Cheat Engine

[snowflake]

CE is a very powerful and useful tool hands down.
What I don't understand in general in CE is what ultimate use does every feature of CE has i.e. AOB, pointer scan, auto assemble etc.
OK, I know pointer scan is for a cheat table, so to freeze a pointer for a specific ingame value.
What I don't know is how to go on afterwards, what to do with the result, how to make the final standalone crack/dll if one can be made.

The same goes for AOB -- what to do further with the modified memory region? For auto assemble -- what to do with the modified instructions?

[omnidouche]

I'm pretty new to it all as well and I'm sure plenty of other people have more options to them but for pointers, once they are added to your address list, they display the value of whatever is stored where they are pointing. So if we have a true static base pointer, that base pointer's address will not change even if the address of what we are trying to modify does. So you can save this base pointer cheat in your table to use every time the game is opened.

AOB's are kind of the same thing for me right now except that they are much easier to find....usually. So if you have a good signature, like a base pointer, will always point to the same spot. Not the same address but always the same code/instruction. Using this you can write scripts to modify what that code does. So say I find my ammo AOB and find some sort of instruction there that subtracts from another value/address. With my AOB I can alter this instruction, this exact code, every time the program is launched. Say my code that I want to inject is more bytes than the original. Well in this situation you would just alter the original to jmp to some allocated memory containing your edits then jmp back so it can continue its original instructions after execution. With the way stuff like alloc, labels, and symbols work, you don't have to specify addresses, thus no matter how many times you launch the program, your script should work the same. All of this hinges on having a good, unique signature. Also you need to make sure the script works in the first place.

A very easy to understand method of using AOBs is to NOP instructions. So now I have a unique AOB for my health and find an instruction that looks like it is what subtracts it from my current. Before, I would just edit the health address and call things good but since it doesn't actually freeze the data I can still die in one hit if it's over my set limit. Editing like this causes CE to update a value many times a second rather than truly freezing it. So now that we have our instruction for what subtracts from our health we can change that instruction to do nothing or NOP. In memory viewer, when browsing a region of code, you can right click and select "replace with a code that does nothing". This is very useful for finding the correct address as it allows you to test and, if it doesn't crash your program, restore the original code back to what it was. So with the correct address, we open up our AA window (Ctrl+A in memory viewer) and start writing the script with our AOB as a label and symbol. Then in the disable section we take the same AOB and tell it to write the original bytes back in.

As far as specifics go, it's better to just dig really deep in the forums for how to start then practice the methodology. There are some very good tutorials out there. For AOBs specifically, check out Rydian's guide to modern pointers and AOBs or something like that. It's extremely helpful