Search code examples
reverse-engineeringcheat-engine

Find correct health value in Cheat Engine of out 14 addresses

I'm trying to find the correct health offset in a game, and my problem is that I have 14 addresses found which changes when I change my health address. I've tried to change the health value and update 10 times now and push 'Next Scan' but I can't get any lower than these 14 addresses.

Do I need to pointer scan for all these 14 addresses, or is there any easy way to detect which one of them is the correct one?

enter image description here

Solution

  • You must use trial and error and check each address. Reverse engineering is all about trial and error. You're looking for a silver bullet and there isn't one.

    If you already know the offset, you would right click each address and do "find what accesses" and sometimes "find what writes" and you would get a list of instructions touching those addresses and the offsets used to get there. If the offsets don't match your "known" offset, then disregard that address.

    If the variable is one you have write access to as the client, such as your name string you can do a divide and conquer approach. Add all the addresses to your table. Select half of them, hit enter and change your name. If your name in the GUI changes, then your address is in the selection, therefore you would delete the other half. then you divide and conquer again, this technique eliminates 50% of the addresses at each step. If your name didn't change, then delete the ones you have selected and do the same technique on the other half of the addresses.

    The last technique I will share with you is to use ReClass or another tool which gives you RTTI or Run-Time Type Information. When you did "find what accesses" you'll get address of the player object, and the relative offset. Attach ReClass to the process, input the address of the player object. The virtual method table pointer (offset 0x0) will be displayed with the RTTI, which will tell you the name of the class and it's parent classes. Mind you, this is only possible with binaries compiled with Visual Studio and with the RTTI still embedded.

    In conclusion, there is no instant success in reverse engineering. There are tricks, but only experience gives you the insight required need to reverse faster. As you progress, it will become easier.