Cheat Engine Tutorial Guide (x32) - Part 3

Section's for general approaches on hacking various options in games. No online-related discussions/posts OR warez!
Post Reply
UltimatePoto42
Expert Cheater
Expert Cheater
Posts: 103
Joined: Tue May 02, 2017 6:00 am
Reputation: 15

Cheat Engine Tutorial Guide (x32) - Part 3

Post by UltimatePoto42 »

[Link]
Cheat Engine Tutorial Guide (x32) - Part 3

Continued from: Cheat Engine Tutorial Guide (x32) - Part 2


Step 9
When you start step 9 you should see the form looking like this.
[Link]

So here like the help text says there is far more then one solution.
First we need to find one of the addresses and add it to the table.
If you are having trouble finding an address, remember to try different value types, and don't forget to start new scans.
Then like in step 7 we want to see what accesses the address, to find the function that writes to the actor's health.
Go ahead and save the password if you want to try different ways, this is the last step in the tutorial.
So here it's good to understand what we're actually looking for to tell allies and combatants apart.
When the game or engine is written, actors and players mite be written like this.

Code: Select all

//// Actor, base for all actors
class Actor(object){
   string Name = 'Actor';
   Coord Coords = new Coord(0, 0, 0);
   float Health = 100.0;
   //...
}

//// Player
class Player(Actor){ //// Player inherits form Actor
   string Name = 'Player';
   int Team = 1;
   //...
}
The team it self could be a structure, say if it's declared as an object class like the 'Coords' variable, which we would want to look for a pointer to the actor's team structure.
So one way we could do this is to find the team id or team structure in the player structure.


Find the team id in the player structure
After you have found the function that decreases health.
Right click the instruction in the disassembler view form, and select find out what addresses this instruction accesses.
[Link]

Then click the attack button for all 4 values.
You should have all 4 addresses in the debugger list.
[Link]

So go ahead and add them to the address list.
[Link]

Then let's open the dissect data structure form.
[Link]

You'll get some pop ups, after going thought them you should see a form like this. Note that I had to expand the width of the form to be able to move the columns.
[Link]

So here we can see that the team variable is at offset 0x10 of the structure.
Now we need to add some injection code to a script, then add some code that checks the team variable of the structure, to determine which actors are allies and which are combatants.
So we want some this like this.
[Link]


So with this script enabled, when the game writes to an actors health here is what will happen after the jump to the hook code:
  1. Save ([Link]) the EFLAGS register, not completely needed but still a good habit when comparing.
  2. Check if actor is on team 1.
    1. If actor is on team 1, then we set the new value to 5000 in a floating point format.
  3. Check if actor is on team 2.
    1. If actor is on team 2, then we set the new value to 0 in hex format. (float 0 == int 0 == hex 0)
  4. Restore ([Link]) the EFLAGS register, this is completely needed if the register was [Link].
With this script enabled, click the restart game and autoplay button, then you should see the form change and look like this.
[Link]

So click the next button to complete the tutorial.
Then you should see a form telling you that you have completed the tutorial.


Find a difference in the registers
After you have found the function that decreases health.
Right click the instruction in the disassembler view form, and select find out what addresses this instruction accesses.
[Link]

Then click the attack button for all 4 values.
You should have all 4 addresses in the debugger list.
[Link]

Now let's look at the registers to see if we can find a difference in the allies and combatants.
Select each address individually and press Ctrl+R.
Arrange the forms to make it easier to compare.
[Link]

So here we can see that ESI is 1 for the combatants.
So a script like this should work.
[Link]


So with this script enabled, when the game writes to an actors health here is what will happen after the jump to the hook code:
  1. Save ([Link]) the EFLAGS register, not completely needed but still a good habit when comparing.
  2. Check if ESI register is 1.
    1. If ESI register is 1, then we set the new value to 0 in hex format. (float 0 == int 0 == hex 0)
    2. If ESI register is not 1, then we assume the actor is an ally so we set the new value to 5000 in a floating point format.
  3. Restore ([Link]) the EFLAGS register, this is completely needed if the register was [Link].
With this script enabled, click the restart game and autoplay button, then you should see the form change and look like this.
[Link]

So click the next button to complete the tutorial.
Then you should see a form telling you that you have completed the tutorial.



See also
  • [Link]
Last edited by TimFun13 on Tue May 01, 2018 12:50 am, edited 6 times in total.

User avatar
SilverRabbit90
Table Makers
Table Makers
Posts: 214
Joined: Fri Jan 15, 2021 12:01 am
Reputation: 191

Re: Cheat Engine Tutorial Guide (x32) - Part 3

Post by SilverRabbit90 »

I tried step 9 on the cheat engine tutorial and was able to get it all working. But when I try to do these things on a game I can't.
For example I tried in two different games to do the infinite life trick for my character, but when I activate the cheat they all become immortal, both my character and the enemies. On cheat engine it is easy to follow the tutorial but following these steps on a game is much more difficult, so far I have not been successful.
Could you recommend me a site / forum / video where step nine applied in a game is shown? So maybe I understand how it's done.
Thanks XD

User avatar
DhaosCollider
Table Makers
Table Makers
Posts: 106
Joined: Sat Mar 23, 2019 6:59 pm
Reputation: 939

Re: Cheat Engine Tutorial Guide (x32) - Part 3

Post by DhaosCollider »

SilverRabbit90 wrote:
Sat Aug 07, 2021 1:22 pm
I tried step 9 on the cheat engine tutorial and was able to get it all working. But when I try to do these things on a game I can't.
For example I tried in two different games to do the infinite life trick for my character, but when I activate the cheat they all become immortal, both my character and the enemies. On cheat engine it is easy to follow the tutorial but following these steps on a game is much more difficult, so far I have not been successful.
Could you recommend me a site / forum / video where step nine applied in a game is shown? So maybe I understand how it's done.
Thanks XD
In my experience, the Step 9 method is useful for turn-based games and simulation games. I often find structures that contain affiliation ID variables that distinguish between players, enemies, etc., like the structure in Step 9. For action games, as ShyTwig16 says, the injection copy and compare method is the most stable and I like this method too.

This may not be helpful, but the "Infinite HP" in the tables I have posted for this community (Langrisser I & II and ARIA CHRONICLE) was created using the Step 9 method.

User avatar
SilverRabbit90
Table Makers
Table Makers
Posts: 214
Joined: Fri Jan 15, 2021 12:01 am
Reputation: 191

Re: Cheat Engine Tutorial Guide (x32) - Part 3

Post by SilverRabbit90 »

Thanks a lot to everyone, I was finally able to follow step 9 with success also for games. Although I still have a lot to learn, I hope to improve further.

Post Reply

Who is online

Users browsing this forum: No registered users