Step 9 for Cheat Engine 6.2

ShadowCode · 2012-08-17, 12:55 AM

I know there's a walkthrough of all the steps but for the newer version of CE (6.2) you get a different step 9
(PW=31337157)

Dibujo0.JPG

all you got to do is this:
make a float scan for all players
you will get something like this

Dibujo1.JPG

then right click the first address and select "what writes to this address"
click Attack (in step 9 first player) double click the item you will get in the instruction list.

Dibujo2.JPG

you will see [ebx+4]

go back to CE and select the first address(or any other)
right click it >> browse this memory region (ctrl + B)>>tools>>dissect data structures
create a new structure (ctrl+n) press ok,ok, now add the other addresses (ctrl + A) (copy them from the main CE)

Dibujo3.JPG

now in that picture you can compare that teamates share 1 and the others 2
those are the way the program identifies allies and enemies: (IDs)
the first address:value belong to the ebx+4 so in order to reach to the 1s and 2s you see the offset there is C (12)
which means 4 + C(12) = 10 (16) meaning ebx+10 is where you can know if its an ally or an enemy.
This will help for the code.

now go back to main CE and select the first(or any other) address and click "find out what accesses this address"
hit attack (in step 9) and some items will come up, from those you can notice that there is one that makes
a substraction (health going down) so click that one that says
fsubr dword ptr [ebx+04] (remember [ebx+4] is the health)
>> show dissambler>>tools>> auto asembler (ctrl+A) >> template>>code injection

and copy this code:

Code:

alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
label(allies)     //New label
 
newmem:
cmp [ebx+10],1   //remember [ebx+10] evaluates to 1 or 2  (allies or enemies)
je allies              //if comparation(ebx+10],1) is equal jump to allies
jmp originalcode
 
allies:                //jump
fadd dword ptr [ebx+04]  //instead of decreasing health everytime the allies are attacked the health is added (fadd)
fstp dword ptr [ebp-30]   //Basically we copy the code below ("originalcode" but for the good of our allies)
jmp returnhere               //so it will be stored (fstp) where it is supposed to be "dword ptr [ebp-30] "
 
originalcode:                 //This is so the enemies lose health as they would normally do.
fsubr dword ptr [ebx+04]
fstp dword ptr [ebp-30]
 
exit:
jmp returnhere
 
"Tutorial-i386.exe"+2509D:
jmp newmem
nop
returnhere:

Dibujo4.JPG

dejaime · 2012-08-18, 01:24 AM

I spent days trying to figure out this one...
I crashed the Tutorial-i386 so many times I can't even remember haha!
I even had a save with the structure and P->******* addresses to the healths so when it crashed I didn't need to look them up again =-=
I solved it on day 8/15, not too long ago, and the only difference is that I had gone for the 1-hit kill approach. Code in the end for the curious.

Thank you mr
Nice guide!

PHP Code:


alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)

newmem:
//MY CODE STARTS HERE, THE REST IS AUTO GENEREATED
cmp [ebx+10],1      //IS AN ALLY?
je originalcode     //JUMP IF EQUAL, PROCEED TO ORIGINAL CODE
push 0              //PUSH 0 TO THE STACK
pop eax             //EAX IS NOW 0
mov [ebx+04],eax    //COPY 0 TO EBX+04 (ENEMY hp)
jmp originalcode    //GET BACK TO ORIGINAL CODE
//MY CODE ENDS HERE

originalcode:
fsubr dword ptr [ebx+04]
fstp dword ptr [ebp-30]

exit:
jmp returnhere

"Tutorial-i386.exe"+2509D:
jmp newmem
nop
returnhere:

NOTE:
This image show the structures in my CE, note that I use a "-4" offset after all the addresses to rollback from the Healths +04 offset. This is why my structure shows the "team value" with the offset +10 and not +0C as in the tutorial.
Note also that it makes my "team" as well as "health" values appear in purple, its because I created 2 groups in the Structure dissect window that can be seen between the addresses and the application menu: ALLIES and ENEMIES. When you create groups, CE tries to find the differences between all of them, and makes the differences purple. Its very useful for big structures!

ShadowCode · 2012-08-19, 09:36 PM

Originally Posted by dejaime

I solved it on day 8/15, not too long ago, and the only difference is that I had gone for the 1-hit kill approach.

Very nice bro, yeah in CE step 9 they talk about this as an example

When you have found out how to distinguish between you and the computer you can inject an assembler script that
checks for the condition and then either do not execute the code or do something else. (One hit kills for example)
Alternatively, you can also use this to build a so called "Array of byte" string which you can use to search which will
result in a list of all your or the enemies players

nice way to figure it out the one-hit kill coding, also thanks for telling me about the groups creation I didn't know it.

By the way at the end of step 9 it says

Tip2: There are multiple solutions

it would be cool if we or other people continue this posting other solutions.

exiahan · 2013-03-04, 11:32 AM

OK ,that's what i looking for..share code trouble me a lot,thank you dude

Thread: Step 9 for Cheat Engine 6.2

Thread Tools

Step 9 for Cheat Engine 6.2

The Following 2 Users Say Thank You to ShadowCode For This Useful Post:

Well, that's something!

The Following User Says Thank You to dejaime For This Useful Post:

Similar Threads

[Delphi] Undetectable Cheat Engine step by step tutorial

[Tutorial] Step by step - How to use hacks [AikaYCS]

[Request] Cheat Engine 6.1

[Release] Cheat ENGINE Scripts

[Help] Cheat engine

cheat engine 6.2 tutorial step 9

cheat engine 6.2 step 9

cheat engine step 9

cheat engine 6.2 tutorial step 1

cheat engine tutorial step 9

http:www.progamercity.netghack-tut5148-tutorial-step-9-cheat-engine-6-2-a.html

cheat engine 6.2 top eleven tutorial

cheat engine step 9 tutorial

tuto cheat engin 6.2 wow

cheat engine tutorial step 9 shared code

cheat engine 6.2

top eleven cheat engine 6.2 tutorial

Posting Permissions