Cheat Engine

u2l · How do I cheat? Reputation: 0 Joined: 20 Jun 2020 Posts: 8

I'm using CE 7.1 with VEH debugger enabled, I apologize in advance for very limited CE knowledge, I don't really know what I'm doing here.

- I search for my exp address and narrow it down to 1 result
- I see what writes to that address and get

and ebp,0003FFFC
mov eax,[005A8F50]
mov [ebp+eax+00],ebx
add esp,0C
pop ebx

- I click auto assemble => AOB injection and get:
[ENABLE]

aobscanmodule(INJECT,VisualBoyAdvance.exe,89 5C 05 00 83 C4 0C 5B 5D C3 8D) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:

code:
mov [ebp+eax+00],ebx
add esp,0C
jmp return

INJECT:
jmp newmem
nop 2
return:
registersymbol(INJECT)

[DISABLE]

INJECT:
db 89 5C 05 00 83 C4 0C

unregistersymbol(INJECT)
dealloc(newmem)

I try writing a sorts of codes I find under newmem such as "imul ebx,5" or "add ebx,99" just to test it out but every time I enable the script my emulator crashes

I try doing the tutorial, watching youtube videos and just messing around for a day now without luck, I'v try downloading some scripts and open them but most them are way too complicated for me. plz help me finish my script, if I'm on the right track and the rest of the code is short, I think I can learn from it and also get to enjoy my game, thank you.
[/img]

panraven · Posted: Sun Jun 21, 2020 2:50 pm Post subject:

It look like your gba emu is interpreting.

compiling vs interpreting
to emulate, a main part of work is to translate gba cpu action to native cpu action.

Compiling in a rough sense convert each emulated cpu action to a unique native cpu action, so the code will be access a certain memory address/data at a certain time only.
For instance, your exp cheat, even arbitrary made, should only effect at certain time, eg. after a battle and receiving exp, it should not crash whenever activating the cheat.

Interpreting will handle a group of similar emulated cpu action by a single native sub-routine code, it then means this sub-routine code handle a lot other address/data too.
An arbitrary modification of the sub-routine may cause immediate crash because it access many other memory address/data constantly.

To remedy your code, you need to identify what is the condition only your desired data is access.
It look like you can check the condition by examining the value of ebp at the line mov [ebp+eax+00],ebx.
For instance, I may be wrong, the code mov eax,[005A8F50] is getting the memory base of gba 256k ram into eax, so eax + ebp is the emulated memory address of gba memory at ebp (which just AND with 3ffff <result in number between 0-256k >).

So, you code may change like:

u2l · How do I cheat? Reputation: 0 Joined: 20 Jun 2020 Posts: 8

Thank you Panraven for the detailed reply, I have plugged in the ebp hex number and tried your code in different ways at different place but the game still crashes for me, maybe it's because I'm running the emulator in window using Parallel Desktop on my Macbook ~~. But as I digged around this morning I found a Lua script that works for me, and Is a lot simpler to implement than the AA method.

solved