Cheat Engine

shark2003 · Newbie cheater Reputation: 0 Joined: 28 Sep 2010 Posts: 19

Pointer will work until an instant death,then the address in the pointer changes to 00000008. I dont know what is going on there. ???

Geri · Moderator Reputation: 112 Joined: 05 Feb 2010 Posts: 5627

Did You try to find a code which is accessing to Your health only?

shark2003 · Newbie cheater Reputation: 0 Joined: 28 Sep 2010 Posts: 19

Yeah,it looks like this

0083fd94 - test ecx,ecx
0083fd96 - je 0083fe3f
0083fd9c - cmp dword ptr [ecx+08],00
0083fda0 - jng 0083fe3f
0083fda6 - mov esi,[eax+00001e7c]

Probable base pointer =105E2A70

EAX=1C943280
EBX=00000000
ECX=105E2A70
EDX=0056FEF0
ESI=FFFFFFFF
EDI=00000000
EBP=10352840
ESP=0012ED48
EIP=0083FDA0

I tried a simple script that added to your health but it also affected the enemies and they couldnt be killed...this is getting a little frustrating.. Mad

Giza · Newbie cheater Reputation: 0 Joined: 30 Sep 2010 Posts: 13

shark2003 · Newbie cheater Reputation: 0 Joined: 28 Sep 2010 Posts: 19

Dark Byte · Posted: Fri Oct 01, 2010 5:25 pm Post subject:

it's easier to use the cmp address to store the address of health to a known location, or easier to just set the health to the max right there

shark2003 · Newbie cheater Reputation: 0 Joined: 28 Sep 2010 Posts: 19

I have tried everything I can think of and it just doesnt work...

Pointer: Instant death Changes address

Script- NOP/Injecting a code -Affects everything that has a health Value

Dark Byte · Posted: Fri Oct 01, 2010 8:47 pm Post subject:

Use find what accesses on the health to get all code locations that access health

Then use the option to find out what addresses each code accesses.
See if there is one that only accesses the player's health (in the demo it's the first cmp in the list)
There do a code injection to either save the address of health, or set health to the max possible address

e.g I'd do a code injection at the bytes :83 79 08 00 0f 8e ?? ?? ?? ?? 8b b0
I can't make an aa script that works for the released version because this instruction sits between two relative jumps, but you should be able to

Dark Byte · Posted: Fri Oct 01, 2010 9:36 pm Post subject:

following script should give godmode for the demo

for the retail:
replace 0083E86C with the address that contains "83 79 08 00 0f 8e ?? ?? ?? ?? 8b b0 "

replace 004D1641 with the address that contains "29 4e 08 8b 56 08 89 53 70"

and replace the "jng 0083E90A" lines with the appropriate substitute

shark2003 · Newbie cheater Reputation: 0 Joined: 28 Sep 2010 Posts: 19

Thanks guys..I'll have to digest this all tomorrow..

shark2003 · Newbie cheater Reputation: 0 Joined: 28 Sep 2010 Posts: 19

I get an error on this line...

mov dword ptr [ecx+08],eax

Dark Byte · Posted: Sat Oct 02, 2010 5:57 pm Post subject:

what is the error?

shark2003 · Newbie cheater Reputation: 0 Joined: 28 Sep 2010 Posts: 19

Error in line 15 (mov eax,[ecx+0c],1000:This instruction cant be compiled.

Although..that instruction is on line 14..

What do you mean by this--->//get the address

Do I need to search for an address for health?

and this---> [healthaddress]

in your script

Dark Byte · Posted: Sat Oct 02, 2010 8:59 pm Post subject:

the code isn't "mov eax,[ecx+0c],1000" but "mov eax,[ecx+0c]"
That code places the maximum health value (stored 4 bytes after the current health value) into the eax register

lines with // are just comments explaining what the code does
//get the address means that that code gets the address (in this case eax+8)

healthaddress is just a label that is filled by the cmp hook. It is a valid address in the script and you don't need to change that

the only things you need to change are: