0
Recreating Geri's tutorials and articles before his site got wiped out. Wealth of information in it!
-----
This tutorial will show You how to use the data dissector to find interesting values and analyze data.
I will use Cheat Engine 6.0 in the tutorial. You can download it from here:
Cheat Engine
Our target process will be Armies of Exigo's DEMO version. It is small, freely available, very easy to find values and a fairly good game (one of my old favorites), so it is an excellent choice for demonstration. Use Google to find dozens of links for the demo but here are some links to keep up the pace:
Demo Versions: Armies of Exigo Single-Player Demo - Demo Movie Patch Download Section
Armies of Exigo Demo - FilePlanet
Our task will be to find a few unit's structure, analyze them and find a "player ID" to create a god mode cheat.
Start the game and play it a bit. If You have played Warcraft and similar games, this game will be familiar to You.
1st task: Finding the unit's health and the code which is changing the health
This should be very easy, the health of a unit it displayed when it is selected. It is stored as a Float type value. Find some enemies, search for Your health and if You have found it (You should have only 1 result in Your list), add it to the table.
Now right-click on it and choose "Find out what writes to this address". Go back in the game, loose some health and You will find this code:
005DA8DC - D9 5E 04 - fstp dword ptr [esi+04]
2nd task: Finding some more unit's health
Now You have the code which is changing the health for all units when they are taking damage. Your task is to find a few unit's health, including enemy and friendly units. Get 2 units and find some enemies. Right-click on the code that You have found and choose "Find out what addresses this code reads from". Make sure that Your test subjects will not die in the process. It would be optimal if You could find at least 2 friendly and 2 enemy unit's health. Like this:
3rd task: Checking the structures
Now You should have enough addresses to start analyzing a unit's structure. So what are structures? To keep it short, let's just say that some values are stored together in one place instead of scattered around in the memory (You can find many more info about structures on the Cheat Engine Forum).
In our case, the most important data about a unit is stored together in a structure as You will see it in a minute. The start of the structure (the base address) is usually the register between the [], which is in our case ESI. ESI+04 is the address of the health, so we can clearly see that the health is stored almost at the start of the structure. Ok, what kind of information can we find here?
1. Open the memory browser and use Tools->Dissect data/structures.
2. As we have 4 units to compare, use File->Add extra address to add 3 more address slots.
3. Now in the address slots, type in the address of ESI, which is in our case the health address-4 for all 4 units.
4. If it is done, use Structures->Define new structure.
5. You can give a name for the structure, but it is not important, click Ok.
6. Click Yes and allow Cheat Engine to guess the type of the values automatically. It will do a very good job.
7. It is enough to analyze 4096 bytes now, so click on OK again.
Now You see 4 coloumns with a bunch of data using red and green colors. Red means that the values in the structures are different, green means the values are perfectly matching in the structures for all 4 units.
To make things even easier for us, we can even create groups. As we will try to analyze the differencies between friendly and enemy soldiers, let us put enemies in a different group. Right-click on the enemy unit's address and choose Change group. Set all enemy unit's group to 1.
You can immediately see that some colors has changed and some values are shown with blue color. Blue color means that the value is the same inside that group, but it is different compared to other groups.
Here is a picture of what should You see:
Now we can go on with the analyzis. I told You this will be an easy game so You will immediately see the important values.
offset 0000 [ESI]: As You can see, the first value is 0 for friendly units and 1 for enemy units. Yes, You are right. This value is storing the owner of the unit. 0 is the human player so if this value is not 0, the unit is an enemy unit.
offset 0004 [ESI+04]: We know that already, this is the health of the unit. :)
offset 0008 [ESI+08]: If You have a sharp eye, You can probably see that this value is the maximum amount of health for the unit.
offset 000C [ESI+0C]: Mana of the unit.
offset 0010 [ESI+10]: Max mana of the unit.
This info is already enough for us to make a god mode script and if You find the code which is changing the mana, You can easily create an infinite mana script too, which will work for Your units only.
Now my test units don't have mana so 0C and 10 has 0 value.
Just a short video to keep up the pace if You are confused about something:
YouTube has disabled this video, so here is a backup, hosted on this site:
Dissect data/structures in CE 6.0 video
All we have to do now is write a script which is checking the value of ESI when the health would be changed and if it is 0, change the unit's health to maximum.
God Mode script (this is an old script that I have made ages ago):
fstp dword ptr [esi+04] //original code which is changing the health
pushfd //save flags
pushad //save registers
cmp [esi],0 //check if ESI=0
jne +6 //if ESI is not 0, the code will jump over the next 2 lines, jumping to the "popad" instruction
mov eax,[esi+08] //copy the max health on eax
mov [esi+04],eax //copy eax to the health, so max health = health
popad //load registers
popfd //load flags
Feel free to use code injection and try out the script, it will make Your units invincible.
If You want, go for it and create an unlimited mana script too. It should be piece of cake now.
Conclusion:
Now You have seen a real example of how values are stored in structures. We have searched for the health only, but with the help of the data dissector, we have easily found the player ID, max health, mana and max mana too. And we could find even more, like attack speed, attack range, attack power, unit speed, unit rank, vision range, co-ordinates and many more.
In FPS games, You can use the same method to compare Your player's structure to the enemies' structure. Find the health, armor, co-ordinates, gravity modifier, speed modifier and many more values that are related to Your charachter.
Or find the ammo for Your weapons and compare Your weapons' structure. Find the ammo, max ammo, rate of fire, weapon range, and many more weapon related values.
The same goes for racing games and other simulators, RPG's and so on...
There is one last important information that You need to know. Structures are sometimes connected to other structures. Like tables in a database. It may happen that a unit's information is stored in 2 or more structures, not just in one. Usually structures are connected to each other with pointers, so in a structure, sometimes You may find pointers that are pointing to another structure which also holds further information that You may need. It is always useful to check out the pointers to see where are they pointing. They are the connection to some useful information.
Examples:
In RTS games, a pointer in the unit structure may point to the "player structure" which holds the amount of resources and other information about the player. Sometimes You can use this pointer as a player ID for the unit if You have found a way to connect both structures.
In FPS games, a pointer may point to the name of the charachter, usually to "Player" or similar string, and You can use this string to compare and create a god mode. If You check a weapon structure, usually You find a pointer which is pointing to the charachter's structure, this way You can create unlimited ammo for weapons that are pointing to Your charachter's structure only.
In summary, You need to realize that data and structures are connected to each other by pointers. Be creative, patient, vigilant and You can figure out where are these connections and how to use them to Your advantage.
Just a small "extra":
I have already written about the Data dissector's options and You can find it in the CE helpfile too, but here it is anyway:
This option is a fine tool to examine or compare data in similar memory regions or structures. It can be used if you wish to compare your charachter's structure with the enemy's structure in an FPS or strategy game, but of course it can be used for other purposes too.
File->New window: This option will open a new dissect window.
File->Import: Import a structure.
File->Export: Export a structure.
File->Save values: Save the content of the window in a file.
File->Add extra address: Add a slot for an extra address for comparing.
View->Change colors: Customize the colors of this tool.
View->Update interval: Customize the value update interval.
Structures: Create a new structure with Define new structure, then give a name and a size for the structure. If you have more than one structure, you can choose the one that you need from here.
Commands: Rename and Delete structure will rename and delete the currently used structure.
Automatically guess offset types will allow CE to guess the type of values in the structure.
If you have added one or more addresses to the window, you can right-click on an address and sort them into groups. This is very useful because you can compare the values in every structure and also see if the values are the same in the same group, or they are different inside the group too (e.g. you can add 2 enemy unit and 2 friendly unit in an RTS game and place the enemies in a different group, thus you will see what is common between friendly units and what is common between enemy units)
If you right-click on an entry in the window, some additional options will be available, such as Memory browse this address, Memory browse this pointer and Add to address list.
That's the end of it, I hope You will find interesting values whatever You are searching for in whatever game.
For now, I think I will play a bit with Armies of Exigo, keep experimenting with any game that You like. :)
Peace!
Geri
To see an example of how can You modify things in an FPS game with the data dissector, read this topic:
Cheat Engine :: View topic - [Tutorial] Dissect data/structures in Cheat Engine
The videos are here: