Advanced Cheat Engine Tutorial: Backtracing Shared Instructions from Visual Addresses! [Eldritch] 

The thing I learned from this video help me hack the game that has been bothering me for a long time.

Cheers mate. Brand new to the subject but I really enjoy how you explain as you go in your tutorials. I look forward to learning from you on creating cheat tables.

Your tutorials are EXTREMELY good and helpful. I really wish I had them earlier :) I pretty much started like you did in this tutorial but you know and show how to use the functions in CE which is mostly the missing point for me when I want to do something.

Thank you so much, i learned more from you:)

Great tutorial. Not too advanced, not too easy. Just good

Thank you so much, this was really an awesome tutorial!

masterful presentation

Awesome tut pal,, keep'em coming.. That is definitely one of the best back tracing tuts out there. You cannot find info like this out there anywhere.. Very well done.. So full of good information.. :)

Thanks for this, will try it out in half life 2. Thanks for showing me Eldritch! Bought it and it is great!

Helpful. Thanks

very clear tutorial more ups next video tutorial sir like that in your video tutorial but it's a different game..

AWESOME,Like iT!

Thanks a lot !

To save time, when you are in the "changed addresses" window at 11:00, you can highlight them all (or just select certain ones) and add them all to a dissect data/struct table automatically to save typing them all in manually.

What games do you recommend getting for learning how to get better at backtracing, encrypted values, and shared instructions?

you could make a video using the "Graphics Memory view"

why -8 very good video, helps me a lot!

why did you do the pushf and popf? And,why does the script not get activated when I assign to the cheat table(not your script,my own script of some other game)?Sometimes scripts get activated when I activate them but other times that 'cross' mark won't show! Is it because there is some error that I did in the AA script???

I was doing your tutorial and I did fine until the mov between de cmp and the jg. When I was about to look up the adress of that mov [eso+08],eax I noticed that this adress is called "aobInfiniteHealth" now.

> 2:51 then I'm lost beyond that.

Can you help me change a value type Ina game where they have a checksum sort of thing

Can i do the same script without one hit kill but getting godmode if the command is a movbe?

loved this vid, as always it taught me something new. I was wondering if I could pick your brain for a minute, I just got Fairy Fencer F in the steam sale and started messing about with it, it's actually quite an easy game to hack (5X exp cheat gives a good balance without having to grind) but I ran into a problem where I have a AOB injection script working fine, except it can't be disabled. any ideas as to what could cause an issue like that? I've recreated the script 3 times using different AOBs but the issue still persists. other than that it works fine

I'm trying to add some card parts in Gwent Beta. How to find the address when the values are not the same as on the screen? I.E.: I have 50 card parts, I scan for 50. Then I destroy a card and have 55. I scan for 55. I've got 2 addresses left. I destroy another card and I have 60 parts. I scan for 60 and zero results. I have also tried scanning for increased and decreased values. Also, I get zero results. Can you please make a more advanced tutorial for Gwent? Windom

Hey Stephen i just started watching your cheat engine tutorials and i figured id ask this question on a newer video so you see it. im on video 7 now and i love them all very well done. but im trying to change my health in a game. and i can change the value on the screen but when i get hit it the hp bar displays the true health then goes back to what i changed it to. but ill still die. if you get what im sayin. thank in advance!

What have I gotten myself into... Also wait so eax is the enemy? and esi is player health? or am I wrong cuz ive never programmed or anythin before. Also, when you are in the dissector, you put minus 8, however on the memory viewer it says plus 8. Is there a reason for that?

Can you do update on this?

Hello, can you make tutorial "How to make long male weapon\Increase length of male weapon"? P.s. Sorry for my bad english

Because when I change the value in the game it changes but it doesn't stick. What are the different ways I can make the vale change and stick forever when I log back into the server

can you help me with marvel future fight

notehub link since I'm sure YT will refuse to acknowledge the new lines in my post: notehub.org/ganxa great video! 4:50 instead of looking down to find ret and then manually typing in the address to go to, you can click in the section of code you care about (for instance, on the push esi) and then press the left arrow on your keyboard twice; The first press will move up to the "head" of the function and the second press will then collapse/hide that function and the instruction right after it will be the instruction after the call to the collapsed function, which you can simply double click on to have the dissasembler jump to it. If you're going to do it often, those are two tips that are really handy (especially for long functions) 11:08 2 tips, you can add -x to the address in dissect data structures and have it do the math for you (or +x, as well as dereferencing with []) but you can also select the addresses in the "Changed Addresses" panel and right click and choose "Open dissect data with selected addresses" (CTRL+D) and it'll automatically adjust the addresses to the base address used in the instruction. As for the whole mov/sub difference... you realize that sub affects the flags that jng uses right? (ZF=1 or SF!=OF) While mov does not.... If mov 0 wasn't working as expected then that's probably the reason why, and an easy test would be to move popf after the sub instead of before.

Hellow, plaese, help me. go to tanki online (garage) and change prise of anything, just change value of anything you want (gun, hull, paint, kit...) Good luck and thank you

cant download you're table :C

Stephen! Just stopping by for some help on my script, I can't seem to get it to work, the game always crashes. (game shall be anonymous if that's OK with you) What I'm trying to achieve with my script is to make every enemy teleport to my coordinates at all times. Below is my script. [ENABLE] aobscanmodule(XY,Client.exe,D9 42 08 DA E9 DF E0 F6 C4 44 7A 04) // should be unique alloc(newmem,$1000) label(code) label(jumptome) label(return) //I'm trying to allocate 3 separate places to store my XYZ with starting value of 0.00 as to make it empty. The thing is... I'm not sure if it's 'dd' or 'dq' or something else. alloc(x,4) x: dd (float)0.00 alloc(y,4) y: dd (float)0.00 alloc(z,4) z: dd (float)0.00 newmem: code: fld dword ptr [edx+08] //This is the beginning of the original code fucompp //This is the last of the original code //My code starts below cmp [edx+90],00000000 //I tried to separate myself from enemy entities, enemies are always 0 in hex and mines always have a random value except for 0 je jumptome //If 0 then continue to jump to 'jumptome' function cmp [edx+94],00000000 //same thing as above je jumptome cmp [edx+98],00000000 //same thing as above je jumptome //Now this me since all enemy entities are being directed away from this //I'm trying to assign my XYZ into registers, not sure if that's legit or bad push edi mov edi,x push esi mov esi,y push ebx mov ebx,z //edx is the base address for all entities, where as +00,+04,+08 = X,Y,Z from base address mov ebx,[edx+08] //trying to store Z coordinate into ebx mov esi,[edx+04] //trying to store Y coordinate into esi mov edi,[edx] //trying to store X coordinate into edi jmp return //back to original flow of instructions jumptome: mov [edx+08],ebx //enemies Z coordinate is being replaced by our coordinate stored in ebx mov [edx+04],esi //enemies Y coordinate is being replaced by our coordinate stored in esi mov [edx],edi //enemies X coordinate is being replaced by our coordinate stored in edi jmp return //back to original flow of instructions XY: jmp code return: registersymbol(XY) [DISABLE] XY: db D9 42 08 DA E9 unregistersymbol(XY) dealloc(newmem) dealloc(x) dealloc(y) dealloc(z) What happens when I activate the script, the game keeps running in the background but then the game pops up a error and shuts down the game when I click OK. Please help. What am I doing wrong? How should I go about achieving this? Thank you Stephen!

It's a good tutorial however I couldn't understand a single thing after the 2:51 mark. I'm trying to hack a game called Lost Castle and I can't find these push values or calls. I'm thinking of throwing the towel on this one.

Is there a way to compare an address to multiple numbers? I'm trying to make it so if my health is less than 6, it will heal me.

Can anyone explain why you have to push the flags ?

Would you be willing to take a look at writing a similar script for Zelda Breath of the Wild for CEMU (wii-u emulator)? The community would love you forever. In this game, your weapons take damage upon each use and can break. Weapon health AND enemy health appears to be governed by the same instruction. If you make your weapons indestructible, the enemies are also indestructible. I will try to use what I learned here to make something work, but I definitely don't have a command of assembly the way you do.

where did you learn all that stuff? That you know exactly, what refers to something, what you have to do etc? Its like seeing magic and listening to god O.o

Now how do I find rng in online games?

Bro can u make video how to hack bluestack games like fifa 15 new seasons?? PLS REPLY

+Stephen Chapman Thank you Boss for your awesome work ! I'm looking for help bro, I tried contacting u but I think u didn't see my msgs ! I've been using an emulator these days call Droid4x, and since then, the debugger doesn't work and there is no opcodes in what access to this memory ! I really need ur help bro, hope you will reply to my comment ! thanks man for all CE lessons, you're doing a great Job