 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
jawsont
How do I cheat?
![]() Reputation: 0
Joined: 18 Apr 2014
Posts: 2
|
 Posted: Sat Feb 15, 2025 8:54 am Post subject: A bit confused about pointers |
 |
|
Hi there - I've used CE in 'ez mode' for years with scanning for floats/4byte, and adjusting values manually. That said, I've been playing The Long Dark and every time you zone into a building or back to the landscape the memory location changes. So I decided to complete the tutorial and learn about pointers and disassembly (I'd given up at pointers years ago when I couldn't get the tutorial to show 'next button').
To cut to the chase; I've made pointers for the addresses, but I guess they're continually changing.
[edit - i guess I can't post URL's yet, so i attached the image below]
I know some folks have made TLD tables, but they're out of date with the current version of the game. I'm guessing based on the scripts in the table that I posted that it's quite a bit more complex that simply making a pointer and freezing a value? I tried following the logic of what the guy wrote below, but it's beyond my current skill level. Any tips would be appreciated since if I can figure out the hunger issue, I can probably figure out the other scripts in his table. I read for another game sometimes you have pointers for pointers? Maybe something like that?
| Code: |
[ENABLE]
alloc(newmem,$ff,GameAssembly.dll)
label(returnhere)
label(code)
label(player_hunger_hook)
label(player_hunger_bytes)
label(player_hunger_base_ptr)
label(player_hunger_toggle)
label(player_hunger_value)
registersymbol(player_hunger_hook)
registersymbol(player_hunger_bytes)
registersymbol(player_hunger_base_ptr)
registersymbol(player_hunger_toggle)
registersymbol(player_hunger_value)
aobScanModule(hook,GameAssembly.dll,f3 0f 11 4b ? f3 0f 5c f1 48 8b 0d ? ? ? ? 83 b9 ? ? ? ? ? 75 ? e8 ? ? ? ? e8 ? ? ? ? 48 85 c0 0f 84)
newmem:
player_hunger_bytes:
readMem(hook, 5)
jmp returnhere
player_hunger_base_ptr:
dq 0
player_hunger_toggle:
db 0
player_hunger_value:
dd (float)2500
code:
mov [player_hunger_base_ptr], rbx
cmp byte ptr [player_hunger_toggle], 0
jz player_hunger_bytes
movss xmm1, [player_hunger_value]
jmp player_hunger_bytes
hook:
player_hunger_hook:
jmp code
returnhere:
|
| Description: |
|
| Filesize: |
12.12 KB |
| Viewed: |
9222 Time(s) |
|
|
|
| Back to top |
|
 |
sikulima55
Newbie cheater
![]() Reputation: 0
Joined: 07 Feb 2025
Posts: 11
|
| Posted: Sat Feb 15, 2025 12:20 pm Post subject: |
|
|
| Do you have discord?
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4695
|
| Posted: Sat Feb 15, 2025 3:19 pm Post subject: |
|
|
Find the current address of hunger, right click it -> "Find out what writes to this address", do something in-game that modifies hunger (maybe unpausing the game is enough, maybe eat something), dissassemble each instruction, and look for code that has a similar aob pattern. This is that pattern disassembled for convenience:
| Code: | movss [rbx+??],xmm1
subss xmm6,xmm1
mov rcx,[??]
cmp dword ptr [rcx+??],??
jne ??
call ??
call ??
test rax,rax
je ??
|
After you find it, you can make a code injection that copies the address into some memory you control. Search for "injection copy" and you should get some information.
You probably don't even need to find the same injection point. Just make sure whatever instruction you use only accesses addresses you want (right click in disassembler -> "Find out what addresses this instruction accesses"). Using "Find out what accesses this address" instead of just "writes to" can give you more injection points.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
jawsont
How do I cheat?
![]() Reputation: 0
Joined: 18 Apr 2014
Posts: 2
|
| Posted: Sun Feb 16, 2025 12:43 pm Post subject: |
|
|
| Quote: | | Find the current address of hunger, right click it |
Ah, ok, I'll have to go down the injection route. I had thought I could "tutorial 6 it" which was just using the pointer and freeze the pointer. I also thought that you only used the one line from the dissembler. Good to know you use the whole bit. I'll give it a whirl - thank you!
Apparently I'm too new to answer in a separate post, so I'll edit it into here:
| sikulima55 wrote: | | Do you have discord? |
I do, but I don't tend to use it. I'm going to give the injection stuff a go. I take it the CE discord would have been a better bet? I find stuff on disc. too ephemeral - I like the structured permanence of a forum.
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4695
|
| Posted: Sun Feb 16, 2025 2:08 pm Post subject: |
|
|
If you want to, you could try the pointer scanner. I suggest code injection because it is and always has been my preferred way of getting addresses.
See this video covering step 8 of the CE tutorial for information on how to use the pointer scanner (especially w/ multiple maps):
https://www.youtube.com/watch?v=3dyIrcx8Z8g
If the pointer scanner can't find anything, you probably won't be able to either.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
