Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Help with values that change back, please!
Goto page 1, 2, 3, 4  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
mac13
Newbie cheater
Reputation: 0

Joined: 19 Jun 2012
Posts: 17

PostPosted: Sun Jun 24, 2012 5:04 am    Post subject: Help with values that change back, please! Reply with quote

Hello, to all.
I only know the basics of CE and I'd like some help please.
The tutorials don't mention anything about this problem, but I think that's quite easy for the more experienced users.

Game: Dragon Age Legends (offline version)
Info: It used to be an RPG facebook game but when they recently shut down the servers, they released a free offline version of it (180 MB) running through "Adobe Air".

I'm trying to increase my character's gold and/or experience.
With a normal search (4 byte) I get 2 addresses with the same value. When I change either of them it changes back to the normal amount. If I freeze them and then change them, the gold in my game is not affected and again they change back to what they should be when I unfreeze them.
If I make a "Byte to Double" search (many times to get the exact addresses), I get the same addresses as before and some more that don't relate to my actual gold value (they must mean something else).
My Gold value: 1956362

Can anyone help me with this, please?
Thanks.



search.jpg
 Description:
 Filesize:  226.2 KB
 Viewed:  100083 Time(s)

search.jpg



_________________
Trust No One...
Back to top
View user's profile Send private message
Kriogenic
Cheater
Reputation: -1

Joined: 13 Jun 2012
Posts: 36
Location: localhost

PostPosted: Sun Jun 24, 2012 5:14 am    Post subject: Reply with quote

they are actually the same addresses as you found before but you are seeing them both as a byte, 2 byte, 4 byte and 8 byte (the last one dosnt have an 8 byte value shown)

if the game was made in adobe air you could try yourgoldamount * 8 and searching for that value as your money count.
Back to top
View user's profile Send private message
mac13
Newbie cheater
Reputation: 0

Joined: 19 Jun 2012
Posts: 17

PostPosted: Sun Jun 24, 2012 9:10 am    Post subject: Reply with quote

Unfortuatelly, nothing happens even if I multiply my gold value with 8 and do the searches again. Thanks for your time anyway.

Someone else has an idea?

PS. I must note that I'm playing the game while offline, so no values can be kept "somewhere else" (server).

_________________
Trust No One...
Back to top
View user's profile Send private message
Fresco
Grandmaster Cheater
Reputation: 4

Joined: 07 Nov 2010
Posts: 600

PostPosted: Sun Jun 24, 2012 10:15 am    Post subject: Reply with quote

try with increased / decreased value, and you definitely should upgrade to cheat engine 6.2.

you're on the right track with those values, you could do an exact value > double/float.
try searching for what those addresses are accessed by/ or written to > now, near the instruction that shows up, in the diassambler the code that writes to the real gold/xp address should be very close, no more that 20 lines above or down the code, but i see you're a noob, so try increased decreased, first with 4 byte, then with 8, float and double.

_________________
... Fresco
Back to top
View user's profile Send private message
mac13
Newbie cheater
Reputation: 0

Joined: 19 Jun 2012
Posts: 17

PostPosted: Mon Jun 25, 2012 10:34 am    Post subject: Reply with quote

I upgraded my CE in v6.2 but it makes no difference at all. It still finds the same addresses (not EXACTLY the same because they change every time I run the game).

With Double + Float with increased/decreased value searches, find nothing!

It only finds (as before) 2 addresses in 4 byte searches. Increased / decreased value searches make no difference as the addresses are updated immediately after each change and it finds the same ones again.

And it finds only 1 address in 8 byte searches. Increased / decreased values are the same case as in 4 bytes (nothing new).

If I enter the "what writes to this address" mode, it's giving me some info that I can't understand (see image below).

The only thing I can suspect of, is the "add esp,10" command, but the gold increased (from my last sale) wasn't only "10".



address.jpg
 Description:
 Filesize:  268.38 KB
 Viewed:  99964 Time(s)

address.jpg



_________________
Trust No One...
Back to top
View user's profile Send private message
johnnygg
Advanced Cheater
Reputation: 0

Joined: 20 Jan 2010
Posts: 51

PostPosted: Mon Jun 25, 2012 4:01 pm    Post subject: Reply with quote

i've been getting the same results as op too. I tried to take a look at the save file...unfortunately, they have a custom savefile type (extension .dal), so I can't edit it with a regular sol editor like minerva. I'll try a hex editor later, but I doubt that'll get me anywhere either :/ in the meantime, can someone decompile this and let us know wtf is going on? lol
Back to top
View user's profile Send private message
Fresco
Grandmaster Cheater
Reputation: 4

Joined: 07 Nov 2010
Posts: 600

PostPosted: Mon Jun 25, 2012 4:38 pm    Post subject: Reply with quote

click the big replace button and see what happens, tell us what happens.
next time search directly 4 bytes > exact value > then insert the money val without "," of course Smile
by replacing you should see on the screen the same amount of money, but the real value should still be able to change.

is so, try giving us a debugger screenshot with a few (20) lines above and after the code that writes to that address.

and no, add esp,10 means that esp should be esp+10, and esp is just a number in the memory. look down ; esp = hex value max 4bytes

_________________
... Fresco
Back to top
View user's profile Send private message
mac13
Newbie cheater
Reputation: 0

Joined: 19 Jun 2012
Posts: 17

PostPosted: Tue Jun 26, 2012 11:26 am    Post subject: Reply with quote

@Johnnygg: Some people already managed to hex edit the savefile and we can get as much exp and gold as we like, BUT... I want to do it with CE!

@Fresco: When I press the "replace" button, nothing happens. Still, the memory value that changes back, can be set to any amount I want (without changing back by itself) and show that changed amount on screen as well, but it doesn't represent the real gold value. Eg. If I had 1000 gold at first place, and I changed it to 10000 gold after the "replacement", when I try to buy something more expensive than 1000 it says that I have not enough gold. It also doesn't increase (on screen) when I sell something. Actually the OPPOSITE of what you said happens, the changed value appears on the screen but the "real" value is hidden somewhere else.
8 byte or 4 byte searches, don't make much difference, except I get 2 addresses in 4 byte searches and only 1 address in 8 byte searches, so I trust 8 byte search more! Smile
In the images below you can see the lines before and after the "memory write" thing (I hope I've done it correctly).
Thanks again for your time!

PS. BTW, the game if free for download (www * dragonagelegends * com) if someone wants to give it a try.



befaft2.jpg
 Description:
 Filesize:  331.89 KB
 Viewed:  99861 Time(s)

befaft2.jpg



befaft1.jpg
 Description:
 Filesize:  327.21 KB
 Viewed:  99861 Time(s)

befaft1.jpg



_________________
Trust No One...
Back to top
View user's profile Send private message
johnnygg
Advanced Cheater
Reputation: 0

Joined: 20 Jan 2010
Posts: 51

PostPosted: Wed Jun 27, 2012 2:16 am    Post subject: Reply with quote

mac13 wrote:
@Johnnygg: Some people already managed to hex edit the savefile and we can get as much exp and gold as we like, BUT... I want to do it with CE!.


really? lol I opened it up, but its too big for me to decipher lol i suppose i can do some experimentation and buy/sell some stuff and see what values get changed...but that'll take forever so...ya w8ing on some1 to decompile this and just tell us wtf is going on with the code, or the save format :/
Back to top
View user's profile Send private message
nefell
How do I cheat?
Reputation: 0

Joined: 27 Jun 2012
Posts: 1
Location: ina

PostPosted: Wed Jun 27, 2012 5:00 am    Post subject: Reply with quote

Do you already know worker room trick on this game?
The worker room will cost 300g to buy, but the more worker room u have, the selling price will increase by 225g each worker room.
So just build lot of worker room you can, then sell it, and buy again.
Back to top
View user's profile Send private message
mac13
Newbie cheater
Reputation: 0

Joined: 19 Jun 2012
Posts: 17

PostPosted: Wed Jun 27, 2012 10:09 am    Post subject: Reply with quote

Yes, I'm aware of many game bugs that can increase the gold, but I want to be able to do it with CE, because if I manage to do the gold, I'll be also able to add some experience. Smile
...and secondly, I want to learn what to do in situations like this one, as I might find it in another game as well.

_________________
Trust No One...
Back to top
View user's profile Send private message
johnnygg
Advanced Cheater
Reputation: 0

Joined: 20 Jan 2010
Posts: 51

PostPosted: Wed Jun 27, 2012 2:47 pm    Post subject: Reply with quote

mac, I can already tell you what you have to do in situations like this:
you either get insanely good at reading op codes (easy) and understanding what higher level code they represent (hard),

OR:
you decompile the game and find out whats going on (will lead to learning option 1 by default) so that you can edit the right opcodes to stop the values from changing back.

The main issue is finding a decent free decompiler; someone sent me one before, but my a/v wouldn't let me install it, so I ran it on a few online virus scanners (total, etc); and they also said it had a virus, so I didn't take the chance to install. If you're willing to take the chance or invest in sothink decompiler pro, then that's the way to handle these situations.

Otherwise, wait for someone to decompile it and comeback and tell you what to do lol
Back to top
View user's profile Send private message
Fresco
Grandmaster Cheater
Reputation: 4

Joined: 07 Nov 2010
Posts: 600

PostPosted: Sat Jun 30, 2012 7:41 am    Post subject: Reply with quote

I HAVE FOUND THE SOLUTION Smile
So, here's the trick!
I had to install the game to see how it works, because i couldn't figure out the value from the screen shots, even thought they helped.
so ...
Code:
mov [ecx+10],eax

this is the instruction that changes the address that you see on the screen.
Code:
[ecx+10]

this here is the address that you see on the screen
Code:
eax

well eax is the number that is written to the address that you see on the screen
So, we'll have to find out what piece of memory writes in eax before eax is written to our address that we see on the screen
sorry if i'm being a little bit repetitive.
see that call eax ?:
Code:
0AAF02A7     call eax

well that's the function that takes the encoded real address money and puts the result in eax Smile
a function start from whatever and ends with:
Code:
ret

or
Code:
jmp (address of the caller + some bytes)

since call eax is a call, our function ends with ret.
so just trace the call till ret instruction Smile
watch for any addresses that the code uses:
like this one:
Code:
[general_purpose_register+offset]

one of these is the real money address, and is has a weird number that translated gives back your money Smile
try to freeze them one by one and see if it works Smile
and oh, almost forgot it's value doesn't change, ""what kinda of money changes ??""
and if you can't really make it:
here the address of the code that writes to the real money address Smile
Code:
73A3026      mov [edx+10],ecx

and here's the aob scan:
Code:
89 4A 10 8B 4D F0 89 0D 4C 80 C7 00 8B E5 5D C3 CC CC CC CC CC CC CC CC CC CC 00 00 00 00 BC 2F 3A 07 EC 0F 3B 07 00 00 00 00 5C 31 3A 07 55 8B EC 83 EC 28 89 5D FC 8B 4D 08 8B 45 10 8D 55 F0 8B 1D 4C 80 C7 00 89 4D F4 89 5D F0 89 15 4C 80

_________________
... Fresco
Back to top
View user's profile Send private message
mac13
Newbie cheater
Reputation: 0

Joined: 19 Jun 2012
Posts: 17

PostPosted: Sat Jun 30, 2012 1:34 pm    Post subject: Reply with quote

Thanks a lot Fresco, but I can't really understand some things...

1. I can see the "call" command in my memory view but I can't see any "ret" commands.
2. I can't find this "[general_purpose_register+offset]" anywhere.
3. I don't know "how to use" the memory address you've given me (73A3026 mov [edx+10],ecx) or how to get there and if I get there how do I change it to whatever I want. Is this memory address ALWAYS the same, or it changes location every time you run the game?
4. Can you also find the memory address that writes the experience value for me, please?

I really appreciate the time you spent on my problem, but I still need those few answers before I understand it.

_________________
Trust No One...
Back to top
View user's profile Send private message
mac13
Newbie cheater
Reputation: 0

Joined: 19 Jun 2012
Posts: 17

PostPosted: Sun Jul 01, 2012 12:27 am    Post subject: Reply with quote

Apparently I don't have to look for the address "73A3026" in front of the command "mov [edx+10],ecx"...
I found the command "mov [edx+10],ecx" by choosing "search / find assembly code" from within the memory viewer. It actually shows many of them (same) in different addresses, I tried the first one that came up, went to the exact address in the memory viewer. By right-clicking on it, I can't see anything that will give me an option to alter it. I chosen "add to the code list", given it a name and now it appears in the "advanced options", but again I can't do anything with it.

_________________
Trust No One...
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Goto page 1, 2, 3, 4  Next
Page 1 of 4

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites