Cheat Engine

chiconspiracy · How do I cheat? Reputation: 0 Joined: 04 Jun 2015 Posts: 3

As a supernoob, at CE, I'm trying my first attempt after running through the tutorial.

Game: Stranded Deep
Goal 1: Edit base damage of spear
Goas 2: Edit base health of Tiger Shark

Shark health is stored as a float, and regenerates over time. I've found the base value to be 200 for the tiger shark, and found the spear I crafted does 10 damage.

Having found a Tiger Shark and stabbed it in the arse a few times to isolate its health address, I ran "find whats writes to this address."

I get a single result in the opcodes list:

10571B69 - F3 44 0F11 78 54 - movss [rax+54],xmm15

(For fun and testing before this, I went to the memory viewer and added the 'mov [rax+54],0' and was able to one hit kill the shark, but that's not my primary goal)

Here's where I'm getting stuck. I search for the probable value given by the "more information" window using the clicked hex box, and get about a dozen new addresses.

When I try manually adding the addresses, selecting "pointer', and making sure I'm adding the offset of 54, most end up having 0 value, but three of them have the same value "23821380" that doesn't change each time the shark gets stabbed.

Do I have to scan what points to these pointers, or is there a better way?

ParkourPenguin · Posted: Sat Nov 07, 2015 8:05 pm Post subject:

It shouldn't be doing that. Are you searching for 8 bytes or 4 bytes when you search for the value of the pointer? I'm not certain how pointers work in 64 bit processes, but I'm pretty sure you should be using 8 bytes since rax stores 8 bytes. Also make sure you're only searching for the value of rax (not rax+54 or anything else).

You can also do a pointer scan for that value if you want. Tutorial here.

chiconspiracy · How do I cheat? Reputation: 0 Joined: 04 Jun 2015 Posts: 3

ParkourPenguin · Posted: Mon Nov 09, 2015 10:01 pm Post subject:

I'm not that familiar with how CE handles 64 bit processes, but I'll assume it doesn't show the leading zeroes on anything more than 4 bytes long.

Anyway, those addresses should be pointing to your value just fine. Click "Add Address Manually", check the "pointer" checkbox, paste one of those addresses (i.e. 042BC550 in that image) into the box at the bottom, then change the only offset from 0 to 54. Also make sure to change the type to float.

At this point, if the address it's pointing to (shown in the greyed out box at the top) isn't the address of your health, then please post a screenshot of it.

akumakuja28 · Posted: Sun Nov 15, 2015 10:20 pm Post subject:

Do a toggle breakpoint before the xmm15. Keep checking your xmm registers for the value of the "hit" when you find the value and register inject code there like so.

Alloc(adjusteddamage, Cool

Registersymbol(adjusteddamage)

The Xmm value of the hit.

movss Xmm??,[damageadjust] this is new code that you can adjust

The rest of the injection code

Make table entry for damageadjust

Now you can adjust damage given