Help File:3D pinball for windows (pointer+code)

From Cheat Engine
Revision as of 02:42, 20 March 2017 by TheyCallMeTim13 (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Originally posted by me (no not me, but the user called me)


this is to try answer the most common questions from people new to cheat engine

using 3d pinball for windows space cadet as an example,,, it might be an idea to print this and other tuts so its easier to work through them,,,

( this game gives you some free balls so be on the look out for that during this tut )


start 3D PINBALL FOR WINDOWS ,, and wait for the first ball to deploy

start cheat engine

click on the flashing icon in the top left of cheat engine

in the bottom of process list window

double click on PINBALL.EXE to attache the game to cheat engine

in the value box type in 3

go into the pinball game and lose a ball

wait for the next ball to be deployed

go back into cheat engine

type 2 into the value box

click on the next scan button

I got the address A9FEE6 yours may be different


ok


I'll double click on the found address A9FEE6 to add it to the bottom pane

click on the checkbox to freeze this address

go back into the PINBALL GAME

lose some balls to see if its the right address

if you have got it right you'll have infinite balls


Now to find the code that changes the number of balls.


go back into cheat engine

(if you want you can double click on the value part of the address in the bottom pane and change it back to 3 or 4 balls)

In the bottom pane again right click on the address A9FEE6 and choose

FIND OUT WHAT WRITES TO THIS ADDRESS


you will then get the debugger window

go back into pinball and lose another ball

in the debugger window you should see the address of the code that changes the number of balls


I got 01015f02 - 89 86 46 01 00 00 - mov [esi+00000146],eax

click on this to highlight the code,, and click on the ADD TO CODELIST button

a box called CHEAT ENGINE CODE will pop up

name balls

and hit the OK button


a window called ADVANCED OPTIONS WILL pop up with balls in it

you can right click it and choose REPLACE WITH CODE THAT DOES NOTHING

to show that the code has been nopped out the name will turn red

you can hit the ok button to close the advanced options window then the stop and close button to exit the debugger

then save your table,,,, but for now

just hit the ok button to close the advanced options window


in the debugger window look at the code 01015f02 - 89 86 46 01 00 00 - mov [esi+00000146],eax

now with the code highlighted click on the MORE INFORMATION button

the EXTRA INFO box will pop up

in this box under copy memory you will see the sentance


THE VALUE OF THE POINTER NEEDED TO FIND THIS ADDRESS IS PROBABLY 00A9FDA0


this is the address held in the ESI register below this you can see all the values that the registers held at the instant you lost a ball,,

as you can see ESI=00A9FDA0

and highlighted in red you can see


 01015F02 - mov [ esi + 00000146 ],eax 


this is all in hexadecimal

so the ESI register holds 00A9FDA0 therefore

[esi + 00000146] = [ 00A9FDA0 + 00000146 ]

00A9FDA0 + 146 = 00A9EEF6


the first address I found when I started scanning at the start of the game


so note down the address 00A9FDA0

and the offset 146


close the EXTRA INFO window

in the main cheat engine window ,,,hit the new scan button

next to the value box theres a hex checkbox ,, check it so you can enter a hex value

put in our address without the zeros in front of it A9FDAO

and hit the first scan button


you will get a couple of hundred results

i'll try the first address on the list 009A4356


click on the add address manually button

click on the poiter checkbox and you will see the ADD ADDRESS window change


where it says ADDRESS OF POINTER type in our address 9A4356

and in the OFFSET [HEX] box type in 146 ,,,,,,,,, remember [esi + 00000146]

and hit the ok button


hopefully a new address with should look like this in the bottom pane

No description P->00A9FEE6 4 bytes 0x00000003

or how ever many balls you got left

you can freeze the number of balls from this pointer now,,,,,

in games that use Dynamic Memory Allocation ,,, DMA

and use the same code to change things for you and the enemies,,

pointers are usfull



ok a couple of things


  1. this game don't use dma ,, but its an easy game to practice on
  2. Its free and most people have it
  3. so for newcomers it gives an idea of how to use the basic search / pointer / and advanced options


well as they say thats my two cents

Links