Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Automatic game scans?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
DonAurelius
How do I cheat?
Reputation: 0

Joined: 27 Aug 2020
Posts: 2
PostPosted: Thu Aug 27, 2020 5:53 am    Post subject: Automatic game scans? Reply with quote
hi there, i was trying to hack a games ammo value, but it would change everytime i died, is there a way for it to always find this value?
_________________
im a noob at this, just keep that in mind
Back to top
View user's profile Send private message
ZeiD.
Newbie cheater
Reputation: 0

Joined: 20 Jan 2019
Posts: 14
Location: Earth
PostPosted: Wed Sep 02, 2020 12:18 pm    Post subject: Reply with quote
Yes, there is a way to do it!

Before starting go to the main cheat engine window and click Edit->Settings->Debugger options->Use VEH Debugger (Some debuggers may be detected and crash your game. I didn't have any problems with VEH so far but results may vary)

You can write an AOB script. Don't worry, it's easy to do so but the steps might seem hard at first. Here are the steps:

1) Find your ammo address by scanning for it and verify it's the right address by changing/freezing the value and inspecting in-game

2) Add that address to the address list at the bottom part of the main cheat engine window

3) Right click on the address and select find out what accesses this address

4) You will be asked to attach the debugger of Cheat Engine to the current process. Click "Yes"

5)A new window titled "The following opcodes accessed [yourAddressHere]"

6)Now hopefully when you play the game the window will fill up with a lot of instructions. If nothing happens try shooting and something must fill a portion of the window

7) Judging from my experience the first instruction can work.

8) Select the, let's say, first instruction and click on the right window panel that says "Show disassembler"

9) A new window will pop up. The memory view with your instruction highlighted

10) With the instruction selected click at the top where it says Tools->Auto Assemble.

11) A new window will pop up. The Auto assemble window where you can write your script. Instead of writing though, cheat engine can generate a script on it own. Simply click on Template-> AOB injection. When asked on what address do you want the jump don't change anything and click ok. You can change the symbol name if you want to have something different thatn INJECT. I suggest changing it to something like findAmmoValue or something that will help you identify it. I think there will be problems if you have multiple scritps with the same symbol name.

12) You might need to wait a moment until the script is generated.

13) Now this part might be the hardest to explain and i will have a reference script that might help you understand. Find an empty line (i usually do this below alloc) and type globalalloc(ammoValue,8) (of course you can replace "ammoValue" with whatever you want)

14) Make sure globalalloc has red letters like alloc, aobscanmodule etc. Otherwise there is a typo.

15) Find another free space and type*
ammoValue:
dd 0

instead of ammoValue you can use whatever you typed in globalalloc(...)
take a look at the registers used in the script (eax,ebx,ecx...), (rax,rbx,rcx) if they start with "e" use dd 0 if they start with "r" use dq 0

16) Now check the part labeled "code". You will see an instruction like
mov eax,[edi+5578] (this is from a plants vs zombies game so it will be different to you). Also remember the offset, in this case it's 5578

17) Above that instruction we specified earlier type
mov [ammoValue], edi (notice how edi is the register on the right side in the instruction)

18) Of course make the necessary changes that fit your generated AOB script. Change the registers to the correct ones otherwise this method will not work

19) Do NOT click execute BUT rather click on the top left corner File->Assign to current cheat table

20) Close this window by clicking on "X"

21) Now at the main cheat engine window you will be able to see a new entry called "Auto Assemble Script". You can of course rename this and modify the script. To rename it you can simply double click on the description part of the script. To change the script double click where it says "script"

22) To finalize the procedure you need to add your address to the list. To do that click where it says "Add address manually" which is located on the top right of the address window (we're still on the main cheat engine window)

23) Now type [ammoValue]+5578. OF COURSE THE OFFSET WILL BE DIFFERENT that's why you have to remember that. If you don't simply check your script the same way i told you you can modify it. By the way, when modifying scripts it's safe to click "OK", you don't need to "Assign to current cheat table" every time you change (or not) a minor thing

24) So now when you have manually enter the address. (Step 22) you can enable the Auto Assemble Script by clicking on the box at the left side of it.

25) When you start playing, the manual address you've entered should be changed to the right address where the ammo is stored. You can of course change/freeze this address and you should not have any problems.

26) You can drag your manual address on your Auto assemble script in order to create a hierarchy and stracture your cheat table however you like

This is the REFERENCE code i was talking about. I do the same procedure as described above

Code:

[ENABLE]

aobscanmodule(findSunflowers,popcapgame1.exe,8B 87 78 55 00 00) // should be unique
alloc(newmem,$1000)
globalalloc(sunValue,8) // this is where i allocate space

label(code)
label(return)

sunValue:
dd 0  //checking below I realise that i can use dd instead of dq because I see 32 bit //registers like eax,edi and not 64 registers like rax,rdi

newmem:

code:
  mov [sunValue],edi  //Notice that I use edi and NOT eax.
  mov eax,[edi+00005578]
  jmp return

findSunflowers:
  jmp newmem
  nop
return:
registersymbol(findSunflowers)

[DISABLE]

findSunflowers:
  db 8B 87 78 55 00 00

unregistersymbol(findSunflowers)
dealloc(newmem)




You should NOT have "??" at the address value. If you do after enabling the script and playing the game it means that something was wrong and you need to recheck your script.

You can do the same procedure with other methods but i believe this is the easier and something you can use to a lot of games.
Feel free to ask questions and let me know if i can improve/change something or if something is wrong. I am learning aswell...
_________________
I find pleasure in cheating Wink
Back to top
View user's profile Send private message
Csimbi
I post too much
Reputation: 98

Joined: 14 Jul 2007
Posts: 3340
PostPosted: Wed Sep 02, 2020 1:39 pm    Post subject: Re: Automatic game scans? Reply with quote
DonAurelius wrote:
hi there, i was trying to hack a games ammo value, but it would change everytime i died, is there a way for it to always find this value?

Instead of scanning, write a code that gets it for you.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites