|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
mac13 Newbie cheater Reputation: 0
Joined: 19 Jun 2012 Posts: 17
|
Posted: Sun Jun 24, 2012 5:04 am Post subject: Help with values that change back, please! |
|
|
Hello, to all.
I only know the basics of CE and I'd like some help please.
The tutorials don't mention anything about this problem, but I think that's quite easy for the more experienced users.
Game: Dragon Age Legends (offline version)
Info: It used to be an RPG facebook game but when they recently shut down the servers, they released a free offline version of it (180 MB) running through "Adobe Air".
I'm trying to increase my character's gold and/or experience.
With a normal search (4 byte) I get 2 addresses with the same value. When I change either of them it changes back to the normal amount. If I freeze them and then change them, the gold in my game is not affected and again they change back to what they should be when I unfreeze them.
If I make a "Byte to Double" search (many times to get the exact addresses), I get the same addresses as before and some more that don't relate to my actual gold value (they must mean something else).
My Gold value: 1956362
Can anyone help me with this, please?
Thanks.
Description: |
|
Filesize: |
226.2 KB |
Viewed: |
100083 Time(s) |
|
_________________
Trust No One... |
|
Back to top |
|
|
Kriogenic Cheater Reputation: -1
Joined: 13 Jun 2012 Posts: 36 Location: localhost
|
Posted: Sun Jun 24, 2012 5:14 am Post subject: |
|
|
they are actually the same addresses as you found before but you are seeing them both as a byte, 2 byte, 4 byte and 8 byte (the last one dosnt have an 8 byte value shown)
if the game was made in adobe air you could try yourgoldamount * 8 and searching for that value as your money count.
|
|
Back to top |
|
|
mac13 Newbie cheater Reputation: 0
Joined: 19 Jun 2012 Posts: 17
|
Posted: Sun Jun 24, 2012 9:10 am Post subject: |
|
|
Unfortuatelly, nothing happens even if I multiply my gold value with 8 and do the searches again. Thanks for your time anyway.
Someone else has an idea?
PS. I must note that I'm playing the game while offline, so no values can be kept "somewhere else" (server).
_________________
Trust No One... |
|
Back to top |
|
|
Fresco Grandmaster Cheater Reputation: 4
Joined: 07 Nov 2010 Posts: 600
|
Posted: Sun Jun 24, 2012 10:15 am Post subject: |
|
|
try with increased / decreased value, and you definitely should upgrade to cheat engine 6.2.
you're on the right track with those values, you could do an exact value > double/float.
try searching for what those addresses are accessed by/ or written to > now, near the instruction that shows up, in the diassambler the code that writes to the real gold/xp address should be very close, no more that 20 lines above or down the code, but i see you're a noob, so try increased decreased, first with 4 byte, then with 8, float and double.
_________________
... Fresco |
|
Back to top |
|
|
mac13 Newbie cheater Reputation: 0
Joined: 19 Jun 2012 Posts: 17
|
Posted: Mon Jun 25, 2012 10:34 am Post subject: |
|
|
I upgraded my CE in v6.2 but it makes no difference at all. It still finds the same addresses (not EXACTLY the same because they change every time I run the game).
With Double + Float with increased/decreased value searches, find nothing!
It only finds (as before) 2 addresses in 4 byte searches. Increased / decreased value searches make no difference as the addresses are updated immediately after each change and it finds the same ones again.
And it finds only 1 address in 8 byte searches. Increased / decreased values are the same case as in 4 bytes (nothing new).
If I enter the "what writes to this address" mode, it's giving me some info that I can't understand (see image below).
The only thing I can suspect of, is the "add esp,10" command, but the gold increased (from my last sale) wasn't only "10".
Description: |
|
Filesize: |
268.38 KB |
Viewed: |
99964 Time(s) |
|
_________________
Trust No One... |
|
Back to top |
|
|
johnnygg Advanced Cheater Reputation: 0
Joined: 20 Jan 2010 Posts: 51
|
Posted: Mon Jun 25, 2012 4:01 pm Post subject: |
|
|
i've been getting the same results as op too. I tried to take a look at the save file...unfortunately, they have a custom savefile type (extension .dal), so I can't edit it with a regular sol editor like minerva. I'll try a hex editor later, but I doubt that'll get me anywhere either :/ in the meantime, can someone decompile this and let us know wtf is going on? lol
|
|
Back to top |
|
|
Fresco Grandmaster Cheater Reputation: 4
Joined: 07 Nov 2010 Posts: 600
|
|
Back to top |
|
|
mac13 Newbie cheater Reputation: 0
Joined: 19 Jun 2012 Posts: 17
|
Posted: Tue Jun 26, 2012 11:26 am Post subject: |
|
|
@Johnnygg: Some people already managed to hex edit the savefile and we can get as much exp and gold as we like, BUT... I want to do it with CE!
@Fresco: When I press the "replace" button, nothing happens. Still, the memory value that changes back, can be set to any amount I want (without changing back by itself) and show that changed amount on screen as well, but it doesn't represent the real gold value. Eg. If I had 1000 gold at first place, and I changed it to 10000 gold after the "replacement", when I try to buy something more expensive than 1000 it says that I have not enough gold. It also doesn't increase (on screen) when I sell something. Actually the OPPOSITE of what you said happens, the changed value appears on the screen but the "real" value is hidden somewhere else.
8 byte or 4 byte searches, don't make much difference, except I get 2 addresses in 4 byte searches and only 1 address in 8 byte searches, so I trust 8 byte search more!
In the images below you can see the lines before and after the "memory write" thing (I hope I've done it correctly).
Thanks again for your time!
PS. BTW, the game if free for download (www * dragonagelegends * com) if someone wants to give it a try.
Description: |
|
Filesize: |
331.89 KB |
Viewed: |
99861 Time(s) |
|
Description: |
|
Filesize: |
327.21 KB |
Viewed: |
99861 Time(s) |
|
_________________
Trust No One... |
|
Back to top |
|
|
johnnygg Advanced Cheater Reputation: 0
Joined: 20 Jan 2010 Posts: 51
|
Posted: Wed Jun 27, 2012 2:16 am Post subject: |
|
|
mac13 wrote: | @Johnnygg: Some people already managed to hex edit the savefile and we can get as much exp and gold as we like, BUT... I want to do it with CE!. |
really? lol I opened it up, but its too big for me to decipher lol i suppose i can do some experimentation and buy/sell some stuff and see what values get changed...but that'll take forever so...ya w8ing on some1 to decompile this and just tell us wtf is going on with the code, or the save format :/
|
|
Back to top |
|
|
nefell How do I cheat? Reputation: 0
Joined: 27 Jun 2012 Posts: 1 Location: ina
|
Posted: Wed Jun 27, 2012 5:00 am Post subject: |
|
|
Do you already know worker room trick on this game?
The worker room will cost 300g to buy, but the more worker room u have, the selling price will increase by 225g each worker room.
So just build lot of worker room you can, then sell it, and buy again.
|
|
Back to top |
|
|
mac13 Newbie cheater Reputation: 0
Joined: 19 Jun 2012 Posts: 17
|
|
Back to top |
|
|
johnnygg Advanced Cheater Reputation: 0
Joined: 20 Jan 2010 Posts: 51
|
Posted: Wed Jun 27, 2012 2:47 pm Post subject: |
|
|
mac, I can already tell you what you have to do in situations like this:
you either get insanely good at reading op codes (easy) and understanding what higher level code they represent (hard),
OR:
you decompile the game and find out whats going on (will lead to learning option 1 by default) so that you can edit the right opcodes to stop the values from changing back.
The main issue is finding a decent free decompiler; someone sent me one before, but my a/v wouldn't let me install it, so I ran it on a few online virus scanners (total, etc); and they also said it had a virus, so I didn't take the chance to install. If you're willing to take the chance or invest in sothink decompiler pro, then that's the way to handle these situations.
Otherwise, wait for someone to decompile it and comeback and tell you what to do lol
|
|
Back to top |
|
|
Fresco Grandmaster Cheater Reputation: 4
Joined: 07 Nov 2010 Posts: 600
|
Posted: Sat Jun 30, 2012 7:41 am Post subject: |
|
|
I HAVE FOUND THE SOLUTION
So, here's the trick!
I had to install the game to see how it works, because i couldn't figure out the value from the screen shots, even thought they helped.
so ...
this is the instruction that changes the address that you see on the screen.
this here is the address that you see on the screen
well eax is the number that is written to the address that you see on the screen
So, we'll have to find out what piece of memory writes in eax before eax is written to our address that we see on the screen
sorry if i'm being a little bit repetitive.
see that call eax ?:
well that's the function that takes the encoded real address money and puts the result in eax
a function start from whatever and ends with:
or
Code: | jmp (address of the caller + some bytes) |
since call eax is a call, our function ends with ret.
so just trace the call till ret instruction
watch for any addresses that the code uses:
like this one:
Code: | [general_purpose_register+offset] |
one of these is the real money address, and is has a weird number that translated gives back your money
try to freeze them one by one and see if it works
and oh, almost forgot it's value doesn't change, ""what kinda of money changes ??""
and if you can't really make it:
here the address of the code that writes to the real money address
Code: | 73A3026 mov [edx+10],ecx |
and here's the aob scan:
Code: | 89 4A 10 8B 4D F0 89 0D 4C 80 C7 00 8B E5 5D C3 CC CC CC CC CC CC CC CC CC CC 00 00 00 00 BC 2F 3A 07 EC 0F 3B 07 00 00 00 00 5C 31 3A 07 55 8B EC 83 EC 28 89 5D FC 8B 4D 08 8B 45 10 8D 55 F0 8B 1D 4C 80 C7 00 89 4D F4 89 5D F0 89 15 4C 80 |
_________________
... Fresco |
|
Back to top |
|
|
mac13 Newbie cheater Reputation: 0
Joined: 19 Jun 2012 Posts: 17
|
Posted: Sat Jun 30, 2012 1:34 pm Post subject: |
|
|
Thanks a lot Fresco, but I can't really understand some things...
1. I can see the "call" command in my memory view but I can't see any "ret" commands.
2. I can't find this "[general_purpose_register+offset]" anywhere.
3. I don't know "how to use" the memory address you've given me (73A3026 mov [edx+10],ecx) or how to get there and if I get there how do I change it to whatever I want. Is this memory address ALWAYS the same, or it changes location every time you run the game?
4. Can you also find the memory address that writes the experience value for me, please?
I really appreciate the time you spent on my problem, but I still need those few answers before I understand it.
_________________
Trust No One... |
|
Back to top |
|
|
mac13 Newbie cheater Reputation: 0
Joined: 19 Jun 2012 Posts: 17
|
Posted: Sun Jul 01, 2012 12:27 am Post subject: |
|
|
Apparently I don't have to look for the address "73A3026" in front of the command "mov [edx+10],ecx"...
I found the command "mov [edx+10],ecx" by choosing "search / find assembly code" from within the memory viewer. It actually shows many of them (same) in different addresses, I tried the first one that came up, went to the exact address in the memory viewer. By right-clicking on it, I can't see anything that will give me an option to alter it. I chosen "add to the code list", given it a name and now it appears in the "advanced options", but again I can't do anything with it.
_________________
Trust No One... |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|