Cheat Engine

[kalakhan]

Hello. I am new to cheat engine and would greatly appreciate if someone could help me. I am trying to find memory addresses for dice roll in Monopoly by Parker Brothers but am failing to do so. I then tried to use "unrandomizer" option in cheat engine main window. When I right click on "unrandomizer", it gives me two memory addresses. However, when I manually add them to list / table and try to edit them, the game crashes while giving me an "Access Violation" error. Please help me find the correct memory addresses for dice roll and also how to make sure that when their values get changed, the game does not crashes.

[Sohail__Saha]

Well, at first find the address of the value that is required. Then, double-click it to add it to the cheat table. Then, (to make a permanent cheat table) find out what writes to that address( I assume that you know how to do it) and open the opcode in the disassembler. Then, press Ctrl+A. Then, go to Templates>(CLICK THE LAST OPTION. Sorry I forgot the option's name.). This will add a [ENABLE] and a [DISABLE] section. Again go to Templates>(CLICK THE FIRST OPTION.Sorry I forgot the option's name.). Then click Yes and see the whole operation. Then you can clearly see what's the pointer address. Then replace it with the function that you want.

For example, if the operation (originalcode) is "sub (esi+xxxxxx*4),edi", it is clear that this line reduces the value stored at "esi+xxxxxxx*4" by edi. Replace it by something that freezes the value or increases the value(your choice). Example--> "add (esi+xxxxxx*4),#9". Just make this change in the ENABLE section. Then, assign this script to the cheat table. THEN, 'FREEZE' the script to apply the cheat and 'UNFREEZE' the script to disable the cheat.

If by reading the second paragraph you are scratching your head, I advice you to learn Auto Assembler. There is a whole section here at Cheatengine.org dedicated to Auto Assembler.

[kalakhan]

Thank you very much for the reply. Although it did not solved the purpose but helped me a lot in understanding how cheat engine works. To be honest, I don't know anything about programming / op codes and other things. Your reply really helped me in moving a step forward.

Actually I am still unable to even locate the memory address for a particular value. I tried to search for a possible reason on various forums and on one, there was something like some values are stored as variables and stored in memory for just a second or two and then gets destroyed. Now knowing that I am trying to find a value that is randomly generated by the application, it is becoming seriously annoying for me to find out which memory address it writes to.

As I explained in my first post that I tried using the unrandomizer on the main screen of cheat engine. That works perfectly fine. The only problem is that I cannot control the value it will generate. Yes, one can go to the "settings" and change it to "1" "2" and so on but changing values in "settings" always return exact same value for two dice. For example, if I change the value in "settings" with "1" beofre enabling unrandomizer on cheat engine main screen and then enable unrandomizer and then roll the dice in game, it will bring me same value for two dice.

It doesn't end here. When I try to change the value of memory address that I took by right clicking on "unrandomizer" the game crashes.

So at first, I would greatly appreciate if you could somehow help me find out the memory address for dice roll in monopoly by parker brothers without unrandomizing. And then we can look into how that can be changed so the game does not crash. Thank you once again.

[Sohail__Saha]

Well, I need that game for finding an accurate solution. Did you download the game?? If yes, from where???

[kalakhan]

Thank you for the reply. I tried to send you the dropbox link so you may download the game (20MB ZIP FILE), but my level on cheat engine forums does not allow me to paste links in my posts. Grateful if you could kindly let me have you email address so I may send you the link.

[NanoByte]

le me see to my spam mail is [email protected]

[kalakhan]

@Nano Byte ; I have mailed you the link to download the game. Please check your email.

[NanoByte]

Here i made this table really quick

just add hotkey to the new postion for the player you are playing and make it increase the amount u want

just make sure u dont go above 55

[kalakhan]

@ NanoByte: Thank you for the help. The table that you sent only enables the user to change the value of player's location on the board.

Lets say if I am playing with other human players, it cannot go un-noticed. So if the dice roll brings a value of "3" and I move my character 6 spaces ahead, that would be a disaster.

However, if one can control the value of dice, that can never be noticed.

So, kindly if possible, try to locate the memory address for dice roll and a possible way to control its value.

[kalakhan]

Finally, I have managed to locate the memory addresses for the dice roll, however, when I try to change its value simply by double clicking on "value" in table, it doesn't work.

Following a previous reply by Sohail___Saha, I managed to change the value using assembler but I have no idea how to make it work in a way that I assign shortkeys for numbers that I want to bring on dice roll and how to create a fully functional trainer.

Please guide me step by step. This would be my first trainer and I will greatly appreciate all the help I can get. Thank you.

[justa_dude]

[kalakhan]

Hello Everyone,

Thank you for helping me earlier.

I tried my best to understand the trainer NanoByte has sent. Somethings I learnt. Most went over my head. Grateful if you could kindly spare few minutes and make me a trainer that I can use to control the dice roll with my choice of numbers using NUMPAD. Value range from 1-12.

Please note that I manage to locate the memory addresses for the dice roll. There are two dice in the game and both have different memory address. But very easy to locate using exact value scan 4 byte. However, with the turn change for each player, the memory addresses switch too. For example, if player 1 rolls and gets 6 on one dice with memory address "x" and 1 on "y" for the other, during the player 2 turn the "x" will be treated as "y" and "y" as "x".

I would greatly appreciate if you can help. The script I will get from you people would really help me in understanding very many things.



Thank you.

KK

[NanoByte]

right click the value of dice and find out what writes to it then copy a good chunk of it here, for me i will make a script based on it and explain how its done

make sure to comment by //comment on the code that writes to your dice value

[kalakhan]

Dear NanoByte --- Thank you for extending help in this matter. Below is the code that you requested. Please note that within the code where it says "original code" (I have also added a comment as your suggested) if I replace "esi" and "edi" with my desired values, I get the results. Grateful if you could kindly explain how can I:

1. Add hotkeys. For example I press NUMPAD 2 so it changes the value of "esi" to 2 and if I press Q, the value for "edi" changes to say 4.

2. The pointers do not work. Each time I find a pointer and then restart the game, it does not work. Please help in that regard as well.

-----------
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here
//replacing "esi" and "edi" with my desired value will do the trick
originalcode:
mov [eax],esi
mov [eax+04],edi

exit:
jmp returnhere

"MonPlg.dll"+54F69:
jmp newmem
returnhere:




[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"MonPlg.dll"+54F69:
mov [eax],esi
mov [eax+04],edi
//Alt: db 89 30 89 78 04


-------------------------------------

After changing the values of "esi" and "edi" the code appears something like this:

0613FFFE - - ??
0613FFFF - - ??
06140000 - C7 00 04000000 - mov [eax],00000004 <<
06140006 - C7 40 04 04000000 - mov [eax+04],00000004
0614000D - E9 5C4FF109 - jmp MonPlg.dll+54F6E

EAX=100B70B8
EBX=00000000
ECX=100B6F58
EDX=00000000
ESI=00000006
EDI=00000001
ESP=0028F3D8
EBP=00000009
EIP=06140006