Cheat Engine

[Kolkina]

Here's the deal:

FNaF 2 is one large executable file. From what I figure, this should mean that I should be able to locate the functions/assembly operations that modify the variables I want to find, sorta like using the byte scanner to find the location where you want to inject your custom lua script from cheat engine.

Unfortunately, I seem to be unable to find any variables using the normal cheat engine tool, so where I'd normally just find the value -> find the modifying operations -> inject my code, I though maybe I could simply find the function if I looked around for long enough in the disassembler or the memory viewer, but so far I haven't been able to make a system of anything.

I know I have the entire code in the executable, but my question is, what can I do make some sense of it?

Alternatively, since normal value scans don't seem to work, what other options would I have to find the address of the value I seek?

[++METHOS]

[Kolkina]

[++METHOS]

For most games, the addresses will change at each run or load. You can use pointers and injection to overcome this problem.

If you cannot find the values by simply scanning, doing anything beyond that may be pointless. First, try to find the value by scanning, or, at least try to find the value inside of a data structure or similar. If you cannot do that, try to find out why...perhaps change your search method/criteria and/or look to see if there are any anti-cheat mechanisms in place etc..

If you have not already done so, I would advise you to study and complete the CE tutorial.

[Kolkina]

[++METHOS]

I think, it would be highly unusual for the address(es) to change at every frame. If code is constantly shifting, the code may be obfuscated. You can check the exe to see if it is packed with encryption or similar.

You can use speedhack to slow the game down, to narrow in on your address/value, but if the address changes at every frame, those efforts will be futile without running in a virtual/emulated environment to allow you to load/save states. If you are able to find the address/value, simply checking to see which instructions access that address should give you what you need to alter the value permanently...regardless of any code-shifting (assuming clean). If the instructions are also shifting at load times, you can utilize AOB inside of your script.

Interpreting the assembly code takes time. You have to learn it, just as you would any other language. That said, however, analyzing that code will not do you much good until you have found the correct location for the code that you are wanting to manipulate. Searching for values is the most efficient way.

[Gniarf]

First thing: I don't mind abbreviations, but please write the name in full at least once; I took me some time to figure you where talking about Five Nights At Freddy's 2... That's really what you were talking about, right? Well I'll make the rest of my post under this assumption.

So anyway, I don't have the full game so I hacked the demo, specifically flashlight battery. Energy is stored as an UNALIGNED* 4 byte integer that starts at -7001 (first night) or -6001 (second night) and increases toward 0. There are 2 instances of that variable (a real and a dummy copy).

*You see the "fast scan - 4 - alignment" on the main window? It means that CE will only scan addresses that are multiples of 4. Usually variables are placed that way because it improves performance, but not in your game, so you've got to turn off fast scan to find flashlight battery.

Otherwise, energy is reallocated when the level is loaded, not at every frame.
I made an AA script to lock energy:

[++METHOS]

Nice work, Gniarf. I also find it irritating when people abbreviate without clarification. : /
Like we should all know...

[Kolkina]

I'm sorry I wasn't clear enough, I will be more careful about abbreviating in the future.

Second, thanks for the clarification Gniarf. I had managed to find some values that could alter the flashlight, but they seemed to have random value offsets and I guess what you say would explain this.

My question is, how do I know when to use fast scan and when not to? I've not seen me having to turn it off before.

[Gniarf]

Good question, to which I don't really have a good answer. IIRC I disabled fast scan after not finding what I wanted with 4byte (un)changed scans, and increased/decreased scans with the "all" datatype.

Another option is to always disable fast scan (there is a setting to keep it always off), this will just make your scans 4x slower and in most games it'll give you a lot of useless results, but you'll save a lot of time when dealing with odd games like this one.

[Fotka]

There is FNAF 2 Download