Cheat Engine

[Darkbluesky]

Hello

I have been doing some code injection using codecaves, but not using auto assembler neither CT, because I plan to do a standalone program to patch the exe. I have done several codecaves for modifying the code/values and they work fine, but recently I have found some values (2) that give me problems.

First, in order to find a valid pointer for these two addresses, I used pointer scan but it returned an empty window, so I unchecked "Don't include pointers with read-only nodes", and then I found the pointers, (both are 1 level/1-offset pointers) so I guess the values are read-only.

The surprising part is that I can change these values manually in CE (no need to freeze them, as they are not re-written automatically), but when I try to write to them with mov [....],nnnnnnnn, the program hangs and crash as soon as I execute that instruction.

I can show here the exact values, etc if needed. But please, could you tell me how I can change these values without using CT (I want to be able to do that in ASM in order to modify the exe permanently by adding my own code, as explained)?

Thanks a lot!

PS: the addresses store float values and the game is Silent Hunter III

[Dark Byte]

Call VirtualProtectEx to make the memory writable
Or adjust the pe header and change the region to writable

[Darkbluesky]

Thanks for the answer (and sorry for posting in the wrong forum).

I was wondering if I could write to these address by programming in ASM in the codecave, I mean without calling VirtualProtectEX in the ttrainer/patcher or needing a previously modified PE header file. I don't know if I explain myself, I am looking for something that in the same injected code, allowed me to write there.

If it is not possible, or too hard for me, then I guess I can modify the ASM code to use some static addressess filled by me...


PS: BTW, I am having a hard time, trying to make CE to keep the addresses referred to a base address of a module. I mean I write something like mov ebx,["CameraBehavior.act"+00009414], but then it converts it to the value, and when I save the codecave and reload it after a game restart, it does not keep the relative path, thus it is wrong. It is surprising because in other parts of the code it works, but not for me...

[Dark Byte]

No, codecaves are really difficult to use and give more trouble than what they're worth (only thing they are good for is not having to run a trainer and being stuck with cheats on all the time)


about : mov ebx,["CameraBehavior.act"+00009414]
try changing it to lea,["CameraBehavior.act"+00009414] so you get the address instead of the value

[Darkbluesky]

Tx! Well, I'll use new static addresses to put the new values I want and use them.

But still I need to use (read) the other values for reference, and I can't keep the module reference refreshed when game is restarted, I mean the lea instruction, when saved and loaded with codecave after a game restart now keeps the last value (address), just as with mov, only that instead of showing it as the hex value of the address it shows as a module+offset, only that the module and offset are the corresponding to the last address and it should be viceversa (the address should change to fit to the module+offset I wrote, which should be always the same...)