The first hacks:
-health
-magicka
-stamina
-1 hit kill
Skyrim uses an original way of storing values. Let's say you have health 130/130. That means you are reciving 0 damage. If you have health: 121/130 that means you are reciving 9 damage. So in Cheat Engine if you want to search for health/mana/stamina, substract the current value from max value, and negate the result. The search goes as FLOAT type.
ex:
health: 115/140
you search for -25 as float in cheatengine
Get the idea?
Ok. Now if you wanted to find what's writing in your health/mana/stamina addresses, you get this:
007E996B - 89 0C 82 - mov [edx+eax*4],ecx
eax is always 2, ecx is float for the damage recived. Problem is this is shared between player and AI enemies.
I've found a pointer for health:
[[[["TESV.exe"+010BC734] +CC]+40]+160]+104
magicka and stamina are +0C bytes each
We can make the following cheat engine script:
[ENABLE]Perks points pointer:
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
label(found)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
mov ecx,[ecx+08]
push eax
cmp eax,2
jne exit
mov eax, [155c064] // build pointer for health
add eax,16C
sub eax,8
cmp eax,edx
je found
add eax,0c //for magicka
cmp eax,edx
je found
add eax,0c //for stamina
cmp eax,edx
je found
mov ecx,0C61C4000 //for 1 hit kill, 0C61C4000=(float)-10000 for enemy damage
jmp exit
found:
mov ecx,0 //0 for us, 0 = 100%
exit:
pop eax
mov [edx+eax*4],ecx
jmp returnhere
"TESV.exe"+3E9968:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"TESV.exe"+3E9968:
mov ecx,[ecx+08]
mov [edx+eax*4],ecx
//Alt: db 8B 49 08 89 0C 82
155C064+6D1
perks are stored as BYTE type
*new pointer for health address:
155C064+16C
More:
-Fast leveling up (skills)
The function for leveling up is located at 0088AF10
Among other arguments, it takes the skill ID. -> soon a list with all skills IDs and how to reach them via pointers
Every time you do an action in the game that could increase a skill, this function is called. But not everytime you'll end up increasing the skill, because that skill needs more practicing before it gets increased.
You can alter the function to increase the skill everytime you perform it's action, or to max-level the skill to 100. I prefere the first one. So here's the cheat engine script:
[ENABLE]If you'd prefer to max-out the skill, then just nop the instruction:
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(returnhere2)
label(originalcode)
label(exit)
label(level_up)
label(switch)
label(insert_switch)
registersymbol(switch)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
jmp originalcode
switch:
db 0 0 0 0
insert_switch:
mov [switch],1
db 89 04 24 8B 4D E4
jmp returnhere2
originalcode:
cmp [switch],1
je level_up
test ah, 41
jp 88B1E1
jmp exit
level_up:
mov [switch],0
exit:
jmp returnhere
"TESV.exe"+48B0F1:
jmp newmem
nop
nop
nop
nop
returnhere:
"TESV.exe"+48B0AE:
jmp insert_switch
nop
returnhere2:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
unregistersymbol(switch)
"TESV.exe"+48B0F1:
db F6 C4 41 0F 8A E7 00 00 00
"TESV.exe"+48B0AE:
db 89 04 24 8B 4D E4
0088B0F4 jp 88B1E1
more to come..