Creating a cheat table - Player Base

From Cheat Engine
Revision as of 16:55, 30 December 2017 by TheyCallMeTim13 (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


This page is a sub page of: Creating a cheat table - Full guide


So now after a restart this is my table, I'm using a script to quickly find the coordinates base.

Tutorials.Dishonored.PlayerBase.01.png


Step 1[edit]

Let's scan for the base address.

Tutorials.Dishonored.PlayerBase.02.png

On the first scan I got a static address but then I move around in game just to see if I can get any values to change.

Tutorials.Dishonored.PlayerBase.03.png


Now I find it's best to save as much information as possible, so in a text file save the debugger outputs.

Here is the code of the first level's instruction.

Dishonored.AK::SoundEngine::StartOutputCapture+2040C8 - F3 0F5C 8E C8000000   - subss xmm1,[esi+000000C8]
Dishonored.AK::SoundEngine::StartOutputCapture+2040D0 - F3 0F10 83 C4000000   - movss xmm0,[ebx+000000C4]  <<<<
Dishonored.AK::SoundEngine::StartOutputCapture+2040D8 - F3 0F5C 86 C4000000   - subss xmm0,[esi+000000C4]
Dishonored.AK::SoundEngine::StartOutputCapture+2040E0 - 0F28 DA               - movaps xmm3,xmm2

Here is the debugger output for the 2nd level.

0056A09B - 0B C2  - or eax,edx
0056A09D - 75 22 - jne Dishonored.AK::MemoryMgr::GetPoolName+917B1
0056A09F - 8B 41 24  - mov eax,[ecx+24]  <<<<
0056A0A2 - 8B 49 48  - mov ecx,[ecx+48]
0056A0A5 - 3B C8  - cmp ecx,eax

EAX=30557800
EBX=01B8FCC8
ECX=0C851AC0
EDX=00000000
ESI=0C851AC0
EDI=0FDAFC20
ESP=01B8FB3C
EBP=01B8FBB0
EIP=0056A0A2


I managed to find a static address with the first try, all i can do is set it up and keep an eye on it to see if it keeps working.

So let's setup our pointer we found, it only has one offset of +24.

X Coord.
float
[Dishonored.exe+1052DE8]+C4
Z Coord.
float
[Dishonored.exe+1052DE8]+C8
Y Coord.
float
[Dishonored.exe+1052DE8]+CC


Then at this point I will restart the game a few times and see if it still works.


Step 2[edit]

So after some restarts my pointer is still good.

Tutorials.Dishonored.PlayerBase.04.png


But this may not be the real player base the only way to know is to find more values and connect then as best we can, and we can also use the dissect data structure tool (in the memory view form press Ctrl+D.


Tutorials.Dishonored.PlayerBase.05.png


I prefer to do some basic checking with the dissect data structure tool, but count on finding other values and connecting them to the base address.


You could also use the pointer scanner for a base address, if you keep hitting dead ends, but these my only point to dead ends and have no results after a few rescans.


So now let's find the player health: Finding the player health



Links[edit]