Red Alert 2, a classic game. When I go to Junior high School, I often return home on weekends to play the task mode, and then half a day to cross a pass, open the plug ... Open external abuse ruthless non-open super weapon computer.
Let's talk about the version, V1.006. The Hui of the Republic is not the same as the base address, other versions can refer to ideas. At that time better use a plug-in is the song of victory memory modifier, there is the red police all-round king, all kinds of omnipotent, all-round I do not like using (function default full, no choice).
(i) The simplest start--change the money
The first contact with cheat Engine, will only change the money. Rapid construction, map open, technology fully open what do not know how to do. Now seemingly suddenly understand what, look back, unexpectedly all have done. Find similar tutorials or materials on the web, and only change money. The purpose of this article is to share some ideas, and some of their final results.
This assumes that the reader is aware of the basic CE usage and gets the base address of the money : [game.exe+635db4]+24c. the current data structure of the game is presumably described as:
Class Player{private: //... Other variables int nmoney; Money int npower; Power int nload; Load //...public: //various functions}
24C is the offset of money in this structure. The program now seems to have such a variable--player* currentplayer. This pointer is stored in the GAME.EXE+635DB4 position, then [GAME.EXE+635DB4] This is a very important player data address.
(ii) Construction of the CD base address search-for instant construction
If you turn the speed of the game to the slowest, and then look for a building with the longest build time, look closely, and you will see that there are 54 changes in all units from the beginning to the ready, with different intervals for each change. This is the reason why you are searching for 54 next.
First, build a power plant, wait until the CD has just changed two or three, pause construction, and search for values between 1-10. Then carefully observe the CD changes a few lattice, and then the search value added a few, so repeat about 2 times. At this point, you can get an address, change this value to 1, you will find that the CD has started again, write 54 found to be ready, but can not be placed (this first not explained). but do not become ready or cancel, you can check the lock first. Find out what rewritten this value, you should get an instruction:004b9367-mov [Esi+24],edx, and then search for the value of the ESI register, you can get a green address game.exe+433a80. [Game.exe+433a80]+24 is the CD base of the power plant. Repeat, you can get mine, barracks ... When you are smart, you should think of a way to implement the second--when the pointer is valid, and the value is less than 54 o'clock, the CD is changed to 53. Probably the following structure, there should be some other information, such as what is built and so on, not in-depth ... This is why the above does not wait until it becomes ready or canceled: Once the construction is complete or canceled, the construction process description object may be destroyed to create a new one.
Class constructionprogress{ //... int NCD; Offset +24 //...}
Share the few I'm looking for: Allied power Plants (GAME.EXE+433A80), Allied Mines (GAME.EXE+433AB0), Allied Barracks (GAME.EXE+433AE0). I didn't find it all. Please see below for reasons.
But there are so many kinds, it is very troublesome to find them. Let's change the idea ... Familiar with the game, you should be accustomed to: each type of units can only be built at the same time-basic buildings, defensive buildings, infantry, tanks, warships and so on. In order to implement this function, you can enumerate all units of each type, see if one is being built, and then refuse to construct the same unit at the same time. Of course, this is a scheme, but always feel that every time the CD changes will enumerate this work tired. The trick is to set a flag variable for each type and set a flag value for this type of unit that is being built.
Red Alert 2 Each type sets a pointer to the structure of the unit being built, and the +24 offset is the CD. How did you find this pointer? You've got a CD address for different buildings, and when you build a power plant, pause, the pointer should point to the description of the plant, the mine when it was built, and the barracks when it was built. The exact search is the offset of the CD address minus 24-The starting address of the Constructionprogress object. So look up 3 times, finally I found two address match, make what point to what the Description object, in the end is which!! Suddenly thought, I do not build anything, should be null, decisive only one left. Then find what to rewrite, get an instruction:004e607a-mov [Edi+000052e8],esi, and then accurately find the value of EDI, get game.exe+635db4-- This value familiar no, and money that same, This also means that this address holds the address of the player-related data, that is, the address of the Currentplayer object.
This is to find the CD base for each type of construction unit, to find each kind of CD base, only the basic buildings, defense buildings, infantry, aircraft, docks, tanks six species. Share the results I found: construction CD ([[[Game.exe+635db4]+52e8]+24], Defense CD (52F8), Infantry CD (52DC), Aircraft CD (52D8), Chariot CD (52E0), Dock CD (52E4).
(iii) A more elegant way-rapid construction
The above implementation of the instantaneous construction, a lot of modifiers are implemented in this way. I do not like this way, programming to use a timer, there is a time to build infantry, only one or two barracks, point 10 more under the animation speed, only out of one or two, but also to build a lot of barracks to match the speed of the moment of construction.
One of the settings in the game is that when you have a lot of barracks, infantry construction speed, the Army plant more time, the tank is built faster, more base, the various buildings are fast. This must have a count value.
When you have a barracks search 1, two barracks search 2, three search 3, then there are 5 addresses left, and then build fourth, all become 4. Which one? One attempt is a method. But if you figure it out, you can get more information. A different operation, sell a barracks! There are three to 3, two or 4. Build another barracks-5 addresses increased by 1. You build a barracks, cancel, you will find that one has increased by 1, and then build, Cancel, it adds 1, this address is probably the number of barracks you have tried to build . The remaining 4 addresses, 3 are 4, and one is 5. This continued to build a barracks, suspended, found an increase of 1, the cancellation will be reduced by another 1, this address is to include the number of barracks being built . An additional address is the number of barracks that you have successfully built, which is the number of barracks built in total in the game. There are now two addresses, all of which correspond to the actual number of barracks on the map. Normal game, I did not find how to make him two different. One of these two addresses is related to accelerated construction, one is to save only the number of barracks on the map, two addresses to modify a look at the effect of the distinction is complete.
Is the address of my test, on your computer certainly not the same, but the figure of the first and the last relative offset and the middle of the 3 relative offset should be the same, you can refer to.
Then is to find the base, directly find what rewrite the acceleration related to the address, will get: 004eacf4-inc [EAX], however direct in-memory search eax, that is, the address found above 09f96ea4, you will not find anything. At this time there are generally two ways to choose: 1. Od Debug, trace eax from where. 2. The wise man knows it directly.
I know directly, I did not boast of myself, I did not boast of myself, you must believe-rapid construction-barracks ([GAME.EXE+635DB4]+52BC). This is obviously related to the player data, and this address and the above mentioned player data address is not too near (so a large chunk of what is saved, the map fog must also be), direct subtraction, is offset.
Convention, as this is the encyclopedia, to share the results I have found: rapid construction-Barracks ([GAME.EXE+635DB4]+52BC), Rapid Construction-Construction (52C4), rapid Construction-Dock (52C8), rapid construction-chariot (52C0), rapid construction-aircraft (52B8). In fact, do not need to find, must be in the vicinity, try +4,-4 on the OK. Because programmers do not define similar variables too far apart, unless they are legendary enough to eat.
Speaking of which, if you do not know how to build quickly, I was served, prompted, the value of the appropriate increase, 15 is a good number, this number from the song of Victory memory modifier, This elegant way is also inspired by it.
To be Continued ...
Reprint please indicate source, http://www.cnblogs.com/viewll/p/4768880.html
Red Alert 2 modifier principle Encyclopedia (i)