Cheat Engine

Zanko · Cheater Reputation: 0 Joined: 28 May 2014 Posts: 40

Hi, I am trying to hack a PS2 game. I manage to change many of the in-game value successfully like money, time, number of items. This is done by scanning the value/change of value. However now I am trying to change the EXP drop by monster which is 92 (for this specific monster). What I did was I manage to get a character exp which is 2401 (in float).

Then I scan for "Find out what write to this address". I manage to get

Count Ins.
8 30292418 - 89 11 - mov [ecx],edx
8 30292618 - 89 11 - mov [ecx],edx

The count correspond directly to the number of "EXP orb" picked up by the character. ECX is the address of the character exp which contain 2401.

I experimented around with edx and I THINK it is like total EXP. When I change the first line of EDX to 45000000 the character exp value is fixed at 2054 (I dont know what's the relation between 45000000 and 2054). However, when I change the second EDX to 45000000 the exp value is fixed at 2048. So this really confuse me. Any suggestion on how I can reach out to change the number 92? My main goal is to change 92 to something greater so that monster drop more exp Razz

Thank you!

++METHOS · Posted: Wed May 28, 2014 11:06 am Post subject:

The values should be float type.

45000000 (hex) = 2048.0 (float)

So...

mov [ecx],edx

can be changed to...

mov [ecx],(float)99999.0 //or whatever

Zanko · Cheater Reputation: 0 Joined: 28 May 2014 Posts: 40

Hi, Thank you so much for the reply. However,
mov [ecx],(float)99999.0 //or whatever
is not what I want. This instruction will result in the change in total exp to 99999. It seems that the edx correspond to total exp instead of the exp drop by monster. What I think is that there is an add instruction somewhere that adds 92 to edx and then move [ecx], edx will use to update the total exp. But the problem is I cant find add instruction in the vicinity of move [ecx], edx instruction that modify edx or add 92.

++METHOS · Posted: Thu May 29, 2014 12:31 am Post subject:

Yes, that part you will have to figure out on your own. You have to find out how/where the value of edx is being calculated so that you can alter the 'added' value there.

Zanko · Cheater Reputation: 0 Joined: 28 May 2014 Posts: 40

I will try that. Just out of curiosity, is a value of 92 (the monster exp) stored at some memory? I actually scan value of 92 for all type and then change them to 200. I know it risk of crashing the game but even if I change all 92s to 200... the monster still drop 92 exp. So 92 is not stored in memory?

++METHOS · Posted: Thu May 29, 2014 1:46 am Post subject:

Don't know. If the experience is ALWAYS 92, regardless of anything else, it's possible that the value is being stored somewhere. Sometimes, values like these are calculated at random and sometimes they can vary depending on other factors relating to your hero character. I would fiddle with the code that occurs above the instruction that writes to your overall experience. The additional experience is being calculated somewhere. You should be able to back trace it.

This is all assuming that you have found your experience address and already checked to see which instructions are accessing it during an experience gain from killing a monster. I say that, because, you may find an 'add' instruction that already exists for this particular function...which would simplify things significantly.

Zanko · Cheater Reputation: 0 Joined: 28 May 2014 Posts: 40

So after time a long time, I decided to come and try again. I still have no clue how to manipulate the exp rate the monster drop. I capture the screen showing my process. I toggled break point and it seems that the total exp is calculated in the offset [pcsx2-r5875.exe + XXXXX]. That still confuses me. Shouldn't the exp drop by monster be stored in memory? I hope the screen capture helps to clear things up! Thank