Cheat Engine

[peddroelm]

I am a total cheat engine noob - used memory hacking software a bit but it is no longer maintained and attaching debugger on target Steam game crashes the game so I'm looking for alternatives - this application seems still "alive" (active development)

My simple goal - obtaining a combat damage value log for a particular game (most games nowadays lack the feature and it is important for reverse engineering various combat/skill mechanics and often hard to spot otherwise bugs ) ..

They way I used to do this for Origin games (ME2, ME3) was to set a hardware breakpoint on write access on the memory location storing the hit point variable for the test subject (damaged by various abilities/weapons) ..

On each breakpoint hit it would execute a basic script that would print (to a window where I could copy/paste it from later -- a text file would also work as long as it doesn't attempt to write to HDD 70 times per second ) timestamp of activation, HP difference between Full HP - current HP and heal the target back to full HP .. It would help measure weapon rof mechanics (ramp ups due to timestamps), separate between multiple DOTs (damage over time running simultaneously) ...

Can such a thing be achieved with cheat engine ? Current target game is Borderlands 2 (Steam) ..

Would not be true combat log functionality as it will only log damage received by 1-3 targets ( HW BP registers limited ) and I don't know how to get variable for hit point address "on the fly" .. Also would not differentiate between source of damage (relevant in multiplayer -will only register all damage inflicted - not by which player) but it would serve great for my (game mechanics) testing purpose ..

[Dark Byte]

Use the veh debugger interface

Also, try the pointerscanner to find a pointer and poll that

[peddroelm]

[Dark Byte]

This is an example script that will print out all the value changes of the specific address.

[peddroelm]

Thank you!

So the answer is yes and it is worth putting time in learning some basic cheat engine operation (lack of windows internals//solid assembly programming knowledge will prevent me getting too far )

edit:
- found my float variable address
- open memory location
- data breakpoint - break on write - adds a hardware breakpoint on the proper address with "break" action on hit ...

Issues:

1). shooting target (value at breakpoint location changes in memory viewer doesn't break (breakpoint won't trigger. why? ) )
2). I didn't want to "break" on hit in the first place - I wanted to "execute a script " on hit - how do I do that ?
3). If I chose find out what writes this address - instead of breakpoint and shoot the target ( value changes ) - it doesn't pick up the instruction that did the writing (why ?)

[Dark Byte]

1: If you have previously ran that script I posted above it will override all breakpoints that would end up breaking

execute

[peddroelm]

[Dark Byte]

Best case scenario is that those breakpoints are idle and not really used, so removing them won't cause an issue.
Worst case scenario is that they are constantly used and cause a crash even before you get a chance at doing damage
If that is the case try page exceptions (they don't use hwbp's but are soo slow the game may look frozen. Use these to find the code and then do a code injection that tells ce the damage)

Also, do you really need it to be as accurate as that? (The instant it changes)
You could also just read the health before and after a set timespan and see the difference, and if there is health regen just add that to the total (most likely health regen is a constant amount/timespan)

[peddroelm]

in order to be able to tell all effects (you can then use reverse engineered damage formula to calculate what caused that effect (was it DOT tick, melee attack, pistol bullet, thorns damage , fall damage, etc ..) ) applied to target - needs to be a breakpoint that will trigger each and every time target takes damage (should be hardware BP otherwise if it screws game speed - results would no longer be accurate - irrelevant ) ..

If no separation needed - (single shot weapon with no dot) - no break point needed ..

[peddroelm]

back to this .

function debugger_onBreakpoint()
print(readInteger(address))
debug_continueFromBreakpoint(co_run)
return 1
end

My (limited) understanding is this function would trigger for all breakpoints.
What if I want to use 2 or more (up to 4) hardware breakpoints each with its own function to execute on break?
I will probably need a switch statement to execute code based on which of the breakpoints was hit . (How ?)

EDIT1
perhaps I can check like this (not sure)
if (EIP == BP1address) then // Will EIP have the breaking address ?
print( MaxHealth - readFloat(BP1address)) // print amount of damage received by health
writeFloat(BP1address, MaxHealth) // heal back to full HP
debug_continueFromBreakpoint(co_run)
return 1
end

if (EIP == BP2address) then // Will EIP have the breaking address ?
print( MaxShield - readFloat(BP2address)) // print amount of damage received by shields
// writeFloat(BP2address, MaxShields) // heal back to full shields
debug_continueFromBreakpoint(co_run)
return 1
end

.. etc
put a BP3 on a another unit's health


Will also need to print time between BPs individual activations
On MHT was using something like this
DWORD Timestamp;

print Time()-Timestamp
Timestamp = Time();

////////////////////////////////
///////////////////////////////
unsigned long Time()

Gets the number of milliseconds that have elapsed since Windows was started.
can access this in lua cheat engine ? is there a better way to get time offsets between breakpoint activations ?


EDIT2 Cheat Engine 6.5 Released:

"debug_setBreakpoint can now take an OnBreakpoint parameter that lets you set a specific function just for that breakpoint "

Where could I see an example for this ?
...here
http://wiki.cheatengine.org/index.php?title=debug_setBreakpoint

..debug_setBreakpoint(address, size, trigger, function)..


edit 3

progress