We have seen Cheat Engine on previous introduction. As said on that article, Cheat Engine has provide a “cheat me” program to let us practice using Cheat Engine. Officially it is called Cheat Engine Tutorial. In this article we will use Cheat Engine and practice in “cheating” the program. Specifically, we will do the “fourth stage”.
In this article I use:
- Windows 8 64-bit
- Cheat Engine 6.3
- Cheat Engine Tutorial v3
At least you understand the basic layout of Cheat Engine. You should know how to load a running process to Cheat Engine. If you don’t, please refer back to the introduction.
Open the Cheat Engine Tutorial v3
If you get to this article after beat the third stage, make sure you clear the previous result by click on ‘New scan‘ and clear work area.
Every stage can be accessed individually. To access this stage from Cheat Engine Tutorial’s main window, enter 888899 to password line edit.
Dark Byte (Cheat Engine creator) wrote this as hint:
Sometimes the location something is stored at changes when you restart the game, or even while you're playing.. In that case you can use 2 things to still make a table that works. In this step I'll try to describe how to use the Code Finder function. The value down here will be at a different location each time you start the tutorial, so a normal entry in the address list wouldn't work. First try to find the address. (you've got to this point so I assume you know how to) When you've found the address, right-click the address in Cheat Engine and choose "Find out what writes to this address". A window will pop up with an empty list. Then click on the Change value button in this tutorial, and go back to Cheat Engine. If everything went right there should be an address with assembler code there now. Click it and choose the replace option to replace it with code that does nothing. That will also add the code address to the code list in the advanced options window. (Which gets saved if you save your table) Click on stop, so the game will start running normal again, and close to close the window. Now, click on Change value, and if everything went right the Next button should become enabled. Note: When you're freezing the address with a high enough speed it may happen that next becomes visible anyhow
Information we got from the hint:
- Address of value can change each time we press button
There are multiple solutions exist to solve this. They are:
Again this stage is similar to our first stage, except the memory address can change.
First, find the address. The value is initialized by 100. Assume the data is 4 bytes long. Set the scan option to following:
We got so many address, let’s narrow down. Go to Cheat Engine Tutorial and press “Change value”. Remember what is the new value written there. Mine is 516. Go back to Cheat Engine and filter the address and display only the address having 516 as current value. It should be only one. Copy the entry to our working area.
Now, on the working area, right-click the entry and press “Find out what writes to this address”. You will be asked a confirmation that debugger will be attached to current process. Well, that’s our intention so click ‘Yes’. Then a new window should pop up. Let’s refer this window as debugger. The window has table, a rich text editor, and some buttons. Well, the list is still empty but we will fill it 😀
Now go to Cheat Engine Tutorial and click “Change Value” and back to above dialog. Now you should see a new entry there. The entry has something written in assembly language. Now select that entry and click the replace button.
A new dialog will pop up. Clear the text on line editor and then press OK. Therefore, change this
Now you are brought back to debugger. Click ‘Stop’ button to stop the debugger and click ‘Close’ (the very same button) to close it.
Now go to Cheat Engine Tutorial and click Change Value. The ‘Next’ button should be unlocked now.
This solution will use Pointer Scan. This solution is very easy and handy. A more detail explanation can be found we discussing multilevel pointer (Stage 7)
First, get the address of value. I think we have done it many times so let’s skip and assume you have found the address, add it to working area. Here is my result:
Right-click on the address and choose “Pointer scan for this address”.
Two new window appears, just press OK.
It will ask you what filename will be the result saved to. After deciding the filename, the second window will traverse your memory and search for the pointers. It would take a while, depends on your system. Here is my result.
Now go to Cheat Engine Tutorial and click “Change pointer”. Now initiate a new search for new value displayed on Cheat Engine Tutorial. When you find it, add it to working area. Here is what mine looks like.
Look at the address of our newly found entry. Write it down or just copy the address.
Now go back to the pointer scanner and click “Pointer scanner” menu on menubar. Click on “Rescan memory – Removes pointers not pointing to the right address”.
You will have another window appear. Now write or paste the address we have copied before.
If you encounter more than one entry, you should pick one. Choose the first one with address listed as Tutorial not else (THREADSTACK, for example).
Double click the entry to add it to our working area.
You should see the address is in form P-> XXXXXXXX, similar to the form in solution one. It is a pointer, and the pointed address is having the same value as in Cheat Engine Tutorial. To make sure we have the correct address, go to Cheat Engine Tutorial and click ‘Change pointer’. You would see the value change.
To advance to next stage, on Cheat Engine, set the value to 5000 then froze the address. On Cheat Engine Tutorial, click ‘Change pointer’. Wait and the ‘Next’ button will be unlocked in some seconds. Congratulation!challenges, cheat engine, memory