Cheat Engine

[Codcat]

Forgive me for my lack of terminology but I’ve noticed in tables you can enter an address a couple of different ways, eg. "executable.exe+727468" or just the straight address "00B27600".

Can someone please explain the pros and cons to both? When hacking my disassembled exe's are shown with the normal address so it’s easier to use that but the new version of cheat engines disassembler uses the "executable.exe+727468" method to display the addresses.

Thanks

[Fresco]

game.exe+offset it's recomanded

as it uses base address + offset that always bring to that specific location

XXXXXXXX address it works anyways but in 0.1% of cases it does not work

XXXXXXXX is the address of a memory location

address 0
- exe 1
- exe 2 address ...x
- exe 3

but what if my pc uses

address 0
- exe 3
- exe 1 address ...x
- exe 2

as you can see writing ...x does not always mean exe 2
but exe 2 will always be exe2
that's whay it is recomanded to use game.exe+offset
cheers

[Dark Byte]

also, ctrl+m in the disassembler switches back to hexadecimal address only

[RHCP]

[Fresco]

the 1% problem may occur when using different type of windows
xp or vista or 7 or whatever or when memory is full and it has to go somewhere else, not in the destination it was designed for.
you choose the exe because the memory is too big for you to scan all of it, because cheat engine needs to know what you want to scan, avoiding the scan of the entire ram, it's also a way to be sure that you're not affecting other processes.
cheat engine does not display in the debugger the full ram, but just the part that was given for your game
also it may not be all allocated, that's why you'll have to allocate when you make an assembler script.

ram
game1 ram0
game2 ram1
game3 ram2

cheat engine does not display ram1 till ram2, instead it shows you that ram 1 is ram0 and ram2 is ram1
so when you go to ram0 in cheat engine it's like going real ram1

and let's say that in windows xp
address 0 that was given by windows to your game
windows xp says that in address x the game should start
windows 7 says that in address y the game should start
but x and y are not the same,
while x+whatever is the same as writing y+whatever
do you understand now ?

the allocation problem:
the memory needs a format.
you know, you can store "5" as a 4 byte or as a double
but 4 byte occupies only 4 bytes of memory only and double occupies 8 bytes, and all that bytes just to say 5
when you right click your main hdd it says NTFS, right ? when you insert a usb memory stick it says FAT32. storing 10 in ntfs it's not the same as storing 10 in fat32 or whatever
let's suppose that "10":
int ntfs it's 010101000
and in fat32 000110011
see ? it's not the same!
the same with ram it can be non allocated or allocated, because rams file system is binary, assembly.
the point is that non allocated memory it's just non allocated, unused, it's not zero nor anything else it's "?" as cheat engine displays non allocated memory, it's not zero because it's memory, and memory can hold nothing, while hard drives cannot hold nothing, they theoretically can, but when you use special programs that look into them, they show records that can be recovered.

and now your answer
the game could dynamically alloc it's space in the memory that windows gave to it.

that means:
ram game start
address zero
address x
game
end game
address y
game ram ends

other sessions of the game could be

ram game start
address zero
address x
address y
game
end game
game ram ends

as you can see the game could be held in addy x or y, but the data is the same.
that's why game+x it's recomanded.

you'll find address incompatibility when you change windows versions, rarely on the same windows version.

hope that you're good now