Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Advanced Help

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
brondi00
How do I cheat?
Reputation: 0

Joined: 08 Nov 2012
Posts: 2
Location: Oregon, USA
PostPosted: Thu Nov 08, 2012 9:26 pm    Post subject: Advanced Help Reply with quote
I have completed the tutorials and am pretty good at basic functionality of cheat engine but am stumped on this. Game is The Race for the White House.

I searched for my money and found two float values that are display only, not actually value. These addresses are the same every time the game is turned on. I checked to see what writes to them, so I can see where the money is actually calculated and I get this:

Address: 0323D114
005C63E4 - 89 7C 24 18 - mov [esp+18],edi
(esp is 0323D0FC)+18=0323D114, the address?
005C64F6 - D9 5C 24 1C - fstp dword ptr [esp+1C]
(esp is 0323D0F8 below)

Address: 0323D0F8
005C6409 - 50 - push eax (eax is 00000000)
005C64E2 - 51 - push ecx (ecs is 00000000)
005C64FE - D9 1C 24 - fstp dword ptr [esp]

All five of these run continuosly > once per second. Why is that? How do I find out where they are getting their info from? My guess is I should be focusing on 0323D114, right? My problem may be I do not understand assembly, the first command is a copy memory and it is copying from itself?

Please help
Back to top
View user's profile Send private message
Gniarf
Grandmaster Cheater Supreme
Reputation: 43

Joined: 12 Mar 2012
Posts: 1285
PostPosted: Thu Nov 08, 2012 10:48 pm    Post subject: Re: Advanced Help Reply with quote
brondi00 wrote:
I searched for my money and found two float values that are display only, not actually value.
Did you try scanning for displayer_value*100 ? Searching for an "unknown initial value" and filtering only with increased/decreased (with value type=all)? Since you don't know assembly, this should be A LOT easier.

brondi00 wrote:
[code removed]
All five of these run continuosly > once per second. Why is that?
Most likely it's because they refresh the displayed value once per second.

brondi00 wrote:
How do I find out where they are getting their info from?
Select one of those fstp, click show disassembler, and look UP, and pay attention to all instructions that start with an "F", especially the FLD (Float LoaD) and FILD (Float Integer LoaD=convert an integer as a float and load it). When you find one, right click on it->"find out what addresses this instruction accesses". Then look at the accessed address(es). One may be the source of your money. I can't really give a rule of thumb there since it higly depends on how the game is made. The best would be that you understood assembly, and back trace what happens to your float.

brondi00 wrote:
My guess is I should be focusing on 0323D114, right?
Investigate one fstp or the other, it doesn't change much.

brondi00 wrote:
My problem may be I do not understand assembly, the first command is a copy memory and it is copying from itself?
And that's really a HUGE handicap. First get yourself a copy of "Intel® 64 and IA-32 Architectures Software Developer’s Manual" it's a 4000 page pdf where you have a detailed description of all assembly instructions (no I'm NOT telling you to read it entirely!). After that either do some assembly tuts, or just have a peek and experiment on small bits of code that you more or less understand in many many many many games. (I went with the latter, took me about 5 years to understand what I was doing)

"mov [esp+18],edi" means "write EDI int the 4 bytes starting at the address esp+18". Or "move EDI into [ESP+18]" when you're more familiar with this wording.

Here are some tips:
1-anything that is accessed via [esp (+something)] is NEVER the "true" value. By design, Esp serves as a temporary storage area.
2-The mov and the pushs overwrite your addresses, but are unrealated to your money. They're just using the same temporary storage area.
3-Instructions that read or write float values start with an "f" or contain XMMn (where n is a number). This unless they are blindly copying bits for from A to B without knowing that A actually contains a float.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites