I don't understand well about Cheat Engine, so I need help.
I'm playing a football video game, PES 6.
In a carrer mode called Master League, where you have funds.
Before a match, you have an amount of funds (in my case 4550)
After a match, the fund swill increase by 500 (+goals bonus) when it's about a draw or by 1000 (+goals bonus) when it's about a win.
So draw= 500 + bonus (50 for each goal)
win= 1000 + bonus (50 for each goal)
For e.g. if my team draw without scoring (0-0), then the funds will increase only by 500 (without bonus).
I want to reduce 500 and 1000 to make them for e.g. 250 and 500 (and then make a CT)
Before playing a match, the funds were 4550
I searched for the address of the funds. It's 03CDD088
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>0</ID>
<Description>"No description"</Description>
<LastState Value="5050" RealAddress="03CDD088"/>
<VariableType>4 Bytes</VariableType>
<Address>PES6.exe+38DD088</Address>
</CheatEntry>
</CheatEntries>
</CheatTable>
After a 0-0 draw (so +500), my fund became 5050.
This is what writes to this adress:
PES6.exe+2B49B6:
006B49B2 - 3B C3 - cmp eax,ebx
006B49B4 - 74 03 - je PES6.exe+2B49B9
006B49B6 - 01 70 34 - add [eax+34],esi <<
006B49B9 - 5F - pop edi
006B49BA - 5E - pop esi
EAX=03CDD054
EBX=00000000
ECX=03C8AA40
EDX=000013BA
ESI=000001F4
EDI=000003E8
ESP=0571FBC8
EBP=00662F2F
EIP=006B49B9
In this case, esi (000001F4) = 500
After a win (2-0); 1000+100
PES6.exe+2B49B6:
006B49B2 - 3B C3 - cmp eax,ebx
006B49B4 - 74 03 - je PES6.exe+2B49B9
006B49B6 - 01 70 34 - add [eax+34],esi <<
006B49B9 - 5F - pop edi
006B49BA - 5E - pop esi
EAX=03CDD054
EBX=00000000
ECX=03C8AA40
EDX=00001C20
ESI=0000044C
EDI=000003E8
ESP=0571FBC8
EBP=00662F2F
EIP=006B49B9
The esi (0000044C) = 1100
How can I reduce the esi value when it's 500 and 1000 ?
How to change ESI value ??
How to changes values by reducing them in PES 6
Re: How to changes values by reducing them in PES 6
You can use the divide instruction:
Code: Select all
...
div esi,2
add [eax+34],esi
...
Re: How to changes values by reducing them in PES 6
So, it will be like thisLeFiXER wrote: ↑Fri Sep 09, 2022 6:46 pmYou can use the divide instruction:Code: Select all
... div esi,2 add [eax+34],esi ...
Code: Select all
code:
div esi,2
add [eax+34],esi
pop edi
pop esi
jmp return
Re: How to changes values by reducing them in PES 6
I got " Error in (div esi,2): This instruction can't be compiled
Re: How to changes values by reducing them in PES 6
My apologies, I am mistaken it was late last night. You will want to do something like this instead:
Code: Select all
...
newmem:
push eax
push edx
push ecx // store registers eax,edx and ecx
mov eax,esi // copy value from esi to eax
mov ecx,2 // copy amount to divide into ecx
div ecx // divide eax by ecx
mov esi,eax // copy value from eax into esi
pop eax // restore eax
mov [eax+34],esi // move value from esi to [eax+34]
pop edx
pop ecx // restore edx and ecx
jmp return // jump return (assuming this is the intended behaviour)
...
Re: How to changes values by reducing them in PES 6
This time the game crashed when the menu where it shows how + funds I get pop-up (after finishing a match and before returning to the principal menu)LeFiXER wrote: ↑Sat Sep 10, 2022 10:41 amMy apologies, I am mistaken it was late last night. You will want to do something like this instead:I can't guarantee its success, but it is along these lines. EAX holds the value to be divided, ECX holds the value to divide by and EDX stores the remainder after division hence why we are pushing/popping those registers.Code: Select all
... newmem: push eax push edx push ecx // store registers eax,edx and ecx mov eax,esi // copy value from esi to eax mov ecx,2 // copy amount to divide into ecx div ecx // divide eax by ecx mov esi,eax // copy value from eax into esi pop eax // restore eax mov [eax+34],esi // move value from esi to [eax+34] pop edx pop ecx // restore edx and ecx jmp return // jump return (assuming this is the intended behaviour) ...
Re: How to changes values by reducing them in PES 6
I don't have the game so can't test personally. You can use this information to try things yourself. Undoubtedly, there will be some trial and error because that's the nature of hacking games.
From the code you posted in your original post. Perhaps something like this:
From the code you posted in your original post. Perhaps something like this:
Code: Select all
PES6.exe+2B49B6:
006B49B2 - 3B C3 - cmp eax,ebx
006B49B4 - 74 03 - je PES6.exe+2B49B9
push eax
push ecx
push edx
mov eax,esi
mov ecx,2
div ecx
mov esi,eax
pop eax
pop ecx
pop edx
006B49B6 - 01 70 34 - add [eax+34],esi <<
006B49B9 - 5F - pop edi
006B49BA - 5E - pop esi
Re: How to changes values by reducing them in PES 6
it's probably only because the push and the pop's are out of order...
seeing the order of the pop's
Code: Select all
pop eax // restore eax
mov [eax+34],esi // move value from esi to [eax+34]
pop edx
pop ecxthe registers should be pushed in this order:
Code: Select all
push ecx
push edx
push eaxRe: How to changes values by reducing them in PES 6
I used the code like this, with registers' order like you corrected it. But I still get a crashToga wrote: ↑Sat Sep 10, 2022 1:29 pmit's probably only because the push and the pop's are out of order...
seeing the order of the pop's
Code: Select all
pop eax // restore eax mov [eax+34],esi // move value from esi to [eax+34] pop edx pop ecx
the registers should be pushed in this order:Code: Select all
push ecx push edx push eax
Code: Select all
newmem:
code:
push ecx
push edx
push eax
mov eax,esi // copy value from esi to eax
mov ecx,2 // copy amount to divide into ecx
div ecx // divide eax by ecx
mov esi,eax // copy value from eax into esi
pop eax // restore eax
mov [eax+34],esi // move value from esi to [eax+34]
pop edx
pop ecx // restore edx and ecx
jmp return // jump return (assuming this is the intended behaviour)Re: How to changes values by reducing them in PES 6
Here's the original codeLeFiXER wrote: ↑Sat Sep 10, 2022 11:30 amI don't have the game so can't test personally. You can use this information to try things yourself. Undoubtedly, there will be some trial and error because that's the nature of hacking games.
From the code you posted in your original post. Perhaps something like this:Code: Select all
PES6.exe+2B49B6: 006B49B2 - 3B C3 - cmp eax,ebx 006B49B4 - 74 03 - je PES6.exe+2B49B9 push eax push ecx push edx mov eax,esi mov ecx,2 div ecx mov esi,eax pop eax pop ecx pop edx 006B49B6 - 01 70 34 - add [eax+34],esi << 006B49B9 - 5F - pop edi 006B49BA - 5E - pop esi
Code: Select all
PES6.exe+2B499A: 5B - pop ebx
PES6.exe+2B499B: C3 - ret
PES6.exe+2B499C: E8 FF 18 FC FF - call PES6.exe+2762A0
PES6.exe+2B49A1: 88 44 24 10 - mov [esp+10],al
PES6.exe+2B49A5: 8B 4C 24 10 - mov ecx,[esp+10]
PES6.exe+2B49A9: 51 - push ecx
PES6.exe+2B49AA: E8 61 17 FC FF - call PES6.exe+276110
PES6.exe+2B49AF: 83 C4 04 - add esp,04
PES6.exe+2B49B2: 3B C3 - cmp eax,ebx
PES6.exe+2B49B4: 74 03 - je PES6.exe+2B49B9
// ---------- INJECTING HERE ----------
PES6.exe+2B49B6: 01 70 34 - add [eax+34],esi
// ---------- DONE INJECTING ----------
PES6.exe+2B49B9: 5F - pop edi
PES6.exe+2B49BA: 5E - pop esi
PES6.exe+2B49BB: 5B - pop ebx
PES6.exe+2B49BC: C3 - ret
PES6.exe+2B49BD: 8D 49 00 - lea ecx,[ecx+00]
PES6.exe+2B49C0: 93 - xchg eax,ebx
PES6.exe+2B49C1: 48 - dec eax
PES6.exe+2B49C2: 6B 00 93 - imul eax,[eax],-6D
PES6.exe+2B49C5: 48 - dec eax
PES6.exe+2B49C6: 6B 00 A6 - imul eax,[eax],-5ARe: How to changes values by reducing them in PES 6
(Google translation)
Assembly instruction
shr esi,1divides the esi register by 2. You can see this if, for example, you trace this section of code and look at the value in the esi register before and after the instruction is executed.
If the value "1000" does not change, then the final addition of this value is carried out elsewhere in the code.
To test this, you can temporarily remove the instruction
add[eax+34],esiIn the disassembler window, select this instruction, right-click, select "Replace with code that does nothing" from the menu. If after that the added value "1000" does not change, then you need to look for another instruction. Don't forget to restore the original instruction with the "Restore with original code" menu command.
Re: How to changes values by reducing them in PES 6
That's true, I got 1000 even after a win and a code that does nothing.AlexS wrote: ↑Sun Sep 11, 2022 9:09 am(Google translation)
Assembly instruction
shr esi,1
divides the esi register by 2. You can see this if, for example, you trace this section of code and look at the value in the esi register before and after the instruction is executed.
If the value "1000" does not change, then the final addition of this value is carried out elsewhere in the code.
To test this, you can temporarily remove the instruction
add[eax+34],esi
In the disassembler window, select this instruction, right-click, select "Replace with code that does nothing" from the menu. If after that the added value "1000" does not change, then you need to look for another instruction. Don't forget to restore the original instruction with the "Restore with original code" menu command.
Anyway, I used " who writes to this address for the address of the points held, I thought I found the right address.
This is who writes + who accesses to the instruction after +1100
Re: How to changes values by reducing them in PES 6
Hey, this time I replaced mov eax , ebx+34 and the 3 address above with from WHO ACCESS TO THIS ADDRESS with CODE THAT DOES NOTHING and I got this. The points held changed, then I became 999999
Who is online
Users browsing this forum: No registered users