Difference between revisions of "Help File:3D pinball for windows (pointer+code)"
Line 1: | Line 1: | ||
− | |||
− | |||
− | |||
'''Originally posted by ''me'' ''' (no not me, but the user called '''''me''''') | '''Originally posted by ''me'' ''' (no not me, but the user called '''''me''''') | ||
Line 52: | Line 49: | ||
− | + | '''Now to find the code that changes the number of balls.''' | |
− | |||
− | |||
Line 190: | Line 185: | ||
well as they say thats my two cents | well as they say thats my two cents | ||
+ | |||
+ | == Links == | ||
+ | * [[Cheat Engine:Help File|Help File]] | ||
+ | |||
+ | * [[Help_File:Find_out_what_addresses_are_accessed_by_a_piece_of_code|Back]] | ||
+ | |||
+ | * [[Help_File:Basic_packet_editing|Next]] |
Revision as of 18:02, 10 March 2017
Originally posted by me (no not me, but the user called me)
this is to try answer the most common questions from people new to cheat engine
using 3d pinball for windows space cadet as an example,,, it might be an idea to print this and other tuts so its easier to work through them,,,
( this game gives you some free balls so be on the look out for that during this tut )
start 3D PINBALL FOR WINDOWS ,, and wait for the first ball to deploy
start cheat engine
click on the flashing icon in the top left of cheat engine
in the bottom of process list window
double click on PINBALL.EXE to attache the game to cheat engine
in the value box type in 3
go into the pinball game and lose a ball
wait for the next ball to be deployed
go back into cheat engine
type 2 into the value box
click on the next scan button
I got the address A9FEE6 yours may be different
ok
I'll double click on the found address A9FEE6 to add it to the bottom pane
click on the checkbox to freeze this address
go back into the PINBALL GAME
lose some balls to see if its the right address
if you have got it right you'll have infinite balls
Now to find the code that changes the number of balls.
go back into cheat engine
(if you want you can double click on the value part of the address in the bottom pane and change it back to 3 or 4 balls)
In the bottom pane again right click on the address A9FEE6 and choose
FIND OUT WHAT WRITES TO THIS ADDRESS
you will then get the debugger window
go back into pinball and lose another ball
in the debugger window you should see the address of the code that changes the number of balls
I got 01015f02 - 89 86 46 01 00 00 - mov [esi+00000146],eax
click on this to highlight the code,, and click on the ADD TO CODELIST button
a box called CHEAT ENGINE CODE will pop up
name balls
and hit the OK button
a window called ADVANCED OPTIONS WILL pop up with balls in it
you can right click it and choose REPLACE WITH CODE THAT DOES NOTHING
to show that the code has been nopped out the name will turn red
you can hit the ok button to close the advanced options window then the stop and close button to exit the debugger
then save your table,,,, but for now
just hit the ok button to close the advanced options window
in the debugger window look at the code 01015f02 - 89 86 46 01 00 00 - mov [esi+00000146],eax
now with the code highlighted click on the MORE INFORMATION button
the EXTRA INFO box will pop up
in this box under copy memory you will see the sentance
THE VALUE OF THE POINTER NEEDED TO FIND THIS ADDRESS IS PROBABLY 00A9FDA0
this is the address held in the ESI register below this you can see all the values that the registers held at the instant you lost a ball,,
as you can see ESI=00A9FDA0
and highlighted in red you can see
01015F02 - mov [ esi + 00000146 ],eax
this is all in hexadecimal
so the ESI register holds 00A9FDA0 therefore
[esi + 00000146] = [ 00A9FDA0 + 00000146 ]
00A9FDA0 + 146 = 00A9EEF6
the first address I found when I started scanning at the start of the game
so note down the address 00A9FDA0
and the offset 146
close the EXTRA INFO window
in the main cheat engine window ,,,hit the new scan button
next to the value box theres a hex checkbox ,, check it so you can enter a hex value
put in our address without the zeros in front of it A9FDAO
and hit the first scan button
you will get a couple of hundred results
i'll try the first address on the list 009A4356
click on the add address manually button
click on the poiter checkbox and you will see the ADD ADDRESS window change
where it says ADDRESS OF POINTER type in our address 9A4356
and in the OFFSET [HEX] box type in 146 ,,,,,,,,, remember [esi + 00000146]
and hit the ok button
hopefully a new address with should look like this in the bottom pane
No description P->00A9FEE6 4 bytes 0x00000003
or how ever many balls you got left
you can freeze the number of balls from this pointer now,,,,,
in games that use Dynamic Memory Allocation ,,, DMA
and use the same code to change things for you and the enemies,,
pointers are usfull
ok a couple of things
- this game don't use dma ,, but its an easy game to practice on
- Its free and most people have it
- so for newcomers it gives an idea of how to use the basic search / pointer / and advanced options
well as they say thats my two cents