FearLess Cheat Engine

So i'm trying to cheat money in a game but the addresses I get don't work even though the address list does not change when I keep scanning, and editing any of the result does not change my money when it gets updated in game. I was going to find the pointer for money but can't if I can't even find a working "standard" address.



Damage values work just not anything related to money/resources.



Sorry if you don't get what i'm trying to say but I'm terrible at writing/typing.

I am assuming you have completed the CE tutorial, right? If you haven't, then I would start there.
As it still eludes me, what exactly is your issue?

the addresses I get don't work even though the address list does not change when I keep scanning

Were you able to find the actual address (not the visual) that controlled money?
If you did, you could make an injection copy or, alternatively, get a pointer to the address.

Or, perhaps money is of a different type besides 4-bytes?

I can't really make any feasible conclusions since your message is slightly unclear.

[QUOTE="ballhammer, post: 138549, member: 3697"]

So i'm trying to cheat money in a game but the addresses I get don't work even though the address list does not change when I keep scanning, and editing any of the result does not change my money when it gets updated in game. I was going to find the pointer for money but can't if I can't even find a working "standard" address.



Damage values work just not anything related to money/resources.



Sorry if you don't get what i'm trying to say but I'm terrible at writing/typing.

[/QUOTE]

This could be because the value is stored as a different type than you think, or the value could be encrypted, or the value is stored on a server and not in your memory; thus you have only found the display value. Block the game in your firewall to see if it's server side, if not then you'll have to try different value types and different scan methods tell you find a value you can freeze and have an effect in game.

[QUOTE="happyTugs, post: 138553, member: 39952"]

I am assuming you have completed the CE tutorial, right? If you haven't, then I would start there.



As it still eludes me, what exactly is your issue?



Were you able to find the actual address (not the visual) that controlled money?

If you did, you could make an injection copy or, alternatively, get a pointer to the address.

Or, perhaps money is of a different type besides 4-bytes?



I can't really make any feasible conclusions since your message is slightly unclear.

If you are smart enough to realize your own flaws, then you should take steps to remediate them.

[/QUOTE]

The scanning finds the address but changing doesn't do anything and I had it set to all before changing it to 4 bytes since all the other values I was editing were 4 bytes. I was also assuming if I can't get the standard address to work than the pointer wouldn't work either.

note: I have all set to include 1,2,4,8, float, and double. [S]I have not completed the tutorial but I will do that right now.[/S] Completed

[automerge]1591553559[/automerge]

[QUOTE="ShyTwig16, post: 138557, member: 91"]

This could be because the value is stored as a different type than you think, or the value could be encrypted, or the value is stored on a server and not in your memory; thus you have only found the display value. Block the game in your firewall to see if it's server side, if not then you'll have to try different value types and different scan methods tell you find a value you can freeze and have an effect in game.

[/QUOTE]

I tested it and game works without internet.



A video is worth a thousand words. Hopefully this will better than my cluster**** of a comment

[MEDIA=googledrive]1g55jK7elFibrVjCYeCPRmrQEzlg3FZhl[/MEDIA]

ballhammer wrote: The scanning finds the address but changing doesn't do anything

A few things I can think of.

The address you have found might be the visual address.
Or, the actual value might be entirely different (encrypted maybe? idk).

One (slightly tedious) way to remediate that is to not search for an exact value, but to search for an unknown initial value and filtering your results with 'Changed value'.

Alternatively, you could work your way up by finding out what instruction accesses the address and trace how the visual address got its value.

A few links you could take a look at.
[Link]
[Link]
How to Find Encrypted or Obfuscated Variables in Cheat Engine Guide - Forum Post (Rake)
and of course,
[Link]

Spoiler

i just realized that ShyTwig16 :: Enchanter is a fucking monty python reference...

happyTugs, post: 138674, member: 39952 wrote:
A few things I can think of.



The address you have found might be the visual address.

Or, the actual value might be entirely different (encrypted maybe? idk).



One (slightly tedious) way to remediate that is to not search for an exact value, but to search for an unknown initial value and filtering your results with 'Changed value'.



Alternatively, you could work your way up by finding out what instruction accesses the address and trace how the visual address got its value.



A few links you could take a look at.

[Link]

[Link]

How to Find Encrypted or Obfuscated Variables in Cheat Engine Guide - Forum Post (Rake)

and of course,

[Link]



[ISPOILER]omg, i just realized that 91 :: Enchanter is a fucking monty python reference...[/ISPOILER]

I'll try that.



Note: relating to one of the videos links.

The debugger does not work with this game. It just times out.

since you actually seem to take advice, i took a quick look at the game.
your values are being encrypted by a simple xor.
wondering how i found that?

you first need to learn about calling conventions and how parameters are moved into certain registers/pushed onto the stack before a call.

here's some links.
[Link]
[Link]

afterwards, apply a break and trace (or a break-point) on the instruction that wrote to the visual address (specifically look at the stack trace), look at what parameters were used in the function call, and trace backwards.

edit. what debugger are you using? try using windows debugger if veh debugger isn't working or vice versa. they are located in the 'Settings' in the 'Debugger Options' underneath the 'Debugger Method'. oh, and make sure you give CE some time for the debugger to attach. don't just close out immediately.

[QUOTE="happyTugs, post: 138690, member: 39952"]

since you actually seem to take advice, i took quick a look at the game.

your values are being encrypted by a simple xor.

[CODE]

ACE.exe+1517D0 - 55 - push ebp

ACE.exe+1517D1 - 8B EC - mov ebp,esp

ACE.exe+1517D3 - 8B 41 24 - mov eax,[ecx+24] -- [ecx+24] holds the actual coins

ACE.exe+1517D6 - BA 0F270000 - mov edx,0000270F { 9999 } -- max coins

ACE.exe+1517DB - 35 D3EA0700 - xor eax,0007EAD3 { 518867 } -- encryption takes place here

ACE.exe+1517E0 - 03 45 08 - add eax,[ebp+08]

ACE.exe+1517E3 - 3B C2 - cmp eax,edx

ACE.exe+1517E5 - 0F4F C2 - cmovg eax,edx -- if you exceeded 9999 coins, retain value of 9999 coins (potentially unlimited coins?)

ACE.exe+1517E8 - 33 D2 - xor edx,edx

ACE.exe+1517EA - 85 C0 - test eax,eax

ACE.exe+1517EC - 0F49 D0 - cmovns edx,eax

ACE.exe+1517EF - 8B C2 - mov eax,edx

ACE.exe+1517F1 - 35 D3EA0700 - xor eax,0007EAD3 { 518867 }

ACE.exe+1517F6 - 80 79 3C 00 - cmp byte ptr [ecx+3C],00 { 0 }

ACE.exe+1517FA - 89 41 24 - mov [ecx+24],eax

ACE.exe+1517FD - 75 12 - jne ACE.exe+151811

ACE.exe+1517FF - 52 - push edx

ACE.exe+151800 - 68 60BCDE00 - push ACE.exe+20BC60 { ("BattleMaterial") }

ACE.exe+151805 - E8 1679FBFF - call ACE.exe+109120

ACE.exe+15180A - 8B C8 - mov ecx,eax

ACE.exe+15180C - E8 4F87FBFF - call ACE.exe+109F60

ACE.exe+151811 - 5D - pop ebp

ACE.exe+151812 - C2 0400 - ret 0004 { 4 }

[/CODE]



wondering how i found that?



you first need to learn about calling conventions and how parameters are moved into certain registers before a call.

here's some links.

[URL='https://en.wikipedia.org/wiki/X86_calling_conventions']x86 calling conventions[/URL]

[URL='https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/x64-architecture']x64 Architecture[/URL]



afterwards, apply a break and trace (or a break-point) on the function that writes to the visual address (specifically look at the stack trace), look at what parameters were used in the function call, and trace backwards.



edit. what debugger are you using? try using windows debugger if veh debugger isn't working or vice versa. they are located in the 'Settings' in the 'Debugger Options' underneath the 'Debugger Method'. oh, and make sure you give CE some time for the debugger to attach. don't just close out immediately.

[/QUOTE]

Well this is going to be a headache to figure out [S]but I got to learn what High school won't teach me and relating to the debugger I was using the windows debugger but I guess I wasn't waiting long enough.[/S] It just wanted me to click the game.



Thank you and the others for helping:D

this is going to be a headache

[Link]