Next Previous Table of Contents
Kcheat is quite easy to use. It works by scanning a process's memory to find a value you specified (like your current health for example) and keeps track of the addresses it finds the value at. Since there's probably more than 1 address found, you wait until your health changes and give it that new value to prune your search. Usually it only takes one prune to get the address that holds the value you are interested in. Once you have that, you can use Kcheat to change the value or lock it to a given value.
The first thing you want to do when you start kcheat is to attach (process->attach) to the process of the game you want to cheat at. Once you have done that, you should search for an interesting value (process->search).
Kcheat wants to find out the address in memory a value, like your character's health, is stored. Once it knows, you can have lots of fun changing it. :) To get Kcheat to find this address, you must tell it the value you are looking for, the size you expect this value's memory location to be, and if you want to also search unaligned addresses. Once you have entered this information, hit 'new search' to start searching. If it finds more than 1 address (It almost always does, there's a lot of memory!) you need to prune your search. Wait until the value you are interested in changes then click prune search. Once you are sure of the address, double click on it to keep it and click 'ok'.
The first thing to deal with when searching for a value is, obviously, the value to search for. If your health in the game you are playing is 73, then you would want to search for 73.
The next thing is the type of the value. This is how much space the value you are looking for takes up in memory. You have to think like a programmer here. Usually, programmers use integers for any value, but some people will use char, and very rarely, short. As a rule, try searching with the size set to integer first, if you don't find what you are looking for, try something else.
The last thing to worry about is if you want to do an unaligned search. Normally, Kcheat will only search for values that are aligned to their type. For example, if an integer is 4 bytes on your system and you specified integer as the type, Kcheat will look for the value at locations like 0, 4, 8, and so on. If you check the unaligned search box, Kcheat will look for the value at locations like 0, 1, 2, 3, and so on. This is usually not required, but some games, notably Heroes of Might and Magic 3, will need it for some values.
On some rare occasions you might not be able to reduce the list of addresses down to 1 thing. In this case, I reccomend you keep them all and experiment with them to see which one really works. The reason this happens is values get stuffed away in temporary variables or on the stack. Only one of them is considered by the program to be real.
Another problem is that you might not be able to find the value. Kcheat can only find values that exist in memory. If the game is calculating the value each time it needs it, you arn't going to find it. Also, remember that programmers are quirky. :) The value you are looking for might be off by 1. For example, kghostview stores the current page number as (current_page_number - 1), so if it's 10, you'd need to search for 9 to find it.
Next Previous Table of Contents