Cheat Engine

dougbrent15 · How do I cheat? Reputation: 0 Joined: 10 Sep 2021 Posts: 4

I would like to be able to change the amount of damage that the player deals to the AI, and if possible, the damage that the AI deals to the player too.

I have found the address (not static) of the AI's health. When I check what writes to this address I find the instruction:
04FB643D - D9 9F 68030000 - fstp dword ptr [edi+00000368]

I haven't a clue what this is supposed to mean despite having already done the tutorial. Can anyone please help?

P.S. This is my first post so I apologise if I'm breaking a guideline or two.

Edit: just for clarification, the amount of damage dealt is not constant; in this game it fluctuates around 500. I want to make a simple change to make that fluctuate around a different number, say 750, perhaps by doing a simple +250.

LeFiXER · Posted: Fri Sep 10, 2021 8:19 am Post subject:

Welcome to the forum Doug Smile

. That instruction is responsible for storing a floating point value.

What happens in-game if you right-click > replace code that does nothing on that specific line of instructions.

dougbrent15 · How do I cheat? Reputation: 0 Joined: 10 Sep 2021 Posts: 4

When I replace the code, the enemy simply stops losing health. I'm still dealing 'damage', but it's not affecting the AI's health.

My (obvious) guess is that there is a number generator at work, but I don't know how to access it. Would it be attached to an address?

ParkourPenguin · Posted: Fri Sep 10, 2021 12:17 pm Post subject:

Could you post a few dozen instructions around that write, particularly before it?
(Shift+click to select instructions, right click -> copy to clipboard)

dougbrent15 · How do I cheat? Reputation: 0 Joined: 10 Sep 2021 Posts: 4

This seems to be a full 'loop' of instructions.
AI health is edi+00000368

Looks like edi+000003AC is linked to the damage dealt. Its value does fluctuate and is within the range.

0545622C - D9E8 - fld1
0545622E - DFF1 - fcomip st(0),st(1)
05456230 - DDD8 - fstp st(0)
05456232 - 0F85 8B000000 - jne 054562C3
05456238 - 0F8A 85000000 - jp 054562C3
0545623E - 0F82 7F000000 - jb 054562C3
05456244 - 8B 87 8C020000 - mov eax,[edi+0000028C]
0545624A - 83 EC 08 - sub esp,08 { 8 }
0545624D - 6A 00 - push 00 { 0 }
0545624F - 50 - push eax
05456250 - 39 00 - cmp [eax],eax
05456252 - E8 85F3F6FF - call 053C55DC
05456257 - 83 C4 10 - add esp,10 { 16 }
0545625A - 8B 87 8C020000 - mov eax,[edi+0000028C]
05456260 - 83 EC 08 - sub esp,08 { 8 }
05456263 - 6A 01 - push 01 { 1 }
05456265 - 50 - push eax
05456266 - 39 00 - cmp [eax],eax
05456268 - E8 6FF3F6FF - call 053C55DC
0545626D - 83 C4 10 - add esp,10 { 16 }
05456270 - 8B 87 8C020000 - mov eax,[edi+0000028C]
05456276 - 39 00 - cmp [eax],eax
05456278 - BA 20B4D310 - mov edx,10D3B420 { (109DEDF0) }
0545627D - 83 EC 0C - sub esp,0C { 12 }
05456280 - 50 - push eax
05456281 - E8 6E9AFEFF - call 0543FCF4
05456286 - 83 C4 10 - add esp,10 { 16 }
05456289 - 89 45 F4 - mov [ebp-0C],eax
0545628C - 85 FF - test edi,edi
0545628E - 0F84 410C0000 - je 05456ED5
05456294 - 8D 87 A8030000 - lea eax,[edi+000003A8]
0545629A - 83 EC 08 - sub esp,08 { 8 }
0545629D - 68 18830026 - push 26008318 { (01415194) }
054562A2 - 50 - push eax
054562A3 - E8 F008F8FF - call 053D6B98
054562A8 - 83 C4 10 - add esp,10 { 16 }
054562AB - 8B C8 - mov ecx,eax
054562AD - 8B 45 F4 - mov eax,[ebp-0C]
054562B0 - 83 EC 08 - sub esp,08 { 8 }
054562B3 - 51 - push ecx
054562B4 - 50 - push eax
054562B5 - 8B 00 - mov eax,[eax]
054562B7 - 90 - nop
054562B8 - 90 - nop
054562B9 - 90 - nop
054562BA - FF 90 6C010000 - call dword ptr [eax+0000016C]
054562C0 - 83 C4 10 - add esp,10 { 16 }
054562C3 - D9 87 C8030000 - fld dword ptr [edi+000003C8]
054562C9 - D9 05 B06DE210 - fld dword ptr [10E26DB0] { (2.00) }
054562CF - DFF1 - fcomip st(0),st(1)
054562D1 - DDD8 - fstp st(0)
054562D3 - 0F85 8B000000 - jne 05456364
054562D9 - 0F8A 85000000 - jp 05456364
054562DF - 0F82 7F000000 - jb 05456364
054562E5 - 8B 87 90020000 - mov eax,[edi+00000290]
054562EB - 83 EC 08 - sub esp,08 { 8 }
054562EE - 6A 00 - push 00 { 0 }
054562F0 - 50 - push eax
054562F1 - 39 00 - cmp [eax],eax
054562F3 - E8 E4F2F6FF - call 053C55DC
054562F8 - 83 C4 10 - add esp,10 { 16 }
054562FB - 8B 87 90020000 - mov eax,[edi+00000290]
05456301 - 83 EC 08 - sub esp,08 { 8 }
05456304 - 6A 01 - push 01 { 1 }
05456306 - 50 - push eax
05456307 - 39 00 - cmp [eax],eax
05456309 - E8 CEF2F6FF - call 053C55DC
0545630E - 83 C4 10 - add esp,10 { 16 }
05456311 - 8B 87 90020000 - mov eax,[edi+00000290]
05456317 - 39 00 - cmp [eax],eax
05456319 - BA 20B4D310 - mov edx,10D3B420 { (109DEDF0) }
0545631E - 83 EC 0C - sub esp,0C { 12 }
05456321 - 50 - push eax
05456322 - E8 CD99FEFF - call 0543FCF4
05456327 - 83 C4 10 - add esp,10 { 16 }
0545632A - 89 45 F4 - mov [ebp-0C],eax
0545632D - 85 FF - test edi,edi
0545632F - 0F84 990B0000 - je 05456ECE
05456335 - 8D 87 A8030000 - lea eax,[edi+000003A8]
0545633B - 83 EC 08 - sub esp,08 { 8 }
0545633E - 68 18830026 - push 26008318 { (01415194) }
05456343 - 50 - push eax
05456344 - E8 4F08F8FF - call 053D6B98
05456349 - 83 C4 10 - add esp,10 { 16 }
0545634C - 8B C8 - mov ecx,eax
0545634E - 8B 45 F4 - mov eax,[ebp-0C]
05456351 - 83 EC 08 - sub esp,08 { 8 }
05456354 - 51 - push ecx
05456355 - 50 - push eax
05456356 - 8B 00 - mov eax,[eax]
05456358 - 90 - nop
05456359 - 90 - nop
0545635A - 90 - nop
0545635B - FF 90 6C010000 - call dword ptr [eax+0000016C]
05456361 - 83 C4 10 - add esp,10 { 16 }
05456364 - D9 87 C8030000 - fld dword ptr [edi+000003C8]
0545636A - D9 05 B86DE210 - fld dword ptr [10E26DB8] { (3.00) }
05456370 - DFF1 - fcomip st(0),st(1)
05456372 - DDD8 - fstp st(0)
05456374 - 0F85 8B000000 - jne 05456405
0545637A - 0F8A 85000000 - jp 05456405
05456380 - 0F82 7F000000 - jb 05456405
05456386 - 8B 87 94020000 - mov eax,[edi+00000294]
0545638C - 83 EC 08 - sub esp,08 { 8 }
0545638F - 6A 00 - push 00 { 0 }
05456391 - 50 - push eax
05456392 - 39 00 - cmp [eax],eax
05456394 - E8 43F2F6FF - call 053C55DC
05456399 - 83 C4 10 - add esp,10 { 16 }
0545639C - 8B 87 94020000 - mov eax,[edi+00000294]
054563A2 - 83 EC 08 - sub esp,08 { 8 }
054563A5 - 6A 01 - push 01 { 1 }
054563A7 - 50 - push eax
054563A8 - 39 00 - cmp [eax],eax
054563AA - E8 2DF2F6FF - call 053C55DC
054563AF - 83 C4 10 - add esp,10 { 16 }
054563B2 - 8B 87 94020000 - mov eax,[edi+00000294]
054563B8 - 39 00 - cmp [eax],eax
054563BA - BA 20B4D310 - mov edx,10D3B420 { (109DEDF0) }
054563BF - 83 EC 0C - sub esp,0C { 12 }
054563C2 - 50 - push eax
054563C3 - E8 2C99FEFF - call 0543FCF4
054563C8 - 83 C4 10 - add esp,10 { 16 }
054563CB - 89 45 F4 - mov [ebp-0C],eax
054563CE - 85 FF - test edi,edi
054563D0 - 0F84 F10A0000 - je 05456EC7
054563D6 - 8D 87 A8030000 - lea eax,[edi+000003A8]
054563DC - 83 EC 08 - sub esp,08 { 8 }
054563DF - 68 18830026 - push 26008318 { (01415194) }
054563E4 - 50 - push eax
054563E5 - E8 AE07F8FF - call 053D6B98
054563EA - 83 C4 10 - add esp,10 { 16 }
054563ED - 8B C8 - mov ecx,eax
054563EF - 8B 45 F4 - mov eax,[ebp-0C]
054563F2 - 83 EC 08 - sub esp,08 { 8 }
054563F5 - 51 - push ecx
054563F6 - 50 - push eax
054563F7 - 8B 00 - mov eax,[eax]
054563F9 - 90 - nop
054563FA - 90 - nop
054563FB - 90 - nop
054563FC - FF 90 6C010000 - call dword ptr [eax+0000016C]
05456402 - 83 C4 10 - add esp,10 { 16 }
05456405 - D9 87 C4030000 - fld dword ptr [edi+000003C4]
0545640B - D9 05 C06DE210 - fld dword ptr [10E26DC0] { (2.00) }
05456411 - DFF1 - fcomip st(0),st(1)
05456413 - DDD8 - fstp st(0)
05456415 - 0F85 FF010000 - jne 0545661A
0545641B - 0F8A F9010000 - jp 0545661A
05456421 - 0F82 F3010000 - jb 0545661A
05456427 - D9 87 68030000 - fld dword ptr [edi+00000368]
0545642D - D9 87 AC030000 - fld dword ptr [edi+000003AC]
05456433 - DEE9 - fsubp st(1),st(0)
05456435 - D9 9F 68030000 - fstp dword ptr [edi+00000368]
0545643B - D9 87 C8030000 - fld dword ptr [edi+000003C8]
05456441 - D9E8 - fld1

ParkourPenguin · Posted: Fri Sep 10, 2021 2:37 pm Post subject:

dougbrent15 · How do I cheat? Reputation: 0 Joined: 10 Sep 2021 Posts: 4

Thanks, Penguin. Your solution worked and it was easy to follow!