Thread: Cheat Engine with Requiem

Cheat Engine with Requiem Online
Finding basic game values

I don’t know why someone has problems with CE, e.g. finding coordinates etc., their offsets and base address, but people has often ask how to find something by CE.
Let’s find with CE some float values in Requiem. At the beginning it will be “Movements speed”.
We can start finding process without any preparation, just enter necessary value in CE and go on.
Ok, our char has speed = 5 (float value)

Step 1:

Start the CE and attach it to Requiem process. Choose value type as “float”, scan type as “exact value”, and enter value 5, click “first scan”.

[hidden]

Step 2:

Now we must sift out unnecessary values. Change movements speed by wearing boots (+1% to speed)

At this moment we don’t know the exact value of speed (it’s float and rounded…), but we know that this value was increased. Choose in CE scan type “increased value” and click “next scan”

Now we can move around and sift out results by choosing “unchanged value” or again remove the boots and use “value decreased”.
After several sift out iteration we will get maybe 10 or less values, it’s not a big deal (even if we got 100 values it’s not a problem).

Step 3:

Ok, next step. I removed boots, got speed 5 and got one suitable value with address $015368B0

Add this value to the list; Right click -> Find out what writes to this address

We see the list of opcodes that changed the selected address ($015368B0)

Don’t close this window, ‘coz we want to see all opcodes… Return to the game and change the speed value again. After that new opcode will be added to the list: mov [ecx + 10], eax

mov [ecx + 10], eax - this instruction means, that the some value (in our case – speed value) in eax register move (really a copy) into the memory address [ecx + 10] (in our case to the founded address $015368B0)
Choose this instruction and press “More information”, we got some disassembled instruction and registers value.

Step 4:

Important register is ecx = $015368A0 – next value for searching. Press “new scan”, check “hex” and start scanning.

If several results were found, add them all to the list.
Right click -> Find out what accesses this address
Note: I renamed the first result to the “+10”, second and the 4th to the “no result” (I already checked them

Ok, now we must repeat step 3 and 4 until we get the result – base address and offsets chain.
For Requiem speed value:

And the last one:

We enter $14A90718 and we get:

At the end we got the BaseAdress [BA] = $0071AAB0 (or Requiem.exe + $0031AAB0) and offsets chain
[BA] + $3A0 + $58 + $88 + $11C + $10 (float value)

[/hidden]
Note:

• In tutorial symbol “$” was used. This symbol denotes that the value is in hex.
• Soon I'll add some remarks about "real" base address