this is a re-creation of the thread from our old forums, I wanted to prevent this information from getting lost...
Not top-secret at any rate, but some things are not intuitive, at least for me.
in Disassembler, there is "Tools - Dissect Code" (Ctrl-J), which analyzes the source code of the game. After running that, the normal disassembler displays more informations, for example which addresses are calling a function. Double-clicking on one of these addresses lets the Disassembler jump to this location.
in Disassembler, too: going to the beginning of a function, right-click "Spawn Diagram" (Ctrl-Shift-d) creates a graphical view of the current code.
if your address list contains an adress resulting from some pointers, you cannot directly copy the address itself. Make a right-click on this address and invoke "Pointer Scan for this address“. In the pointer scanner window you can easily copy the address and close the pointer scanner.
as you most likely now, pressing Ctrl-H on a table entry lets you set Hotkeys. Default is to check/uncheck the freeze-Box. But you can also set the hotkey to increase/decrease the value by a specific amount. So "get 1000$ ingame" does not require any scripting.
if you want to skip a bigger part of code, you can inject a "jmp+x" instruction which simply jumps over the next x Bytes. Better than NOPing out.
when stopping a game with a breakpoint, you can use $EAX as address in dissect data to display the memory at the address which is stored in EAX
sometimes you have a table entry "full health" and an entry "current health". Of course you want to copy full to current. Instead of writing a script, you can freeze current health and set the value(!) of current health to (full health). Now the content of "full health" is copied to current health. Got this hint from DarkByte/Eric himself on the forums which shall not be named in a thread which has been deleted there.
in memory viewer - view - preferences you can set the spacing between the jumping lines in the disassembler. With default settings, I find them hard to follow.
if you ever stumble about a mono address like "PlayerControl+<GoForward>d__15:MoveNext+b9e", CE will not accept it for "goto" in disassembler or for a code injection. Simply remove the Plus-Sign and everything before, than it works fine. (Thanks, Kraqurjak!)
when you right click an instruction in the disassembler to do break and trace and get the break and trace window up
there are several check boxes you have:
skip system modules
stay inside initial module
skip over calls
well I discovered that when you try to break and trace vcruntime140 like with unreal games you have to leave the skip system
modules box unchecked or it won't work! Also leave stay inside initial module unchecked as well to capture everything or you will only get a few instructions captured! (Info by JoseFaction)
Another thing that's handy but many people don't know: If you use "find out what addresses this code accesses" on a 'ret' instruction, it'll return the addresses of the functions that called the function you're in (Info by Eric/DarkByte)
after copying an address with a code injection and save the wanted address as "playerbase", do not use [playerbase] in the address entries which use it. Instead, make a pointer-entry with the address playerbase and the offset 0. The effective addresses in the table are still the same, but are updated much faster - with the "wrong" way, it will take 4-5 seconds for values to get updated. (Thanks to Eric/DarkByte for pointing that out)
in lua if you get a memory record and want to add ("100:Full") as an entry to its drop down list you can do the following:
Code: Select all
local x = getAddressList().getMemoryRecordByDescription("health") x.DropDownList.Add("100:Full")
now ("100:Full") will be added to the drop down list of the memory record (Info by NightOwlScripter)
This text has been converted from our old forums, and since there were some addiontal hints by MarianaRoses, I copied them, too:
Whenever you try to refer a PID from a task manager back to cheat engine, r.click on the process list, convert PID to decimal. Somehow, I been missing this for years and been using calculator to convert the PID dec to hex back to CE.
If CE sort of pseudo-crash on you, where you cannot save your work but still can move around in cheat engine , error like out of memory, exception error, etc. Most of the time this happen to unity/mono game while mono features is on. You can copy paste your script/address to another cheat engine instance and save it without any error.
If some script didn't work as a user but you 100% sure you have the same game version with the cheat maker, try a different cheat engine version. Go up a version or down. I have at least 5 people that struggled to make cheat work, while 3 users literally took hours of finding root cause without avail. Changing to a different version solved their problem. Got 7.1,7.2,7.3,7.4 in my pc just for testing purposes.
This should be basic, but for beginner, If you're not sure why your script crash, pause the game by cheat engine pause hotkey, put a breakpoint around the injection point, resume the game. Step in to your script until you find the exact code before it crash.
creating cheat for a hobby, not obligated for requests or update.
my ct will always be free to be shared without removing the credit or where it originally came from.
anyone can update in case I'm not doing this anymore.
As Eric/Darkbyte showed at FRF here: If you want do store a double-value into rbx, you can not just
Code: Select all
, because it will result into an invalid code. Instead, there are two ways to do it.
Code: Select all
mov [rbx],(double32l)100 mov [rbx+4],(double32h)100
Code: Select all
mov rax,(double)100 mov [rbx],rax