Cheat Engine

[donpiano]

Ok, I capitualte. I really want to learn how to work this software, and by the looks of things I have to "crawl to the cross," as they say.

I spoke with emperor a bit earlier on the step-by-step thing, failing to mention that the true source of this request is my own inability to fully undertand how to work CE!

I have serious problems understanding this whole pointers thing. Or that is - how to work around it.

The concept I understand. The true address behind the value change each time the game restart, so we need to hunt down that original address and deal with that, instead of the actual value for .. say ammo.

To work with the tutorial, I cannot get passed step 6. - I thought I had it under control, but obviously I am way out there on the thin ice, since every effort I make to complete that step I end up having 3 seconds to change the value to 5000 .. and it restarts.

I pull my hair, and swear outloud.

So please help! .. emperor, I promise you that I am not lazy and take the easy way out with this (by asking for help.) On the contrary, I am bowing down my head, admitting defeat, and asking for help on how to solve (and understand) the problem.



The tutorial says ...
"If the assembler instruction doesnt have anything between a '[' and ']' then use another item in the list."

Well, as I get the "Extra Info" my screen is lke this :

---
004560c6 - mov eas.[eax+00000310]
004560cc - mov edx.[ebp-0c]
>>004560cf - mov [eax], edx
004560d1 - mov eax.[ebp-04]
004560d4 - mov eax.[eax+00000310]

Copy memory
The value of the pointer needed to find this address is probably 0096daa8
EAX=0096DAA8 - EDX=0000002C - ESP=0012F58C
EBX=0096C9C4 - ESI=0042E6AC - EBP=0012F5B0
ECX=00000000 - EDI=0012F7SC - EIP=004560D1
and some text..
----

Now, when the tutorial says to look for a value between the [..] which one do I even look for? On my screen the one with >> first is in RED COLOR text, so obviously I always look at this one. But this one never ever has a value between the [..] It always looks like it does now.

Then the tutorial tells me to pick "another item in the list." Trusting my smarts to be of at least average level, I choose any other of the top five choices, and go with the first one.

The tutorial tells me to search for this in hex, then being the value of "00000310" - Searching for that brings back 32 choices. Tutorial tells me to look for the smallest one, being the one at the top - I choose this.

Now I click "add address manually" and follow the instructions, which basically tells me to enter the address I recently found. I do that, in this case that is "0040F2C4"

and here I stop. - Somewhere in the tutorial, Im told not to get confused - so I try my hardest not to. I am not a programmer, and I have next to no experience with assember from before (which was not needed, the tutorial tells me (naturally, at this point I agree that it helps.)) So I am not going to pretend that I understand all the numbers presented in the example within the tutorial on step 6.

Anyway - the tutorial doesnt say anything specific about the offset here. It says .. "If the assembler instruction has a calculation (e.g: [esi+12]) at the end then type the value in thats at the end. else
leave it 0. If it was a more complicated instruction look at the calculation.
"

The assembler instruction I found .. hmm .. well, I am not even sure which of them I am suppoed to use. But from what I understand, it was supposed to be within a [..] meaning the 00000310 I chose earlier. - This had no extra complicated calculations so I just go with the address it gave me.

Still I have no offset. I am thinking that maybe the tutorial means the offsett, when it refers to the calculation, since its says "else, leave it 0" I think this, because the "Add Address" window has only one presentation with the number "0" in it, and that is the offset.

I try leaving it at 0 and do nothing else, but add the address I got from searching for "00000310" which was "0040F2C4"

Not really knowing if I have done anything right - at all, I click "ok". Now I am left with a new address listed, which is descripted like this : "P->00000310 - 4 bytes - ??"

The two ?? I have seen before, trying to cheat on my games so I know they are not good signs. Still, I continue on the tutorial.

"If all went right the address will show P->xxxxxxx, with
xxxxxxx being the address of the value you found"

Seems right to me, I think. I have that listed, and the x's does represent the address I found.

Trying desperately not to look at the more complicated example in the tutorial (it gives me a headache) I continue.

"Now, change the value using the pointer you added in 5000 and freeze it. Then click Change pointer, and if all went
right the next button will become visible."

I do this, and what happens?

"3 Seconds left to change the value to 5000"

and .. the next button is still greyed out, I am at a loss.


So again .. I capitulate.

Taunt my ignorance
Make fun of my stupidity

just please ... HELP ME!

[Dark Byte]

Step 6 seems to be different since my last rebuild. (I kinda forgot to remove code optimization) wich has made this tutorial step a little confusing, but still quite simple. (although it is now a pointer to a pointer, wich will take some more effort in finding, but it's not required to finish that step)


004560c6 - mov eax.[eax+00000310]
004560cc - mov edx.[ebp-0c]
>>004560cf - mov [eax], edx
...

I'll try to explain
the value between the [ and ] is EAX
eax is a register wich is a value that is stored in your processor. (And it gets it's value at 004560c6, but you can ignore that for now, unless you're interested in finding the pointer to the pointer)


In the more info window you'll see a list of all the registers, including eax
In your case it was 0096DAA8 . (notice the word 'was' because that will change each time)

You should then search for that value in cheat engine. Do a 4 byte exact value scan and fill in 0096DAA8 and scan. (First check the hex checkbox)

With luck you'll only find 1 address
You've now found your pointer.

Let's look at the instruction again: mov [eax], edx
you can read this as mov [eax+0],edx
EAX holds the value of the pointer and 0 is the number of bytes you want to increase the address with.

Now click on "add address manualy" and check the pointer box
the address of the pointer will be the address you've found and the offset is 0

The value will be the value you need to change to 5000
If you want you can freeze the pointer to 5000 and click on change pointer. The next button will become enabled and you can finish the tutorial. (step 6 is the last)


On a sidenote: An interesting way to cheat on this tutorial step is by using the pause option, scan the value ,change to 5000 and then resume the tutorial.

[donpiano]

Yes, that worked! - My problem was I misunderstood the "Extra Info" window.

I understand it now, and it worked. I will proceed to see if I can cheat my games. Thanks again!

[czhenyang]

sorry i'm a bit slow.. i dont understand the part where you wrote