Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Help for NewBeginner

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions
View previous topic :: View next topic  
Author Message
JackSparrow2684
How do I cheat?
Reputation: 0

Joined: 25 May 2016
Posts: 6

PostPosted: Wed May 25, 2016 5:51 am    Post subject: Help for NewBeginner Reply with quote

Hi all, I'm a NewBeginner whit cheat engine, I downloaded the version 6.5.1, done tutorial and then thought to try what I learn.

So I download 3D Pinball version 6.1 build 7601, and start to use CE.
windows 7 sp1

1. First I try do like in tutorial step2, when I do scan, I find only one address whit rigth value, but if I try to change it, nothing happens, if I continues play game, I earn score from value that I had before use CE.

2. So I thought maybe its a pointer, so I did like in step 6 to find pointer, but when I do hex scan for "the value of the pointer needed to find this address is probably xxxx" dont find nothing.....

3. so I use browser and find some tutorial for pointer scanner, do first pointer scanner whit "scan for address", and find 800m adress, than tourn off/on game, do new simple scan, find another time only one address, copy address, past in "rescan memory...." in "address to find" but after a 4 time I repeat it, it still stay at 600m, looks like I do something wrong.

If anyone have time to lose whit newbeginer can explain me what I do wrong?

P.S. It's looks like I'am only one who cant hack pinball ahahahahah
Back to top
View user's profile Send private message
Cake-san
Grandmaster Cheater
Reputation: 8

Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung

PostPosted: Wed May 25, 2016 11:40 am    Post subject: This post has 2 review(s) Reply with quote

You need some basic knowledge of backtracing and assembly if you want to find the real variables in this game because simple scanning for variables in this game will net you only display address. Rolling Eyes

Guide:

Let say you want to find the "real" address for score.
You start your scan and narrow the result until you get an address.
You try to change the value for that said address but it revert back to its original state.Then that address is a display variable.

This's where backtracing take place.Find out what write/accesses that address ,then do something that will change the value for the address.
Some instructions should populate the write/accesses windows.
One of the instruction might looks like this:

01013C93 - 74 0C - je PINBALL.EXE+13CA1
01013C95 - 8B 4D 0C - mov ecx,[ebp+0C]
01013C98 - 89 08 - mov [eax],ecx <<This's the instruction that write to the address
01013C9A - C7 40 04 01000000 - mov [eax+04],00000001
01013CA1 - 5D - pop ebp

EAX=03CF661C
EBX=03DB7158
ECX=0003F5AC
EDX=0003F5AC
ESI=000001F4
EDI=000001F4
ESP=000CFC60
EBP=000CFC60
EIP=01013C9A

As you can see , EAX is the display address and ECX is the value that being copy from the real address ( you should see EDX had the same value as ECX ) .

When you open the disassembler at that location you might see this:
Code:

PINBALL.EXE+13C89 - 8B FF                 - mov edi,edi
PINBALL.EXE+13C8B - 55                    - push ebp
PINBALL.EXE+13C8C - 8B EC                 - mov ebp,esp
PINBALL.EXE+13C8E - 8B 45 08              - mov eax,[ebp+08]
PINBALL.EXE+13C91 - 85 C0                 - test eax,eax
PINBALL.EXE+13C93 - 74 0C                 - je PINBALL.EXE+13CA1
PINBALL.EXE+13C95 - 8B 4D 0C              - mov ecx,[ebp+0C]
PINBALL.EXE+13C98 - 89 08                 - mov [eax],ecx
PINBALL.EXE+13C9A - C7 40 04 01000000     - mov [eax+04],00000001 { 1 }
PINBALL.EXE+13CA1 - 5D                    - pop ebp
PINBALL.EXE+13CA2 - C2 0800               - ret 0008 { 8 }

There're nothing much we can do here because ECX's value come from
the stack (ebp+0C) . Oh well, just rightclick mov edi,edi instruction and click Break and trace the instruction.Set the Maximal trace count ( I just leave it to default value ) and click OK (before that, you can check step over instead of single step but for this game and breakpoint location, you don't have to ) . On some games, you have to set the condition because the instruction is accessing more than 1 address ( share code ) but for this game , as always, you don't have to. When the breakpoint has been set , go to your game and make something that will populate the tracer windows.When the break point has been hit , you should see more instruction.Right-click and expand all. Go to the top-est instruction and double click the instruction below the ret 0008 instruction,eg: pop edi.

Some of the instruction:
Code:

PINBALL.EXE+17569 - 8B 34 85 58470201     - mov esi,[eax*4+PINBALL.EXE+24758]
PINBALL.EXE+17570 - 0FAF F7               - imul esi,edi
PINBALL.EXE+17573 - 03 B1 2A010000        - add esi,[ecx+0000012A]
PINBALL.EXE+17579 - 8D 41 52              - lea eax,[ecx+52]
PINBALL.EXE+1757C - 01 30                 - add [eax],esi
PINBALL.EXE+1757E - 8B 10                 - mov edx,[eax] <- this is where EDX come from.
PINBALL.EXE+17580 - 81 FA 00CA9A3B        - cmp edx,3B9ACA00 { 0.00 } <- compare the edx value with 1000000000 in decimal
PINBALL.EXE+17586 - 7E 0B                 - jle PINBALL.EXE+17593 <-if less than that said value, jump to PINBALL.EXE+17593 skipping some instruction.
PINBALL.EXE+17588 - 81 C2 003665C4        - add edx,C4653600 { -916.84 }
PINBALL.EXE+1758E - FF 41 56              - inc [ecx+56]
PINBALL.EXE+17591 - 89 10                 - mov [eax],edx
PINBALL.EXE+17593 - FF 30                 - push [eax] <- the jle jump here
PINBALL.EXE+17595 - FF 71 32              - push [ecx+32]
PINBALL.EXE+17598 - E8 ECC6FFFF           - call PINBALL.EXE+13C89 [b]<- the call lead to the previous instruction
PINBALL.EXE+1759D - 5F                    - pop edi

I did mentioned that ECX and EDX on previous instruction had the same value and there you go , you can see this instruction : mov edx,[eax] and 2 line above it is : lea eax,[ecx+52] and if you go deeper using info on the tracer windows you should see this instruction:
Code:

PINBALL.EXE+CED6 - 8B 0D 40500201        - mov ecx,[PINBALL.EXE+25040] { [03DB2F28] }  <- base address for the score
PINBALL.EXE+CEDC - 50                    - push eax
PINBALL.EXE+CEDD - E8 44A60000           - call PINBALL.EXE+17526 <- this call leads to a little above from the 2nd previous instruction.

So, in conclusion the pointer for the real score address is [PINBALL.EXE+25040]+52 Rolling Eyes

I'm sorry for the poor language and explaination.
Regards. Smile

_________________
...
Back to top
View user's profile Send private message
JackSparrow2684
How do I cheat?
Reputation: 0

Joined: 25 May 2016
Posts: 6

PostPosted: Wed May 25, 2016 2:55 pm    Post subject: Reply with quote

thanks a lot, now its work Smile.
I understand that my "long walk to freedom" is only at begin Smile.

P.S. and now its time for me to go learn backtracing and assembly Smile
Back to top
View user's profile Send private message
Cake-san
Grandmaster Cheater
Reputation: 8

Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung

PostPosted: Wed May 25, 2016 4:00 pm    Post subject: Reply with quote

Ahh, I just noticed that the address is not 4 bytes aligned (+52) ,so, unchecking Fast Scan option before scanning ,can net you the real address and by doing that, you don't have to go deep on backtracing. Laughing
_________________
...
Back to top
View user's profile Send private message
JackSparrow2684
How do I cheat?
Reputation: 0

Joined: 25 May 2016
Posts: 6

PostPosted: Wed May 25, 2016 4:35 pm    Post subject: Reply with quote

Cake-san wrote:
unchecking Fast Scan option before scanning


ahahaha yeah this way is more easy Very Happy Very Happy Very Happy , however show me backtracing was a good idea, becouse, I'm pretty sure simple scan will not work for most games Smile
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Thu May 26, 2016 2:03 am    Post subject: Reply with quote

Also, you can change your scan settings so that byte and two bytes are included in the 'all type' category, that way you don't have to mess with it again.
Back to top
View user's profile Send private message
JackSparrow2684
How do I cheat?
Reputation: 0

Joined: 25 May 2016
Posts: 6

PostPosted: Thu May 26, 2016 3:30 am    Post subject: Reply with quote

For pinball dont worked, only if uncheck Fast Scan can find whit simple scan the rigth address on my pc, but whit Fallout 4 was usuefull do scan whit all tipe of value, thx.

P.S. and yes, I know that in fallout 4 most things can be done whit console command, but in this way I feel hacker ahahahahah Cool
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Thu May 26, 2016 3:54 am    Post subject: Reply with quote

It works for pinball. You have to go to your settings and add those types to your 'all type' category first.
Back to top
View user's profile Send private message
JackSparrow2684
How do I cheat?
Reputation: 0

Joined: 25 May 2016
Posts: 6

PostPosted: Thu May 26, 2016 4:28 am    Post subject: Reply with quote

Omg Embarassed Embarassed , you are right, now work too Razz Razz , but I have another isue, address that I find work, but I'm not able to add something like 100kk, if I put that value, he set score higher than older, but not at 100kk, so I can add only small higher score from old, instead whit unchecking Fast Scan option I find address where I can add 100kk score. Why this happen?
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Thu May 26, 2016 4:34 am    Post subject: Reply with quote

Because you're probably trying to edit a 1 byte or 2 byte value. Just change it to 4 byte or 8 byte.
Back to top
View user's profile Send private message
JackSparrow2684
How do I cheat?
Reputation: 0

Joined: 25 May 2016
Posts: 6

PostPosted: Thu May 26, 2016 5:29 am    Post subject: Reply with quote

Yes, that was problem, now its work Very Happy Very Happy Very Happy , so many way to do the same things, so I think that is possible hack everything whit CE, just must find the rigth way, rigth?
Back to top
View user's profile Send private message
LetMeKnow
How do I cheat?
Reputation: 0

Joined: 10 Dec 2016
Posts: 0
Location: Internet

PostPosted: Sun Dec 18, 2016 7:18 pm    Post subject: Pinball Address, Value + Score HELP! Reply with quote

++METHOS wrote:
It works for pinball. You have to go to your settings and add those types to your 'all type' category first.


Hi

Could you guide me on how to alter score in Pinball? The game I play is a flash game but I have no idea how to find the address/right value with this pinball game. I play first automatically the score is 100000 if it hits it goes by 25000 some zones in pinball are worth more. This is the tricky part. I also can't seem to create infinite balls in the standard 5 ball pinball game. Any help will do. I've asked and I get 0 answers. In CE these values turn red I know I'm doing something wrong but I don't know where to start. There's no explanation in videos or tutorials. Is it a pointer thing? If so. What can I do to change the settings? Do I have to change 4 byte?

I will rep u if you can help in any way.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites