A few suggestions, if I may: 1. For Health, you can elegantly get max from near-by DWORD :) push eax mov eax,[esi+344] mov [esi+340],eax pop eax 2. Debug 0x470 offset and see if game engine actually uses that. If anything pops, you're on the right track. You can then study what pops-up and find the logic behind that code. 3. Another suggestion, instead of structure comparing, is to backtrace all the way to function prologue, setting a breakpoint and checking the registers as you walk down till "mov [esi+340],xmm0". If any of the registers at prologue are your structure base, then exit the function (check esp, Ctrl+G to where the function returns and backtrace from there). Reason for this operation is to identify where from exactly is your base structure address retrieved. You'll be surprised when you either find a pointer path the game uses (thus no need to use pointer scanner - if you ever thought about doing that, of course) OR a function that requires a parameter (or none at all) that always returns your base address :) 4. As for ammo, here's what I normally do: if shared, I go the long, but rewarding way, of linking that base structure for your health (assuming it's the player structure) or any other pointer in that base structure of yours to what I'd find in the ammo structure. Wish there was a compare feature that allows you to cross-reference two structures pointing out the common data between them, regardless of offset ;) Doing that allows you to use your first base, 39E11B50-340 = 39E11810 (or what's inside it at a certain offset) as a discriminant for the ammo (when shared). 5. Another thing I do is to find a pointer to the weapon I am holding: simple unknown search, swap weapon, search has changed; swap weapon, has changed; swap, return, has not changed; etc. Till I find an address that always when swapping weapons, changes. Then I check what accesses this address and try to link it to either your base, 39E11810 or what uses that (considering 39E11810 is base for health system, not for your player). Doing this allows you to easily link them together, as well as knowing for sure that it is your weapon that gets modified in the process. Of course, you can apply same method of cross-referencing weapon structure to player structure and finding an offset where player ID or player structure base are stored in the weapon structure ;) I reckon that maybe this is an old video and maybe you're showing what I said above in others, but sadly I've not watched all of them :P Liked the video overall! BR, Sun
OMG you are my hero. I didn't sleep tonight because of those XMM0, XMM1, XMM2. I didn't know how to change them. Now i Do. Thank you so much! Greetings from Italy!
You're the man. Thank you for your tutorials, I have searched for other channels and guides, but you are the only one who can convey information in a useful and understandable way. I am finally learning this shit. Just one question, what would be the benefit of doing pointer scans instead of AoB searches? I think I read somewhere that for trainers you do pointer scans, but why is that? Can't you make a trainer using AoB scans? Finding base addresses is so much more complicated and time consuming that I don't even see the point.
You're a very talented teacher. I love your videos - they're so informative. Do you have any resources where I could learn more about Assembly? Reading or interactive learning? I guess CE could count as interactive learning though. Thanks Stephen
Thank you very much for the detailed instructions for this kind of scenario where both the player and the AI share the same address for health :) very helpful :)
You're going to really like what I've got coming up soon! DBVM, Ultimap, Structure spider, back-tracing, and more goodies. If you've never messed with those things, you're in for a real treat. =)
+Stephen Chapman Awesome I look forward to them. Wasn't ever able to make vids with DBVM as my comp hates it,, so I never got a chance to learn most of that stuff. I cant wait to see it.. Keep up this great work, Im glad to see you back in the game hacking saddle again...
+Stephen Chapman Right now Im using a borrowed one,, its normal function is to prop a door open, or used as home plate for backyard baseball.. I disassembled mine and unplugged one thing at a time to see if I could trace the source of the problem, and even reset cmos,, but nothing.. It is definitely a motherboard issue. So right now Im just saving and probably will just buy the parts of a PC kit and just build a new one myself.. So hopefully should be back in the saddle in a few weeks.. But you keep them coming, Im anxious to see the Ultimap, Structure Spider, Back tracing and the like,, my knowledge in those areas are very limited... .. Thank you man.
+nister6000 Those are 128-bit registers. You can think of them existing in their own space and requiring special instructions to handle data between them and memory addresses. Check this link out and look at the first picture you see to get an idea of what this looks like: software.intel.com/en-us/articles/introduction-to-x64-assembly XMM data can only be moved into/out of memory addresses, due to the size limitations of regular registers. For instance, mov eax,xmm1 won't work because the data in xmm1 is MUCH larger than what eax can hold. Also, you can't mov from xmm1; you'd have to movss from xmm1 (I can't go into much detail because it's a big topic; just note that special instructions need to be used, which should give you enough to go on to start hitting up the Goooooogle machine for answers, lol). So, where you might want to do this: mov eax,xmm1 You'd have to instead do this: movss [eax],xmm1 (The brackets mean eax holds a memory address, which xmm1 COULD write to; you wouldn't be writing to eax here, but rather to the memory address that eax is pointing to. Look up "dereferencing" to read more.) There's a lot to it to wrap your head around, but the FPU and XMM registers function similarly, in that you have to transfer data to/from them via memory addresses and not registers (eax [which is 32-bit], rax [which is 64-bit, and the extended version of eax], etc.).
4:31 fstp dword ptr [address], fstp is store floating point, but where is it storing to, and what value ? is [address] the place from which value is taken from or to which value is placed onto ? 8:30 how can esi+340 be equal to two distinct memory addresses ? is esi unique or not ?
The same code writes to multiple different memory addresses, so no it’s not unique in that sense. ESI could be any address in memory, that’s why you want to distinguish between player and enemy (using code) before applying your cheat.
Been watching your videos and am new to this side of cheat engine, how did u come to the conclusion 470 was the offset and 1 was u, 0 was enemy? Thanks
Advice to anyone doing this, if you automatically add the addresses to compare the structure, then make sure it's the same address you were at because it seems to actually automatically remove the offset.
Hello my friend. I was wondering whether you can use the offset between ANY address to compare? I have a game where it is rather difficult to find a constant that only is as such for the player, so I was wondering if I could simply go for a value like say, max score (pure example), find the difference between that address and the one I am looking to change instructions to, and then use that as my offset?
Is there anything you can do if none of the values match? Trying to use this method on the original Witcher game (for health). The shared health issue is the same, but I can't seem to find any values that are different, yet constant.
Got to same issue when trying to change increment amount of shopping list in Torchlight 2. Because for no reason it uses same instruction for increment and decrement. Idk how to solve so far.
So I remembered this tutorial and thought it would help me but I'm having an issue. I'm trying to do this same exact thing on The Last Stand Aftermath (the demo currently out) and every time I enable the AoB script, my character seems to get nulled after getting hit and unless I 1 shot zombies, they seem to get nulled as well. xmm7 holds max health, xmm6 is what is the register that normally gets moved into [rbx+00000130] by default. With the first script, zombies will not die and my character can't shoot and slides around instead of walks after getting hit even after disabling it (I'm assuming somewhere my character is getting nulled since my stamina won't regen but I can still roll around, very odd). With the second script, I can take damage after disabling it but zombies won't die even after disabling it. With the first script, it doesn't seem to matter what address I use to compare, I always get the same exact result. I've even tried changing the 3rd line to "mov [rbx+00000130], (float)100" but that gives the same result. The third attempt just crashes the game (fml). Any ideas what could be happening? [First Attempt] cheat: cmp [rbx+00000124],0 jne code movss [rbx+00000130],xmm7 jmp return code: movss [rbx+00000130],xmm6 jmp return [Second Attempt] code: movss [rbx+00000130],xmm7 jmp return infHealth2: jmp newmem nop 3 [Third Attempt] cheat: push edx cmp [rbx+00000138],8 jne code mov edx,[rbx+00000134] mov [rbx+00000130],edx pop edx jmp return code: movss [rbx+00000130],xmm6 jmp return
JK! I figured out the issue. As always one of your videos saved me. th-cam.com/video/uBCo-Ek0rPg/w-d-xo.html I had no idea comiss was a compare instruction and completely ignored that before writing my own instructions.
Mr. Chapman, Is there a way to find out the health address of a single enemy while using the 'unknown initial value + decreased value' is not effective. I very much hope you can give me some advice. Thanks!
I'm sorry to say it didn't work after using different types of value. Anyway, for making one hit kill script, I have to find health addresses of some enemies (not a single one) but whenever I come to the step (find out what addresses this instruction accesses), no matter how many times I hit the enemies, their addresses and values never appear in the windows. Therefore, I am unable to continue. I really don't know where my problem is.
I'm trying to do infinite jumps in Castle in the Darkness. I can get the values down to 2, sometimes 3. I feel like I'm so close it getting it to work but so far away. I tried to copy the same methods used in "I wanna be the guy" but no dice. Can you help or do a video on it? *SUPER PRETTY PLEASE!?!?!* Not trying to brown nose (hahaha), but your videos have been super helpful and I learned a lot from them. Any tips would be extremely helpful! Thanks!
+Knightime X You may well be close. Jumping can be handled a number of different ways. You might need to try finding the instruction that writes to the addresses you've found, then try nop-ing that instruction to see if it cancels jumping or something. Once you can find that, then you can influence the number of jumps allowed/left/etc. That's if the mechanic even works like that...
+Stephen Chapman I was able to get inf health for myself and not for other enemies. But as I kept playing I noticed some of the enemies health still wouldn't decrease. Do you know how I could fix that?
hi i have some big problem finding a right address.I play strategy game call praetorians.And i wish to make a trainer for it for a long time. I need to find an address who doesnt move to any number no lover no higher.Its showing for awalible troops i have and how much i can have like this 350/500.that number 500 i wish to move it higher (cheat it)to make more troops in the game.And some other things are the same in this game .. can i show it in some picture if it is possible to help me to make a proper trainer for this game? thank you
+Yetiwizard1 I'll be touching on that stuff at some point, but in the mean time, here are 2 videos you're going to want to watch (they're long, but if you really want to learn, then these will really help you out): th-cam.com/video/q9amprLELWM/w-d-xo.html and th-cam.com/video/Da31FOdrev0/w-d-xo.html
thank u steph that tut helped me alot :D 1 Question why dont u use Code injection ??is it same as AOB ? 2nd Question when we did aob injection and got inf health so we dont need base address ??? even after restart game the code still work ??
+MAD#05F211IQ! Glad it helped! Code Injection and AOB are essentially the same, with the exception that if you're not using base addresses with code injections, that script won't work the next time you start the game. AOB will work if you find an array of bytes (whether that's an instruction you find, a memory address, etc.) that remains the same at all times. I love AOB injections because finding base addresses in modern games can be a pain in the ass, or take a lot of time. Finding instructions to do things with is a lot faster, and they enable you to potentially do more, like in this video how I was able to just have health values change between player and enemy as the instruction runs. If I found the base addresses for player and enemy, then I'd still have to manually input values, or lock them. And since enemy addresses change in this game, that probably wouldn't even be possible in the first place, so you'd be left with finding the instruction, which always knows which memory addresses to write to/access.
+Kata Keto Many times, yes! Sometimes, though, an array of bytes can change, depending on what they updated. For instance, Terraria and The Witcher 3 are notorious for needing to have new AOBs found with updates. I've even seen register changes, such as something that was once referencing ECX now being, say, EDX. The good thing is that you're rarely too far off from finding the AOB again, so if it doesn't work, you can try replacing certain bytes in the array with ?? or * and see how you fair. =)
+Stephen Chapman thank u steph another Question we use dissect data structure to find shared adresses ??? i think we can find enemy health with wt write to this address 2 in memory viewer right ???
+MAD#05F211IQ! Yes, you could do that. In this case, you would find the exact same instruction. Starting with trying to find enemy's health address first would potentially be more time-consuming, but if the code for writing health wasn't shared, then you'd have no choice but to find enemy health, then see which instruction writes to it.
![Cheat Engine 6.5 Tutorial Part 15: Finding Functions and Speedhack! [HuniePop]](http://i.ytimg.com/vi/BW-3ThjE8qo/mqdefault.jpg)
![Cheat Engine 6.5 Tutorial Part 15: Finding Functions and Speedhack! [HuniePop]](/img/tr.png)
A few suggestions, if I may:
1. For Health, you can elegantly get max from near-by DWORD :)
push eax
mov eax,[esi+344]
mov [esi+340],eax
pop eax
2. Debug 0x470 offset and see if game engine actually uses that. If anything pops, you're on the right track. You can then study what pops-up and find the logic behind that code.
3. Another suggestion, instead of structure comparing, is to backtrace all the way to function prologue, setting a breakpoint and checking the registers as you walk down till "mov [esi+340],xmm0". If any of the registers at prologue are your structure base, then exit the function (check esp, Ctrl+G to where the function returns and backtrace from there). Reason for this operation is to identify where from exactly is your base structure address retrieved. You'll be surprised when you either find a pointer path the game uses (thus no need to use pointer scanner - if you ever thought about doing that, of course) OR a function that requires a parameter (or none at all) that always returns your base address :)
4. As for ammo, here's what I normally do: if shared, I go the long, but rewarding way, of linking that base structure for your health (assuming it's the player structure) or any other pointer in that base structure of yours to what I'd find in the ammo structure. Wish there was a compare feature that allows you to cross-reference two structures pointing out the common data between them, regardless of offset ;) Doing that allows you to use your first base, 39E11B50-340 = 39E11810 (or what's inside it at a certain offset) as a discriminant for the ammo (when shared).
5. Another thing I do is to find a pointer to the weapon I am holding: simple unknown search, swap weapon, search has changed; swap weapon, has changed; swap, return, has not changed; etc. Till I find an address that always when swapping weapons, changes. Then I check what accesses this address and try to link it to either your base, 39E11810 or what uses that (considering 39E11810 is base for health system, not for your player). Doing this allows you to easily link them together, as well as knowing for sure that it is your weapon that gets modified in the process. Of course, you can apply same method of cross-referencing weapon structure to player structure and finding an offset where player ID or player structure base are stored in the weapon structure ;)
I reckon that maybe this is an old video and maybe you're showing what I said above in others, but sadly I've not watched all of them :P
Liked the video overall!
BR,
Sun
Love this professional comment from an Expert ❤
OMG you are my hero. I didn't sleep tonight because of those XMM0, XMM1, XMM2. I didn't know how to change them. Now i Do.
Thank you so much! Greetings from Italy!
+n3koboy I'm glad I helped! Buon anno! :D
been a while but I noticed I forgot to leave a comment.
thanks I got to script everything that I wanted on Dark souls and learned a lot!
please keep up with your cheat engine tutorial ideas
You're the man. Thank you for your tutorials, I have searched for other channels and guides, but you are the only one who can convey information in a useful and understandable way. I am finally learning this shit. Just one question, what would be the benefit of doing pointer scans instead of AoB searches? I think I read somewhere that for trainers you do pointer scans, but why is that? Can't you make a trainer using AoB scans? Finding base addresses is so much more complicated and time consuming that I don't even see the point.
You're a very talented teacher. I love your videos - they're so informative. Do you have any resources where I could learn more about Assembly? Reading or interactive learning? I guess CE could count as interactive learning though. Thanks Stephen
my god. This was such an informative and applicable tutorial that I had to sub to you. You gave me no other choice.
You fell right into my trap! My trap of...awesome, relevant content? Wait a minute, what kind of "trap" is that?
Stephen Chapman 😂😂😂😂😂😂😂
Thank you very much for the detailed instructions for this kind of scenario where both the player and the AI share the same address for health :)
very helpful :)
You're so good at this man.
Thank you for sharing! :D
Greetings from Brazil!
Awesome Pal,, great helpful info.. I love the new intro also.. thumbs up!!
You're going to really like what I've got coming up soon! DBVM, Ultimap, Structure spider, back-tracing, and more goodies. If you've never messed with those things, you're in for a real treat. =)
+Stephen Chapman Awesome I look forward to them. Wasn't ever able to make vids with DBVM as my comp hates it,, so I never got a chance to learn most of that stuff. I cant wait to see it.. Keep up this great work, Im glad to see you back in the game hacking saddle again...
+Chris Fayte Glad to be back to it! =) Hey, did you end up getting your computer functioning again, or at least something in its place?
+Stephen Chapman Right now Im using a borrowed one,, its normal function is to prop a door open, or used as home plate for backyard baseball.. I disassembled mine and unplugged one thing at a time to see if I could trace the source of the problem, and even reset cmos,, but nothing.. It is definitely a motherboard issue. So right now Im just saving and probably will just buy the parts of a PC kit and just build a new one myself.. So hopefully should be back in the saddle in a few weeks.. But you keep them coming, Im anxious to see the Ultimap, Structure Spider, Back tracing and the like,, my knowledge in those areas are very limited... .. Thank you man.
great video stephen..thank you very much!!
still gold, 5 years later
thank you Stephen,some deep great info here...what i needed.
THX!
awesome! looking forward to more vids - new intro looks great
Thanks for this tutorial, but could you tell something about this xmm? I always have problems when i want to mess with these.
+nister6000 Those are 128-bit registers. You can think of them existing in their own space and requiring special instructions to handle data between them and memory addresses. Check this link out and look at the first picture you see to get an idea of what this looks like: software.intel.com/en-us/articles/introduction-to-x64-assembly
XMM data can only be moved into/out of memory addresses, due to the size limitations of regular registers. For instance, mov eax,xmm1 won't work because the data in xmm1 is MUCH larger than what eax can hold. Also, you can't mov from xmm1; you'd have to movss from xmm1 (I can't go into much detail because it's a big topic; just note that special instructions need to be used, which should give you enough to go on to start hitting up the Goooooogle machine for answers, lol).
So, where you might want to do this: mov eax,xmm1
You'd have to instead do this: movss [eax],xmm1 (The brackets mean eax holds a memory address, which xmm1 COULD write to; you wouldn't be writing to eax here, but rather to the memory address that eax is pointing to. Look up "dereferencing" to read more.)
There's a lot to it to wrap your head around, but the FPU and XMM registers function similarly, in that you have to transfer data to/from them via memory addresses and not registers (eax [which is 32-bit], rax [which is 64-bit, and the extended version of eax], etc.).
Thanks.
4:31 fstp dword ptr [address], fstp is store floating point, but where is it storing to, and what value ? is [address] the place from which value is taken from or to which value is placed onto ?
8:30 how can esi+340 be equal to two distinct memory addresses ? is esi unique or not ?
The same code writes to multiple different memory addresses, so no it’s not unique in that sense. ESI could be any address in memory, that’s why you want to distinguish between player and enemy (using code) before applying your cheat.
love your vids man
is it possible to find and change the transparency of a texture?
If so, how would you look for that texture?
Been watching your videos and am new to this side of cheat engine, how did u come to the conclusion 470 was the offset and 1 was u, 0 was enemy? Thanks
Advice to anyone doing this, if you automatically add the addresses to compare the structure, then make sure it's the same address you were at because it seems to actually automatically remove the offset.
I googled a request, find a youtube video, the comment section seems to find the video interesting
OK OK I GOT IT... I SUSCRIBE ;)
still watching this till 2018 ends :D anw thanks man
Awsome!!! Thanks Stephen. Really good Tut.!!
9:40 When I do this I get no addresses listed, it just does nothing?
Hello my friend. I was wondering whether you can use the offset between ANY address to compare? I have a game where it is rather difficult to find a constant that only is as such for the player, so I was wondering if I could simply go for a value like say, max score (pure example), find the difference between that address and the one I am looking to change instructions to, and then use that as my offset?
Is there anything you can do if none of the values match? Trying to use this method on the original Witcher game (for health). The shared health issue is the same, but I can't seem to find any values that are different, yet constant.
Awesome tutorial! Do you have a tutorial for changing all values that access an instruction simultaneously?
Got to same issue when trying to change increment amount of shopping list in Torchlight 2.
Because for no reason it uses same instruction for increment and decrement.
Idk how to solve so far.
So I remembered this tutorial and thought it would help me but I'm having an issue. I'm trying to do this same exact thing on The Last Stand Aftermath (the demo currently out) and every time I enable the AoB script, my character seems to get nulled after getting hit and unless I 1 shot zombies, they seem to get nulled as well. xmm7 holds max health, xmm6 is what is the register that normally gets moved into [rbx+00000130] by default. With the first script, zombies will not die and my character can't shoot and slides around instead of walks after getting hit even after disabling it (I'm assuming somewhere my character is getting nulled since my stamina won't regen but I can still roll around, very odd). With the second script, I can take damage after disabling it but zombies won't die even after disabling it. With the first script, it doesn't seem to matter what address I use to compare, I always get the same exact result. I've even tried changing the 3rd line to "mov [rbx+00000130], (float)100" but that gives the same result. The third attempt just crashes the game (fml). Any ideas what could be happening?
[First Attempt]
cheat:
cmp [rbx+00000124],0
jne code
movss [rbx+00000130],xmm7
jmp return
code:
movss [rbx+00000130],xmm6
jmp return
[Second Attempt]
code:
movss [rbx+00000130],xmm7
jmp return
infHealth2:
jmp newmem
nop 3
[Third Attempt]
cheat:
push edx
cmp [rbx+00000138],8
jne code
mov edx,[rbx+00000134]
mov [rbx+00000130],edx
pop edx
jmp return
code:
movss [rbx+00000130],xmm6
jmp return
JK! I figured out the issue. As always one of your videos saved me. th-cam.com/video/uBCo-Ek0rPg/w-d-xo.html I had no idea comiss was a compare instruction and completely ignored that before writing my own instructions.
Thaaanks teacher ...
Hey Stephen, do you do strategy games by any chance?
Like that intro ^_^
In 2019, it's still the only way to deal with functions that accesses many addresses when you only want to use only one?
once you find those addresses, do they change if you restart the game or is it an assigned address?
Mr. Chapman, Is there a way to find out the health address of a single enemy while using the 'unknown initial value + decreased value' is not effective. I very much hope you can give me some advice. Thanks!
Unknown + Changed/Unchanged. You can try different value types, too (4 Byte, Float, Double, etc.).
Thanks for the suggestion. I'll try and see. Hope that it works this time
I'm sorry to say it didn't work after using different types of value.
Anyway, for making one hit kill script, I have to find health addresses of some enemies (not a single one) but whenever I come to the step (find out what addresses this instruction accesses), no matter how many times I hit the enemies, their addresses and values never appear in the windows. Therefore, I am unable to continue. I really don't know where my problem is.
I'm trying to do infinite jumps in Castle in the Darkness.
I can get the values down to 2, sometimes 3.
I feel like I'm so close it getting it to work but so far away.
I tried to copy the same methods used in "I wanna be the guy" but no dice.
Can you help or do a video on it?
*SUPER PRETTY PLEASE!?!?!*
Not trying to brown nose (hahaha), but your videos have been super helpful and I learned a lot from them.
Any tips would be extremely helpful!
Thanks!
+Knightime X You may well be close. Jumping can be handled a number of different ways. You might need to try finding the instruction that writes to the addresses you've found, then try nop-ing that instruction to see if it cancels jumping or something. Once you can find that, then you can influence the number of jumps allowed/left/etc. That's if the mechanic even works like that...
@Stephen Chapman i really need your help on something special using the combination of bluestacks and cheat engine.
+Stephen Chapman I was able to get inf health for myself and not for other enemies. But as I kept playing I noticed some of the enemies health still wouldn't decrease. Do you know how I could fix that?
Nevermind I got it!
Hello there can you do a tutorial on making a user interface trainer using cheatengine?
hi
i have some big problem finding a right address.I play strategy game call praetorians.And i wish to make a trainer for it for a long time. I need to find an address who doesnt move to any number no lover no higher.Its showing for awalible troops i have and how much i can have like this 350/500.that number 500 i wish to move it higher (cheat it)to make more troops in the game.And some other things are the same in this game .. can i show it in some picture if it is possible to help me to make a proper trainer for this game? thank you
Great video, I hope you will also cover trainer making with Lua build in into Cheat Engine, thanks! :D
+Yetiwizard1 I'll be touching on that stuff at some point, but in the mean time, here are 2 videos you're going to want to watch (they're long, but if you really want to learn, then these will really help you out): th-cam.com/video/q9amprLELWM/w-d-xo.html and th-cam.com/video/Da31FOdrev0/w-d-xo.html
+Stephen Chapman Thanks a lot, i'll go through these. It's great to see you back in action after a longer break. :)
Trying to do this with Crashland Pc version is a mess can you help ?
thank u steph that tut helped me alot :D 1 Question why dont u use Code injection ??is it same as AOB ? 2nd Question when we did aob injection and got inf health so we dont need base address ??? even after restart game the code still work ??
+MAD#05F211IQ! Glad it helped! Code Injection and AOB are essentially the same, with the exception that if you're not using base addresses with code injections, that script won't work the next time you start the game. AOB will work if you find an array of bytes (whether that's an instruction you find, a memory address, etc.) that remains the same at all times. I love AOB injections because finding base addresses in modern games can be a pain in the ass, or take a lot of time.
Finding instructions to do things with is a lot faster, and they enable you to potentially do more, like in this video how I was able to just have health values change between player and enemy as the instruction runs. If I found the base addresses for player and enemy, then I'd still have to manually input values, or lock them. And since enemy addresses change in this game, that probably wouldn't even be possible in the first place, so you'd be left with finding the instruction, which always knows which memory addresses to write to/access.
+Kata Keto Many times, yes! Sometimes, though, an array of bytes can change, depending on what they updated. For instance, Terraria and The Witcher 3 are notorious for needing to have new AOBs found with updates. I've even seen register changes, such as something that was once referencing ECX now being, say, EDX. The good thing is that you're rarely too far off from finding the AOB again, so if it doesn't work, you can try replacing certain bytes in the array with ?? or * and see how you fair. =)
+Stephen Chapman thank u steph another Question we use dissect data structure to find shared adresses ??? i think we can find enemy health with wt write to this address 2 in memory viewer right ???
+MAD#05F211IQ! Yes, you could do that. In this case, you would find the exact same instruction. Starting with trying to find enemy's health address first would potentially be more time-consuming, but if the code for writing health wasn't shared, then you'd have no choice but to find enemy health, then see which instruction writes to it.
ty, i love u :)
Hi! What should i type instead "(float)" if address type is 4 byte?
(int)
@@StephenChapman
Thank you!
can you do MU Origin Emulator Cheat engine?
So this is how you search for instructions with AOB. Have to set it to scan read only also and then the option is disassemble
What if that is something written in the game, and I want to change it?
Thanks
When i did this i had ohk but i was on ohk state to.
Wow cool
can you try to hack throne rush on facebook
Do you even need that infinite health when the enemy shoots you every like 5 seconds... your health just regenerates during that
Great tutorial !
Thanks you so much
+Deo Wibawa Glad you enjoyed!