Cheat Engine

[lockdown]

I have been using CE (cheat engine) for many years now, but never evolved past finding code and changing their value to what I wanted. The only problem is that, for example, a game I play very much I all ways have to find the memory address all over again when I close out the game. I want to learn what fixes this problem and why it does. I am think it is code injection/AA.

I recently started to take steps to progress future into learning how to create trainers/hacking so I do not have to load CE and retake all the steps to finding the new memory address when I close and start the game. The problem that I am having is what I do once I find the base codes; what are my options after that point?

I did the CE tutorials and was able to understand and complete all eight tutorials, but I guess what the tutorials fells to explain in depth is when & why we should use assembly instead of manipulating the base code. How does assembly get past the code changing every time you start and restart the game, or does it?

Here is what I understand:

1. Searching for memory and their values (basic types)
2. When to use unknown initial value
3. Different search scans like floating and double
4. Pointers, trying to find that green ones.
5. Multilevel pointers, still, trying to get to the base/green address.

What I am having trouble with is when to do code injection/AA (auto assembly). I can understand what I am reading, but guess I do not understand when to apply injection and AA, you know?

I have read the in-depth guide to AA and even printed out and read it at least three times, so I get it, but not when and why I should use it instead of just changing the value.

I have had darkbyte help with a few of my noob question threads, and he gave me some AA to apply to a problem I was having, but didn't catch on to as why we were applying/using AA.

Let me explain even more with an actually game I play and have been hacking. Civilization 5 is a great game I play all the time, and that I like to hack or attempt to hack, but like I said above the memory address change when I close the game and bring it back up. Does AA fix this, and how does it fix this? Can this question be broken down for a noob please.

Lastly, am I getting ahead of my self or is AA where I should be focusing on?

[Geri]

Usually we use AA to get some address from a register and use that address.
For example let's assume there is a code which is reading your health in a game.

mov esi,[eax+20]

In this case, eax+20 = the address of your health. You don't need to find the address yourself as the program will do it. After all that code is working with the health so before it get to this point, it is finding the correct address. All you need to do is come in and take that address. So the point is to not search for the value just let the program find it and while it is working with it, we can also change it. Like putting in an extra line:

mov [eax+20],#100

Which would change your health to 100, wherever it is. In English, you write:

change health to 100 (where you use mov to change the value of health to the value that you want to use).
In this case you don't need to do anything just activate your script and the program will execute

mov esi,[eax+20] as usual and it will also execute your code to change it to 100 too. So every time when this code is running, your health will be changed to 100 whatever is the address.

Complications will start when you find a code which is accessing to more addresses. I don't recommend to start practicing on Civ5 immediately because it's codes are shared and if you activate a simple script which is changing the gold for example, it will change it for the enemy too as the same code is used to handle your gold and the enemy's gold.
The best way is to find some code which is accessing to one address only which is important for you. If you cannot find any, it will be more complicated and you need to write a more complex script for it to somehow check which address is your gold and which is for the enemy etc. More complex codes will require more complex modifications to do what you wish.

[lockdown]

[Geri]

[lockdown]

Hi Geri - Thank you for all of your help. I feel I am getting closer to understanding AA but still need that little push. Let me write the steps I take to apply the the AA script from darkbyte. Now the script show point/find the technology memory address for me to, so I can build a hack around it, correct?

Here are the steps:
1. Setup up game to duel mode against AI
2. Start Cheat Engine 6.0
3. Select process
4. Click on memory view
5. Hit, Ctrl + A or Tools > Auto Assemble
6. Hit Ctrl + v or right click & paste the script
7. Hit Execute
8. Write down the memory address to the techpointerlist which is always around 08E30800
9. Go back to Cheat Engine 6.0 main screen and click on Add address manually (so I can view memory region & and do below).
10. Right click on the added memory address and choose "Find out what access this address".
11. Go back to game switch from a technology to another, do that and I get 717 count in the "Find out what access this address" window.
12. I double click on what I found, and the suggested hex address to find is 000000 and the value in [ ... ] is "techpointerlist


Have I done something wrong and what does step 11 - 12 mean? I thought I would find some address for the technology there or by click memory region for that memory address (08E30800). Thanks for the help.

[Geri]

If you are not familiar with pointers, it is easier to find the addresses this way:
1. Find your tech points for a research.
2. Click on "find out what is accessing to this address".
3. Open the technology tree in the game.
4. Save the addresses that you have found.
5. Right-click on one of the codes that you have found and choose what addresses are read by that code.
6. Open the technology tree in the game.
7. You should see all of the addresses for your tech points now.