.png "English"){kind=small}
Cheat Engine Tutorial
Cheat Engine 5.6 Tutorial by Danie999 at D3Scene.com
Welcome to my tutorial,
Make sure to click "New Scan" after every part of the tutorial.
Step 1 The beginning:
Open up Cheat Engine 5.6 and your Tutorial. Go to Cheat Engine and click the red-blue brighting button. A List will pop up that shows you all your running processes. Choose Tutorial.exe and click open (or double click the process).It should be the last process in the list. Now go to your Tutorial and click Next.
Step 2 Exact Value scanning:
At the bottom left of the Tutorial you see the Health Value. It should be 100 at the beginning. If you click "Hit me", the value should change. Now go to Cheat Engine and fill in your current value to the value box. Leave the Scan type "Exact Value" and the Value type "4 Bytes" for now and don't check the "Hex" box. Now click First Scan. Now there should be addresses in the left box, leave them for now. Go to your tutorial and click "Hit me".Go back to Cheat Engine and fill in the new value and click "Next Scan"(Or hit enter). Now there should just 1 value be left (If there are more, repeat the procedure untill you have 1 value left). If you make a mistake you can click "Undo scan" to get the previous adress list (Or just click "New Scan" and repeat your scans).Back to the 1 value you got, click it and than click the red arrow right next to the box or double click the address to add it to the box below. Now you have to change the value to 1000. To do so, right click the address in the bottom box and choose "Change record" and than "Value" and type in 1000 (Or just double click the number in the bottom box). Now hit enter and the next buttom in the tutorial should appear.
Step 3 Unknown initial value:
In this part of the tutorial, you don't know the value you want to scan for. The text in the offical tutorial tells you that the value is between 0 and 500. So you now have to choose "Value between..." as Scan type. Fill in 0 in the first box and 500 in the second and hit "First Scan" (You can also use "Unknown initial value" as scan type).Now go to the tutorial and click "Hit me". It tells you by how much the value decreased. Choose "Decreased value by..." as Scan type and type in the number that the tutorial gave you and hit "Next Scan" (You can also use "Decreased value" as Scan type but it takes longer). Now go to the tutorial and click "Hit me" again. Repeat the Scans until you have 1 value left. Now add it to your address box and change it to 5000. Now click the next buttom in your tutorial.
Step 4 Floating points:
Start up with changing the "Value type" in Cheat Engine to "Float". Scan for the value of your Health in the tutorial untill you have 1 value left and change it to 5000 (The value will have many
decimals after the offical number). Now click "New Scan" and set "Double" as Value type. Scan for the address until you have 1 left and change it to 5000. Now click the Next buttom. Don't forget to change your Value type back to "4 Bytes" when you are ready.
Step 5 Code finder:
Start with finding the address and add it to the bottom box. (Value type = 4 Bytes and Scan type = Exact Value). Right click your address and click "Find out what writes to this
address". Confirm the next window with clicking Yes. You can close the "Created processess" window if you want. Leave the other window and go to your tutorial. Click Change value and check the "Find out what writes to this address-box". There should be something in now. For this step you just have to click the 'letters and numbers' and click "Replace". In the next window just click OK or rename the code. It doesn't matter. Click Stop and than Close in the "Find out what writes to this address-box" Go to your tutorial and click Change value and than Next. The value shouldn't change anymore now.
Step 6 Pointers:
Scan for the address you need and add it to your bottom box. Don't click "Change pointer" for now.
Right click the address and choose "Find out what writes to this address". Leave the new window and click Change value in the tutorial. Now one codes should appear. Choose it and click "More information" (Or double click the code). Now you see that one line is red and that there is a [xxx].Go to your Cheat Engine and tick Hex. Now fill in the code between the [..]. (You can see at the bottom in the "More information" box that the letters like EAX, EBX etc, have their own code. Type the code and not EAX or something like this). Scan for the hex address and don't add the address you will find out to your box yet. Press "Add address manually" and check "Pointer". Fill in the address you've found out. (Not the eax address – It's the result address of your scan/Use a green one because they are static. That means that they won't change). Leave the Offset 0 for now. Now you can change the value of the pointer and if everything is right, your other address should change too. Change the Pointer address to 5000 and freeze it. (Check the box under "Frozen").Go to your tutorial and press "Change pointer and wait 3 seconds. Click Next.
Step 7 Code Injection:
Scan for the value you need and add it to your box. Right click your address and "Find out what writes to this address". Change the value again and click the new code. Now click "Show disassembler". Click your value if it isn't 'blue' yet. Click "Tools" and than "Auto Assembler".Click "Template" and "Code Injection". Fill in your address and press OK (The address maybe is already in there). You should see a part where is written down "Newmem" and a part where is written down "orginalcode". Copy the orginalcode right under newmem. Dec means decreases and add means add. You know that every time you click "Hit me" in the tutorial the value decreases by one. So if you change the "dec" to "add" the value should increase by one each time you click "Hit me". Your goal is that it increases by 2 each time your click it. So now add ",2" behind your code. Without the "" of course. Everything with a // before it will be ignored. So now you have to add the "//" before the orginal code or just delte it. As an example:
Original:
New one:alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
0045A063:
jmp newmem
nop
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
dec [ebx+00000310]
exit:
jmp returnhere
When you are done click "Execute" and accept the next box with Yes. Now go to your tutorial and press "Hit me". Click Next.
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
0045A063:
jmp newmem
nop
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
add [ebx+00000310],2
originalcode:
//dec [ebx+00000310]
exit:
jmp returnhere
Step 8 Multilevel pointers:
Scan for the address you need with the change value button only as in Step 6 until you have your value. Add it to your box now and right click it. Choose "Find out what accesses this address" and change the value. Now you get a code. Press More Information and scan for the red code between the [..] (Don't forget to check the Hex box). Leave out the "+xxx" for now but write it down (Only the +xx thing/18 in this case). Click "Add address manually", check Pointer and type in the address as in Step 6 but now fill in the "+xx" in the offset box. Now click Ok and you got your first pointer.
Close the windows. Right click the first pointer address and click "Find out what accesses this address" and "Find out what writes to this pointer". Change the value again and click more information. Write down the "+xx" again. If there is none, write down 0. Scan for the code between [..] again (with hex). Click "Add address manually" and check Pointer. Fill in the scanned address and leave the fill in the offset. Now click "add Pointer" and fill in the offset of the previous scan (It''s 18 and the new one is 0). Repeat this until you have 4 pointers.
[The offsets are: 18, 0, 14, 0c] – The last address should be green because it's static.
Freeze the last Pointer and change the value to 5000. Than go to your tutorial and press Change pointer. If everything went right, you can click next.
Step 9 Injection++:
Scan for the address and add it to you box. Than right click it and "Find out what writes to this address". Now change the value again and check the code. Show the code in the diassembler and choose it. Than click "Tools" and after that "Script Engine". Copy the code out of the tutorial in the Script Engine.
Replace the "addresstochange" with your address code and add a 0x before the address#include <time.h>
struct tm *timep;
time_t c;
c=time(0);
timep=localtime(&c);
if (timep->tm_sec>=30)
*(int *)addresstochange=1000;
else
*(int *)addresstochange=2000;
(Example: Address: A123 than it would be 0xA123).
After that press "Inject" and "Inject in current process". Copy the code with the "call"#include <time.h>
struct tm *timep;
time_t c;
c=time(0);
timep=localtime(&c);
if (timep->tm_sec>=30)
*(int *)0x01AD22C8=1000;
else
*(int *)0x01AD22C8=2000;
(call 003A00CD). Now go back to the "Find out what writes to this address" window and click more information and check out the red line (dec ebx+xxxx). Now show the code in the disassembler and mark the red address from the "More information-window". Click "Tools" and than "Auto Assembler". Than click "Template" and "Code Injection". The address should already be filled in, so just press Ok.
Paste your "call code" in the line below "newmem" and delte or take out the original code.alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
00458EAA:
jmp newmem
nop
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
dec [ebx+00000318]
exit:
jmp returnhere
Now click "Execute" and you are done. Go to the tutorial and click "Hit me". The Next button should appear and you are done with the Cheat Engine Tutorial.alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
00458EAA:
jmp newmem
nop
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
call 003A00CD
originalcode:
//dec [ebx+00000318]
exit:
jmp returnhere
Written by Daniel999 at D3Scene.com
Don't copy it without linking to this threat.
Download Cheat Engine 5.6: Cheat Engine
(Hack By) Ghazanfar Naqvi
Categories:
Tutorial
Posts
0 comments:
Post a Comment