Cheat Engine

levis · Newbie cheater Reputation: 0 Joined: 30 Nov 2005 Posts: 24

lets say i have a code
00400000: 89 01 - mov [ecx], eax
to get my desired function, i change the registers, and alter "eax" to 99

is there a way to toogle in to 99, and back to original, using some form of global hotkeys?

i've read http://forum.cheatengine.org/viewtopic.php?t=3647 and it teaches how to use array of bytes to do something similar..

i've tried implementing it, by modifying the opcode to
mov [ecx], 99 and it says the generated opcode is 6bytes long whereas the original is only 2bytes and asks if i want to replace them with nops...

whether or not i replace with nops, the byte values becoms as such
00400000: c7 01 99 00 00 00 - mov [ecx], 99

does this mean that i have to manually add an array of bytes (size 6) and input those values? when i do so, my whole game crashes though.. anyone can help me with this? of course if there was something else simpler, ie juz by using hotkeys to change registers, that'll be great.. thankx

Dark Byte · Posted: Wed Nov 30, 2005 8:11 am Post subject:

Let's assume you arn't talking about maple because that will disconnect you if you edit the code.

Use code caves.
when that instruction is selected go to memory view->tools->auto assembler (or just press ctrl+a)
then template->code injection, make sure the adderess is correct, and click ok

then at the line: //place your code here type in
mov eax,99

then click template->cheattable framework code
and in the [DISABLE] section write
00400000:
followed by the original code that will be overwritten by the jump (same as the original code part in the code injection enable part)

when everything is right, click file->assign to cheat table, and close the auto assembler window. in ce you can now rightclick that cheat and assign it a hotkey

levis · Newbie cheater Reputation: 0 Joined: 30 Nov 2005 Posts: 24

why does this template script assumes that the original code only consist of the next 3 consecutive addresses?

i understand a little on code injection using code caves, but what i've read on previously was to set the EIP onto my code cave.. having done your way, however, when i enable the cheat, it works well, but i cannot disable it.. lol am i doing anything wrong?

original code:
400000 - somecode
400001 - blabla
400002 - blablabla

at the [DISABLE] part, i placed in all 3 lines of the original code, is that correct?

Dark Byte · Posted: Wed Nov 30, 2005 8:58 am Post subject:

the template assumes there are 3 because it has to overwrite 3 instructions to place the jump (the jump is 5 bytes, the mov [ecx], eax is 2, so that leaves 3 other bytes to be replaced as well)

yes, placing the 3 original lines at the disable part is right, but make it look like:

Dark Byte · Posted: Wed Nov 30, 2005 9:05 am Post subject:

Here is a example of a really retarded method to freeze time in minesweeper, but it should give a good example:

levis · Newbie cheater Reputation: 0 Joined: 30 Nov 2005 Posts: 24

hey alright this works.. now i can switch on and off already~
thx darkbyte~!

erm btw, does modifying a register literally mean changing the opcode?
eg: i modify eax of 400001 - mov [ecx], eax to 99
is it equal to changing opcode to mov [ecx], 99?
i think it works this way but........

how bout i modify EAX of 400001 - mov [EDX], ECX to 99
in this, the opcode dont contain any eax... ?

erh yea i'm refering to maple.. lol u got it.. anyway this could be a great start to learn hacking rite?

Dark Byte · Posted: Wed Nov 30, 2005 10:37 am Post subject:

changing registers and changing opcodes are different things

when you change the opcode you change the bytes.
with changing registers you don't change the memory, but when that memory location gets executed it changes the state of the registers

and yes, if you change eax to 99 at mov [ecx],eax it means the same as mov [ecx],99

Dark Byte · Posted: Wed Nov 30, 2005 12:35 pm Post subject:

oh yes, I forget to add dealloc(newmem) in the disable part.
it isn't needed, but it'll free the allocated memory, else you may run out of memory after you enable it for about 250000 times.

levis · Newbie cheater Reputation: 0 Joined: 30 Nov 2005 Posts: 24

hmm.. sometimes when i change register eax to 99 in mov[ecx],eax... its the same effect as changing opcode to mov[ecx], 99..

yet again sometimes when i change register eax to, say 200, in another opcode, say mov[edx],eax... the effect i get isnt the same as changing the opcode directly to move[edx],200..

Dark Byte · Posted: Wed Nov 30, 2005 4:56 pm Post subject:

it is, but perhaps you are interpreting it wrong?
200 means 512, perhaps you didn't notice it with 99(153)

levis · Newbie cheater Reputation: 0 Joined: 30 Nov 2005 Posts: 24

how do u get to the answer, as in why does 200 mean 512? erm sorry for this lol..

Dark Byte · Posted: Thu Dec 01, 2005 8:20 pm Post subject:

the assembler uses hexadecimal notation
200 mean 200 hexadecimal. (or 00 02 written as bytes)
the easiest way to convert from hex to dec is by using the windows calculator in scientifc mode

levis · Newbie cheater Reputation: 0 Joined: 30 Nov 2005 Posts: 24

yea so i was wondering, 200dec converted to hex would be C8? why 512

levis · Newbie cheater Reputation: 0 Joined: 30 Nov 2005 Posts: 24

ok here's what i'm trying to do again.. editing the code cave would not dc me. so issit alright to do this..

Dark Byte · Posted: Fri Dec 02, 2005 6:13 am Post subject: