Cheat Engine

XaneXXXX · Posted: Tue Dec 23, 2014 8:22 am Post subject:

Thank you very much! worked perfectly, Now i have unlimited bandages. But only bandages. as you can see in the picture, in slot 2 i have bandages.

If i want to get unlimited "all items". Do i have to do the same thing over again will all the items one by one? Or can i use another method to get unlimited "everything"? Maybe the data/structure method?

++METHOS · Posted: Tue Dec 23, 2014 8:38 am Post subject:

Usually, things like this are being handled by the same instruction. To check, simply right-click on the bandages address and check to see which instructions access that address. From there, you check to see which instructions access multiple addresses in the debugger window (like I explained in a previous post). Now, you may be able to inject your code using an instruction that accesses ALL items...and you're done.

XaneXXXX · Posted: Tue Dec 23, 2014 12:48 pm Post subject:

I found the "add" value. Everything that i pick up goes through it. If i nop the function i can't pick anything up (which makes sense). Can i somehow make it: when i pick something up it makes it to 99 and freezes it there? If so how..
I have tried myself but everytime i get the same error as before. I really need to understand what the code does. I have read the tut here on ch about auto assembler. still a little confused when i actually write the code.

Original code:

[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem:
originalcode:
add [esi+14],edx
lea esp,[ebp-0C]

exit:
jmp returnhere

"starbound_opengl.exe"+1E1338:
jmp newmem
nop
returnhere:

[DISABLE]
dealloc(newmem)
"starbound_opengl.exe"+1E1338:
add [esi+14],edx
lea esp,[ebp-0C]
//Alt: db 01 56 14 8D 65 F4

if you don't have time write it, maybe you can just point me in the right direction?

I also always get confused about the second row of code. Now for example it is: lea esp,[ebp-0C]
I don't know if i need to include it in new memory etc..

Thanks again!

++METHOS · Posted: Tue Dec 23, 2014 2:00 pm Post subject:

Please explain your steps and provide screen shots.

If this instruction accesses all item quantities, you should be able to manipulate edx with whatever you want, like before. However, you also have to be sure that the instruction does not also access other addresses (besides item quantities). Is there another address, such as a non-add function, that accesses all item quantities?

XaneXXXX · Posted: Tue Dec 23, 2014 2:03 pm Post subject:

I believe there is. eitherway i figured it out. This is my code:

[ENABLE]
alloc(newmem,100)
label(returnhere)
label(exit)

newmem:
mov edx,#50
mov [esi+14],edx
pop edx
lea esp,[ebp-0C]
jmp returnhere

exit:
jmp returnhere
"starbound_opengl.exe"+1E1338:
jmp newmem
nop
returnhere:

[DISABLE]
dealloc(newmem)
"starbound_opengl.exe"+1E1338:
add [esi+14],edx
lea esp,[ebp-0C]
//Alt: db 01 56 14 8D 65 F4

It's working.

Except now it freezes the value at 50 on all the items that are stackable. Now i just need to find the one that is for the non-stackable items, like weapons etc. (rather duplicating and not freezing)

++METHOS · Posted: Tue Dec 23, 2014 3:27 pm Post subject:

You shouldn't pop edx.

Yes, writing it that way will lock the values in at 50. You can do whatever you want, though.

XaneXXXX · Posted: Tue Dec 23, 2014 4:01 pm Post subject:

I see, what should i do instead of pop? Remove it or add something else?

++METHOS · Posted: Tue Dec 23, 2014 4:10 pm Post subject:

Remove it. It is probably being handled somewhere else in code and you don't want to pop it prematurely if it is being used elsewhere.

Typically, you only pop a register if you push it first, for temporary usage...and even then, you generally try to stay away from registers that are already being used inside of your script.

You could, for example, do something like this:

XaneXXXX · Posted: Tue Dec 23, 2014 5:41 pm Post subject:

Thank you for the tip! Smile

Maybe a stupid question but anyways, where do you get "edi" from?

Also what does it do? Are you just using it for storage?

Thanks!

++METHOS · Posted: Tue Dec 23, 2014 6:03 pm Post subject:

It's just a random register that isn't being used inside of your script.
Yes, in this case, for temporary storage.

XaneXXXX · Posted: Tue Dec 23, 2014 6:23 pm Post subject:

newmem:

push edi // pushes a word onto stack.

mov edi,#50 // tell the edi to increase it by 50.

mov [esi+14],edi // move the edi (50) into the code.

pop edi // "generate" the new code?

lea esp,[ebp-0C] // just a part of the originalcode?

jmp returnhere

++METHOS · Posted: Wed Dec 24, 2014 12:53 am Post subject:

I'm not the best person to be asking regarding specifics relating to assembly.

That said...

You can read about push/pop functions via google. A 'mov' instruction just means move, not increase. So, regardless of what the value is/was, it will become whatever value you are moving in to it, not increase the value.

lea is load effective address, and yes, part of the original code.

XaneXXXX · Posted: Wed Dec 24, 2014 11:42 am Post subject:

i understand. Thank you for all of your help!

Merry Christmas Smile

Malae · Newbie cheater Reputation: 0 Joined: 21 Dec 2013 Posts: 11

Can't you just use /admin ? there are a ton of admin commands out there.