 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
 Posted: Sun Jul 01, 2012 6:24 am Post subject: |
 |
|
| mac13 wrote: | | [...]1. I can see the "call" command in my memory view but I can't see any "ret" commands.[...] |
oooooh, come on, right click the call, hit break and trace type in like 36 > play the game > buy something > go back in cheat engine it should show you a list with codes > and the call should have a [+] click on the [+], it should turn into a [-] and you should see the entire call procedure.
| Code: | call works like this:
address code
01 hello
02 call "helloworld"
03 more code
04 execute
05
06
07
08
09 helloworld start
10 code
11 more code
12 ret
so here's how computer executes this code
you may whink:
1,2,3,4,5,6,7,8,9,10,11,12 no?
well NO, your pc executes it like that:
1,2,9,10,11,12,3,4,5,6 ...
9,10,11,12 this is a FUNCTION that is being called by 02
the function name is helloworld |
so you can find the ret command at the end of the function that is being called (call eax) and since eax is an address is like saying
| Code: | instead of saying call "helloworld"
you say: call 09
and if eax is equal to 09;
eax=09
you could simply say call eax
so that some code crackers like us couldn't hack it just as easy |
| mac13 wrote: | | [...]2. I can't find this "[general_purpose_register+offset]" anywhere.[...] |
that because:
general_purpose_register = eax , ebx , ecx , edx
there are more but they aren't general_purpose_register like esi edi etc ...
+offset = eax+13 or 10 or whatever that's an offset.
| mac13 wrote: | | [...]3. I don't know "how to use" the memory address you've given me (73A3026 mov [edx+10],ecx) or how to get there and if I get there how do I change it to whatever I want.[...] |
i gave you the address of the code that writes to the real address of money when you buy something.
so go to memory viewer right click anywhere on that huge list of code and hit > go to address > insert the address that i gave you > and there you go, ce should go exactly to that code. then you right click on the code and add it to the code list, after that you go in the code list and right click the code > hit find out what addresses this code writes to > search through all those addresses and the only one that is different than the others should be your money address. btw if you have 3 gold the addresses value is't not 3 but some huge number.
| mac13 wrote: | | [...]Is this memory address ALWAYS the same, or it changes location every time you run the game?[...] |
how am i supposed to know ? that is why i gave you the aob scan for the address of the code that writes to the real money address.
| mac13 wrote: | | [...]4. Can you also find the memory address that writes the experience value for me, please?[...] |
no, now that you know how the game engine works, good luck, if i do it, then all this explanation would be for nothing and you will learn nothing.
| mac13 wrote: | | [...]I really appreciate the time you spent on my problem, but I still need those few answers before I understand it. |
i hope that now you will understand!
_________________
... Fresco |
|
| Back to top |
|
 |
mac13
Newbie cheater
![]() Reputation: 0
Joined: 19 Jun 2012
Posts: 17
|
| Posted: Mon Jul 02, 2012 12:50 am Post subject: |
|
|
When I go to the address you gave me (73A3026) it only says "add [eax],al", so I suppose this is not it.
If in the huge list of memory viewer I choose "search/find memory", check "Array Of Byte" (default: from 00409000 to 7FFFFFFF) and paste in the "AOB scan" value you gave me, it says "nothing found".
So I have to find it manually...
when I find my gold value in my first search and then click "what writes to this address" (find "mov [ecx+10],eax"), and then I choose "show this address in the disassembler", should I look below or above this address for the "mov [edx+10],ecx" command?
Also in the "memory viewer" when I choose "search/find assembly code" and type in the "mov [edx+10],ecx" you gave me to find the memory address, it makes a list with about 30-40 findings. Then I go to each one of these addresses and what do I do next?
I tried finding the "call eax" command before it (above it), right-click on it and choosing "break and trace instructions", type in "36" that you told me and it brings up the "tracer" window. Then I make a change in my game's gold and still nothing appears in the tracer.
Then I tried to "break and trace" the addresses that came up with the "mov [edx+10],ecx" command, then "show what writes to this address", every time by making a change in my game's gold and from some of these addresses, I managed to get a list of other addresses.
I found the one that looked different withing them but it seems that I'm not able to change its value to try it out. How do I change it? I only know how to change the value of addresses that I find in the first CE window, where you double-click on them and you type a new value in.
I'm sorry for the trouble but it seems that I'm still missing something...
_________________
Trust No One... |
|
| Back to top |
|
|
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
| Posted: Mon Jul 02, 2012 1:38 pm Post subject: |
|
|
well yes, i have to admit, i made that code in like 4 minutes and didn't payed much attention to it.
the code is not placed in a module, so the codes address might change, perhaps that's why when you got to the address that i gave you, you got something else 
as for the aob scan, my bad, i actually thought that the two functions were always together, they are not, perhaps the function that goes immediately after the one that menages the gold it's not always the same, so that might mess up the aob scan a little bit.
sorry again, but with all the info i gave you, you should've found already that real gold address ?
try the new aob scan :
| Code: | That's the first aob i gave you:
89 4A 10 8B 4D F0 89 0D 4C 80 C7 00 8B E5 5D C3 CC CC CC CC CC CC CC CC CC CC 00 00 00 00 BC 2F 3A 07 EC 0F 3B 07 00 00 00 00 5C 31 3A 07 55 8B EC 83 EC 28 89 5D FC 8B 4D 08 8B 45 10 8D 55 F0 8B 1D 4C 80 C7 00 89 4D F4 89 5D F0 89 15 4C 80 |
see that CC CC CC CC ... that's free space, unused, that separates the two functions
| Code: | Try the new one, it's a little bit shorter than the first one, but it's basically the same as the first one, i hope you don't get more that one result.
89 4A 10 8B 4D F0 89 0D 4C 80 C7 00 |
[EDIT]
| mac13 wrote: | | [...]should I look below or above this address for the "mov [edx+10],ecx" command?[...] |
of course you go up, try thinking ...
the real address of money is not what you see on the screen, otherwise it would just pop up as a result when you search for the gold value no?
so at this point you already have the result (translated) for the real address of the gold, and that means: the real address of the gold has been read and translated to the value that you see on the screen,
so go up, and trace that call eax!!.
| mac13 wrote: | | [...]Also in the "memory viewer" when I choose "search/find assembly code" and type in the "mov [edx+10],ecx" you gave me to find the memory address, it makes a list with about 30-40 findings. Then I go to each one of these addresses and what do I do next?[...] |
of course you get a million, billion of results.
this just means copy the value of register ecx and place it into the value of the address edx+10, ecx is a value and so is edx and edx+10 is another value.
you can say that
00120ABC is a value, but you can also say that it could be an address.
in assembly language:
this affects:
[00120ABC] the value of address 00120ABC
00120ABC the actual address
so,
mov [eax+10],00000009 means: place 9 in the value of address eax+10
mov eax,00000009 means: make eax become 9
and so on, there are a lot of other instructions
| mac13 wrote: | | [...]I tried finding the "call eax" command before it (above it), right-click on it and choosing "break and trace instructions", type in "36" that you told me and it brings up the "tracer" window. Then I make a change in my game's gold and still nothing appears in the tracer[...] |
that's odd, i mean it worked for me !!
sure you did it correctly??
try this way:
search 4 byte for the gold.
you'll find 2 addresses
modify one at a time, one should change back immediately, and the other should change when you actually bring up in front the game's window.
pick the one that changes back immediately.
now right click that address and hit find out what code write to this address.
you'll find more codes, but while finding out the code, with the game on background change again the value of gold, it should turn back to the original value immediately, now go to the window that tries to find the code and look at the count, it should be 1, means that the code wrote a value just once.
pick that code
hit disassemble at this location, or open debugger at the location of that code.
you should be there where you go up and see that call eax.
go ahead, right click call eax, break and trace, 36 or more, ok
change the value with cheat engine,
it should again turn to it's original value.
but this time you know for sure that the code was executed and the tracer should show you the function that was called (call eax), at that point eax is the address of that function.
look in the tracer select code by code, some codes should show you up some addresses, add them to the tabe, figure what's the real address of money by freezing address by address and trying to change the value with the game.
good luck
| mac13 wrote: | [...]Then I tried to "break and trace" the addresses that came up with the "mov [edx+10],ecx" command, then "show what writes to this address", every time by making a change in my game's gold and from some of these addresses, I managed to get a list of other addresses.
I found the one that looked different withing them but it seems that I'm not able to change its value to try it out. How do I change it? I only know how to change the value of addresses that I find in the first CE window, where you double-click on them and you type a new value in.[...] |
this is pointless, it will bring you nowhere good.
| mac13 wrote: | | [...]I'm sorry for the trouble but it seems that I'm still missing something... |
don't worry i'm doing this, because i want to figure what's the best and easy way to teach someone some assembly and stuff.
you know, if i tell you all this crap in three lines, you may say:
wahtta ..***???
you know, make it simple and essential without changing or messing with the terms (general purpose register)
i saw that you didn't even knew what was a register, so that's why.
i'm soon going to be a real teacher
_________________
... Fresco |
|
| Back to top |
|
|
mac13
Newbie cheater
![]() Reputation: 0
Joined: 19 Jun 2012
Posts: 17
|
|
| Back to top |
|
|
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
|
| Back to top |
|
|
mac13
Newbie cheater
![]() Reputation: 0
Joined: 19 Jun 2012
Posts: 17
|
| Posted: Wed Jul 04, 2012 1:08 am Post subject: |
|
|
My 1st mistake was that I was looking BELOW the address in the disassembler for the "call eax" command and not above it, because I thought that the previous procedures were below. Now it just sounds silly to me to do that, but I think I got confused atm.
Search AOB "89 4A 10 8B 4D F0 89 0D 4C 80 C7 00" --> nothing found
...and sorry, but I could do nothing more when I followed the step by step procedure. 
What I did (2 pictures below):
(according to the step-by-step guide)
- I find the gold value that changes immediatelly
- Choose "what writes to this address"
- Change gold in-game and I get "mov [ecx+10],eax" address (count 1)
- I open it in disassembler
- Locate "call eax" command (3 lines above it)
- Choose "break and trace", type in 36 (IDK what this "36" is anyway...)
- Make a change in gold in game OR from CE main window to the address found
- I get a list under the "call eax" function in the tracer.
- I look for the "mov [edx+10],ecx" command... NOT THERE!
(what I tried later):
- Start adding ALL the addresses that have "mov" inside to CE main window, one by one, by pressing the "add address manually" button
- Frozen 1st address
- Made a change in game's gold --> gold changed as it should (not frozen)
- Frozen them one by one, each time with a gold change --> (not frozen)
- Searched for another "call eax" command before the one I found
- Made a gold change --> nothing appeared in the tracer (as expected)
So, should I try to add/freeze ALL the addresses shown under the correct "call eax" command 1 by 1, or only the ones with "mov" inside, as I did?
PS. They should really add an "add address in the main CE window" function from the tracer window in the next version, so we don't have to type them in manually.
| Description: |
|
| Filesize: |
363.04 KB |
| Viewed: |
25072 Time(s) |
|
| Description: |
|
| Filesize: |
180 KB |
| Viewed: |
25072 Time(s) |
|
_________________
Trust No One... |
|
| Back to top |
|
|
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
| Posted: Wed Jul 04, 2012 2:39 am Post subject: |
|
|
| mac13 wrote: | [...]
- I find the gold value that changes immediatelly[...] |
Correct 
| mac13 wrote: | [...]
- Choose "what writes to this address"[...] |
Correct
| mac13 wrote: | [...]
- Change gold in-game and I get "mov [ecx+10],eax" address (count 1)[...] |
Wrong, the procedure said change with cheat engine, but it worked anyways
| mac13 wrote: | [...]
- I open it in disassembler[...] |
Very good
| mac13 wrote: | [...]
- Locate "call eax" command (3 lines above it)[...] |
All good till here
| mac13 wrote: | [...]
- Choose "break and trace", type in 36 (IDK what this "36" is anyway...)
- Make a change in gold in game OR from CE main window to the address found[...] |
36 means how many instructions to trace
if you say 2, in the tracer window you will only see 2 instruction the call eax and the next one
and again the instructions said to change the value with cheat engine not the game, but again it worked anyways.
36 was just a tip from me, because it happens that the call eax function is not longer than 36 instructions, you can trace 1000 too, all that changes is that you see 964 unneeded opcodes / instructions
| mac13 wrote: | [...]
- I get a list under the "call eax" function in the tracer.[...] |
the list is good , i mean till here everyhing is as it should be to be able to find that real gold :d
| mac13 wrote: | | [...]- I look for the "mov [edx+10],ecx" command... NOT THERE! [...] |
of course it's not there :d it shouldn't be, the mov bla bla command is the command that decreases your gold when you buy something, the call eax, does this:
looks into memory, takes the (encrypted) value of the real gold address and decrypts it into decimal so that it can be displayed on your screen.
since it takes the value, that mean it also knows it's address !!!
see the tracer window ? you have selected call eax, and on the right of the tracer window, you see:
call eax
eax=bla bla
ebx=bla bla
...
try to select a code that has the square brackets like this one:
mov eax,[ebp+08]
see that [ebp+08] ?? well it is under square brackets, so that means that it is an address that the game uses.
remember this?
mov [ecx+10],eax
this is the instruction that writes on the address that you see on the screen
well [ecx+10], is the address of the value that you see on the screen and that when changed, changes back immediately :d
and eax the value that will be stored
simple no ?
the tracer shows you what eax is equal to
then you add 10(hex) to that number
and there you go, you have the address that you add to the table and check if it works, if it's the real address, then you find the pointer or the code that writes to it.
i mentioned this in previews posts, but you wouldn't listen.
i suggest you to read again the whole topic without doing anything else.
let me try to calculate the address so that you can see that it works, from what i can see from this screenshot:
http://forum.cheatengine.org/files/mem2_846.jpg
well:
the following opcodes write to 0163DFD8
mov [ecx+10],eax
ecx + 10 should give 0163DFD8 since the opcode writes to 0163DFD8 no?
so let's see what ecx is equal to:
ecx = 0163DFC8
eax = 0002E82F
and in a HEX calculator
0163DFC8 + 10 = 0163DFD8
so at that precise point writing
mov [ecx+10],eax
or
mov [0163DFC8+10],0002E82F
makes no difference , it makes when the code writes to multiple addresses.
when mov [ecx+10],eax could write to an infinite possibilities of addresses, with infinite possibilities of values
mov [0163DFC8+10],0002E82F, writes this value (0002E82F) on this address (0163DFD8)
but since 0163DFD8 changes every time you restart,
writing again this:
mov [0163DFC8+10],0002E82F
will be wrong because
ecx+10 would give a new result and the gold value will change
got it ???
now do the same with the tracer with all the opcodes you see
| mac13 wrote: | [...](what I tried later):
- Start adding ALL the addresses that have "mov" inside to CE main window, one by one, by pressing the "add address manually" button
- Frozen 1st address
- Made a change in game's gold --> gold changed as it should (not frozen)
- Frozen them one by one, each time with a gold change --> (not frozen)
- Searched for another "call eax" command before the one I found
- Made a gold change --> nothing appeared in the tracer (as expected)
[...] |
didn't told you anything about mov ::::
i said everything that has a [general_purpose_register+offset] under square brackets of course
and that would mean
[eax+number]
[ebx+number]
[ecx+number]
[edx+number]
try also ..., but these are not general purpose registers
[esi+number]
[edi+number]
[esp+number]
[ebp+number]
[eip+number] ?? , but i doubt that,
it can also be that it has no offset so,
[eax]
[ebx]
etc...
i don't really want to give you the solution right away, but you're on a good track till the tracer
| mac13 wrote: | | [...]So, should I try to add/freeze ALL the addresses shown under the correct "call eax" command 1 by 1, or only the ones with "mov" inside, as I did?[...] |
what you should, is re read the post a few times also the entire topic
| mac13 wrote: | | [...]PS. They should really add an "add address in the main CE window" function from the tracer window in the next version, so we don't have to type them in manually. |
i told you that those addresses holds the instructions, opcode, if you change those addresses values, you'll gonna end up with crashing the game !!!
you need to change the pointers VALUES, yes that's how they are called
a pointer looks like that:
[general_purpose_register+offset]
look above
example
in a code you see:
mov eax,[ebp+08]
[ebp+08] is a pointer .... voilą
you look what ebp is qual to, you add 8 to that number (using a hex calculator) and there's the address that you should add to the table, not the address of the opcode or instruction, whatever you wanna call it.
mov eax,[ebp+08]
you click in the tracer that code
in the right you'll see what ebp is equal to,
you pick a HEX CALCULATOR
and do the math
the ebp value + 08
if ebp=0000ABCD
you do:
0000ABCD+08
and the result : 0000ABD5
is an address that you add to the table
you freeze that address 0000ABD5, you try to buy something is the game, and if in the game the gold doesn't change, 0000ABD5 is your real gold address.
got it ?
_________________
... Fresco |
|
| Back to top |
|
|
mac13
Newbie cheater
![]() Reputation: 0
Joined: 19 Jun 2012
Posts: 17
|
| Posted: Thu Jul 05, 2012 2:46 am Post subject: |
|
|
@Fresco
I finally did it!
With your help of cource...
It's the "mov eax,[edx+10]" command that writes to the real money address.
BUT.......
according to your instructions, it took me a while to do it, because I understood that I should add (for example: edx+10), with "edx" memory address taken from the "what writes to this address window" and not from the addresses of the "tracer window" (when they show up to the right if you click to each one of the "call" sub-commands.
Any advice of how I can find the value that I should type in this memory address, so I can have an EXACT gold amount?
As an example, when I put 500000 my gold goes to 594291 and when I put 100000 it goes to 997000. It doesn't make any sense to me, or it must have a "multiplier" or something... but I guess I can experiment on that now...
Anyway, THANKS A LOT for the help and your time.
Let's see if I can find the experience values now...
PS. I tried exporting a trainer (never tried that before), but it seems that it has some problem with the addresses that change in each game run, so the trainer is not working.
Just to add, that when you finally change the address value and the new gold shows up in your game, you must buy/sell something from within the game, so it REALLY registers into the game's memory. What I mean is that if you exit (autosave) your game, without first altering your (new) gold amount (within the game), your new gold amount won't be there when you load it up again.
_________________
Trust No One... |
|
| Back to top |
|
|
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
| Posted: Thu Jul 05, 2012 6:01 am Post subject: |
|
|
it's good to hear that
phew, you finally understood.
next time, let me give you a tip and a working aob
tip:
trace the call eax with 19 instructions, the last one should have the pointer of the real money address.
this is the working aob, the previews one didn't work because there was a value that changed, in the code, very strange thing, but, that's why.
real working aob.
notice: this aob doesn't return the exact location of the code that writes to real gold address, but it's close enough for you to understand where it is located.
if you use the disassembler, just add an offset, for it to return the real code.
like this:
and here's the aob:
| Code: | | 8B 45 10 8B 10 8B 48 04 8B 43 0C 8B 58 1C 83 E3 F8 8B 43 18 8B 5D FC 33 C8 B8 04 00 00 00 89 4A 10 8B 4D F0 89 0D |
_________________
... Fresco |
|
| Back to top |
|
|
mac13
Newbie cheater
![]() Reputation: 0
Joined: 19 Jun 2012
Posts: 17
|
| Posted: Fri Jul 06, 2012 12:38 am Post subject: |
|
|
Thanks!
The character's experience seems to work in the same way as gold, but it's a bit more risky to mess with, because of the "weird" value in the real memory address (962771 gives you 128 exp, while 962760 gives you 155 exp). It needs to be set in the exact number you want (because of the Level capacity of the game) and this is not possible until you know the "pattern" that this value is calculated in the real memory address.
_________________
Trust No One... |
|
| Back to top |
|
|
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
| Posted: Fri Jul 06, 2012 3:10 am Post subject: |
|
|
can you post the aob for that ?
check if it works first.
and give the instruction.
aob
and instruction
anyways
i have here the solution for exact money
so, if you want 10 gold you have to do this:
10 xor 962643 = 962649
type in the real address value : 962649 and you'll have 10 gold
cheers
-here's an auto assemble code that will basically do no changes, but help you finding the code faster
just go to address goldcode
an it'll pop up the code that writes to the real gold address
| Code: | [ENABLE]
alloc(goldcode,48)
label(goldpointer)
registersymbol(goldcode)
registersymbol(goldpointer)
aobscan(goldcodeaddress,8B 45 10 8B 10 8B 48 04 8B 43 0C 8B 58 1C 83 E3 F8 8B 43 18 8B 5D FC 33 C8 B8 04 00 00 00)
goldcode:
mov [edx+10],ecx
mov ecx,[ebp-10]
ret
goldpointer:
db 00 00 00 00 00 00 00 00
"goldcodeaddress"+19:
db B8 04 00 00 00 //Original Code
call goldcode
nop
[DISABLE]
dealloc(goldcode)
unregistersymbol(goldcode)
unregistersymbol(goldpointer)
aobscan(goldcodeaddress,8B 45 10 8B 10 8B 48 04 8B 43 0C 8B 58 1C 83 E3 F8 8B 43 18 8B 5D FC 33 C8 B8 04 00 00 00)
"goldcodeaddress"+19:
db B8 04 00 00 00 //Original Code
mov [edx+10],ecx
mov ecx,[ebp-10] //Original Code |
_________________
... Fresco |
|
| Back to top |
|
|
mac13
Newbie cheater
![]() Reputation: 0
Joined: 19 Jun 2012
Posts: 17
|
| Posted: Fri Jul 06, 2012 10:47 am Post subject: |
|
|
Thanks!
The xor thing works fine for the money and for the exp as well.
Do you mean you want me to give you the aob scan for the experience?
IDK where to look for it.
Maybe the image can help you on this (highlighted in red is the real exp address).
The first instruction (what writes to this address) is "mov [esi+10],eax".
The second instruction (into call eax) is "mov eax,[edx+10]", exactly the same like the "gold" one.
| Description: |
|
| Filesize: |
454.45 KB |
| Viewed: |
24831 Time(s) |
|
_________________
Trust No One... |
|
| Back to top |
|
|
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
| Posted: Fri Jul 06, 2012 5:53 pm Post subject: |
|
|
yep, that works, thanks.
though i can't figure why it stops upgrading after level 10 ?
any clue or requirements ? obviously i have the required XP points XD.
_________________
... Fresco |
|
| Back to top |
|
|
mac13
Newbie cheater
![]() Reputation: 0
Joined: 19 Jun 2012
Posts: 17
|
| Posted: Sat Jul 07, 2012 9:26 am Post subject: |
|
|
Yes. You need to upgrade you "hero's room" in your castle screen once, before you can level further to level 20. Twice for level 30, etc...
The game's final level cap, is level 100.
Try to do a simple 4 byte search for the level number of your character and once you find it you can change it immediately without having to even upgrade your hero's room. It may take a few searches, because it is a 1 digit number and that makes it more difficult to trace, but doesn't need any other mumbo-jumbo like "tracers" or "memory viewers". You just change it's value from the main screen and if you found the exp address already, you can mess with it (lower and increase it) in order to find easier your level number mem address.
I managed to level up my warrior up to level 432 and the other two classes up to level 452. After that there are too many skill points to spend in the skill trees, so the game doesn't "let you out" of the skill screen before you spend them all and you'll be "trapped" in there.
Of course you can find your skill points and adjust them with CE, but you'll have the same problem later on again.
So, will you tell me if my highlighted line in red is the aob scan?
_________________
Trust No One... |
|
| Back to top |
|
|
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
| Posted: Sat Jul 07, 2012 6:36 pm Post subject: |
|
|
humm yes, you're right, the game does seem to have some sort of protection against point hacking, i upgraded all my abilities to max, but with no next button, you know to get out of the upgrade window, and sometimes appeared an X to close the upgraded, but no change would then be applied.
no, the aob is this :
| Code: | | 52 6A 00 51 FF D0 83 C4 10 89 46 10 83 EC 04 6A 01 |
that's it! also remember to add an offset
"aobscanlabel"+offset in hex
anyways i have atk 800 (increasable) and the rest also to 800
all the spells to max with all the upgrades, and a full castel upgraded max and the thing is, i have just finished the tutorial and have yet to have my first fight.
upgraded with all best armors and weapons
also upgraded to max level, nobody can fight against me in the field i guess it kinda lost it's purpose with codes LOL!
i think i'm going to finish it quickly for the story then uninstall it, now that it made it's point and was able to find kinda all the codes that a player would want for that game.
_________________
... Fresco |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
