Cheat Engine Tutorial

Exercise 8: Multilevel Pointers

Multilevel Pointer Cheat Enginer Tutorial
PW=525927


//Find location of value via scanning 
000AEB38 = value = 3155
//Watch what writes to the above value and change the value to find the offset
//mov [rsi+18], eax
rsi = 000AEB20 + 18 > 000AEB38
//Watch what writes to 000AEB20 and change the value to find the new offset
//mov rsi, [rsi] (no offset)
//Scan for 000AEB20 looking for a pointer that points to this pointer
000AEA60 + 0 > 000AEB20
//Watch for offset
//mov rsi, [rsi] (no offset)
//Scan for 000AEA60
012D688 + 0 > 000AEA60
//Watch for offset, mov rsi, [rsi + 18]
//Scan for 012D688 - 18 = 012D670
000AEA10 + 18 > 012D688
//Watch for offset, mov rsi, [rsi + 10]
//Scan for 000AEA10 - 10 = 000AEA00
100306B00 + 10 > 000AEA10

Exercise 9

CE_Tut_9.txt
PW=31337157


Successfully changed health and froze it
    Found base pointer for player health and changed it to a large value plus a freeze
    Not really intended solution
054384A8 = value
0152FEB8 -> 054384A0 + 8 
100306B10 -> 0152F630 + 888

Correct Solution:

    Find all player's health variables via scanning

    Find the offset to the data structure via the "Find out what accesses this address" option

    Open the disassembler and select Tools > Dissect Data/Structures

    Input team 1s variable locations via "Add an address" , take the found variable less the offset

    Use "Add new group" + "Add extra address" and do the same for team 2

    The variable at offset 14 is the team number, 1 and 2

    Ctr + a to create an auto assembler template... I injected mine before the subtraction instruction

    The code I used:


alloc(newmem,2048,"Tutorial-x86_64.exe"+2EB51) 
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here
//Check if team 1, if team 1 jump to exit and skip the subtraction instruction
cmp [rbx+014], 1
jp exit

originalcode:
subss xmm1,xmm0

exit:
comiss xmm1,[Tutorial-x86_64.exe+22C780]
jmp returnhere

"Tutorial-x86_64.exe"+2EB51:
jmp newmem
nop 6
returnhere:

https://www.youtube.com/watch?v=yjdSxL2DWfE

PreviousAssembly Resources NextWindows Internals

Last updated 4 years ago

Was this helpful?