|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Anddos How do I cheat? Reputation: 0
Joined: 06 Jan 2013 Posts: 8
|
Posted: Sat Aug 24, 2013 8:43 pm Post subject: Cant find values in minesweeper (windows 7) |
|
|
I am searching for 0 to start with thats 4 bytes, i then click in a space and the timer starts,i switch back to cheat engine and set the dropdown list to (has increased), i switch back to minesweeper and see the timer going up, i switch back to cheat engine and press next scan again with (has increased) ,ive done this over and over till about 30 results left and nothing is showing up for the time?, what am i doing wrong?, the objective is to find a static pointer where the time varible is stored,thanks for reading...
|
|
Back to top |
|
|
Zaladine Expert Cheater Reputation: 3
Joined: 14 Oct 2012 Posts: 130 Location: Djokdja, Indonesia
|
|
Back to top |
|
|
Anddos How do I cheat? Reputation: 0
Joined: 06 Jan 2013 Posts: 8
|
Posted: Sun Aug 25, 2013 1:51 am Post subject: |
|
|
Thanks alot,I am not sure if i found the static pointer because when i restart minesweeper and cheatengine and add the green address manually from the bottom the time value is not showing up?
Description: |
|
Filesize: |
91.22 KB |
Viewed: |
12074 Time(s) |
|
|
|
Back to top |
|
|
Zaladine Expert Cheater Reputation: 3
Joined: 14 Oct 2012 Posts: 130 Location: Djokdja, Indonesia
|
Posted: Sun Aug 25, 2013 4:20 am Post subject: |
|
|
When applying "Find out what writes this address" to the timer address, the disassembler windows shows:
Code: | minesweeper.exe+2B731 - int 3
minesweeper.exe+2B732 - int 3
minesweeper.exe+2B733 - int 3
minesweeper.exe+2B734 - sub rsp,28
minesweeper.exe+2B738 - mov rcx,[minesweeper.exe+AAA38]
minesweeper.exe+2B73F - test rcx,rcx
minesweeper.exe+2B742 - je minesweeper.exe+2B77B
minesweeper.exe+2B744 - cmp dword ptr [rcx+38],01
minesweeper.exe+2B748 - jne minesweeper.exe+2B77B
minesweeper.exe+2B74A - mov rax,[rcx+18]
minesweeper.exe+2B74E - movss xmm0,[rax+20]
minesweeper.exe+2B753 - addss xmm0,[minesweeper.exe+14454]
minesweeper.exe+2B75B - movss [rax+20],xmm0 |
Luckyly, it's pretty simple that by back-tracing the code snippet, we can tell that:
1. The address of timer is RAX+20 Code: | minesweeper.exe+2B75B - movss [rax+20],xmm0 |
2. While RAX equals the value held in [RCX+18] Code: | minesweeper.exe+2B74A - mov rax,[rcx+18] |
3. And lastly, RCX equals the value held in minesweeper.exe+AAA38 Code: | minesweeper.exe+2B738 - mov rcx,[minesweeper.exe+AAA38] |
4. And we know that minesweeper.exe+AAA38 is absolutely a static address.
Thus, the pointer for the timer address is [[minesweeper.exe+AAA38]+0x18]+0x20. Could be different however for different windows release...
Description: |
Windows 7 Minesweeper - Timer Address Pointer |
|
Filesize: |
25.16 KB |
Viewed: |
12067 Time(s) |
|
|
|
Back to top |
|
|
Anddos How do I cheat? Reputation: 0
Joined: 06 Jan 2013 Posts: 8
|
Posted: Sun Aug 25, 2013 7:09 am Post subject: |
|
|
How do you know when to use find out what writes or access's this address
|
|
Back to top |
|
|
Zaladine Expert Cheater Reputation: 3
Joined: 14 Oct 2012 Posts: 130 Location: Djokdja, Indonesia
|
Posted: Sun Aug 25, 2013 7:48 am Post subject: |
|
|
Since the timer keeps going up, then there must be codes that WRITES to it constantly...
Otherwise, if the game is grabbing the timer (e.g. for hall of fame purpose), than it would be what ACCESSES the address..
|
|
Back to top |
|
|
Anddos How do I cheat? Reputation: 0
Joined: 06 Jan 2013 Posts: 8
|
Posted: Sat Aug 31, 2013 5:53 am Post subject: |
|
|
putting this in to c++ code,the output is jibberish?
also how can i get the imagebase with code instead of keep having to load up PEiD everytime i run minesweeper?
Code: |
#include "stdafx.h"
#include <windows.h>
#include <iostream>
using namespace std;
//[minesweeper.exe+AAA38]+0x18]+0x20
//0x01370000+AAA38+0x18+0x20
int _tmain(int argc, _TCHAR* argv[])
{
DWORD Pid;
HANDLE Process;
float time;
DWORD toRead;
GetWindowThreadProcessId(FindWindow(NULL,"Minesweeper"),&Pid);
cout << Pid << endl;
Process = OpenProcess(PROCESS_ALL_ACCESS,true,Pid);
while(1)
{
ReadProcessMemory(Process,(LPCVOID)(0x01370000+(AAA38+(0x18+(0x20)))),(LPVOID)&time,sizeof(time),&toRead);
cout << time << endl;
}
getchar();
return 0;
}
|
Description: |
|
Filesize: |
43.37 KB |
Viewed: |
11884 Time(s) |
|
|
|
Back to top |
|
|
grasmanek94 Master Cheater Reputation: 0
Joined: 03 Jun 2008 Posts: 283 Location: The Netherlands
|
Posted: Sat Aug 31, 2013 7:35 am Post subject: |
|
|
Anddos wrote: | putting this in to c++ code,the output is jibberish?
also how can i get the imagebase with code instead of keep having to load up PEiD everytime i run minesweeper?
Code: |
#include "stdafx.h"
#include <windows.h>
#include <iostream>
using namespace std;
//[minesweeper.exe+AAA38]+0x18]+0x20
//0x01370000+AAA38+0x18+0x20
int _tmain(int argc, _TCHAR* argv[])
{
DWORD Pid;
HANDLE Process;
float time;
DWORD toRead;
GetWindowThreadProcessId(FindWindow(NULL,"Minesweeper"),&Pid);
cout << Pid << endl;
Process = OpenProcess(PROCESS_ALL_ACCESS,true,Pid);
while(1)
{
ReadProcessMemory(Process,(LPCVOID)(0x01370000+(AAA38+(0x18+(0x20)))),(LPVOID)&time,sizeof(time),&toRead);
cout << time << endl;
}
getchar();
return 0;
}
|
|
this is wrong, you need to repeat ReadProcessMemory (read first contents of [], then use that and read contents or [what you read]+offset, then again [what you read]+another offset), or inject a DLL and use this code: http://www.cheatengine.org/forum/viewtopic.php?p=5479001
The code would be:
Code: |
Pointer<float>(0x00400000+0xAAA38,0x18,0x20);
|
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|