I've decided to split this thread into two parts, as its daunting reading through the whole thing in one thread. Here is the continuation to How To Find Pointers With Cheat Engine (Tutorial). This tutorial covers how to point though opcodes to set a foundation to making your own cheat tables.
Step 3.2.0: Pointing through opcodes
This is an more advanced method of pointing to a address. Forgive me because I'm sure I'll butcher this explanation. I usually try this method first, and if I have to, I'll use the above method second. This also sets you up for making a pretty decent cheat tables, especially because you'll be pointing to the class which may point to other things. For example, if we found health, that is probably in the player class and it should contain other objects like stamina, ammo, etc. For this example, I want to find things regarding my car in the game. Repeating Step 2: Finding the Initial Address of a value I can see (gas), I right click the value and select "Find out what writes to this address" and agree to attach the debugger.
![[Image: 9hJ0ghr.png]](https://i.imgur.com/9hJ0ghr.png)
Step 3.2.1: Displaying opcodes
A new window will pop up, you may instantly see something, other times nothing will show up. If something shows up, that means something, somewhere is constantly writing to the address. This could be anything from shared addresses, to game ticks, to something always checking the address. If nothing shows, you'll have to force that value to be written to. For example, ammo. You'll have to fire a bullet for it to be invoked. Either way is fine. For me, I had something always writing to the address so I didn't have to drive the car in game to get the gas value to change.
![[Image: SXVPFoY.png]](https://i.imgur.com/SXVPFoY.png)
Step 3.2.2: Evaluating the Opcode
The image above has a lot going on with it but its actually pretty easy to understand. Lets brake it down. At the top, we see similar instructions, but focusing on the top instruction, "18E8D44CEDD - F3 0F11 6E 48" we see the instruction "movss [rsi+48],xmm5" which is the assembly code saying "move the value that's in the register xmm5 into rsi at the offset of 48". Okay, so we have to figure out what rsi is, and what's in xmm5. Moving down, we can see rsi is actually an address to something. Further, we can see that xmm5 holds the value of 99.96 (to see registers values click "More information", in the new window click "F"). When comparing the xmm5s value to our gas value, we can safely assume that xmm5 does hold the gas value and the fact our gas value is being written to the address in rsi, we can assume that's our base class address to the car... Makes sense? Next, lets see what's going on in the rsi address.
Step 3.2.3: Evaluating the base address
(PRO TIP: I guess i should have mentioned this earlier, but now is better than never! Cheat Engine has a "Mono" Dissect feature that really is a blessing for unity games. Usually, unity games ships with the "source" called "Assembly-CSharp" that can be stripped down and you can view the raw c# code, make modification to, etc. Cheat Engine has the ability to take that and give meaningful names to opcodes address. If you're playing with a unity game you can enable this on the main Cheat Engine window at the top menu bar under "Mono". Click "Activate mono fetures")
Anyway...
Lets copy the address in rsi dropping all the 0's in the beginning "18F8F632D20" and click "show disassembler" which will prompt with the memory viewer window. In the memory viewer, in the top menu bar navigate to "Tools -> Dissect data/structures"
![[Image: m7DK7mM.png]](https://i.imgur.com/m7DK7mM.png)
A new window will pop up, place your address of rsi into "Group 1" and again, at the top menu bar select "Structures -> Define new structure". A new window will pop up, just hit okay here and Cheat engine will display every offest that address controls... Here, you may have a bunch of pointers depending on how big your game is. Remembering the quote from step 3.2.2, ""movss [rsi+48],xmm5" which is the assembly code saying "move the value that's in the register xmm5 into rsi at the offset of 48"". We know our gas to the car is at offset 48, so lets try to find it.
![[Image: 8vvlmLh.png]](https://i.imgur.com/8vvlmLh.png)
Cool... we found our address again, in the structure that controls the car. You will also see other good things in here like the total capacity of the fuel tank, the consumption rate to even the durability of the car. Lets not get ahead of ourselfs and actually do what we really wanted to do in the first place, a pointer to the opcode. (You'll wanna keep this window open.)
Step 3.2.4: Foundation for Pointer to Optcodes
Head back to your memory viewer. The opcode should be selected already from the previous step but if its not, you can repeat steps 3.2.0 to the first part of 3.2.3 that states "Lets copy the address in rsi dropping all the 0's in the beginning "18F8F632D20" and click "show disassembler" which will prompt with the memory viewer window". In the memory viewer, navigate to the top menu and select "Tools -> Auto Assemble". In the new window, again, in the top menu select "Template -> Cheat Engine framework code" then yet again, in the top menu select "Template -> Code Injection". In the new window that popped up, click okay. You should see something similar to this.
![[Image: XzMI5p4.png]](https://i.imgur.com/XzMI5p4.png)
Step 3.2.5: Editing the Optcodes
Now to dip into the coding aspect. We have 5 things we have to add so we can point out to other addresses. We have to allocate some memory to hold our base address in, register a new symbol so our code can be used outside of this script, declare a value in our new variable, move our address into our new variable and finally, if we shut off the script deallocate our memory so it doesn't linger around. I always like to follow suit of the code that is already there.
First, allocate memory with "alloc(car,4,CarGasTank:FuelConsumption+7d)" I called it "car" so i can remember it easily, I gave 4 bites of memory as we are just storing a address, and then told cheat engine to find memory as close to CarGasTank:FuelConsumption+7d as possible.
![[Image: OPq1PUc.png]](https://i.imgur.com/OPq1PUc.png)
Now, right below that I register a symbol with "registersymbol(car)"
![[Image: ZPtRqfi.png]](https://i.imgur.com/ZPtRqfi.png)
Now declare your new variable with
"car:
dd 0"
![[Image: tXO6wgA.png]](https://i.imgur.com/tXO6wgA.png)
Now in newmem: lets move the address from rsi to our newly made car:
![[Image: ZUZZw4r.png]](https://i.imgur.com/ZUZZw4r.png)
Finally, lets remove everything if and when the script is disabled.
![[Image: FzDLPf4.png]](https://i.imgur.com/FzDLPf4.png)
In the end, your script should look something like this
![[Image: Lby5lo5.png]](https://i.imgur.com/Lby5lo5.png)
If you're still here, 1s in the comments. Soooo much! Good job.
The last thing we need to do with the coding part is add this script to our cheat table. In the menu bar click "File -> Assign to current cheat table", close out of the Auto assemble code and navigate back to Cheat Engines main screen. There you will see your newly added script labeled "Auto Assemble script". You can rename this to whatever you want, or just leave it.
![[Image: y6ywq2U.png]](https://i.imgur.com/y6ywq2U.png)
Step 3.2.5: Adding our pointers.
Now the fun part. Lets add our gas back into the cheat table that's pointed to our newly coded script. Right above the cheat table, where your script is, to the right click "Add Address Manually". A new window will pop up. Here we can click the "Pointer" check box, in the bottom box, we would place the word "car" and above that we can add our pointer to the gas, 48. Click "Okay".
![[Image: tE03aPx.png]](https://i.imgur.com/tE03aPx.png)
In the main Cheat Engine all we have to do now is enable our script and well see the value generate! (remember, if you didn't have anything constantly writing to the address in step 3.2.1, you will have to invoke it for a opcode to run through that address. There's other methods to finding a constantly writing value but I wont cover that in this)
![[Image: BaMqRV7.png]](https://i.imgur.com/BaMqRV7.png)
That's all! Hope someone finds this useful and if anyone else has anything to add, or has a better method, please, let us know!
(P.S, Remember the window I told you you're going to want to leave up in 3.2.3? What other values can you add?
)
Step 3.2.0: Pointing through opcodes
This is an more advanced method of pointing to a address. Forgive me because I'm sure I'll butcher this explanation. I usually try this method first, and if I have to, I'll use the above method second. This also sets you up for making a pretty decent cheat tables, especially because you'll be pointing to the class which may point to other things. For example, if we found health, that is probably in the player class and it should contain other objects like stamina, ammo, etc. For this example, I want to find things regarding my car in the game. Repeating Step 2: Finding the Initial Address of a value I can see (gas), I right click the value and select "Find out what writes to this address" and agree to attach the debugger.
Step 3.2.1: Displaying opcodes
A new window will pop up, you may instantly see something, other times nothing will show up. If something shows up, that means something, somewhere is constantly writing to the address. This could be anything from shared addresses, to game ticks, to something always checking the address. If nothing shows, you'll have to force that value to be written to. For example, ammo. You'll have to fire a bullet for it to be invoked. Either way is fine. For me, I had something always writing to the address so I didn't have to drive the car in game to get the gas value to change.
Step 3.2.2: Evaluating the Opcode
The image above has a lot going on with it but its actually pretty easy to understand. Lets brake it down. At the top, we see similar instructions, but focusing on the top instruction, "18E8D44CEDD - F3 0F11 6E 48" we see the instruction "movss [rsi+48],xmm5" which is the assembly code saying "move the value that's in the register xmm5 into rsi at the offset of 48". Okay, so we have to figure out what rsi is, and what's in xmm5. Moving down, we can see rsi is actually an address to something. Further, we can see that xmm5 holds the value of 99.96 (to see registers values click "More information", in the new window click "F"). When comparing the xmm5s value to our gas value, we can safely assume that xmm5 does hold the gas value and the fact our gas value is being written to the address in rsi, we can assume that's our base class address to the car... Makes sense? Next, lets see what's going on in the rsi address.
Step 3.2.3: Evaluating the base address
(PRO TIP: I guess i should have mentioned this earlier, but now is better than never! Cheat Engine has a "Mono" Dissect feature that really is a blessing for unity games. Usually, unity games ships with the "source" called "Assembly-CSharp" that can be stripped down and you can view the raw c# code, make modification to, etc. Cheat Engine has the ability to take that and give meaningful names to opcodes address. If you're playing with a unity game you can enable this on the main Cheat Engine window at the top menu bar under "Mono". Click "Activate mono fetures")
Anyway...
Lets copy the address in rsi dropping all the 0's in the beginning "18F8F632D20" and click "show disassembler" which will prompt with the memory viewer window. In the memory viewer, in the top menu bar navigate to "Tools -> Dissect data/structures"
A new window will pop up, place your address of rsi into "Group 1" and again, at the top menu bar select "Structures -> Define new structure". A new window will pop up, just hit okay here and Cheat engine will display every offest that address controls... Here, you may have a bunch of pointers depending on how big your game is. Remembering the quote from step 3.2.2, ""movss [rsi+48],xmm5" which is the assembly code saying "move the value that's in the register xmm5 into rsi at the offset of 48"". We know our gas to the car is at offset 48, so lets try to find it.
Cool... we found our address again, in the structure that controls the car. You will also see other good things in here like the total capacity of the fuel tank, the consumption rate to even the durability of the car. Lets not get ahead of ourselfs and actually do what we really wanted to do in the first place, a pointer to the opcode. (You'll wanna keep this window open.)
Step 3.2.4: Foundation for Pointer to Optcodes
Head back to your memory viewer. The opcode should be selected already from the previous step but if its not, you can repeat steps 3.2.0 to the first part of 3.2.3 that states "Lets copy the address in rsi dropping all the 0's in the beginning "18F8F632D20" and click "show disassembler" which will prompt with the memory viewer window". In the memory viewer, navigate to the top menu and select "Tools -> Auto Assemble". In the new window, again, in the top menu select "Template -> Cheat Engine framework code" then yet again, in the top menu select "Template -> Code Injection". In the new window that popped up, click okay. You should see something similar to this.
Step 3.2.5: Editing the Optcodes
Now to dip into the coding aspect. We have 5 things we have to add so we can point out to other addresses. We have to allocate some memory to hold our base address in, register a new symbol so our code can be used outside of this script, declare a value in our new variable, move our address into our new variable and finally, if we shut off the script deallocate our memory so it doesn't linger around. I always like to follow suit of the code that is already there.
First, allocate memory with "alloc(car,4,CarGasTank:FuelConsumption+7d)" I called it "car" so i can remember it easily, I gave 4 bites of memory as we are just storing a address, and then told cheat engine to find memory as close to CarGasTank:FuelConsumption+7d as possible.
Now, right below that I register a symbol with "registersymbol(car)"
Now declare your new variable with
"car:
dd 0"
Now in newmem: lets move the address from rsi to our newly made car:
Finally, lets remove everything if and when the script is disabled.
In the end, your script should look something like this
If you're still here, 1s in the comments. Soooo much! Good job.
The last thing we need to do with the coding part is add this script to our cheat table. In the menu bar click "File -> Assign to current cheat table", close out of the Auto assemble code and navigate back to Cheat Engines main screen. There you will see your newly added script labeled "Auto Assemble script". You can rename this to whatever you want, or just leave it.
Step 3.2.5: Adding our pointers.
Now the fun part. Lets add our gas back into the cheat table that's pointed to our newly coded script. Right above the cheat table, where your script is, to the right click "Add Address Manually". A new window will pop up. Here we can click the "Pointer" check box, in the bottom box, we would place the word "car" and above that we can add our pointer to the gas, 48. Click "Okay".
In the main Cheat Engine all we have to do now is enable our script and well see the value generate! (remember, if you didn't have anything constantly writing to the address in step 3.2.1, you will have to invoke it for a opcode to run through that address. There's other methods to finding a constantly writing value but I wont cover that in this)
That's all! Hope someone finds this useful and if anyone else has anything to add, or has a better method, please, let us know!
(P.S, Remember the window I told you you're going to want to leave up in 3.2.3? What other values can you add?
)
⠀
So, tell me where should I go?
To the left, where nothing's right. Or go right, where nothings left..
