Cheating Engine

Cheating Engine

1. Download

https://www.cheatengine.org/index.php

2. Tutorial

Step1

Step2

Exact value
    • Value = v
      • Scan Type = Exact value
      • Value Type = 4/2 Bytes (1 Byte probably won’t work)
      • First Scan
    • Change the value v
      • Choose proper Scan Type and Next Scan
      • Until there’s few left
      • Choose the best suit (Or test them one by one)

Step3

Unknown initial value
    • Scan Type = Unknown initial value
      • Value Type = 4 Bytes (For most windows app, it will use 4-byte int as the value)
    • Change the value v
      • Choose proper Scan Type and Next Scan
      • Until there’s few left
      • Choose the best suit (Or test them one by one)

Step4

Other

如果搜索不出来,表明可能不是用int/整数存储,将Value Type改为Double/Float重试

Hint: It is recommended to disable “Fast Scan” for type double

Step5 Code finder

查找代码

需求:锁定某个值,使其不能更改

  • 按照 2.1 找到地址

  • 右键Find out what writes to this address

  • 改变该值,窗口中会出现汇编代码 (改变了该值的汇编代码)

  • Step4:Replace it with nothing (n个nob)

Step6 Pointers

  • 首先找到value的地址
  • 再根据该地址找到存储该地址的指针
  • Add Address Manually

Step7 Code Injection

??

Step8 Multilevel pointers

方法一 pointer scanner
  • 找到该值,右键generate pointermap,保存为step8.scandata

  • 重新开始tutorial (记得使用相同的PW)

  • 找到该值,右键Pointer scan for this address

    Compare results with other,选择之前保存的,选择Address

    Note:对于实际游戏而言,Max level一般为8/9

    最后确认,保存结果

  • 得到一个或多个结果,多个继续change value,直到只剩下一个

  • 双击以添加到Address list中,change value to 5000,freeze it (选中地址左边的框),over

方法二 manual method
  • 找到该值,Find out what assesses to this address

  • 改变该值,发现mov [rsi+18],eax,表示偏移量为18

  • 搜索0xvalue的地址-0x18,找到该指针,循环进行以上操作,直到找到基址 (绿色)

  • 可打开Table Extra辅助记录信息,如

    1
    2
    3
    4
    5
    6
    Info about this table:
    a+18->value
    b+0->a
    c+18->b
    d+10->c
    Tutorial-x86_64.exe+306B00->d
  • 最后Add address manually,输入基址Tutorial-x86_64.exe+306B00Add offset,依次填入10 18 0 18,即可得到和上面一样的结果

Note:同样一个数据可能有多条访问到达它的路径

Step 9: Shared code

背景:Player和Monster都继承自Entity,如果让health的value不变,Monster的health也会不变

9-1

9-2

  • 首先找到Player3的health

  • 点击Find out what writes to this address,改变health值,show disassembler,stop and close unnecessary window

  • 右键选择Find out what addresses this instruction accesses

  • 依次Attack所有玩家

    依次会出现四个地址,注意右下角选择Float显示

  • 同时选择两个,右键Find xx->Mark as xx,把前两个编为group1,后两个编为group2

    • 选择任意一个Find xx->Scan for commonalities

      Double click to launch structure compare,勾选Only find matching groups

    • 或者Open dissect xx,每个都来一遍

  • 最后发现+8 是Float的health值,+14是队伍编号

  • Memory Viewer中选择Auto Assemble添加脚本

    选择Template,先添加Cheat Table framework code,再添加Code injection

    1
    2
    3
    ;注入核心代码
    cmp [rbx+14],1
    je short exit

    最后File -> Assign to current cheat table

  • 最后Active激活即可

3. Tutorial Game

4. Anti-cheating

对于上面的Tutotial如果直接修改,exe文件会改变,导致触发反作弊系统

作者

Kyle-Ye

发布于

2019-11-23

更新于

2020-02-26

许可协议