Cheat Engine

Studio80

Hello I want to make a trainer for this game, Its the GOG version of Theme Hospital and the game uses a DOXBox launcher.

I find a one adres that holds the money value. I scan for pointers and there are no pointers so I do code injection:

0C99DEDF - 89 14 08 - mov [eax+ecx],edx

EDX holds the value of money so it is: mov edx, NEWVAL

It works but however there is one problem. When I restart the game this instruction is located at an another adres. So this adres is changing every time you restart the game.

How can I solve this?

ParkourPenguin · Posted: Sun Dec 13, 2015 9:12 pm Post subject:

An AoB injection. You should always use that over a standard code injection.
Tutorial here.

Just make sure you have a good signature to scan for. Make sure you avoid addresses in it (e.g. if you had mov eax,[00405678], avoid the bytes 78 56 40 00), and avoid excessively large offsets (e.g. mov eax,[ebx+7777]). If you really want to, you can avoid the bytes of the operands all together and only use the bytes of the instructions. You might have a hard time finding a unique AoB, though.

Studio80 · Posted: Sun Dec 13, 2015 9:21 pm Post subject:

Yes thanks for your answer. It has been a longtime that I had been making game trainers. It seems like I have been missing something. I just read that tutorial and I understand this.

The only problem I have now is with my VB.NET template. I got the template from this forum which had been posted on this topic:

http://forum.cheatengine.org/viewtopic.php?t=557211

I have an AoB injection that works in CE. But in my trainer template it crashes with an exception error:

Arithmetic operation resulted in an overflow.

On this code:
Return (M.BaseAddress.ToInt32 + Integer.Parse(tmp(1), NumberStyles.HexNumber))

This is the piece of code in the trainer:

Mem.Patch(Mem.AobScan("solitaire.exe+0", &HF00000, "FF4008E8????????8B462C"), "909090", "FF4008")

I have been trying to search on the internet on how to solve this but its driving me crazy

ParkourPenguin · Posted: Sun Dec 13, 2015 9:47 pm Post subject:

Sorry, I don't know any VB.NET, so I'm not sure how much help I can give.

So you have M.BaseAddress.ToInt32. If you're in a 64 bit process and the "base address" is outside the range of a 32 bit value, then I'd guess it would result in an overflow. Maybe you could try somehow printing out what M.BaseAddress.ToInt32 is and what Integer.Parse(...) is? That would be helpful.