

Ok.. heres what I am trying to do.

In the game I am attemping to develop a hack for which is an MMORPG game. The game has a day\night pallette shift of colors. In attempt to make it so that whether I am in caves or outside and it's night time in the game I want it to always be daylight. Or "Light Hack" the game.
Using cheat engine I can use a torch in the game to turn light on and off and narrow down to a few addresses.

I double click an address, then in the bottom list box I right click the entry and select 'Find out what
writes to this address'. A new window will open, I then right click the top line that starts with 'mov' and
select 'Replace with code that does nothing'.

Then the lighthack is acheived. However I am a novice programmer and am diving into windows API and getting a bit better with pointers etc.. and I am trying to figure out how I could I acheive this with c++ code alone for the custom application I am developing to share with others once finished?

Daylight is always an increasing value, and nighttime or darkness is decreasing. So my program without me manually finding the addresses will need to accomplish this task without my intervention in attempt to share my program with others who know less than myself.

-------SECOND PROBLEM AND QUESTION-----------------------

Using windows handles etc... and ReadProcessMemory() after locating the address where my characters hitpoints is located in memory I can use that address and read it's value using basic winAPI functions.

for example:

Slugsnack · Posted: Sun May 08, 2011 1:16 pm Post subject:

Your first question is asking how to modify code. Code addresses usually should not change. Your code address is best represented as : module_base_address + offset. eg. explorer.exe + 0x10C4 or something.

If injecting a DLL you can:
- Use GetModuleHandle() to get the base address
- Add your offset
- Use VirtualProtect/Ex() to change protections so the page containing the memory you are interested in modifying is writable
- Write your NOPs ( 0x90 )
- Use VirtualProtect/Ex() to restore the original protections

If working from an external executable:
- Get PID with whatever method, EnumProcesses()/FindWindow()/GetWindowThreadProcessId()/CreateToolhelp32Snapshot()/Process32First/Next(), etc.
- Use CreateToolhelp32Snapshot() and Module32First/Next() to get a handle to the base address
- Add offset
- Use VirtualProtectEx() to change protections as above
- Use WriteProcessMemory() to write NOPs
- Use VirtualProtectEx() to restore protections

For your point on dynamic memory allocation, yes you pretty much have it. How it works is the game allocates a new block of memory. The pointer to the start of this new block ( base address ) is then saved somewhere. Let us call the location where it is saved as X. Somewhere along the new block, in the middle maybe there is the address we are interested in. Each time the game restarts X has a different value because when the memory is allocated, it can be allocated anywhere by the OS. However, how far along the address is into the new block is fixed. Also the LOCATION of X is fixed.

To reiterate, X holds the same address but a different value. Things can keep going down several levels like this ( eg. X is also a piece of memory inside another allocated block ), in which case you have a multilevel pointer. Essentially, the address of X is our pointer. And then how far we are into the middle is the offset from the base address.

Hence to get the address we are interested in dynamically we would dereference X giving us the base address. Then you add your offset. You should do the CheatEngine tutorial. It includes this sorta stuff.

For 'code generation', CE has a trainer maker which you could use.

CodyOebel · How do I cheat? Reputation: 0 Joined: 22 Nov 2009 Posts: 3

SlugSnacK,

Man thanks for the time you took to write that for me.
I copied it to my email so I dont forget the psuedo ever, but this is EXACTLY what I was looking for. At first you were explaining DLL injection, and I was over whelmed a bit, but focussed in that I thought I was going to start data shoveling in some complex fashion, but then understood you were regarding DLL injection using Cheat Engine.

Then you shined the light on exactly what I am wanting to do in that I am doing this from an external.exe, and pasted its directions out for me on a platter. Almost short of giving me source Smile

. I will go about learning, and may inquire you if you dont mind should I run into a problem that I cannot seek out after much frustration.

Second Question: I have done the tutorial program with CE, but if the Trainer you are talking about is what I am hoping it is then it is just what I need. Could you please explain to me what the trainer is? I will look for this myself, but I like your style of assistance in that you are thorough, and know how to generate a curiosity that will have me accomplishing this task much easier. This is said, that you are simply crafted, and I once again appreciate the time you took to write that up for me.

-Cody