Cheat Engine

Epz · Newbie cheater Reputation: 0 Joined: 01 Jul 2012 Posts: 23

Hi,

I've been checking out about Memory Viewer. I don't really understand anything about it and how to solve things from it, but is that possible to make trainer with C# which edits these values in example "jne" -> "je"

I don't really know how to explain, but the memory viewer will open if I press some found address with right click and I press "disassemble this memory region"

What is that called and where do I can find some tutorials for it? In example if I want to edit basic memory values I can simply search C# ReadProcessMemory and WriteProcessMemory from Google and I get some results for that. Already got Memory editing work, but I've no idea how to edit these "jne", "jmp", "je" and etc values with C#.

Some help? Smile

Thanks!

atom0s · Posted: Thu Nov 28, 2013 11:58 pm Post subject:

JNE and JE are called "opcodes". (See here for more info on a detailed explanation if you want: http://en.wikipedia.org/wiki/Opcode)

Every opcode is defined by a sequence of bytes. For example:
0x73 = JNB (Jump if not below)
0x74 = JE (Jump if equal)
0x75 = JNZ (Jump if not zero) / JNE (Jump if not equal)
0x76 = JBE (Jump if below/equal)

And so on. (These are in their short-jump forms.)

With C# you just need to use WriteProcessMemory and toggle the byte to the jump type you need. Keep in mind that not all jumps are the same size of bytes so you can't always just overwrite 1 of the bytes and have it work.

In your case you want to change 0x75 with 0x74.

There are plenty of source code examples of how to write to memory on this forum in C# and other languages.

Epz · Newbie cheater Reputation: 0 Joined: 01 Jul 2012 Posts: 23

Figured it out, but:

E: Oh. Fine. I found byte of array for that address and it needs to be modified. I see that the address is green in addresses bar including array of bytes as a value, but address still changes in every start of game. Possible to search address itself with byte of arrays in C#? Surprised

atom0s · Posted: Fri Nov 29, 2013 11:40 am Post subject:

Memory changes are not permanent. You need to apply your hack everytime the game is started. Given the screenshots you showed, you are patching a fairly well used function inside a system DLL, I don't recommend patching the file itself to always have it enabled.

Epz · Newbie cheater Reputation: 0 Joined: 01 Jul 2012 Posts: 23

But in example (at all) if we don't watch pictures anymore. I find always one result as green address (including byte of array in it's value) with byte of array I already found from disassembler, but address of byte of array changes everytime when I start the game. Is that possible to find "green" address which doesn't change (?pointer?) ? :/

And in otherwords I guess I need to find address using byte of array, because everytime my trainer starts loses the address where this byte of array is stored.

atom0s · Posted: Fri Nov 29, 2013 12:07 pm Post subject:

You can scan for the array of bytes leading to that area. For example you have: