We are going to learn basic game hacking on Windows with Cheat Engine and Ghidra.
Open a creative world. Scan for Unknown Initial Value. Go to Game Menu and click on Options. Every time you click on the game difficulty button, scan for Changed Value. Scan for Unchanged Value when you stay on the same difficulty. You should see about 50 addresses. While using cheat engine in some games I've noticed that when I look for a specific value like per say ammo or sometimes when I'm bored currency in tycoon type games, I try to change the values but they almost immediately change back. I even try to freeze the value it just shits on it. The next scan processes the results of the previous scan. If you did a first scan before with a 'Advanced' scantype, it wont have any results, but cheat engine does contain the memory of the game as it was when you did the scan the previous time. That way you can do a scan for a changed,unchanged value etc.
Cheat Engine - Memory Scan
Cheat Engine is an amazing tool to find the address of values in the game's memory. Reading a process's memory isn't difficult (we have done this on Linux all the time), but the engineering effort to make it easy and fast is non trivial.
As a first step I would like to search for the selected skill. So here you can see an initial scan for an unchanged value, which finds millions of possible addresses. This makes sense because code and resources in memory are all unchanged.
So to continue with the process, we want to change the selected skill and use a combination of changed and unchanged values to filter out possible addresses.
Eventually we are left with a single address that shows the selected skill. In this case we have skill 3 selected and see the value 2, which means the selected skill is stored as an array index. It starts at 0.
Kickstart Reverse Engineering
When reverse engineering a huge software like a game, it can be hard to decide where to start. But Cheat Engine can help us identify interesting functions with tools like 'what writes this address'. This will attach a debugger to the game and log every change of this selected skill value.
Here you can see an example logged entry. It is a move instruction that writes the skill ID currently stored in edx. And it writes it to esi+0x180. When we imagine this function to be called SetSelectedSkill, the offset 0x180 could be an indication for something like a player class which has the selected skill ID as a a member variable. In this case esi could be the pointer to this player class in memory.
The following screenshot shows the memory pointed to by esi. The green value is the selected skill ID. The red value is colored red because it keeps changing - it looks like a timer. And we can also see a few strings like our name LiveOverflow, the team name PwnSquad and our location LostCave. So it could make sense that this is a player class.
From Cheat Engine to Ghidra
With this knowledge we could try to kickstart reverse engineering with a disassembler/decompiler like Ghidra. To find the code we found with Cheat Engine in Ghidra, we need to account for ASLR. On the left you can see the Memory Regions of the running process and where the GameLogic.dll is loaded, and on the right you can see where Ghidra loaded it. So with a bit of math you can figure out where 0x618f3e93 is in Ghidra.
Or you could use the rebase feature (house symbol) to adjust Ghidra's addresses to match the current process memory map.
Now we can simply goto the address that we found with Cheat Engine. Here is the assembly line that changes the selected skill ID, and we can see the decompilation of it. This means we can assume that bVar1 is the itemSlot number.
And if we assume esi is a Player object, then iVar2 would be a Player object which has the selected skill ID at offset 0x180. Ghidra has a neat feature to help us reverse engineer these classes, by auto-generating a struct. Based on those offsets Ghidra assumes that those are member variables. The picture below shows how Ghidra then changes the display of it. So we can rename field_0x180 to something like itemSlot.
Cheat Engine is one of the first and the best memory editor for PC games and the most advanced game cheating, trainer, and game hacking tool for PC games there is. Featuring a huge active community dedicated to improving the software and sharing trainers and cheats.
Cheat Engine Features
- Easy value scanning and editing functionality
- Tables serve as Trainers (scripts) shared by the Community
- Easy Speedhacking (slowing down / speeding up games)
- Easy creating of your own trainers / tables and cheats.
- An incredible amount of advanced functionality for advanced game hackers, coders, AoB experts ect.
- 100% free to use and create trainers with
- The best memory editor there is
- Easy code injection into any game process.
- Supports Lua trainers
* Standard version comes with PPI software (beware)
* No install version comes without PPI software
About Cheat Engine
Cheat Engine is the dominant platform for game hacking in PC without a doubt. Not only because it is by far the best application for this particular purpose, but also because it has an active community around it that helps to develop the software and provides free trainers / tables for all kinds of games. The Software was originally developed by Dark Byte, who is also the creator of Cheat Engine APK and has been doing good work in the game cheats industry for many, many years.
By default Cheat Engine comes bundled with all kinds of software, which is the Developers way of monetizing the software and absolutely fair enough, but this can trigger certain Antivirus software such as McAfee, to automatically delete the software, which is why we also provide the no install version in our Download.
Overall, Cheat Engine is excellent and allows even newbies to hack a lot of PC games easily. It lends itself mostly to use in single player games to get god modes, money, skill points, items ect, but can also be used in multiplayer games if one is so inclined. It is truly the greatest game hacking tool for Windows computers of our time and credit to its creators for bringing this program to the prominence it enjoys today.
Highly recommended, best of its kind. Download it today!
Cheat Engine Game Unchanged Value Sheet
Cheat Engine Game Unchanged Values
Game Hacking Software / Memory Editor / Video Tutorial