Cheat Engine

JackCrackerMan

Ok, everytime I try to use this option I get an error. It asks me for the address I think its pointing to... so I put in the last address I found through the pointers. I've looked for a tutorial on this option and I do not see anything in the FAQ's. Any info I could use on this? I am only trying this as I can't figure out how to find the pointers myself (really frustrating). When I do my first search for the value I want to change I get 2 values. Both of them change as I change the value in game... so basically both are right? However, they both lead me in 2 different directions when searching for a pointer... 1 of them just seems to point at itself (asks me to search the same address over and over with different offsets) and the other I get down to 3 different pointers and it just stops finding any data when I'm searching "find out what accesses this pointer". ANY INFORMATION WILL HELP ME JUST POINT ME IN THE RIGHT DIRECTION! Mad

Here is some more details of one of my recent attempts to find another value:
This is for Spore (steam version), the value of Colony Incredi-pack. The initial search is for 99, then 98 which gives me my first value. I search for what is writing to this address and I get this:

initial search

EAX=00000001
EBX=0BD97C50
ECX=0B0DA918
EDX=00000061
ESI=0D81EC98
EDI=00000000
EBP=00000000
ESP=0012DF78
EIP=006FDDB5

Probable base pointer =0D81EC98

006fddaa - mov eax,[esi+0000019c]
006fddb0 - sub edx,eax
006fddb2 - mov [esi+7c],edx
006fddb5 - call 004a34b0
006fddba - cmp eax,d3dxtripatchsize+aa54

search for 0d81ec98 turned 4 results:
0ba19850
0d4deff0
0d83fdac
21ba1140

next search: 0ba19850 offset of 7c

EAX=0BA19850
EBX=0B4D0F38
ECX=156E2898
EDX=156E2934
ESI=0D81EC98
EDI=00000061
EBP=0118F190
ESP=0012D4B8
EIP=004B6D13

Probable base pointer =0BA19850

004b6d0c - lea edx,[ecx+edx*4]
004b6d0f - je 004b6d1c
004b6d11 - cmp esi,[eax]
004b6d13 - je 004b6d43
004b6d15 - mov eax,[eax+08]

Results for search of 0ba19850 gave 1 result!

Next search: 156e2934 with offset 00

EAX=0BA19850
EBX=0B4D0F38
ECX=156E2898
EDX=00000027
ESI=0D81EC98
EDI=00000061
EBP=0635AE73
ESP=0012D404
EIP=004B6D0A

Probable base pointer =156E2898

004b6d02 - div edi
004b6d04 - mov ecx,[ecx+04]
004b6d07 - mov eax,[ecx+edx*4]
004b6d0a - test eax,eax
004b6d0c - lea edx,[ecx+edx*4]

Results for search of 156e2898 gave 1 result!

Next search: 0b4d0f3c with offset (edx*4)=9c

Now when I do the "find out what accesses this pointer" I get 2 different lines in the opcode:

004b6d04 - 8b 49 04 - mov ecx,[ecx+04]
0071c007 - 8b 43 04 - mov eax,[ebx+04]

the first line: ecx = 156e2898
which if you look at my last probable base pointer its exactly the same.
the second line: ebx = 0b4d0f38
I'm going to guess this is the line I am searching next.
this turns up nothing when scanning for the 0b4d0f38

well just for kicks, I do a search for the first line which is 156e2898 and of course I get the same address as I did the last time I searched that. I add this as my 4th pointer (knowing full well its probably going to screw everything up) with an offset of 04, and low and behold, everything is screwed up.

Alright... I'm really lost here. Am I doing something wrong? Should I be doing my searches differently?

sven3107 · Posted: Tue Mar 31, 2009 9:59 am Post subject:

I have the same problem, I already added it to bugtracker.
If you want to use it now, the only way is using CE 5.4, that scan works.

I don't recommend it as you can also just do it manually.

JackCrackerMan · Posted: Tue Mar 31, 2009 10:29 am Post subject: