Cheat Engine

GweiLi · How do I cheat? Reputation: 0 Joined: 11 Oct 2018 Posts: 3

Hello, I'm new to CE and I'm learning it right now.

There is a cheat program that a friend of my friend made it long time ago, now I'm trying to re-create cheat from that program so I can get use to ASM.

This is what the memory look like after activate the cheat program:
(please check cheat.png attachment)

This is what the memory look like after activate my script:
(please check myscript.png attachment)

I think it is quite good so far but the problem is the code call dword ptr [0A520000] in the cheat program image, I look at Tracer and know 0A520000 is a pointer to main.exe+71FF74 , 0A520000 change everytime the cheat program active so I know the author must have write a script to make it to be the pointer of main.exe+71FF74.

I dont know how to do like he so I think I will use the pointer of the game.
I found out ["main.exe"+00F12AEC]+5AC is the pointer for main.exe+71FF74 so I try put it in the call opcode but as you can see in the image, it point to another address main.exe+71F9C8.

Then I try another way:

sbryzl · Posted: Thu Oct 11, 2018 2:58 am Post subject:

Under your pointer label you have assembly instructions which would be fine if you didn't have an instruction trying to use it as a pointer. If those are the instructions you want to call then you would use
call pointer
instead of
call dword ptr [pointer]

Also there should be a 'ret' at the end of your called function to return from the function and reset the stack.

Also your derived address in
mov eax,["main.exe"+00F12AEC]
will likely be wrong since there's a good chance the allocated memory you're trying to read will probably be different every time you enable the script. You probably are trying to load the value in test1 which would look like this
mov eax,[test1]

GweiLi · How do I cheat? Reputation: 0 Joined: 11 Oct 2018 Posts: 3

Thank you for your reply

I dont know why he use call dword ptr either but the cheat does work so I think call dword ptr have it purpose

I'm trying to find the ret opcode but I cant find it out even with break and trace.

About "main.exe"+00F12AEC, I didnt see it change after I enabled my script, cause without offset 5AC it will point to main.exe+71F9C8 , after I enabled my script the comment alway showing : ->main.exe+71F9C8

TheyCallMeTim13 · Posted: Thu Oct 11, 2018 6:26 am Post subject:

sbryzl is right, you're not calling the code at "pointer" you're calling the address stored at "pointer" and you don't have an address stored there.

There is no return at the end of the code at "pointer" so the call return is unbalanced and will cause a crash most likely; but since you never really call it, it won't matter til you actually do call it.

And you're using a lot of hardcoded addresses like they're static but there don't seem to be any static addresses in the code you posted, and you even say that it changes at each startup so this will cause so problems too.

sbryzl · Posted: Thu Oct 11, 2018 6:26 am Post subject:

I think there is some injected code from the other cheat somewhere you are missing. In the first picture call dword ptr[a520000], a520000 is likely an injected memory location.

If you are just beginning to learn you should probably start with the tutorial under the help menu.

TheyCallMeTim13 · Posted: Thu Oct 11, 2018 6:32 am Post subject:

^ I second that. The CE tutorial is a great place to start and has a lot to teach.

GweiLi · How do I cheat? Reputation: 0 Joined: 11 Oct 2018 Posts: 3

Thank you for you guys replies, I'm really appreciated for it.

I have completed the tutorial, I haven't tried different methods for each steps so I'm still lacking knowledge , I will try it again.

I'm understand there should be a ret after the call so I'm trying to look for it

About a520000 in the Tracer wrote it is a pointer and the code in the located memory didn't really make sense, but I will take more time looking at it.