Cheat Engine

MechaCrab · How do I cheat? Reputation: 0 Joined: 30 Dec 2015 Posts: 5

Hey guys, hoping you could help. Had a quick question. So I'm trying to create a multiplier for experience and AP points, and I'm able to find the addresses for the values easy enough through memory viewer. I've been able to cobble a usable multiplier code using your tutorials, however I'm having a problem when I try to toggle the script off, as the game crashes whenever I do. The code in question currently multiplies any experience gained in battle by a factor of two. This is what I've got so far:

ParkourPenguin · Posted: Thu Dec 31, 2015 10:24 am Post subject:

I'm not sure either; although, I might be missing something obvious.

A few questions:
What's with that sub ecx,[...]? Why have it there?
I'm guessing FF7_EN.exe+59E2C0 is the address of your experience?
Could you post the ASM around the instruction "FF7_EN.exe"+3154B? Either an image or copying the instructions would work. To do so, right click in CE's disassembler, select "Go to address", paste that address in, go up a few instructions, select a few via shift-click, right click on them, select "Copy to clipboard -> Bytes+Opcodes", and post that here.

MechaCrab · How do I cheat? Reputation: 0 Joined: 30 Dec 2015 Posts: 5

ParkourPenguin · Posted: Thu Dec 31, 2015 1:58 pm Post subject:

Yup, I have no idea why it's crashing when you disable the script. Everything seems fine.
It might be a bug in how CE parses module names in instructions, but I doubt it. You can try putting FF7_EN.exe in quotes to make it more explicit. You should look at your allocated memory to find out if CE assembled your code correctly.

The best way to find out what's wrong is to debug it yourself.

Set a breakpoint (Debug -> Toggle Breakpoint) at the instruction FF7_EN.exe+31545 (the one before where you're writing the jump to). This will stop the game when that instruction is run.

If you do something in-game to trigger the breakpoint (i.e. kill a monster) before enabling the script, you should be able to step through (Debug -> Step) the next couple instructions just fine. You can continue running (Debug -> Run) when you're past the instruction FF7_EN.exe+31551.

Now enable the script, and do something in-game to trigger the breakpoint. This time, you should see a jmp at FF7_EN.exe+3154B. Step into that, and you should see your code. Compare that with what you have written down. If it logically makes sense (i.e. sub ecx,[FF7_EN.exe+59E2C0] may be interpreted as sub ecx, [0099E2C0]), then you're good, and can continue stepping though it until after you reach the jmp back to the instruction FF7_EN.exe+31551. If everything seems fine, then continue running.

Now disable the script. I'm assuming it doesn't immediately crash upon disabling the script. Look at the instructions around FF7_EN.exe+3154B again. If everything looks the same as it was before enabling the script, then it should run just fine and nothing should crash.

MechaCrab · How do I cheat? Reputation: 0 Joined: 30 Dec 2015 Posts: 5

Unfortunately, when I try to establish breakpoints at FF7_EN.exe+3155F (for GIL) and FF7_EN.exe+3157D (for AP), selected one at a time of course, I am unable to successfully run it after I step through, as the game crashes once I click back to the window.

Sorry, I'm quite new at this so I might be doing it wrong, since I assume, being unaltered by my script, the game should continue to run after I've used the Step function past a certain extent.

ParkourPenguin · Posted: Thu Dec 31, 2015 3:08 pm Post subject:

Nevermind my previous post, that was written without me having seen your edit.

The problem is that there are different ways of translating the mnemonics humans understand (i.e. mov) into the bytes computers understand. More specifically, even though the mnemonic of that instruction is the exact same, CE isn't translating that into bytes the same way as was originally done by the game. It's putting one more byte than is needed, and as such, is overriding part of the next instruction. This subsequently throws numerous instructions after that out of alignment, which will almost certainly crash the game.

To solve this, just write the bytes directly back to that memory address with db. You can probably trust that it'll be the same whenever you restart the process since it's loaded at 0x00400000, so you can do that directly. If it fails or you just want to be save, globalalloc some backup region of memory and use readmem to backup the bytes into there when enabling scripts. Then just use readmem again when disabling the script to read from the backup.

Here's an example of doing it directly with your 2x AP Script:

MechaCrab · How do I cheat? Reputation: 0 Joined: 30 Dec 2015 Posts: 5

Thank you! Your first solution worked, and I've tested it with all my scripts. I would have had no idea that was what was causing the problem. I had thought that the mnemonic instructions were always 1:1, and was baffled on why the code wasn't disabling to the proper place, but I guess it isn't always 100% translated correctly as you said.

So what exactly does the db do? Is it just the memory address in bytes instead of assembly language?

Regardless, thank you again very much for helping me. I've learned a lot from my first script.

Edit: Sorry, this is a bit embarrassing, but I would like to give you a positive review for your help. Trouble is I have no idea how to do that on this site.

ParkourPenguin · Posted: Thu Dec 31, 2015 4:08 pm Post subject:

db ("declare bytes") is a pseudo-instruction that directly writes some bytes to an address. Normally, ASM code is parsed and translated into bytes that are then written to an address, but you can bypass that step and write the bytes yourself if you want to. It's very useful in this case.

A thumbs up icon appears next to a user's reputation when you are signed into an account that has 15 or more posts. But you should also read the FAQ if you haven't already.