 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Mclane
Newbie cheater
![]() Reputation: 0
Joined: 19 Oct 2008
Posts: 14
|
 Posted: Thu Sep 27, 2012 11:42 am Post subject: Help with addresses that change please. |
 |
|
Could some kind soul point me to a tutorial that's complete to show me how to find addresses for cheats that change with every load of the game.
I'm ok at finding the cheat for the game but not at solving how to find the real pointer to it when it changes the next time.
Thanks
Edit: maybe another kind soul could help me recognise the PC equiv of the DEC command or a way an address is being altered when you look at what the code is doing at this address.
I'm not sure what to nop...
Sorry, basic newbie stuff, I've seen some tutorials but pictures are missing etc.
|
|
| Back to top |
|
 |
Mclane
Newbie cheater
![]() Reputation: 0
Joined: 19 Oct 2008
Posts: 14
|
| Posted: Sun Sep 30, 2012 4:03 am Post subject: |
|
|
BUMP
Come on guys, I know many trainer makers have a bit of an elitist attitude but, cut an old trainer maker from days before you were born / playing a bit of slack.
Yes, I used to cheat Atari 8bit games and C64 and sometimes for Snes games as in hack the code, not using action replays, pure monitor based stuff.
Sadly I never made the leap up to PC coding and its too late to try, so come on guys and gals, give me a bit of help.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25830
Location: The netherlands
|
| Posted: Sun Sep 30, 2012 2:32 pm Post subject: |
|
|
Try the multilevel pointer tutorial
Or just use the pointerscanner if you have the time/can't debug
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Mclane
Newbie cheater
![]() Reputation: 0
Joined: 19 Oct 2008
Posts: 14
|
| Posted: Thu Oct 04, 2012 4:34 am Post subject: |
|
|
| Dark Byte wrote: | Try the multilevel pointer tutorial
Or just use the pointerscanner if you have the time/can't debug |
Sorry I'm late with the reply..
Thank you, will do..
|
|
| Back to top |
|
|
orlaub
How do I cheat?
![]() Reputation: 0
Joined: 04 Oct 2012
Posts: 4
|
| Posted: Thu Oct 04, 2012 10:45 am Post subject: |
|
|
| Dark Byte wrote: | Try the multilevel pointer tutorial
Or just use the pointerscanner if you have the time/can't debug |
And what if the pointerscanner does not work?
Trying to change my troops in Heroes of Might and Magic V, but I'm not getting anywhere. Maybe it's just because I'm not doing it the right way... 
Been through the multilevel pointer tut, and tried it by sticking with the quantity of a single troop. I did not get more than 1 step, then all the addresses pointed towards .. themselves?
Also tried the pointerscanner, the first scan after the initial one turns up 0 results.
Now I've searched this forum for previous attempts, and I've found one. Been trying to read it, although I'm a total noob at ASM, so there are some things I just really can't understand.
| Code: | // Game Version : 1.0
// Script Version: 1.0
// CE Version : 5.4
// Resource e MP
// 29-Jun-2008
[ENABLE]
alloc(MyCode,1024)
label(_Resource)
label(_MovePoint)
label(_Res1)
label(_Res2)
label(_MovP1)
label(_BackR)
label(_BackMP)
label(_ExitR)
label(_ExitMP)
label(pOwner)
label(pLastOne)
label(pTroops)
registersymbol(MyCode)
registersymbol(pLastOne)
registersymbol(pTroops)
//=============================
// Hacking Points
H5_Game.exe+59ef98:
jmp _Resource
_BackR:
H5_Game.exe+463d6d:
jmp _MovePoint
nop
_BackMP:
MyCode:
//=========================================
// # Bullet can increase, but not decrease
// base + 0x3c = iWood
// base + 0x40 = iOre
// base + 0x44 = iMercury
// base + 0x48 = iCrystal
// base + 0x4c = iSulfur
// base + 0x50 = iGems
// base + 0x54 = iGold
_Resource:
mov ecx,eax
mov eax,[ecx]
mov [pOwner],eax
push ecx
push ebx
mov ecx,00001388 // 5000
mov ebx,6 // # of resource
_Res1:
or ebx,ebx
jz _Res2
dec ebx
cmp ecx,[eax+ebx*4+0000003c]
jle _Res1
mov [eax+ebx*4+0000003c],ecx
jmp _Res1
_Res2:
mov ecx,0000c350 // 50000
cmp ecx,[eax+00000054] //Gold
jle _ExitR
mov [eax+00000054],ecx
_ExitR:
pop ebx
pop ecx
ret // back to main code
//=========================================
// Free Movement
_MovePoint:
mov [ecx+000000e0],eax
mov eax,[ecx+000000dc]
cmp eax,[pOwner]
jne _ExitMP
mov eax,[ecx+000000c4]
or eax,eax
jz _MovP1
push ebx
mov ebx,[eax]
mov [pTroops],ebx
mov ebx,[eax+04]
mov [pTroops+04],ebx
mov ebx,[eax+08]
mov [pTroops+08],ebx
mov ebx,[eax+0c]
mov [pTroops+0c],ebx
mov ebx,[eax+10]
mov [pTroops+10],ebx
mov ebx,[eax+14]
mov [pTroops+14],ebx
mov ebx,[eax+18]
mov [pTroops+18],ebx
pop ebx
_MovP1:
mov eax,[ecx+000000e4]
mov [ecx+000000e0],eax
mov [pLastOne],ecx
_ExitMP:
jmp _BackMP
//=========================================
// Variables
pOwner:
dd 0
pLastOne:
dd 0
pTroops:
dd 0,0,0,0,0,0,0
//=========================================
// Original Codes
[DISABLE]
H5_Game.exe+59ef98:
mov ecx,eax
mov eax,[ecx]
ret
H5_Game.exe+463d6d:
mov [ecx+000000e0],eax
dealloc(MyCode)
unregistersymbol(MyCode)
unregistersymbol(pLastOne)
unregistersymbol(pTroops) |
Can someone explain, first of all, how he defines his variables? -- Like pTroops, for example. It should be mentioned that he/she has this prerequisite of one moving his hero with the troops on it before you can change the troops the hero is holding onto.
If someone could walk me through the entire script, that would be awesome-sauce as well
This probably warrants a new thread entirely.. but whatevs...
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
