Skip to content

Instantly share code, notes, and snippets.

@lumaku

lumaku/scanmem-on-linux-games.md

Last active March 26, 2024 16:38
Show Gist options
  • Save lumaku/0238a1fb505c5ded3b01cd6cd135a38a to your computer and use it in GitHub Desktop.
Save lumaku/0238a1fb505c5ded3b01cd6cd135a38a to your computer and use it in GitHub Desktop.
Download ZIP
Using scanmem on Linux for games
Raw
scanmem-on-linux-games.md

Scanmem for Games on Linux

scanmem is a program that is able to find the memory location of a certain value in a program (e.g. the "money" value) and change its value. scanmem does not work when a game applies obfuscating techniques, e.g., moving pointers. But it works surpisingly often.

On Linux: scanmem can be be installed from the package repositories and needs superuser privileges. Use htop or a similar tool to find the main pid of the game. A scanmem session usually looks like this:

[user@pc ~]$ sudo scanmem
[sudo] password for user:
scanmem version 0.17
libscanmem version 0.17

Copyright (C) 2006-2017 Scanmem authors
See https://github.com/scanmem/scanmem/blob/master/AUTHORS for a full author list

scanmem comes with ABSOLUTELY NO WARRANTY; for details type `show warranty'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show copying' for details.

Enter the pid of the process to search using the "pid" command.
Enter "help" for other commands.
> pid 35942
info: maps file located at /proc/35942/maps opened.
info: 77 suitable regions found.
> = 87
01/77 searching   0x8e1000 -   0x8e4000..........ok
...
77/77 searching 0x7fffd712e000 - 0x7fffd7150000..........ok
info: we currently have 49541 matches.
49541> = 33
..ok
info: we currently have 8 matches.
8> = 4
..ok
info: we currently have 2 matches.
2> set 0=44
info: setting *0x3416190 to 0x2c...

General hints:

  • Lower values (0,1,2) are usually harder to find than higher ones (58746) that are more unique.
  • You may use ranges for float values.

On Android: scanmem also runs on Android devices. It works on applications compiled for the Android ARM kernel. However, after a short test, I discovered that it seemingly did not work on apps, probably as memory values are protected by the java engine.

On Windows: Use GameEngine or ArtMoney instead. On a side note, sometimes ArtMoney did not work on some Windows game, however, but scanmem worked on its Linux version. I currently can't test this for documentation as I don't use Windows anymore.

WHY? This is about playing the game outside of the rules, learning the game mechanics and finding new challenges. Also, I want to skip boring repetitive tasks that add nothing to my gaming joy, but rather tear me out of immersion. This is not about gaining an advantage over other players, as cheaters often do.

Game Notes

The following part contains my notes about some Linux games, usually started from the steam game platform on Linux. Some of the games are Windows games that use the proton/Wine compability tool.

Baldurs Gate 2

  • scanmem gives alimited ability to change the XP points. Search for the current XP value of one character you found three values or less, then change the first value (set 0=..) to an XP level below the next level up.
  • If the value is too high, the level-change will be missed.
  • Maybe I changed the wrong value, but after changing the value, the level-up system seemed broken.
  • To level your characters up in this way, you have to do this for every character and for every level.
  • => Not so easy to use scanmem on this game.

Bioshock Infinite

  • Works on Money and lockpicks. Finding the memory value for lockpicks is a little bit harder, as this value changes less often.
  • If two values are found, take the latter one.
  • Up to 99 lockpicks can be displayed. You will also not need more.

Borderlands 2

  • Scanmem doesn't work for money or XP values in this game.

Dead Island Definitive Edition

  • scanmem works on money (9999999) and on XP.
  • Money: works, only one value found.
  • XP: works, only one value found. For XP, sometimes two values are found, however that might be a temporary saved game checkpoint. When I tried, the current XP was the second value. To be sure, continue playing and check again.
  • memory positions of XP/money don't change after character death or level change
  • You can set the XP value to a value below the level-up threshold or to a high level (level 60 is around 9000000) for multiple level-ups the next time you gather XP. BUT: Buffer overflow possible!
  • Tested in Single player mode, it should work the same on a public game.
  • With unlimited money you can upgrade and repair all your weapons and have enough ammo.
  • If you are at the maximum level, zombies and weapons still are on a level relative to you, so it is more about your focus in the skill tree.

Dead Island Riptide Definitive Edition

  • Just as Dead Island Definitive Edition (Killing zombies seems a little bit harder on the highest level.)
  • The maximum level is a higher: Level 70 is reached with 24396500 XP
  • Again, you may only fill two skill trees, so choose wisely.

Faster Than Light

  • For scrap, fuel, rockets and bots usually two values are found. Take the first value.
  • For scrap, usually 50000 is enough. Fuel, rockets or bots can be set to 99, for example.
  • On hard, you start without scrap. Without scrap, you can't find the scrap value. If you manage to make it to a shop, sell something and then buy rockets/fuel to get sample values for scanmem.
  • If you have unlimited rockets or bots, you can try out new strategies.
  • Memory positions are reset for each new game.

Kingdom: Two Crowns

  • Scanning works on the pouch, for coins and gems (two separate values).
  • A successful scan finds: Two int64 values and one int32 value. The ordering differs; take the first long value. Changing the other values crashes the game or slows it down significantly.
  • Set the value to 60, the change will activate once you spend a coin. The pouch will overflow, but once the correct memory position is found, it can be refilled any time.
  • You might only once need to apply this method for gems, as they can be stored and retrieved at the gem keeper.
  • The memory position remains the same during the stay on one island.

Mass Effect

  • Works on money value.

Mass Effect 2

  • Works on money and XP

Papers, please

  • Works, but you will get caught on certain dates by the police if you have too much money.

Plague Inc

  • Searching for the number of DNA points, usually three values are found; the middle one works.
  • Sometimes, when the game is paused and an item was recently bought, only two values turn up; then the first one works.
  • Retrying a game will reset memory location.
  • DNA points is a long int with maximum value 2147483647; buffer overflow leads to a negative value, then you can't spend any DNA points anymore.
  • Even with unlimited DNA points, the game is still strategically challenging on the mega brutal scenarios. You may loose when you buy all of the updates at the beginning.

Risk of Rain

  • Money value is a float64. As this is a float, it's better to search a value range, e.g. if your value is 15, search for 14..16. Usually after the second search iteration, only one value is found.
  • At the end of a level, the money is counted as experience value. Set it to e.g. 1e+70 to get to level 321.

Risk of Rain 2

  • Similar to Risk of Rain, but the money value is an int64 and can be directly searched for.

The Witcher

  • Game is running as witcher.exe; pause when scanning, game might crash.
  • Search for XP value turns up one value. Changing XP does not really affect difficulty, but unlocks all perks.
  • The maximum is level 50 with 1275000 XP. Too much XP will give negative talent points, and setting back the XP does not set back talent points (the mechanism for talent points only seems to be triggered when leveling up).
  • Money: scanmem found three values, it was the second value.

The Witcher 3

  • Money: Only one value shows up - 500000 should be enough. Its memory location does not change after exiting a shop or a location.
  • Also for experience points: The current relative XP value can be searched when Gerald is at any level. Only one memory location turns up in the search. Any XP value can be chosen, it will lead to a multi-level level-up.
  • Careful: The relative XP value is a short int, buffer-overflowing it with a value above 64000 will crash something (it makes the mouse unresponsive).
  • For example, the hero has level 3 and you set the XP to 10000. The next time your character collects XP, he will level up to level 12 and the relative XP value will be lower,e.g., 9/1500. Afterwards, even after chapter progresses, the memory location will still point to the relative XP value.
  • The Witcher 3 fandom wiki on XP: "There are 70 levels worth of XP totaling 124,000 XP." -> Set the relative XP value to 60000 twice to level up to level 70, or three times to get near level 100 (expansion DLC).
  • Mutation points: Search for the value of the mutation points while on the tab for mutation, you will find 5 memory locations for the same value; switch to e.g. the inventory tab, check again, then only one of these values remains. Change this value. To activate all mutations, 250 points suffice.
@emir4169
Copy link

Doesnt seem like it works for I Wanna Lockpick at all.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment